RT#42235: Strict password requirments are not disabled for signup portal [respects agent override]

3 files changed, 9 insertions, 0 deletions

diff --git a/FS/FS/ClientAPI/MyAccount.pm b/FS/FS/ClientAPI/MyAccount.pm
index 5b2421b75..9564e9c9f 100644
--- a/FS/FS/ClientAPI/MyAccount.pm
+++ b/FS/FS/ClientAPI/MyAccount.pm
@@ -3282,6 +3282,13 @@ sub validate_passwd {
     # end false laziness
   }
 
+  unless ($svc_acct) {
+    my $conf = new FS::Conf;
+    my $agentnum = $p->{'agentnum'};
+    return { %result, 'password_valid' => 1 }
+      if $conf->config_bool('password-insecure', $p->{'agentnum'});
+  }
+
   $svc_acct ||= new FS::svc_acct {};
 
   my $error = $svc_acct->is_password_allowed($p->{'check_password'});
diff --git a/FS/FS/ClientAPI/Signup.pm b/FS/FS/ClientAPI/Signup.pm
index a9678b051..7c70a6717 100644
--- a/FS/FS/ClientAPI/Signup.pm
+++ b/FS/FS/ClientAPI/Signup.pm
@@ -700,6 +700,7 @@ sub new_customer {
       };
       
       my $error = $svc->is_password_allowed($packet->{_password});
+      $error = '' if $conf->config_bool('password-insecure', $agentnum);
       return { error => $error } if $error;
 
       my @acct_snarf;
diff --git a/FS/FS/Password_Mixin.pm b/FS/FS/Password_Mixin.pm
index fc2e03e89..b80708116 100644
--- a/FS/FS/Password_Mixin.pm
+++ b/FS/FS/Password_Mixin.pm
@@ -54,6 +54,7 @@ sub is_password_allowed {
     my $cust_pkg = FS::cust_pkg->by_key($self->get('pkgnum'));
     $cust_main = $cust_pkg->cust_main if $cust_pkg;
   }
+  # selfservice signup invokes this without customer, but it checks this conf separately
   warn "is_password_allowed: no customer could be identified" if !$cust_main;
   return '' if $cust_main && $conf->config_bool('password-insecure', $cust_main->agentnum);