r=gerv a=sgreen

Bug 1009013 - Require a user to change their password if they log in and their current password does not meet the password complexity rules
r=glob, a=sgreen

r=dkl a=sgreen

r=sgreen,a=glob

Bug 726696 - All authenticated WebServices methods should require username/pass, token or a valid API key for authentication
r=dkl, a=sgreen

re-encrypted and their password does not match the current complexity
rule
r=dkl, a=glob

r=dkl a=justdave

r=dkl a=justdave

Bug 987205: Bugzilla crashes because it tries to import a non-exported login_token() subroutine from Bugzilla::Auth::Login::Cookie
r=dkl a=justdave

r=gerv a=justdave

r=dkl, a=glob

Bug 748095: Bugzilla crashes when the shutdownhtml parameter is set and using a non-cookie based authentication method
r=dkl a=justdave

Bug 907438 - In MySQL, login cookie checking is not case-sensitive, reducing total entropy and allowing easier brute force
r=LpSolit,a=sgreen

Bug 917669 - invalid or expired authentication tokens and cookies should throw errors, not be silently ignored
r/a=glob

r=glob,a=sgreen

Bug 785283 - Support increased values for PASSWORD_SALT_LENGTH without breaking compat with old hashes
[r=LpSolit a=LpSolit]

r/a=LpSolit

r/a=LpSolit

r=wicked a=LpSolit

r/a=LpSolit

Bug 680131: Replace the MPL 1.1 license by the MPL 2.0 one in all files, and add it to files which miss one
r=kiko r=mkanat r=mrbball a=LpSolit

Make Login/Stack.pm refuse to continue down the stack if an Auth method returns an explicit failure. r=dkl, a=mkanat.

https://bugzilla.mozilla.org/show_bug.cgi?id=698423

r/a=mkanat

r=mkanat, a=mkanat

r/a=mkanat

Bug 575947: Users with passwords length less than 6 characters can't login after migration from 3.4.x or older to 3.6 or newer
r/a=mkanat

MS-SQL and SQLite support.

r=dkl, a=mkanat

provide login credentials on a LOGIN_REQUIRED page. (Before this, it was
attempting to display the HTML login page to JSON-RPC clients.)
r=dkl, a=mkanat

During the CVS imports into Bzr, there were some inconsistencies introduced
(mostly that files that were deleted in CVS weren't being deleted in Bzr).
So this checkin makes the bzr repo actually consistent with the CVS repo,
including fixing permissions of files.

Bug 467992: Login fails if the user's LDAP account is denied search in LDAP - Patch by Adam Batkin <adam@batkin.net> r/a=mkanat

Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=dkl, a=mkanat

Bug 385606: Logincookies are recreated at each HTTP request when using the 'Env' auth method - Patch by FrÃdÃric Buclin <LpSolit@gmail.com> r/a=mkanat

Bug 355283: Lock out a user account on a particular IP for 30 minutes if they fail to log in 5 times from that IP.
Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=LpSolit

Patch by Max Kanat-Alexander <mkanat@bugzilla.org> (module owner) a=mkanat

Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=dkl, a=mkanat

Bug 399073: Remove the 'loginnetmask' parameter - Patch by FrÃdÃric Buclin <LpSolit@gmail.com> r/a=mkanat

Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=dkl, a=mkanat

Bug 488467: Verify and Login auth methods were being called in a random order, causing sudo sessions to frequently not need the user to re-enter their password.
Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=LpSolit

Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=LpSolit