From e9adcde4648b54db8d40f314ca938dca5080bb9c Mon Sep 17 00:00:00 2001
From: Dylan William Hardison <dylan@hardison.net>
Date: Fri, 15 Sep 2017 14:30:40 -0400
Subject: Bug 1391702 - Replace Bugzilla::User::validate_password() with calls
 to Data::Password::passwdqc

---
 Bugzilla/User.pm | 58 ++------------------------------------------------------
 1 file changed, 2 insertions(+), 56 deletions(-)

(limited to 'Bugzilla/User.pm')

diff --git a/Bugzilla/User.pm b/Bugzilla/User.pm
index 84fc1fb21..2d8256080 100644
--- a/Bugzilla/User.pm
+++ b/Bugzilla/User.pm
@@ -34,7 +34,7 @@ use Role::Tiny::With;
 
 use base qw(Bugzilla::Object Exporter);
 @Bugzilla::User::EXPORT = qw(is_available_username
-    login_to_id user_id_to_login validate_password validate_password_check
+    login_to_id user_id_to_login 
     USER_MATCH_MULTIPLE USER_MATCH_FAILED USER_MATCH_SUCCESS
     MATCH_SKIP_CONFIRM
 );
@@ -417,7 +417,7 @@ sub _check_password {
     # authentication.
     return $pass if $pass eq '*';
 
-    validate_password($pass);
+    Bugzilla->assert_password_is_secure($pass);
     my $cryptpassword = bz_crypt($pass);
     return $cryptpassword;
 }
@@ -2712,40 +2712,6 @@ sub user_id_to_login {
     return $login || '';
 }
 
-sub validate_password {
-    my $check = validate_password_check(@_);
-    ThrowUserError($check) if $check;
-    return 1;
-}
-
-sub validate_password_check {
-    my ($password, $matchpassword) = @_;
-
-    if (length($password) < USER_PASSWORD_MIN_LENGTH) {
-        return 'password_too_short';
-    } elsif ((defined $matchpassword) && ($password ne $matchpassword)) {
-        return 'passwords_dont_match';
-    }
-
-    my $complexity_level = Bugzilla->params->{password_complexity};
-    if ($complexity_level eq 'bmo') {
-        my $features = 0;
-
-        $features++ if $password =~ /[a-z]/;
-        $features++ if $password =~ /[A-Z]/;
-        $features++ if $password =~ /[0-9]/;
-        $features++ if $password =~ /[^A-Za-z0-9]/;
-        $features++ if length($password) > 12;
-
-        return 'password_not_complex' if $features < 3;
-    }
-
-    # Having done these checks makes us consider the password untainted.
-    trick_taint($_[0]);
-    return;
-}
-
-
 1;
 
 __END__
@@ -3369,26 +3335,6 @@ Returns the login name of the user account for the given user ID. If no
 valid user ID is given or the user has no entry in the profiles table,
 we return an empty string.
 
-=item C<validate_password($passwd1, $passwd2)>
-
-Returns true if a password is valid (i.e. meets Bugzilla's
-requirements for length and content), else throws an error.
-Untaints C<$passwd1> if successful.
-
-If a second password is passed in, this function also verifies that
-the two passwords match.
-
-=item C<validate_password_check($passwd1, $passwd2)>
-
-This sub routine is similair to C<validate_password>, except that it allows
-the calling code to handle its own errors.
-
-Returns undef and untaints C<$passwd1> if a password is valid (i.e. meets
-Bugzilla's requirements for length and content), else returns the error.
-
-If a second password is passed in, this function also verifies that
-the two passwords match.
-
 =item C<match_field($data, $fields, $behavior)>
 
 =over
-- 
cgit v1.2.3-24-g4f1b