Bug 241900: Allow Bugzilla::Auth to have multiple login and validation styles

patch by erik
r=joel, kiko
a=myk

1 files changed, 8 insertions, 1 deletions

diff --git a/token.cgi b/token.cgi
index 36508f0a5..03d0e8b03 100755
--- a/token.cgi
+++ b/token.cgi
@@ -95,12 +95,19 @@ if ($cgi->param('t')) {
   }
 }
 
+
 # If the user is requesting a password change, make sure they submitted
-# their login name and it exists in the database.
+# their login name and it exists in the database, and that the DB module is in
+# the list of allowed verification methids.
 if ( $::action eq 'reqpw' ) {
     defined $cgi->param('loginname')
       || ThrowUserError("login_needed_for_password_change");
 
+    # check verification methods
+    unless (Bugzilla::Auth->has_db) {
+        ThrowUserError("password_change_requests_not_allowed");
+    }
+
     # Make sure the login name looks like an email address.  This function
     # displays its own error and stops execution if the login name looks wrong.
     CheckEmailSyntax($cgi->param('loginname'));