Change the minimum password length to 8

lib/devise.rb

@@ -90,7 +90,7 @@ module Devise
 
   # Range validation for password length
   mattr_accessor :password_length
-  @@password_length = 6..128
+  @@password_length = 8..128
 
   # The time the user will be remembered without asking for credentials again.
   mattr_accessor :remember_for

lib/devise/models/validatable.rb

@@ -10,7 +10,7 @@ module Devise
     # Validatable adds the following options to devise_for:
     #
     #   * +email_regexp+: the regular expression used to validate e-mails;
-    #   * +password_length+: a range expressing password length. Defaults to 6..128.
+    #   * +password_length+: a range expressing password length. Defaults to 8..128.
     #
     module Validatable
       # All validations used by this module.

lib/generators/templates/devise.rb

@@ -113,8 +113,8 @@ Devise.setup do |config|
   # config.rememberable_options = {}
 
   # ==> Configuration for :validatable
-  # Range for password length. Default is 6..128.
-  # config.password_length = 6..128
+  # Range for password length. Default is 8..128.
+  # config.password_length = 8..128
 
   # Email regex used to validate email formats. It simply asserts that
   # an one (and only one) @ exists in the given string. This is mainly
@@ -229,4 +229,4 @@ Devise.setup do |config|
   # When using omniauth, Devise cannot automatically set Omniauth path,
   # so you need to do it manually. For the users scope, it would be:
   # config.omniauth_path_prefix = "/my_engine/users/auth"
-end
+end

test/integration/authenticatable_test.rb

@@ -483,7 +483,7 @@ class AuthenticationOthersTest < ActionController::IntegrationTest
 
   test 'sign in with xml format returns xml response' do
     create_user
-    post user_session_path(:format => 'xml'), :user => {:email => "user@test.com", :password => '123456'}
+    post user_session_path(:format => 'xml'), :user => {:email => "user@test.com", :password => '12345678'}
     assert_response :success
     assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<user>)
   end
@@ -493,13 +493,13 @@ class AuthenticationOthersTest < ActionController::IntegrationTest
     assert_response :success
 
     create_user
-    post user_session_path(:format => 'xml'), :user => {:email => "user@test.com", :password => '123456'}
+    post user_session_path(:format => 'xml'), :user => {:email => "user@test.com", :password => '12345678'}
     assert_response :success
 
     get new_user_session_path(:format => 'xml')
     assert_response :success
 
-    post user_session_path(:format => 'xml'), :user => {:email => "user@test.com", :password => '123456'}
+    post user_session_path(:format => 'xml'), :user => {:email => "user@test.com", :password => '12345678'}
     assert_response :success
     assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<user>)
   end

test/integration/database_authenticatable_test.rb

@@ -3,44 +3,44 @@ require 'test_helper'
 class DatabaseAuthenticationTest < ActionController::IntegrationTest
   test 'sign in with email of different case should succeed when email is in the list of case insensitive keys' do
     create_user(:email => 'Foo@Bar.com')
-    
+
     sign_in_as_user do
       fill_in 'email', :with => 'foo@bar.com'
     end
-    
+
     assert warden.authenticated?(:user)
   end
 
   test 'sign in with email of different case should fail when email is NOT the list of case insensitive keys' do
     swap Devise, :case_insensitive_keys => [] do
       create_user(:email => 'Foo@Bar.com')
-      
+
       sign_in_as_user do
         fill_in 'email', :with => 'foo@bar.com'
       end
-      
+
       assert_not warden.authenticated?(:user)
     end
   end
-  
+
   test 'sign in with email including extra spaces should succeed when email is in the list of strip whitespace keys' do
     create_user(:email => ' foo@bar.com ')
-    
+
     sign_in_as_user do
       fill_in 'email', :with => 'foo@bar.com'
     end
-    
+
     assert warden.authenticated?(:user)
   end
 
