diff --git a/lib/devise/models/validatable.rb b/lib/devise/models/validatable.rb index 2bfdf458..bd21fbf6 100644 --- a/lib/devise/models/validatable.rb +++ b/lib/devise/models/validatable.rb @@ -10,7 +10,7 @@ module Devise # Validatable adds the following options to devise_for: # # * +email_regexp+: the regular expression used to validate e-mails; - # * +password_length+: a range expressing password length. Defaults to 8..128. + # * +password_length+: a range expressing password length. Defaults to 8..72. # module Validatable # All validations used by this module. diff --git a/lib/generators/templates/devise.rb b/lib/generators/templates/devise.rb index d8cd54f0..18d3a555 100644 --- a/lib/generators/templates/devise.rb +++ b/lib/generators/templates/devise.rb @@ -144,7 +144,7 @@ Devise.setup do |config| # ==> Configuration for :validatable # Range for password length. - config.password_length = 8..128 + config.password_length = 8..72 # Email regex used to validate email formats. It simply asserts that # one (and only one) @ exists in the given string. This is mainly diff --git a/test/models/validatable_test.rb b/test/models/validatable_test.rb index c8dc6877..3cd03d86 100644 --- a/test/models/validatable_test.rb +++ b/test/models/validatable_test.rb @@ -92,10 +92,10 @@ class ValidatableTest < ActiveSupport::TestCase assert_equal 'is too short (minimum is 7 characters)', user.errors[:password].join end - test 'should require a password with maximum of 128 characters long' do - user = new_user(password: 'x'*129, password_confirmation: 'x'*129) + test 'should require a password with maximum of 72 characters long' do + user = new_user(password: 'x'*73, password_confirmation: 'x'*73) assert user.invalid? - assert_equal 'is too long (maximum is 128 characters)', user.errors[:password].join + assert_equal 'is too long (maximum is 72 characters)', user.errors[:password].join end test 'should not require password length when it\'s not changed' do @@ -109,10 +109,10 @@ class ValidatableTest < ActiveSupport::TestCase end test 'should complain about length even if password is not required' do - user = new_user(password: 'x'*129, password_confirmation: 'x'*129) + user = new_user(password: 'x'*73, password_confirmation: 'x'*73) user.stubs(:password_required?).returns(false) assert user.invalid? - assert_equal 'is too long (maximum is 128 characters)', user.errors[:password].join + assert_equal 'is too long (maximum is 72 characters)', user.errors[:password].join end test 'should not be included in objects with invalid API' do diff --git a/test/rails_app/config/initializers/devise.rb b/test/rails_app/config/initializers/devise.rb index 1f994802..9be1e9a1 100644 --- a/test/rails_app/config/initializers/devise.rb +++ b/test/rails_app/config/initializers/devise.rb @@ -90,8 +90,8 @@ Devise.setup do |config| # config.extend_remember_period = false # ==> Configuration for :validatable - # Range for password length. Default is 8..128. - # config.password_length = 8..128 + # Range for password length. Default is 8..72. + # config.password_length = 8..72 # Regex to use to validate the email address # config.email_regexp = /^([\w\.%\+\-]+)@([\w\-]+\.)+([\w]{2,})$/i diff --git a/test/rails_app/lib/shared_user.rb b/test/rails_app/lib/shared_user.rb index adb0e333..9d7cac21 100644 --- a/test/rails_app/lib/shared_user.rb +++ b/test/rails_app/lib/shared_user.rb @@ -4,7 +4,7 @@ module SharedUser included do devise :database_authenticatable, :confirmable, :lockable, :recoverable, :registerable, :rememberable, :timeoutable, - :trackable, :validatable, :omniauthable, password_length: 7..128 + :trackable, :validatable, :omniauthable, password_length: 7..72 attr_accessor :other_key