diff --git a/lib/devise.rb b/lib/devise.rb index 713c5c7e..818ddf34 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -90,7 +90,7 @@ module Devise # Range validation for password length mattr_accessor :password_length - @@password_length = 6..128 + @@password_length = 8..128 # The time the user will be remembered without asking for credentials again. mattr_accessor :remember_for diff --git a/lib/devise/models/validatable.rb b/lib/devise/models/validatable.rb index df9206d1..bc8ae225 100644 --- a/lib/devise/models/validatable.rb +++ b/lib/devise/models/validatable.rb @@ -10,7 +10,7 @@ module Devise # Validatable adds the following options to devise_for: # # * +email_regexp+: the regular expression used to validate e-mails; - # * +password_length+: a range expressing password length. Defaults to 6..128. + # * +password_length+: a range expressing password length. Defaults to 8..128. # module Validatable # All validations used by this module. diff --git a/lib/generators/templates/devise.rb b/lib/generators/templates/devise.rb index 751a4568..7579a2a7 100644 --- a/lib/generators/templates/devise.rb +++ b/lib/generators/templates/devise.rb @@ -113,8 +113,8 @@ Devise.setup do |config| # config.rememberable_options = {} # ==> Configuration for :validatable - # Range for password length. Default is 6..128. - # config.password_length = 6..128 + # Range for password length. Default is 8..128. + # config.password_length = 8..128 # Email regex used to validate email formats. It simply asserts that # an one (and only one) @ exists in the given string. This is mainly @@ -229,4 +229,4 @@ Devise.setup do |config| # When using omniauth, Devise cannot automatically set Omniauth path, # so you need to do it manually. For the users scope, it would be: # config.omniauth_path_prefix = "/my_engine/users/auth" -end \ No newline at end of file +end diff --git a/test/integration/authenticatable_test.rb b/test/integration/authenticatable_test.rb index 650afbd0..b2ee55b1 100644 --- a/test/integration/authenticatable_test.rb +++ b/test/integration/authenticatable_test.rb @@ -483,7 +483,7 @@ class AuthenticationOthersTest < ActionController::IntegrationTest test 'sign in with xml format returns xml response' do create_user - post user_session_path(:format => 'xml'), :user => {:email => "user@test.com", :password => '123456'} + post user_session_path(:format => 'xml'), :user => {:email => "user@test.com", :password => '12345678'} assert_response :success assert response.body.include? %(\n) end @@ -493,13 +493,13 @@ class AuthenticationOthersTest < ActionController::IntegrationTest assert_response :success create_user - post user_session_path(:format => 'xml'), :user => {:email => "user@test.com", :password => '123456'} + post user_session_path(:format => 'xml'), :user => {:email => "user@test.com", :password => '12345678'} assert_response :success get new_user_session_path(:format => 'xml') assert_response :success - post user_session_path(:format => 'xml'), :user => {:email => "user@test.com", :password => '123456'} + post user_session_path(:format => 'xml'), :user => {:email => "user@test.com", :password => '12345678'} assert_response :success assert response.body.include? %(\n) end diff --git a/test/integration/database_authenticatable_test.rb b/test/integration/database_authenticatable_test.rb index 4a758747..51074d3a 100644 --- a/test/integration/database_authenticatable_test.rb +++ b/test/integration/database_authenticatable_test.rb @@ -3,44 +3,44 @@ require 'test_helper' class DatabaseAuthenticationTest < ActionController::IntegrationTest test 'sign in with email of different case should succeed when email is in the list of case insensitive keys' do create_user(:email => 'Foo@Bar.com') - + sign_in_as_user do fill_in 'email', :with => 'foo@bar.com' end - + assert warden.authenticated?(:user) end test 'sign in with email of different case should fail when email is NOT the list of case insensitive keys' do swap Devise, :case_insensitive_keys => [] do create_user(:email => 'Foo@Bar.com') - + sign_in_as_user do fill_in 'email', :with => 'foo@bar.com' end - + assert_not warden.authenticated?(:user) end end - + test 'sign in with email including extra spaces should succeed when email is in the list of strip whitespace keys' do create_user(:email => ' foo@bar.com ') - + sign_in_as_user do fill_in 'email', :with => 'foo@bar.com' end - + assert warden.authenticated?