   test 'sign in with email including extra spaces should fail when email is NOT the list of strip whitespace keys' do
     swap Devise, :strip_whitespace_keys => [] do
       create_user(:email => 'foo@bar.com')
-      
+
       sign_in_as_user do
         fill_in 'email', :with => ' foo@bar.com '
       end
-      
+
       assert_not warden.authenticated?(:user)
     end
   end
@@ -79,4 +79,4 @@ class DatabaseAuthenticationTest < ActionController::IntegrationTest
       assert_contain 'Invalid credentials'
     end
   end
-end
+end

test/integration/http_authenticatable_test.rb

@@ -4,7 +4,7 @@ class HttpAuthenticationTest < ActionController::IntegrationTest
   test 'handles unverified requests gets rid of caches but continues signed in' do
     swap UsersController, :allow_forgery_protection => true do
       create_user
-      post exhibit_user_url(1), {}, "HTTP_AUTHORIZATION" => "Basic #{Base64.encode64("user@test.com:123456")}"
+      post exhibit_user_url(1), {}, "HTTP_AUTHORIZATION" => "Basic #{Base64.encode64("user@test.com:12345678")}"
       assert warden.authenticated?(:user)
       assert_equal "User is authenticated", response.body
     end
@@ -82,7 +82,7 @@ class HttpAuthenticationTest < ActionController::IntegrationTest
 
   private
 
-    def sign_in_as_new_user_with_http(username="user@test.com", password="123456")
+    def sign_in_as_new_user_with_http(username="user@test.com", password="12345678")
       user = create_user
       get users_path(:format => :xml), {}, "HTTP_AUTHORIZATION" => "Basic #{Base64.encode64("#{username}:#{password}")}"
       user
@@ -91,7 +91,7 @@ class HttpAuthenticationTest < ActionController::IntegrationTest
     # Sign in with oauth2 token. This is just to test that it isn't misinterpreted as basic authentication
     def add_oauth2_header
       user = create_user
-      get users_path(:format => :xml), {}, "HTTP_AUTHORIZATION" => "OAuth #{Base64.encode64("#{user.email}:123456")}"
+      get users_path(:format => :xml), {}, "HTTP_AUTHORIZATION" => "OAuth #{Base64.encode64("#{user.email}:12345678")}"
     end
 
 end

test/integration/omniauthable_test.rb

@@ -61,8 +61,8 @@ class OmniauthableIntegrationTest < ActionController::IntegrationTest
 
     assert_difference "User.count" do
       visit "/users/sign_up"
-      fill_in "Password", :with => "123456"
-      fill_in "Password confirmation", :with => "123456"
+      fill_in "Password", :with => "12345678"
+      fill_in "Password confirmation", :with => "12345678"
       click_button "Sign up"
     end
 

test/integration/registerable_test.rb

@@ -144,7 +144,7 @@ class RegistrationTest < ActionController::IntegrationTest
     get edit_user_registration_path
 
     fill_in 'email', :with => 'user.new@example.com'
-    fill_in 'current password', :with => '123456'
+    fill_in 'current password', :with => '12345678'
     click_button 'Update'
 
     assert_current_url '/'
@@ -157,9 +157,9 @@ class RegistrationTest < ActionController::IntegrationTest
     sign_in_as_user
     get edit_user_registration_path
 
-    fill_in 'password', :with => '12345678'
-    fill_in 'password confirmation', :with => '12345678'
-    fill_in 'current password', :with => '123456'
+    fill_in 'password', :with => '1234567890'
+    fill_in 'password confirmation', :with => '1234567890'
+    fill_in 'current password', :with => '12345678'
     click_button 'Update'
 
     assert_contain 'You updated your account successfully.'
@@ -186,15 +186,15 @@ class RegistrationTest < ActionController::IntegrationTest
     sign_in_as_user
     get edit_user_registration_path
 
-    fill_in 'password', :with => 'pas123'
-    fill_in 'password confirmation', :with => 'pas123'
-    fill_in 'current password', :with => '123456'
+    fill_in 'password', :with => 'pass1234'
+    fill_in 'password confirmation', :with => 'pass1234'
+    fill_in 'current password', :with => '12345678'
     click_button 'Update'
 
     assert_current_url '/'
     assert_contain 'You updated your account successfully.'
 
