From b8ecdca238744552db04acb5450ce078d9760a4c Mon Sep 17 00:00:00 2001
From: Simon Green <sgreen@redhat.com>
Date: Thu, 11 Sep 2014 09:45:23 +1000
Subject: Bug 1009013 - Require a user to change their password if they log in
 and their current password does not meet the password complexity rules
 r=glob, a=sgreen

---
 Bugzilla/Auth/Verify/DB.pm | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

(limited to 'Bugzilla/Auth/Verify/DB.pm')

diff --git a/Bugzilla/Auth/Verify/DB.pm b/Bugzilla/Auth/Verify/DB.pm
index ad7f15d24..28a9310c9 100644
--- a/Bugzilla/Auth/Verify/DB.pm
+++ b/Bugzilla/Auth/Verify/DB.pm
@@ -56,10 +56,19 @@ sub check_credentials {
                };
     } 
 
-    # Force the user to type a longer password if it's too short.
-    if (length($password) < USER_PASSWORD_MIN_LENGTH) {
-        return { failure => AUTH_ERROR, user_error => 'password_current_too_short',
-                 details => { locked_user => $user } };
+    # Force the user to change their password if it does not meet the current
+    # criteria. This should usually only happen if the criteria has changed.
+    if (Bugzilla->usage_mode == USAGE_MODE_BROWSER &&
+        Bugzilla->params->{password_check_on_login})
+    {
+        my $check = validate_password_check($password);
+        if ($check) {
+            return {
+                failure => AUTH_ERROR,
+                user_error => $check,
+                details => { locked_user => $user }
+            }
+        }
     }
 
     # The user's credentials are okay, so delete any outstanding
-- 
cgit v1.2.3-24-g4f1b