summaryrefslogtreecommitdiffstats
path: root/Bugzilla/Auth/Verify
diff options
context:
space:
mode:
Diffstat (limited to 'Bugzilla/Auth/Verify')
-rw-r--r--Bugzilla/Auth/Verify/DB.pm13
1 files changed, 12 insertions, 1 deletions
diff --git a/Bugzilla/Auth/Verify/DB.pm b/Bugzilla/Auth/Verify/DB.pm
index 2ad98874d..82fa662dc 100644
--- a/Bugzilla/Auth/Verify/DB.pm
+++ b/Bugzilla/Auth/Verify/DB.pm
@@ -66,11 +66,22 @@ sub check_credentials {
Bugzilla::Token::DeletePasswordTokens($user->id, "user_logged_in");
$user->clear_login_failures();
+ my $update_password = 0;
+
# If their old password was using crypt() or some different hash
# than we're using now, convert the stored password to using
# whatever hashing system we're using now.
my $current_algorithm = PASSWORD_DIGEST_ALGORITHM;
- if ($real_password_crypted !~ /{\Q$current_algorithm\E}$/) {
+ $update_password = 1 if ($real_password_crypted !~ /{\Q$current_algorithm\E}$/);
+
+ # If their old password was using a different length salt than what
+ # we're using now, update the password to use the new salt length.
+ if ($real_password_crypted =~ /^([^,]+),/) {
+ $update_password = 1 if (length($1) != PASSWORD_SALT_LENGTH);
+ }
+
+ # If needed, update the user's password.
+ if ($update_password) {
$user->set_password($password);
$user->update();
}