-    assert User.first.valid_password?('pas123')
+    assert User.first.valid_password?('pass1234')
   end
 
   test 'a signed in user should not be able to edit his password with invalid confirmation' do
@@ -272,7 +272,7 @@ class RegistrationTest < ActionController::IntegrationTest
 
   test 'a user update information with valid data in XML format should return valid response' do
     user = sign_in_as_user
-    put user_registration_path(:format => 'xml'), :user => { :current_password => '123456', :email => 'user.new@test.com' }
+    put user_registration_path(:format => 'xml'), :user => { :current_password => '12345678', :email => 'user.new@test.com' }
     assert_response :success
     assert_equal user.reload.email, 'user.new@test.com'
   end
@@ -321,4 +321,4 @@ class ReconfirmableRegistrationTest < ActionController::IntegrationTest
 
     assert Admin.first.valid_password?('pas123')
   end
-end
+end

test/models/database_authenticatable_test.rb

@@ -66,14 +66,14 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase
 
   test 'should test for a valid password' do
     user = create_user
-    assert user.valid_password?('123456')
+    assert user.valid_password?('12345678')
     assert_not user.valid_password?('654321')
   end
 
   test 'should not raise error with an empty password' do
     user = create_user
     user.encrypted_password = ''
-    assert_nothing_raised { user.valid_password?('123456') }
+    assert_nothing_raised { user.valid_password?('12345678') }
   end
 
   test 'should be an invalid password if the user has an empty password' do
@@ -88,31 +88,31 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase
 
   test 'should update password with valid current password' do
     user = create_user
-    assert user.update_with_password(:current_password => '123456',
-      :password => 'pass321', :password_confirmation => 'pass321')
-    assert user.reload.valid_password?('pass321')
+    assert user.update_with_password(:current_password => '12345678',
+      :password => 'pass4321', :password_confirmation => 'pass4321')
+    assert user.reload.valid_password?('pass4321')
   end
 
   test 'should update password with valid current password and :as option' do
     user = create_user
-    assert user.update_with_password(:current_password => '123456',
-      :password => 'pass321', :password_confirmation => 'pass321', :as => :admin)
-    assert user.reload.valid_password?('pass321')
+    assert user.update_with_password(:current_password => '12345678',
+      :password => 'pass4321', :password_confirmation => 'pass4321', :as => :admin)
+    assert user.reload.valid_password?('pass4321')
   end
 
   test 'should add an error to current password when it is invalid' do
     user = create_user
     assert_not user.update_with_password(:current_password => 'other',
-      :password => 'pass321', :password_confirmation => 'pass321')
-    assert user.reload.valid_password?('123456')
+      :password => 'pass4321', :password_confirmation => 'pass4321')
+    assert user.reload.valid_password?('12345678')
     assert_match "is invalid", user.errors[:current_password].join
   end
 
   test 'should add an error to current password when it is blank' do
     user = create_user
-    assert_not user.update_with_password(:password => 'pass321',
-      :password_confirmation => 'pass321')
-    assert user.reload.valid_password?('123456')
+    assert_not user.update_with_password(:password => 'pass4321',
+      :password_confirmation => 'pass4321')
+    assert user.reload.valid_password?('12345678')
     assert_match "can't be blank", user.errors[:current_password].join
   end
 
