From 73ea75885de78077c9528428617fa8403935d7a5 Mon Sep 17 00:00:00 2001
From: Frédéric Buclin <LpSolit@gmail.com>
Date: Thu, 14 Oct 2010 02:39:28 +0200
Subject: Bug 575947: Users with passwords length less than 6 characters can't
 login after migration from 3.4.x or older to 3.6 or newer r/a=mkanat

---
 Bugzilla/Auth/Verify/DB.pm | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'Bugzilla/Auth')

diff --git a/Bugzilla/Auth/Verify/DB.pm b/Bugzilla/Auth/Verify/DB.pm
index d8794472e..c562d1353 100644
--- a/Bugzilla/Auth/Verify/DB.pm
+++ b/Bugzilla/Auth/Verify/DB.pm
@@ -74,6 +74,12 @@ sub check_credentials {
                };
     } 
 
+    # Force the user to type a longer password if it's too short.
+    if (length($password) < USER_PASSWORD_MIN_LENGTH) {
+        return { failure => AUTH_ERROR, error => 'password_current_too_short',
+                 user_error => 1, details => { locked_user => $user } };
+    }
+
     # The user's credentials are okay, so delete any outstanding
     # password tokens or login failures they may have generated.
     Bugzilla::Token::DeletePasswordTokens($user->id, "user_logged_in");
-- 
cgit v1.2.3-24-g4f1b