Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

stricter password requirements #5657

Closed
wants to merge 1 commit into from
Closed

stricter password requirements #5657

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
2 changes: 1 addition & 1 deletion lib/devise.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -119,7 +119,7 @@ module Test

# Range validation for password length
mattr_accessor :password_length
@@password_length = 6..128
@@password_length = 10..128

# The time the user will be remembered without asking for credentials again.
mattr_accessor :remember_for
Expand Down
7 changes: 7 additions & 0 deletions lib/devise/models/validatable.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,7 @@ def self.included(base)
validates_presence_of :password, if: :password_required?
validates_confirmation_of :password, if: :password_required?
validates_length_of :password, within: password_length, allow_blank: true
validate :password_security, if: :password_required?
end
end

Expand All @@ -60,6 +61,12 @@ def email_required?
true
end

def password_security(password)
unless password =~ /[A-Z]/ || unless password =~ /[a-z]/ || unless password =~ /\d/
errors[:password].add("is not secure.")
end
end

module ClassMethods
Devise::Models.config(self, :email_regexp, :password_length)
end
Expand Down
10 changes: 8 additions & 2 deletions test/models/validatable_test.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -80,10 +80,10 @@ class ValidatableTest < ActiveSupport::TestCase
assert user.errors.added?(:password_confirmation, :confirmation, attribute: "Password")
end

test 'should require a password with minimum of 7 characters' do
test 'should require a password with minimum of 10 characters' do
user = new_user(password: '12345', password_confirmation: '12345')
assert user.invalid?
assert_equal 'is too short (minimum is 7 characters)', user.errors[:password].join
assert_equal 'is too short (minimum is 10 characters)', user.errors[:password].join
end

test 'should require a password with maximum of 72 characters long' do
Expand All @@ -92,6 +92,12 @@ class ValidatableTest < ActiveSupport::TestCase
assert_equal 'is too long (maximum is 72 characters)', user.errors[:password].join
end

test 'should require a password with an uppercase, lowercase letter, and a number' do
user = new_user(password: 'abcdefghijk', password_confirmation: 'abcdefghijk')
assert user.invalid?
assert_equal 'is not secure', user.errors[:password].join
end

test 'should not require password length when it\'s not changed' do
user = create_user.reload
user.password = user.password_confirmation = nil
Expand Down