diff options
Diffstat (limited to 'Bugzilla')
-rw-r--r-- | Bugzilla/Auth.pm | 7 | ||||
-rw-r--r-- | Bugzilla/Auth/Verify/DB.pm | 6 | ||||
-rw-r--r-- | Bugzilla/WebService/Constants.pm | 1 | ||||
-rw-r--r-- | Bugzilla/WebService/User.pm | 5 |
4 files changed, 18 insertions, 1 deletions
diff --git a/Bugzilla/Auth.pm b/Bugzilla/Auth.pm index b1da319a4..f289a4ba1 100644 --- a/Bugzilla/Auth.pm +++ b/Bugzilla/Auth.pm @@ -151,7 +151,12 @@ sub _handle_login_result { } } elsif ($fail_code == AUTH_ERROR) { - ThrowCodeError($result->{error}, $result->{details}); + if ($result->{user_error}) { + ThrowUserError($result->{error}, $result->{details}); + } + else { + ThrowCodeError($result->{error}, $result->{details}); + } } elsif ($fail_code == AUTH_NODATA) { $self->{_info_getter}->fail_nodata($self) diff --git a/Bugzilla/Auth/Verify/DB.pm b/Bugzilla/Auth/Verify/DB.pm index d8794472e..c562d1353 100644 --- a/Bugzilla/Auth/Verify/DB.pm +++ b/Bugzilla/Auth/Verify/DB.pm @@ -74,6 +74,12 @@ sub check_credentials { }; } + # Force the user to type a longer password if it's too short. + if (length($password) < USER_PASSWORD_MIN_LENGTH) { + return { failure => AUTH_ERROR, error => 'password_current_too_short', + user_error => 1, details => { locked_user => $user } }; + } + # The user's credentials are okay, so delete any outstanding # password tokens or login failures they may have generated. Bugzilla::Token::DeletePasswordTokens($user->id, "user_logged_in"); diff --git a/Bugzilla/WebService/Constants.pm b/Bugzilla/WebService/Constants.pm index f77c54c85..788f8bcc4 100644 --- a/Bugzilla/WebService/Constants.pm +++ b/Bugzilla/WebService/Constants.pm @@ -103,6 +103,7 @@ use constant WS_ERROR_CODE => { auth_invalid_email => 302, extern_id_conflict => -303, auth_failure => 304, + password_current_too_short => 305, # Except, historically, AUTH_NODATA, which is 410. login_required => 410, diff --git a/Bugzilla/WebService/User.pm b/Bugzilla/WebService/User.pm index e13921ea6..1471da8aa 100644 --- a/Bugzilla/WebService/User.pm +++ b/Bugzilla/WebService/User.pm @@ -331,6 +331,11 @@ The username does not exist, or the password is wrong. The account has been disabled. A reason may be specified with the error. +=item 305 (New Password Required) + +The current password is correct, but the user is asked to change +his password. + =item 50 (Param Required) A login or password parameter was not provided. |