(:user) end test 'sign in with email including extra spaces should fail when email is NOT the list of strip whitespace keys' do swap Devise, :strip_whitespace_keys => [] do create_user(:email => 'foo@bar.com') - + sign_in_as_user do fill_in 'email', :with => ' foo@bar.com ' end - + assert_not warden.authenticated?(:user) end end @@ -79,4 +79,4 @@ class DatabaseAuthenticationTest < ActionController::IntegrationTest assert_contain 'Invalid credentials' end end -end \ No newline at end of file +end diff --git a/test/integration/http_authenticatable_test.rb b/test/integration/http_authenticatable_test.rb index 408483d2..1227c19c 100644 --- a/test/integration/http_authenticatable_test.rb +++ b/test/integration/http_authenticatable_test.rb @@ -4,7 +4,7 @@ class HttpAuthenticationTest < ActionController::IntegrationTest test 'handles unverified requests gets rid of caches but continues signed in' do swap UsersController, :allow_forgery_protection => true do create_user - post exhibit_user_url(1), {}, "HTTP_AUTHORIZATION" => "Basic #{Base64.encode64("user@test.com:123456")}" + post exhibit_user_url(1), {}, "HTTP_AUTHORIZATION" => "Basic #{Base64.encode64("user@test.com:12345678")}" assert warden.authenticated?(:user) assert_equal "User is authenticated", response.body end @@ -82,7 +82,7 @@ class HttpAuthenticationTest < ActionController::IntegrationTest private - def sign_in_as_new_user_with_http(username="user@test.com", password="123456") + def sign_in_as_new_user_with_http(username="user@test.com", password="12345678") user = create_user get users_path(:format => :xml), {}, "HTTP_AUTHORIZATION" => "Basic #{Base64.encode64("#{username}:#{password}")}" user @@ -91,7 +91,7 @@ class HttpAuthenticationTest < ActionController::IntegrationTest # Sign in with oauth2 token. This is just to test that it isn't misinterpreted as basic authentication def add_oauth2_header user = create_user - get users_path(:format => :xml), {}, "HTTP_AUTHORIZATION" => "OAuth #{Base64.encode64("#{user.email}:123456")}" + get users_path(:format => :xml), {}, "HTTP_AUTHORIZATION" => "OAuth #{Base64.encode64("#{user.email}:12345678")}" end end diff --git a/test/integration/omniauthable_test.rb b/test/integration/omniauthable_test.rb index 4e8817b7..2d55ebc6 100644 --- a/test/integration/omniauthable_test.rb +++ b/test/integration/omniauthable_test.rb @@ -61,8 +61,8 @@ class OmniauthableIntegrationTest < ActionController::IntegrationTest assert_difference "User.count" do visit "/users/sign_up" - fill_in "Password", :with => "123456" - fill_in "Password confirmation", :with => "123456" + fill_in "Password", :with => "12345678" + fill_in "Password confirmation", :with => "12345678" click_button "Sign up" end diff --git a/test/integration/registerable_test.rb b/test/integration/registerable_test.rb index 28953b45..c194af01 100644 --- a/test/integration/registerable_test.rb +++ b/test/integration/registerable_test.rb @@ -144,7 +144,7 @@ class RegistrationTest < ActionController::IntegrationTest get edit_user_registration_path fill_in 'email', :with => 'user.new@example.com' - fill_in 'current password', :with => '123456' + fill_in 'current password', :with => '12345678' click_button 'Update' assert_current_url '/' @@ -157,9 +157,9 @@ class RegistrationTest < ActionController::IntegrationTest sign_in_as_user get edit_user_registration_path - fill_in 'password', :with => '12345678' - fill_in 'password confirmation', :with => '12345678' - fill_in 'current password', :with => '123456' + fill_in 'password', :with => '1234567890' + fill_in 'password confirmation', :with => '1234567890' + fill_in 'current password', :with => '12345678' click_button 'Update' assert_contain 'You updated your account successfully.' @@ -186,15 +186,15 @@ class RegistrationTest < ActionController::IntegrationTest sign_in_as_user get edit_user_registration_path - fill_in 'password', :with => 'pas123' - fill_in 'password confirmation', :with => 'pas123' - fill_in 'current password', :with => '123456' + fill_in 'password', :with => 'pass1234' + fill_in 'password confirmation', :with => 'pass1234' + fill_in 'current password', :with => '12345678' click_button 'Update' assert_current_url '/' assert_contain 'You updated your account successfully.' - assert User.first.valid_password?