From 73ea75885de78077c9528428617fa8403935d7a5 Mon Sep 17 00:00:00 2001
From: Frédéric Buclin <LpSolit@gmail.com>
Date: Thu, 14 Oct 2010 02:39:28 +0200
Subject: Bug 575947: Users with passwords length less than 6 characters can't
 login after migration from 3.4.x or older to 3.6 or newer r/a=mkanat

---
 Bugzilla/Auth.pm                 | 7 ++++++-
 Bugzilla/Auth/Verify/DB.pm       | 6 ++++++
 Bugzilla/WebService/Constants.pm | 1 +
 Bugzilla/WebService/User.pm      | 5 +++++
 4 files changed, 18 insertions(+), 1 deletion(-)

(limited to 'Bugzilla')

diff --git a/Bugzilla/Auth.pm b/Bugzilla/Auth.pm
index b1da319a4..f289a4ba1 100644
--- a/Bugzilla/Auth.pm
+++ b/Bugzilla/Auth.pm
@@ -151,7 +151,12 @@ sub _handle_login_result {
         }
     }
     elsif ($fail_code == AUTH_ERROR) {
-        ThrowCodeError($result->{error}, $result->{details});
+        if ($result->{user_error}) {
+            ThrowUserError($result->{error}, $result->{details});
+        }
+        else {
+            ThrowCodeError($result->{error}, $result->{details});
+        }
     }
     elsif ($fail_code == AUTH_NODATA) {
         $self->{_info_getter}->fail_nodata($self) 
diff --git a/Bugzilla/Auth/Verify/DB.pm b/Bugzilla/Auth/Verify/DB.pm
index d8794472e..c562d1353 100644
--- a/Bugzilla/Auth/Verify/DB.pm
+++ b/Bugzilla/Auth/Verify/DB.pm
@@ -74,6 +74,12 @@ sub check_credentials {
                };
     } 
 
+    # Force the user to type a longer password if it's too short.
+    if (length($password) < USER_PASSWORD_MIN_LENGTH) {
+        return { failure => AUTH_ERROR, error => 'password_current_too_short',
+                 user_error => 1, details => { locked_user => $user } };
+    }
+
     # The user's credentials are okay, so delete any outstanding
     # password tokens or login failures they may have generated.
     Bugzilla::Token::DeletePasswordTokens($user->id, "user_logged_in");
diff --git a/Bugzilla/WebService/Constants.pm b/Bugzilla/WebService/Constants.pm
index f77c54c85..788f8bcc4 100644
--- a/Bugzilla/WebService/Constants.pm
+++ b/Bugzilla/WebService/Constants.pm
@@ -103,6 +103,7 @@ use constant WS_ERROR_CODE => {
     auth_invalid_email           => 302,
     extern_id_conflict           => -303,
     auth_failure                 => 304,
+    password_current_too_short   => 305,
 
     # Except, historically, AUTH_NODATA, which is 410.
     login_required               => 410,
diff --git a/Bugzilla/WebService/User.pm b/Bugzilla/WebService/User.pm
index e13921ea6..1471da8aa 100644
--- a/Bugzilla/WebService/User.pm
+++ b/Bugzilla/WebService/User.pm
@@ -331,6 +331,11 @@ The username does not exist, or the password is wrong.
 The account has been disabled.  A reason may be specified with the
 error.
 
+=item 305 (New Password Required)
+
+The current password is correct, but the user is asked to change
+his password.
+
 =item 50 (Param Required)
 
 A login or password parameter was not provided.
-- 
cgit v1.2.3-24-g4f1b