Bug 575947: Users with passwords length less than 6 characters can't login after migration from 3.4.x or older to 3.6 or newer

r/a=mkanat git-svn-id: svn://10.0.0.236/branches/BUGZILLA-4_0-BRANCH@261395 18797224-902f-48f8-a5cc-f745e15eee43
2010-10-14 00:53:22 +00:00 · 2010-10-14 00:53:22 +00:00 · a3c230bf03
commit a3c230bf03
parent 8a38211ca1
8 changed files with 34 additions and 5 deletions
--- a/mozilla/webtools/bugzilla/.bzrrev
+++ b/mozilla/webtools/bugzilla/.bzrrev
@ -1 +1 @@
-7439
+7440
--- a/mozilla/webtools/bugzilla/Bugzilla/Auth.pm
+++ b/mozilla/webtools/bugzilla/Bugzilla/Auth.pm
@ -151,7 +151,12 @@ sub _handle_login_result {
        }
    }
    elsif ($fail_code == AUTH_ERROR) {
-        ThrowCodeError($result->{error}, $result->{details});
+        if ($result->{user_error}) {
+            ThrowUserError($result->{error}, $result->{details});
+        }
+        else {
+            ThrowCodeError($result->{error}, $result->{details});
+        }
    }
    elsif ($fail_code == AUTH_NODATA) {
        $self->{_info_getter}->fail_nodata($self) 
--- a/mozilla/webtools/bugzilla/Bugzilla/Auth/Verify/DB.pm
+++ b/mozilla/webtools/bugzilla/Bugzilla/Auth/Verify/DB.pm
@ -74,6 +74,12 @@ sub check_credentials {
               };
    } 

+    # Force the user to type a longer password if it's too short.
+    if (length($password) < USER_PASSWORD_MIN_LENGTH) {
+        return { failure => AUTH_ERROR, error => 'password_current_too_short',
+                 user_error => 1, details => { locked_user => $user } };
+    }
+
    # The user's credentials are okay, so delete any outstanding
    # password tokens or login failures they may have generated.
    Bugzilla::Token::DeletePasswordTokens($user->id, "user_logged_in");
--- a/mozilla/webtools/bugzilla/Bugzilla/WebService/Constants.pm
+++ b/mozilla/webtools/bugzilla/Bugzilla/WebService/Constants.pm
@ -103,6 +103,7 @@ use constant WS_ERROR_CODE => {
    auth_invalid_email           => 302,
    extern_id_conflict           => -303,
    auth_failure                 => 304,
+    password_current_too_short   => 305,

    # Except, historically, AUTH_NODATA, which is 410.
    login_required               => 410,
--- a/mozilla/webtools/bugzilla/Bugzilla/WebService/User.pm
+++ b/mozilla/webtools/bugzilla/Bugzilla/WebService/User.pm
@ -331,6 +331,11 @@ The username does not exist, or the password is wrong.
 The account has been disabled.  A reason may be specified with the
 error.

+=item 305 (New Password Required)
+
+The current password is correct, but the user is asked to change
+his password.
+
 =item 50 (Param Required)

 A login or password parameter was not provided.
--- a/mozilla/webtools/bugzilla/template/en/default/account/email/confirm-new.html.tmpl
+++ b/mozilla/webtools/bugzilla/template/en/default/account/email/confirm-new.html.tmpl
@ -24,11 +24,11 @@
           title = title
           onload = "document.forms['confirm_account_form'].realname.focus();" %]

-<div>
+<p>
  To create your account, you must enter a password in the form below.
  Your email address and Real Name (if provided) will be shown with
  changes you make.
-</div>
+</p>

 <form id="confirm_account_form" method="post" action="token.cgi">
  <input type="hidden" name="t" value="[% token FILTER html %]">
@ -44,7 +44,10 @@
    </tr>
    <tr>
      <th align="right"><label for="passwd1">Type your password</label>:</th>
-      <td><input type="password" id="passwd1" name="passwd1" value=""></td>
+      <td>
+        <input type="password" id="passwd1" name="passwd1" value="">
+        (minimum [% constants.USER_PASSWORD_MIN_LENGTH FILTER none %] characters)
+      </td>
    </tr>
    <tr>
      <th align="right"><label for="passwd2">Confirm your password</label>:</th>
--- a/mozilla/webtools/bugzilla/template/en/default/account/password/set-forgotten-password.html.tmpl
+++ b/mozilla/webtools/bugzilla/template/en/default/account/password/set-forgotten-password.html.tmpl
@ -33,6 +33,7 @@
      <th align="right">New Password:</th>
      <td>
        <input type="password" name="password">
+        (minimum [% constants.USER_PASSWORD_MIN_LENGTH FILTER none %] characters)
      </td>
    </tr>
    
--- a/mozilla/webtools/bugzilla/template/en/default/global/user-error.html.tmpl
+++ b/mozilla/webtools/bugzilla/template/en/default/global/user-error.html.tmpl
@ -1315,6 +1315,14 @@
    [% title = "Passwords Don't Match" %]
    The two passwords you entered did not match.

+  [% ELSIF error == "password_current_too_short" %]
+    [% title = "New Password Required" %]
+    Your password is currently less than
+    [%+ constants.USER_PASSWORD_MIN_LENGTH FILTER html %] characters long,
+    which is the new minimum length required for passwords.
+    You must <a href="token.cgi?a=reqpw&loginname=[% locked_user.email FILTER html %]">
+    request a new password</a> in order to log in again.
+
  [% ELSIF error == "password_too_short" %]
    [% title = "Password Too Short" %]
    The password must be at least