('pas123') + assert User.first.valid_password?('pass1234') end test 'a signed in user should not be able to edit his password with invalid confirmation' do @@ -272,7 +272,7 @@ class RegistrationTest < ActionController::IntegrationTest test 'a user update information with valid data in XML format should return valid response' do user = sign_in_as_user - put user_registration_path(:format => 'xml'), :user => { :current_password => '123456', :email => 'user.new@test.com' } + put user_registration_path(:format => 'xml'), :user => { :current_password => '12345678', :email => 'user.new@test.com' } assert_response :success assert_equal user.reload.email, 'user.new@test.com' end @@ -321,4 +321,4 @@ class ReconfirmableRegistrationTest < ActionController::IntegrationTest assert Admin.first.valid_password?('pas123') end -end \ No newline at end of file +end diff --git a/test/models/database_authenticatable_test.rb b/test/models/database_authenticatable_test.rb index 108a4a79..638eaf39 100644 --- a/test/models/database_authenticatable_test.rb +++ b/test/models/database_authenticatable_test.rb @@ -66,14 +66,14 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase test 'should test for a valid password' do user = create_user - assert user.valid_password?('123456') + assert user.valid_password?('12345678') assert_not user.valid_password?('654321') end test 'should not raise error with an empty password' do user = create_user user.encrypted_password = '' - assert_nothing_raised { user.valid_password?('123456') } + assert_nothing_raised { user.valid_password?('12345678') } end test 'should be an invalid password if the user has an empty password' do @@ -88,31 +88,31 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase test 'should update password with valid current password' do user = create_user - assert user.update_with_password(:current_password => '123456', - :password => 'pass321', :password_confirmation => 'pass321') - assert user.reload.valid_password?('pass321') + assert user.update_with_password(:current_password => '12345678', + :password => 'pass4321', :password_confirmation => 'pass4321') + assert user.reload.valid_password?('pass4321') end test 'should update password with valid current password and :as option' do user = create_user - assert user.update_with_password(:current_password => '123456', - :password => 'pass321', :password_confirmation => 'pass321', :as => :admin) - assert user.reload.valid_password?('pass321') + assert user.update_with_password(:current_password => '12345678', + :password => 'pass4321', :password_confirmation => 'pass4321', :as => :admin) + assert user.reload.valid_password?('pass4321') end test 'should add an error to current password when it is invalid' do user = create_user assert_not user.update_with_password(:current_password => 'other', - :password => 'pass321', :password_confirmation => 'pass321') - assert user.reload.valid_password?('123456') + :password => 'pass4321', :password_confirmation => 'pass4321') + assert user.reload.valid_password?('12345678') assert_match "is invalid", user.errors[:current_password].join end test 'should add an error to current password when it is blank' do user = create_user - assert_not user.update_with_password(:password => 'pass321', - :password_confirmation => 'pass321') - assert user.reload.valid_password?('123456') + assert_not user.update_with_password(:password => 'pass4321', + :password_confirmation => 'pass4321') + assert user.reload.valid_password?('12345678') assert_match "can't be blank", user.errors[:current_password].join end @@ -127,21 +127,21 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase test 'should ignore password and its confirmation if they are blank' do user = create_user - assert user.update_with_password(:current_password => '123456', :email => "new@example.com") + assert user.update_with_password(:current_password => '12345678', :email => "new@example.com") assert_equal "new@example.com", user.email end test 'should not update password with invalid confirmation' do user = create_user - assert_not user.update_with_password(:current_password => '123456', - :password => 'pass321', :password_confirmation => 'other') - assert user.reload.valid_password?