From 6262f4fba8cca7db52a9e2f1b2eaa69f40a26dfe Mon Sep 17 00:00:00 2001
From: Byron Jones <glob@mozilla.com>
Date: Tue, 20 May 2014 13:50:48 +0800
Subject: [PATCH] Bug 1009017: users are unable to log in if their password
 needs to be re-encrypted and their password does not match the current
 complexity rule r=dkl, a=glob

---
 .gitrev                    | 2 +-
 Bugzilla/Auth/Verify/DB.pm | 4 +++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/.gitrev b/.gitrev
index 30ed0b0ac..3aae35bd7 100644
--- a/.gitrev
+++ b/.gitrev
@@ -1 +1 @@
-a7c6e8a56bdcac31c2620076657a8c608dd18581
\ No newline at end of file
+f7f5857fdb5bd06e27c0238215ecd24d9c580db8
\ No newline at end of file
diff --git a/Bugzilla/Auth/Verify/DB.pm b/Bugzilla/Auth/Verify/DB.pm
index 6ca04f259..99dc48ddc 100644
--- a/Bugzilla/Auth/Verify/DB.pm
+++ b/Bugzilla/Auth/Verify/DB.pm
@@ -68,7 +68,9 @@ sub check_credentials {
     # whatever hashing system we're using now.
     my $current_algorithm = PASSWORD_DIGEST_ALGORITHM;
     if ($real_password_crypted !~ /{\Q$current_algorithm\E}$/) {
-        $user->set_password($password);
+        # We can't call $user->set_password because we don't want the password
+        # complexity rules to apply here.
+        $user->{cryptpassword} = bz_crypt($password);
         $user->update();
     }