From 73ea75885de78077c9528428617fa8403935d7a5 Mon Sep 17 00:00:00 2001
From: Frédéric Buclin <LpSolit@gmail.com>
Date: Thu, 14 Oct 2010 02:39:28 +0200
Subject: Bug 575947: Users with passwords length less than 6 characters can't
 login after migration from 3.4.x or older to 3.6 or newer r/a=mkanat

---
 Bugzilla/Auth.pm                                                 | 7 ++++++-
 Bugzilla/Auth/Verify/DB.pm                                       | 6 ++++++
 Bugzilla/WebService/Constants.pm                                 | 1 +
 Bugzilla/WebService/User.pm                                      | 5 +++++
 template/en/default/account/email/confirm-new.html.tmpl          | 9 ++++++---
 .../en/default/account/password/set-forgotten-password.html.tmpl | 1 +
 template/en/default/global/user-error.html.tmpl                  | 8 ++++++++
 7 files changed, 33 insertions(+), 4 deletions(-)

diff --git a/Bugzilla/Auth.pm b/Bugzilla/Auth.pm
index b1da319a4..f289a4ba1 100644
--- a/Bugzilla/Auth.pm
+++ b/Bugzilla/Auth.pm
@@ -151,7 +151,12 @@ sub _handle_login_result {
         }
     }
     elsif ($fail_code == AUTH_ERROR) {
-        ThrowCodeError($result->{error}, $result->{details});
+        if ($result->{user_error}) {
+            ThrowUserError($result->{error}, $result->{details});
+        }
+        else {
+            ThrowCodeError($result->{error}, $result->{details});
+        }
     }
     elsif ($fail_code == AUTH_NODATA) {
         $self->{_info_getter}->fail_nodata($self) 
diff --git a/Bugzilla/Auth/Verify/DB.pm b/Bugzilla/Auth/Verify/DB.pm
index d8794472e..c562d1353 100644
--- a/Bugzilla/Auth/Verify/DB.pm
+++ b/Bugzilla/Auth/Verify/DB.pm
@@ -74,6 +74,12 @@ sub check_credentials {
                };
     } 
 
+    # Force the user to type a longer password if it's too short.
+    if (length($password) < USER_PASSWORD_MIN_LENGTH) {
+        return { failure => AUTH_ERROR, error => 'password_current_too_short',
+                 user_error => 1, details => { locked_user => $user } };
+    }
+
     # The user's credentials are okay, so delete any outstanding
     # password tokens or login failures they may have generated.
     Bugzilla::Token::DeletePasswordTokens($user->id, "user_logged_in");
diff --git a/Bugzilla/WebService/Constants.pm b/Bugzilla/WebService/Constants.pm
index f77c54c85..788f8bcc4 100644
--- a/Bugzilla/WebService/Constants.pm
+++ b/Bugzilla/WebService/Constants.pm
@@ -103,6 +103,7 @@ use constant WS_ERROR_CODE => {
     auth_invalid_email           => 302,
     extern_id_conflict           => -303,
     auth_failure                 => 304,
+    password_current_too_short   => 305,
 
     # Except, historically, AUTH_NODATA, which is 410.
     login_required               => 410,
diff --git a/Bugzilla/WebService/User.pm b/Bugzilla/WebService/User.pm
index e13921ea6..1471da8aa 100644
--- a/Bugzilla/WebService/User.pm
+++ b/Bugzilla/WebService/User.pm
@@ -331,6 +331,11 @@ The username does not exist, or the password is wrong.
 The account has been disabled.  A reason may be specified with the
 error.
 
+=item 305 (New Password Required)
+
+The current password is correct, but the user is asked to change
+his password.
+
 =item 50 (Param Required)
 
 A login or password parameter was not provided.
diff --git a/template/en/default/account/email/confirm-new.html.tmpl b/template/en/default/account/email/confirm-new.html.tmpl
index ed0ff3405..36bd52d09 100644
--- a/template/en/default/account/email/confirm-new.html.tmpl
+++ b/template/en/default/account/email/confirm-new.html.tmpl
@@ -24,11 +24,11 @@
            title = title
            onload = "document.forms['confirm_account_form'].realname.focus();" %]
 
-<div>
+<p>
   To create your account, you must enter a password in the form below.
   Your email address and Real Name (if provided) will be shown with
   changes you make.
-</div>
+</p>
 
 <form id="confirm_account_form" method="post" action="token.cgi">
   <input type="hidden" name="t" value="[% token FILTER html %]">
@@ -44,7 +44,10 @@
     </tr>
     <tr>
       <th align="right"><label for="passwd1">Type your password</label>:</th>
-      <td><input type="password" id="passwd1" name="passwd1" value=""></td>
+      <td>
+        <input type="password" id="passwd1" name="passwd1" value="">
+        (minimum [% constants.USER_PASSWORD_MIN_LENGTH FILTER none %] characters)
+      </td>
     </tr>
     <tr>
       <th align="right"><label for="passwd2">Confirm your password</label>:</th>
diff --git a/template/en/default/account/password/set-forgotten-password.html.tmpl b/template/en/default/account/password/set-forgotten-password.html.tmpl
index ca134a486..a2ae517c8 100644
--- a/template/en/default/account/password/set-forgotten-password.html.tmpl
+++ b/template/en/default/account/password/set-forgotten-password.html.tmpl
@@ -33,6 +33,7 @@
       <th align="right">New Password:</th>
       <td>
         <input type="password" name="password">
+        (minimum [% constants.USER_PASSWORD_MIN_LENGTH FILTER none %] characters)
       </td>
     </tr>
     
diff --git a/template/en/default/global/user-error.html.tmpl b/template/en/default/global/user-error.html.tmpl
index 5dd0c6a0a..4e3ffae50 100644
--- a/template/en/default/global/user-error.html.tmpl
+++ b/template/en/default/global/user-error.html.tmpl
@@ -1301,6 +1301,14 @@
     [% title = "Passwords Don't Match" %]
     The two passwords you entered did not match.
 
+  [% ELSIF error == "password_current_too_short" %]
+    [% title = "New Password Required" %]
+    Your password is currently less than
+    [%+ constants.USER_PASSWORD_MIN_LENGTH FILTER html %] characters long,
+    which is the new minimum length required for passwords.
+    You must <a href="token.cgi?a=reqpw&loginname=[% locked_user.email FILTER html %]">
+    request a new password</a> in order to log in again.
+
   [% ELSIF error == "password_too_short" %]
     [% title = "Password Too Short" %]
     The password must be at least
-- 
cgit v1.2.3-24-g4f1b