('123456') + assert_not user.update_with_password(:current_password => '12345678', + :password => 'pass4321', :password_confirmation => 'other') + assert user.reload.valid_password?('12345678') end test 'should clean up password fields on failure' do user = create_user - assert_not user.update_with_password(:current_password => '123456', - :password => 'pass321', :password_confirmation => 'other') + assert_not user.update_with_password(:current_password => '12345678', + :password => 'pass4321', :password_confirmation => 'other') assert user.password.blank? assert user.password_confirmation.blank? end @@ -160,9 +160,9 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase test 'should not update password without password' do user = create_user - user.update_without_password(:password => 'pass321', :password_confirmation => 'pass321') - assert !user.reload.valid_password?('pass321') - assert user.valid_password?('123456') + user.update_without_password(:password => 'pass4321', :password_confirmation => 'pass4321') + assert !user.reload.valid_password?('pass4321') + assert user.valid_password?('12345678') end test 'downcase_keys with validation' do @@ -186,4 +186,4 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase ] end end -end \ No newline at end of file +end diff --git a/test/models/validatable_test.rb b/test/models/validatable_test.rb index 10be9092..a7f1ab44 100644 --- a/test/models/validatable_test.rb +++ b/test/models/validatable_test.rb @@ -76,10 +76,10 @@ class ValidatableTest < ActiveSupport::TestCase assert_equal 'doesn\'t match confirmation', user.errors[:password].join end - test 'should require a password with minimum of 6 characters' do - user = new_user(:password => '12345', :password_confirmation => '12345') + test 'should require a password with minimum of 8 characters' do + user = new_user(:password => '1234567', :password_confirmation => '1234567') assert user.invalid? - assert_equal 'is too short (minimum is 6 characters)', user.errors[:password].join + assert_equal 'is too short (minimum is 8 characters)', user.errors[:password].join end test 'should require a password with maximum of 128 characters long' do diff --git a/test/rails_app/config/initializers/devise.rb b/test/rails_app/config/initializers/devise.rb index 557dea36..cd2d70e3 100644 --- a/test/rails_app/config/initializers/devise.rb +++ b/test/rails_app/config/initializers/devise.rb @@ -85,8 +85,8 @@ Devise.setup do |config| # config.extend_remember_period = false # ==> Configuration for :validatable - # Range for password length. Default is 6..128. - # config.password_length = 6..128 + # Range for password length. Default is 8..128. + # config.password_length = 8..128 # Regex to use to validate the email address # config.email_regexp = /^([\w\.%\+\-]+)@([\w\-]+\.)+([\w]{2,})$/i diff --git a/test/support/helpers.rb b/test/support/helpers.rb index 04bfb209..a2554485 100644 --- a/test/support/helpers.rb +++ b/test/support/helpers.rb @@ -25,8 +25,8 @@ class ActiveSupport::TestCase def valid_attributes(attributes={}) { :username => "usertest", :email => generate_unique_email, - :password => '123456', - :password_confirmation => '123456' }.update(attributes) + :password => '12345678', + :password_confirmation => '12345678' }.update(attributes) end def new_user(attributes={}) diff --git a/test/support/integration.rb b/test/support/integration.rb index dadd5835..9c6f7d25 100644 --- a/test/support/integration.rb +++ b/test/support/integration.rb @@ -10,8 +10,8 @@ class ActionDispatch::IntegrationTest user = User.create!( :username => 'usertest', :email => options[:email] || 'user@test.com', - :password => options[:password] || '123456', - :password_confirmation => options[:password] || '123456', + :password => options[:password] || '12345678', + :password_confirmation => options[:password] || '12345678', :created_at => Time.now.utc ) user.confirm! unless options[:confirm] == false @@ -36,7 +36,7 @@ class ActionDispatch::IntegrationTest user = create_user(options) visit_with_option options[:visit], new_user_session_path fill_in 'email', :with => options[:email] || 'user@test.com' - fill_in 'password', :with => options[:password] || '123456' + fill_in 'password', :with => options[:password] || '12345678' check 'remember me' if options[:remember_me] == true yield if block_given? click_button 'Sign In'