Bug 1009017: users are unable to log in if their password needs to be

re-encrypted and their password does not match the current complexity rule r=dkl, a=glob

Bug 1009017: users are unable to log in if their password needs to be
f7f5857f · Byron Jones · a7c6e8a5 · f7f5857f
Commit f7f5857f authored May 20, 2014 by Byron Jones
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 1 deletion

DB.pm Bugzilla/Auth/Verify/DB.pm +3 -1

No files found.
--- a/Bugzilla/Auth/Verify/DB.pm
+++ b/Bugzilla/Auth/Verify/DB.pm
@@ -68,7 +68,9 @@ sub check_credentials {
    # whatever hashing system we're using now.
    my $current_algorithm = PASSWORD_DIGEST_ALGORITHM;
    if ($real_password_crypted !~ /{\Q$current_algorithm\E}$/) {
-        $user->set_password($password);
+        # We can't call $user->set_password because we don't want the password
+        # complexity rules to apply here.
+        $user->{cryptpassword} = bz_crypt($password);
        $user->update();
    }