Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

stricter password requirements #5657

Closed
wants to merge 1 commit into from
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion lib/devise.rb
Original file line number Diff line number Diff line change
Expand Up @@ -119,7 +119,7 @@ module Test

# Range validation for password length
mattr_accessor :password_length
@@password_length = 6..128
@@password_length = 10..128

# The time the user will be remembered without asking for credentials again.
mattr_accessor :remember_for
Expand Down
7 changes: 7 additions & 0 deletions lib/devise/models/validatable.rb
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,7 @@ def self.included(base)
validates_presence_of :password, if: :password_required?
validates_confirmation_of :password, if: :password_required?
validates_length_of :password, within: password_length, allow_blank: true
validate :password_security, if: :password_required?
end
end

Expand All @@ -60,6 +61,12 @@ def email_required?
true
end

def password_security(password)
unless password =~ /[A-Z]/ || unless password =~ /[a-z]/ || unless password =~ /\d/
errors[:password].add("is not secure.")
end
end

module ClassMethods
Devise::Models.config(self, :email_regexp, :password_length)
end
Expand Down
10 changes: 8 additions & 2 deletions test/models/validatable_test.rb
Original file line number Diff line number Diff line change
Expand Up @@ -80,10 +80,10 @@ class ValidatableTest < ActiveSupport::TestCase
assert user.errors.added?(:password_confirmation, :confirmation, attribute: "Password")
end

test 'should require a password with minimum of 7 characters' do
test 'should require a password with minimum of 10 characters' do
user = new_user(password: '12345', password_confirmation: '12345')
assert user.invalid?
assert_equal 'is too short (minimum is 7 characters)', user.errors[:password].join
assert_equal 'is too short (minimum is 10 characters)', user.errors[:password].join
end

test 'should require a password with maximum of 72 characters long' do
Expand All @@ -92,6 +92,12 @@ class ValidatableTest < ActiveSupport::TestCase
assert_equal 'is too long (maximum is 72 characters)', user.errors[:password].join
end

test 'should require a password with an uppercase, lowercase letter, and a number' do
user = new_user(password: 'abcdefghijk', password_confirmation: 'abcdefghijk')
assert user.invalid?
assert_equal 'is not secure', user.errors[:password].join
end

test 'should not require password length when it\'s not changed' do
user = create_user.reload
user.password = user.password_confirmation = nil
Expand Down