From e6d45b6d6028527079744af20dc9407a2a3867f2 Mon Sep 17 00:00:00 2001
From: Byron Jones <glob@mozilla.com>
Date: Tue, 25 Aug 2015 13:40:13 +0800
Subject: Bug 1196134 - add ability for admins to force a user to change their
 password on next login

---
 reset_password.cgi | 72 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 72 insertions(+)
 create mode 100755 reset_password.cgi

(limited to 'reset_password.cgi')

diff --git a/reset_password.cgi b/reset_password.cgi
new file mode 100755
index 000000000..f784afb81
--- /dev/null
+++ b/reset_password.cgi
@@ -0,0 +1,72 @@
+#!/usr/bin/perl -wT
+
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# This Source Code Form is "Incompatible With Secondary Licenses", as
+# defined by the Mozilla Public License, v. 2.0.
+
+use strict;
+
+use lib qw(. lib);
+
+use Bugzilla;
+use Bugzilla::Constants;
+use Bugzilla::Error;
+use Bugzilla::Token;
+use Bugzilla::User qw( validate_password );
+use Bugzilla::Util qw( bz_crypt );
+
+my $cgi = Bugzilla->cgi;
+my $user = Bugzilla->login(LOGIN_REQUIRED);
+my $template = Bugzilla->template;
+my $dbh = Bugzilla->dbh;
+
+if ($cgi->param('do_save')) {
+    my $token = $cgi->param('token');
+    check_token_data($token, 'reset_password');
+
+    my $old_password = $cgi->param('old_password') // '';
+    my $password_1 = $cgi->param('new_password1') // '';
+    my $password_2 = $cgi->param('new_password2') // '';
+
+    # make sure passwords never show up in the UI
+    foreach my $field (qw( old_password new_password1 new_password2 )) {
+        $cgi->delete($field);
+    }
+
+    # validation
+    my $old_crypt_password = $user->cryptpassword;
+    if (bz_crypt($old_password, $old_crypt_password) ne $old_crypt_password) {
+        ThrowUserError('old_password_incorrect');
+    }
+    if ($password_1 eq '' || $password_2 eq '') {
+        ThrowUserError('new_password_missing');
+    }
+    if ($old_password eq $password_1) {
+        ThrowUserError('new_password_same');
+    }
+    validate_password($password_1, $password_2);
+
+    # update
+    $dbh->bz_start_transaction;
+    $user->set_password($password_1);
+    $user->update({ keep_session => 1, keep_tokens => 1 });
+    Bugzilla->logout(LOGOUT_KEEP_CURRENT);
+    delete_token($token);
+    $dbh->bz_commit_transaction;
+
+    # done
+    print $cgi->header();
+    $template->process('index.html.tmpl', { message => 'password_changed' })
+        || ThrowTemplateError($template->error());
+}
+
+else {
+    my $token = issue_session_token('reset_password');
+
+    print $cgi->header();
+    $template->process('account/reset-password.html.tmpl', { token => $token })
+        || ThrowTemplateError($template->error());
+}
-- 
cgit v1.2.3-24-g4f1b