Bug 575947: Users with passwords length less than 6 characters can't login after…

Bugzilla/Auth.pm

@@ -151,8 +151,13 @@ sub _handle_login_result {
         }
     }
     elsif ($fail_code == AUTH_ERROR) {
+        if ($result->{user_error}) {
+            ThrowUserError($result->{error}, $result->{details});
+        }
+        else {
             ThrowCodeError($result->{error}, $result->{details});
         }
+    }
     elsif ($fail_code == AUTH_NODATA) {
         $self->{_info_getter}->fail_nodata($self) 
             if $login_type == LOGIN_REQUIRED;

Bugzilla/Auth/Verify/DB.pm

@@ -74,6 +74,12 @@ sub check_credentials {
                };
     } 
 
+    # Force the user to type a longer password if it's too short.
+    if (length($password) < USER_PASSWORD_MIN_LENGTH) {
+        return { failure => AUTH_ERROR, error => 'password_current_too_short',
+                 user_error => 1, details => { locked_user => $user } };
+    }
+
     # The user's credentials are okay, so delete any outstanding
     # password tokens or login failures they may have generated.
     Bugzilla::Token::DeletePasswordTokens($user->id, "user_logged_in");

Bugzilla/WebService/Constants.pm

@@ -103,6 +103,7 @@ use constant WS_ERROR_CODE => {
     auth_invalid_email           => 302,
     extern_id_conflict           => -303,
     auth_failure                 => 304,
+    password_current_too_short   => 305,
 
     # Except, historically, AUTH_NODATA, which is 410.
     login_required               => 410,

Bugzilla/WebService/User.pm

@@ -331,6 +331,11 @@ The username does not exist, or the password is wrong.
 The account has been disabled.  A reason may be specified with the
 error.
 
+=item 305 (New Password Required)
+
+The current password is correct, but the user is asked to change
+his password.
+
 =item 50 (Param Required)
 
 A login or password parameter was not provided.

template/en/default/account/email/confirm-new.html.tmpl

@@ -24,11 +24,11 @@
            title = title
            onload = "document.forms['confirm_account_form'].realname.focus();" %]
 
-<div>
+<p>
   To create your account, you must enter a password in the form below.
   Your email address and Real Name (if provided) will be shown with
   changes you make.
-</div>
+</p>
 
 <form id="confirm_account_form" method="post" action="token.cgi">
   <input type="hidden" name="t" value="[% token FILTER html %]">
@@ -44,7 +44,10 @@
     </tr>
     <tr>
       <th align="right"><label for="passwd1">Type your password</label>:</th>
-      <td><input type="password" id="passwd1" name="passwd1" value=""></td>
+      <td>
+        <input type="password" id="passwd1" name="passwd1" value="">
+        (minimum [% constants.USER_PASSWORD_MIN_LENGTH FILTER none %] characters)
+      </td>
     </tr>
     <tr>
       <th align="right"><label for="passwd2">Confirm your password</label>:</th>

template/en/default/account/password/set-forgotten-password.html.tmpl

@@ -33,6 +33,7 @@
       <th align="right">New Password:</th>
       <td>
         <input type="password" name="password">
+        (minimum [% constants.USER_PASSWORD_MIN_LENGTH FILTER none %] characters)
       </td>
     </tr>
     

template/en/default/global/user-error.html.tmpl

@@ -1301,6 +1301,14 @@
     [% title = "Passwords Don't Match" %]
     The two passwords you entered did not match.
 
+  [% ELSIF error == "password_current_too_short" %]
+    [% title = "New Password Required" %]
+    Your password is currently less than
+    [%+ constants.USER_PASSWORD_MIN_LENGTH FILTER html %] characters long,
+    which is the new minimum length required for passwords.
+    You must <a href="token.cgi?a=reqpw&loginname=[% locked_user.email FILTER html %]">
+    request a new password</a> in order to log in again.
+
   [% ELSIF error == "password_too_short" %]
     [% title = "Password Too Short" %]
     The password must be at least