@@ -127,21 +127,21 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase
 
   test 'should ignore password and its confirmation if they are blank' do
     user = create_user
-    assert user.update_with_password(:current_password => '123456', :email => "new@example.com")
+    assert user.update_with_password(:current_password => '12345678', :email => "new@example.com")
     assert_equal "new@example.com", user.email
   end
 
   test 'should not update password with invalid confirmation' do
     user = create_user
-    assert_not user.update_with_password(:current_password => '123456',
-      :password => 'pass321', :password_confirmation => 'other')
-    assert user.reload.valid_password?('123456')
+    assert_not user.update_with_password(:current_password => '12345678',
+      :password => 'pass4321', :password_confirmation => 'other')
+    assert user.reload.valid_password?('12345678')
   end
 
   test 'should clean up password fields on failure' do
     user = create_user
-    assert_not user.update_with_password(:current_password => '123456',
-      :password => 'pass321', :password_confirmation => 'other')
+    assert_not user.update_with_password(:current_password => '12345678',
+      :password => 'pass4321', :password_confirmation => 'other')
     assert user.password.blank?
     assert user.password_confirmation.blank?
   end
@@ -160,9 +160,9 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase
 
   test 'should not update password without password' do
     user = create_user
-    user.update_without_password(:password => 'pass321', :password_confirmation => 'pass321')
-    assert !user.reload.valid_password?('pass321')
-    assert user.valid_password?('123456')
+    user.update_without_password(:password => 'pass4321', :password_confirmation => 'pass4321')
+    assert !user.reload.valid_password?('pass4321')
+    assert user.valid_password?('12345678')
   end
 
   test 'downcase_keys with validation' do
@@ -186,4 +186,4 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase
       ]
     end
   end
-end
+end

test/models/validatable_test.rb

@@ -76,10 +76,10 @@ class ValidatableTest < ActiveSupport::TestCase
     assert_equal 'doesn\'t match confirmation', user.errors[:password].join
   end
 
-  test 'should require a password with minimum of 6 characters' do
-    user = new_user(:password => '12345', :password_confirmation => '12345')
+  test 'should require a password with minimum of 8 characters' do
+    user = new_user(:password => '1234567', :password_confirmation => '1234567')
     assert user.invalid?
-    assert_equal 'is too short (minimum is 6 characters)', user.errors[:password].join
+    assert_equal 'is too short (minimum is 8 characters)', user.errors[:password].join
   end
 
   test 'should require a password with maximum of 128 characters long' do

test/rails_app/config/initializers/devise.rb

@@ -85,8 +85,8 @@ Devise.setup do |config|
   # config.extend_remember_period = false
 
   # ==> Configuration for :validatable
-  # Range for password length. Default is 6..128.
-  # config.password_length = 6..128
+  # Range for password length. Default is 8..128.
+  # config.password_length = 8..128
 
   # Regex to use to validate the email address
   # config.email_regexp = /^([\w\.%\+\-]+)@([\w\-]+\.)+([\w]{2,})$/i

test/support/helpers.rb

@@ -25,8 +25,8 @@ class ActiveSupport::TestCase
   def valid_attributes(attributes={})
     { :username => "usertest",
       :email => generate_unique_email,
-      :password => '123456',
-      :password_confirmation => '123456' }.update(attributes)
+      :password => '12345678',
+      :password_confirmation => '12345678' }.update(attributes)
   end
 
   def new_user(attributes={})

test/support/integration.rb

@@ -10,8 +10,8 @@ class ActionDispatch::IntegrationTest
       user = User.create!(
         :username => 'usertest',
         :email => options[:email] || 'user@test.com',
-        :password => options[:password] || '123456',
-        :password_confirmation => options[:password] || '123456',
+        :password => options[:password] || '12345678',
+        :password_confirmation => options[:password] || '12345678',
         :created_at => Time.now.utc
       )
       user.confirm! unless options[:confirm] == false
@@ -36,7 +36,7 @@ class ActionDispatch::IntegrationTest
     user = create_user(options)
     visit_with_option options[:visit], new_user_session_path
     fill_in 'email', :with => options[:email] || 'user@test.com'
-    fill_in 'password', :with => options[:password] || '123456'
+    fill_in 'password', :with => options[:password] || '12345678'
     check 'remember me' if options[:remember_me] == true
     yield if block_given?
     click_button 'Sign In'