Introduce config to allow for password complexity

[kykyi]

In relation to #5591

This PR introduces application config to allow for password complexity to granularly managed with new validation options for:

• presence of a lower case letter
• presence of a upper case letter
• presence of a number
• presence of a special character (from a list of special characters that is configurable)

These are all false by default, and configurable like:

Devise.setup do |config|
      config.password_length = 8..128 # (existing)
      config.password_requires_lowercase = true
      config.password_requires_uppercase = true
      config.password_requires_number = true
      config.password_requires_special_character = true
      config.password_special_characters = ":)"
end

Note

• I haven't run any linting, I couldn't find instructions on what config was used for that 😄
• I haven't updated any docs, please advise where I need to update if at all 🙏

[kykyi]

Hey @nashby if I could please request a review 😄

[kykyi]

I wonder if there could be some more general config like:

  @@require_complex_password = false

Which if true would require all of these individual pieces?
So the validations could become:

validates_format_of :password, with: /\p{Upper}/, if: -> { password_requires_uppercase || require_complex_password }, message: :must_contain_uppercase

[kykyi]

Polite bump @nashby @carlosantoniodasilva 😇

[datpmt]

how about modify the following configurations in the initializer file as below?

config.password_complexity = {
  upper: 1,    # At least 1 uppercase letter
  lower: 2,    # At least 2 lowercase letters
  digit: 3,    # At least 3 digits
  special: 4,  # At least 4 special characters
}

[kykyi]

how about modify the following configurations in the initializer file as below?

config.password_complexity = {
  upper: 1,    # At least 1 uppercase letter
  lower: 2,    # At least 2 lowercase letters
  digit: 3,    # At least 3 digits
  special: 4,  # At least 4 special characters
}

Thanks @datpmt seems like an elegant solution ✅ One issue which I could see arise however could be a clash between this and password length minimums? For ex, if you set the above, but stuck with the default 8 character minimum, you couldn't satisfy all the configured preferences. I think something like this could use your nicer syntax but also be more ergonomic with the wider validation system:

config.password_complexity = {
  upper: true,    # require upper
  lower: false,    # don't require lower
  digit: true,    # require digit
  special: true,  # require special character
  special_characters: ["!", "?", "@", "\"]
}

What do you think?

[datpmt]

stuck with the default 8 character minimum

config.password_complexity = {
  upper: true,       # require upper
  lower: false,      # don't require lower
  digit: true,       # require digit
  # special: true,   # redundant
  special_characters: ["!", "?", "@", "\"] # empty <=> special: false
}

@kykyi Ah I see. Cool! Let do it! 👍

[kykyi]

@datpmt updated to use your dict style ✅

[datpmt]

Suggested change

	require "test_helper"
	require 'test_helper'

Prefer single-quoted strings when you don't need string interpolation or special symbols.
References: rubocop

[datpmt]

Useless assignment to variable - original_value.

[datpmt]

Suggested change

	test 'should require email to be set' do
	test 'should require email to be set' do

remove redundant space