diff options
Diffstat (limited to 'Bugzilla/Auth')
-rw-r--r-- | Bugzilla/Auth/Verify.pm | 2 | ||||
-rw-r--r-- | Bugzilla/Auth/Verify/DB.pm | 16 |
2 files changed, 10 insertions, 8 deletions
diff --git a/Bugzilla/Auth/Verify.pm b/Bugzilla/Auth/Verify.pm index 19d8dcc9e..5895534cd 100644 --- a/Bugzilla/Auth/Verify.pm +++ b/Bugzilla/Auth/Verify.pm @@ -72,7 +72,7 @@ sub create_or_update_user { || return { failure => AUTH_ERROR, error => 'auth_invalid_email', details => {addr => $username} }; - # Usually we'd call validate_password, but external authentication + # external authentication # systems might follow different standards than ours. So in this # place here, we call trick_taint without checks. trick_taint($password); diff --git a/Bugzilla/Auth/Verify/DB.pm b/Bugzilla/Auth/Verify/DB.pm index ac6b71ac0..e46d1cd82 100644 --- a/Bugzilla/Auth/Verify/DB.pm +++ b/Bugzilla/Auth/Verify/DB.pm @@ -62,13 +62,15 @@ sub check_credentials { if (Bugzilla->usage_mode == USAGE_MODE_BROWSER && Bugzilla->params->{password_check_on_login}) { - my $check = validate_password_check($password); - if ($check) { - return { - failure => AUTH_ERROR, - user_error => $check, - details => { locked_user => $user } - } + my $pwqc = Bugzilla->passwdqc; + unless ($pwqc->validate_password($password)) { + my $reason = $pwqc->reason; + Bugzilla->audit(sprintf "%s logged in with a weak password (reason: %s)", $user->login, $reason); + $user->set_password_change_required(1); + $user->set_password_change_reason( + "You must change your password for the following reason: $reason" + ); + $user->update(); } } |