From 3238e2d9fcd532807847556514c0519fa0869b14 Mon Sep 17 00:00:00 2001
From: Dylan Hardison <dylan@mozilla.com>
Date: Wed, 4 Nov 2015 17:51:25 -0500
Subject: Bug 1177911 - Determine and implement better password requirements
 for BMO

---
 Bugzilla/User.pm | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

(limited to 'Bugzilla/User.pm')

diff --git a/Bugzilla/User.pm b/Bugzilla/User.pm
index ebd82002f..1a0deed6b 100644
--- a/Bugzilla/User.pm
+++ b/Bugzilla/User.pm
@@ -2482,15 +2482,16 @@ sub validate_password_check {
     }
 
     my $complexity_level = Bugzilla->params->{password_complexity};
-    if ($complexity_level eq 'letters_numbers_specialchars') {
-        return 'password_not_complex'
-          if ($password !~ /[[:alpha:]]/ || $password !~ /\d/ || $password !~ /[[:punct:]]/);
-    } elsif ($complexity_level eq 'letters_numbers') {
-        return 'password_not_complex'
-          if ($password !~ /[[:lower:]]/ || $password !~ /[[:upper:]]/ || $password !~ /\d/);
-    } elsif ($complexity_level eq 'mixed_letters') {
-        return 'password_not_complex'
-          if ($password !~ /[[:lower:]]/ || $password !~ /[[:upper:]]/);
+    if ($complexity_level eq 'bmo') {
+        my $features = 0;
+
+        $features++ if $password =~ /[a-z]/;
+        $features++ if $password =~ /[A-Z]/;
+        $features++ if $password =~ /[0-9]/;
+        $features++ if $password =~ /[^A-Za-z0-9]/;
+        $features++ if length($password) > 12;
+
+        return 'password_not_complex' if $features < 3;
     }
 
     # Having done these checks makes us consider the password untainted.
-- 
cgit v1.2.3-24-g4f1b