Bug 1756726: Apply password policy on upgrade

Force all users on internal auth to reset their password on login
after upgrade

behatnotneeded

Change-Id: Ia988a0a7b939969bf0638eb410d17e1c88282c31
Signed-off-by: Robert Lyon <robertl@catalyst.net.nz>

htdocs/lib/db/upgrade.php

@@ -5797,5 +5797,19 @@ function xmldb_core_upgrade($oldversion=0) {
         }
     }
 
+    if ($oldversion < 2018022503) {
+        if (!get_config('passwordpolicy')) {
+            log_debug('Force users to change their password to fix new password policy');
+            execute_sql("UPDATE {usr} SET passwordchange = 1
+                         WHERE authinstance IN (
+                             SELECT ai.id
+                             FROM {auth_instance} ai
+                             WHERE ai.authname = 'internal'
+                         )
+                         AND id != 0"); // Ignore the root user
+            set_config('passwordpolicy', '8_ulns');
+        }
+    }
+
     return $status;
 }

htdocs/lib/version.php

@@ -16,7 +16,7 @@ $config = new stdClass();
 // See https://wiki.mahara.org/wiki/Developer_Area/Version_Numbering_Policy
 // For upgrades on stable branches, increment the version by one.  On master, use the date.
 
-$config->version = 2018022502;
+$config->version = 2018022503;
 $config->series = '18.04';
 $config->release = '18.04rc2testing';
 $config->minupgradefrom = 2015030409;