blob: fb095c27d59fb7e3ed016d179715bc69452eb844 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
|
#!/usr/bin/perl -T
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
#
# This Source Code Form is "Incompatible With Secondary Licenses", as
# defined by the Mozilla Public License, v. 2.0.
use 5.10.1;
use strict;
use warnings;
use lib qw(. lib local/lib/perl5);
use Bugzilla;
use Bugzilla::Constants;
use Bugzilla::Error;
use Bugzilla::Token;
use Bugzilla::User qw( validate_password );
use Bugzilla::Util qw( bz_crypt );
my $cgi = Bugzilla->cgi;
my $user = Bugzilla->login(LOGIN_REQUIRED);
my $template = Bugzilla->template;
my $dbh = Bugzilla->dbh;
if ($cgi->param('do_save')) {
my $token = $cgi->param('token');
check_token_data($token, 'reset_password');
my $old_password = $cgi->param('old_password') // '';
my $password_1 = $cgi->param('new_password1') // '';
my $password_2 = $cgi->param('new_password2') // '';
# make sure passwords never show up in the UI
foreach my $field (qw( old_password new_password1 new_password2 )) {
$cgi->delete($field);
}
# validation
my $old_crypt_password = $user->cryptpassword;
if (bz_crypt($old_password, $old_crypt_password) ne $old_crypt_password) {
ThrowUserError('old_password_incorrect');
}
if ($password_1 eq '' || $password_2 eq '') {
ThrowUserError('new_password_missing');
}
if ($old_password eq $password_1) {
ThrowUserError('new_password_same');
}
validate_password($password_1, $password_2);
# update
$dbh->bz_start_transaction;
$user->set_password($password_1);
$user->update({ keep_session => 1, keep_tokens => 1 });
Bugzilla->logout(LOGOUT_KEEP_CURRENT);
delete_token($token);
$dbh->bz_commit_transaction;
# done
print $cgi->header();
$template->process('index.html.tmpl', { message => 'password_changed' })
|| ThrowTemplateError($template->error());
}
else {
my $token = issue_session_token('reset_password');
print $cgi->header();
$template->process('account/reset-password.html.tmpl', { token => $token })
|| ThrowTemplateError($template->error());
}
|