Merge pull request #3319 from lleger/lleger-fix-password-length

Update password length validation to 72 characters max
2022-11-09 12:18:31 -05:00 · 2014-11-19 10:25:27 +01:00 · 2014-11-19 10:25:27 +01:00 · a76dfd6552
commit a76dfd6552
parent 0efd9244bf c7cc91cb65
5 changed files with 10 additions and 10 deletions
--- a/lib/devise/models/validatable.rb
+++ b/lib/devise/models/validatable.rb
@ -10,7 +10,7 @@ module Devise
    # Validatable adds the following options to devise_for:
    #
    #   * +email_regexp+: the regular expression used to validate e-mails;
-    #   * +password_length+: a range expressing password length. Defaults to 8..128.
+    #   * +password_length+: a range expressing password length. Defaults to 8..72.
    #
    module Validatable
      # All validations used by this module.
--- a/lib/generators/templates/devise.rb
+++ b/lib/generators/templates/devise.rb
@ -144,7 +144,7 @@ Devise.setup do |config|

  # ==> Configuration for :validatable
  # Range for password length.
-  config.password_length = 8..128
+  config.password_length = 8..72

  # Email regex used to validate email formats. It simply asserts that
  # one (and only one) @ exists in the given string. This is mainly
--- a/test/models/validatable_test.rb
+++ b/test/models/validatable_test.rb
@ -92,10 +92,10 @@ class ValidatableTest < ActiveSupport::TestCase
    assert_equal 'is too short (minimum is 7 characters)', user.errors[:password].join
  end

-  test 'should require a password with maximum of 128 characters long' do
-    user = new_user(password: 'x'*129, password_confirmation: 'x'*129)
+  test 'should require a password with maximum of 72 characters long' do
+    user = new_user(password: 'x'*73, password_confirmation: 'x'*73)
    assert user.invalid?
-    assert_equal 'is too long (maximum is 128 characters)', user.errors[:password].join
+    assert_equal 'is too long (maximum is 72 characters)', user.errors[:password].join
  end

  test 'should not require password length when it\'s not changed' do
@ -109,10 +109,10 @@ class ValidatableTest < ActiveSupport::TestCase
  end

  test 'should complain about length even if password is not required' do
-    user = new_user(password: 'x'*129, password_confirmation: 'x'*129)
+    user = new_user(password: 'x'*73, password_confirmation: 'x'*73)
    user.stubs(:password_required?).returns(false)
    assert user.invalid?
-    assert_equal 'is too long (maximum is 128 characters)', user.errors[:password].join
+    assert_equal 'is too long (maximum is 72 characters)', user.errors[:password].join
  end

  test 'should not be included in objects with invalid API' do
--- a/test/rails_app/config/initializers/devise.rb
+++ b/test/rails_app/config/initializers/devise.rb
@ -90,8 +90,8 @@ Devise.setup do |config|
  # config.extend_remember_period = false

  # ==> Configuration for :validatable
-  # Range for password length. Default is 8..128.
-  # config.password_length = 8..128
+  # Range for password length. Default is 8..72.
+  # config.password_length = 8..72

  # Regex to use to validate the email address
  # config.email_regexp = /^([\w\.%\+\-]+)@([\w\-]+\.)+([\w]{2,})$/i
--- a/test/rails_app/lib/shared_user.rb
+++ b/test/rails_app/lib/shared_user.rb
@ -4,7 +4,7 @@ module SharedUser
  included do
    devise :database_authenticatable, :confirmable, :lockable, :recoverable,
           :registerable, :rememberable, :timeoutable,
-           :trackable, :validatable, :omniauthable, password_length: 7..128
+           :trackable, :validatable, :omniauthable, password_length: 7..72

    attr_accessor :other_key