aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSantiago Pastorino <santiago@wyeworks.com>2010-12-19 14:58:14 -0200
committerSantiago Pastorino <santiago@wyeworks.com>2010-12-19 15:01:29 -0200
commit08ccd29b5b1e3badc2176a8036fea138b774c38f (patch)
tree9cda3f80b5cad5d6cb525dffcf38bc1c6de17e72
parent37e643120a5f4ba9fa15b74d6f489f7a0bb66c0d (diff)
downloadrails-08ccd29b5b1e3badc2176a8036fea138b774c38f.tar.gz
rails-08ccd29b5b1e3badc2176a8036fea138b774c38f.tar.bz2
rails-08ccd29b5b1e3badc2176a8036fea138b774c38f.zip
Remove weak_passwords list and the length/strong password validator, leave that up to the programmer
-rw-r--r--activemodel/lib/active_model/locale/en.yml4
-rw-r--r--activemodel/lib/active_model/secure_password.rb37
-rw-r--r--activemodel/test/cases/secure_password_test.rb50
-rw-r--r--activerecord/CHANGELOG10
4 files changed, 12 insertions, 89 deletions
diff --git a/activemodel/lib/active_model/locale/en.yml b/activemodel/lib/active_model/locale/en.yml
index 4a27355c6c..44425b4a28 100644
--- a/activemodel/lib/active_model/locale/en.yml
+++ b/activemodel/lib/active_model/locale/en.yml
@@ -25,7 +25,3 @@ en:
less_than_or_equal_to: "must be less than or equal to %{count}"
odd: "must be odd"
even: "must be even"
-
- attributes:
- password:
- insecure: "is too weak and common"
diff --git a/activemodel/lib/active_model/secure_password.rb b/activemodel/lib/active_model/secure_password.rb
index 8da08f34ec..f4411cde80 100644
--- a/activemodel/lib/active_model/secure_password.rb
+++ b/activemodel/lib/active_model/secure_password.rb
@@ -1,22 +1,16 @@
-require 'active_support/core_ext/object/blank'
-require 'active_support/core_ext/class/attribute'
+require 'active_support/concern'
require 'bcrypt'
module ActiveModel
module SecurePassword
extend ActiveSupport::Concern
- included do
- class_attribute :weak_passwords
- self.weak_passwords = %w( password qwerty 123456 )
- end
-
module ClassMethods
# Adds methods to set and authenticate against a BCrypt password.
# This mechanism requires you to have a password_digest attribute.
#
- # Validations for presence of password, confirmation of password (using a "password_confirmation" attribute),
- # and strength of password (at least 6 chars, not "password", etc) are automatically added.
+ # Validations for presence of password, confirmation of password (using
+ # a "password_confirmation" attribute) are automatically added.
# You can add more validations by hand if need be.
#
# Example using Active Record (which automatically includes ActiveModel::SecurePassword):
@@ -26,8 +20,8 @@ module ActiveModel
# has_secure_password
# end
#
- # user = User.new(:name => "david", :password => "secret", :password_confirmation => "nomatch")
- # user.save # => false, password not long enough
+ # user = User.new(:name => "david", :password => "", :password_confirmation => "nomatch")
+ # user.save # => false, password required
# user.password = "mUc3m00RsqyRe"
# user.save # => false, confirmation doesn't match
# user.password_confirmation = "mUc3m00RsqyRe"
@@ -44,16 +38,6 @@ module ActiveModel
validates_confirmation_of :password
validates_presence_of :password_digest
- validate :password_must_be_strong
- end
-
- # Specify the weak passwords to be used in the model:
- #
- # class User
- # set_weak_passwords %w( password qwerty 123456 mypass )
- # end
- def set_weak_passwords(values)
- self.weak_passwords = values
end
end
@@ -71,14 +55,5 @@ module ActiveModel
@password = unencrypted_password
self.password_digest = BCrypt::Password.create(unencrypted_password)
end
-
- private
-
- def password_must_be_strong
- if password.present?
- errors.add(:password, :too_short, :count => 7) unless password.size > 6
- errors.add(:password, :insecure) if self.class.weak_passwords.include?(password)
- end
- end
end
-end \ No newline at end of file
+end
diff --git a/activemodel/test/cases/secure_password_test.rb b/activemodel/test/cases/secure_password_test.rb
index 2c3da2c93e..79be715730 100644
--- a/activemodel/test/cases/secure_password_test.rb
+++ b/activemodel/test/cases/secure_password_test.rb
@@ -4,33 +4,9 @@ require 'models/user'
class SecurePasswordTest < ActiveModel::TestCase
setup do
- User.weak_passwords = %w( password qwerty 123456 )
@user = User.new
end
- test "there should be a list of default weak passwords" do
- assert_equal %w( password qwerty 123456 ), User.weak_passwords
- end
-
- test "specifying the list of passwords" do
- User.weak_passwords = %w( pass )
- assert_equal %w( pass ), User.weak_passwords
- end
-
- test "specifying the list of passwords in the class" do
- User.send(:set_weak_passwords, ['pass'])
- assert_equal %w( pass ), User.weak_passwords
- end
-
- test "adding to the list of passwords" do
- User.weak_passwords << 'pass'
- @user.password = "password"
- assert !@user.valid?
-
- @user.password = "pass"
- assert !@user.valid?
- end
-
test "password must be present" do
assert !@user.valid?
assert_equal 1, @user.errors.size
@@ -47,34 +23,10 @@ class SecurePasswordTest < ActiveModel::TestCase
assert @user.valid?
end
- test "password must pass validation rules" do
- @user.password = "password"
- assert !@user.valid?
-
- @user.password = "short"
- assert !@user.valid?
-
- @user.password = "plentylongenough"
- assert @user.valid?
- end
-
- test "too weak passwords" do
- @user.password = "012345"
- assert !@user.valid?
- assert_equal ["is too short (minimum is 7 characters)"], @user.errors[:password]
-
- @user.password = "password"
- assert !@user.valid?
- assert_equal ["is too weak and common"], @user.errors[:password]
-
- @user.password = "d9034rfjlakj34RR$!!"
- assert @user.valid?
- end
-
test "authenticate" do
@user.password = "secret"
assert !@user.authenticate("wrong")
assert @user.authenticate("secret")
end
-end \ No newline at end of file
+end
diff --git a/activerecord/CHANGELOG b/activerecord/CHANGELOG
index 9d22842cb3..fd571c4ca4 100644
--- a/activerecord/CHANGELOG
+++ b/activerecord/CHANGELOG
@@ -6,12 +6,12 @@
class User < ActiveRecord::Base
has_secure_password
end
-
- user = User.new(:name => "david", :password => "secret", :password_confirmation => "nomatch")
- user.save # => false, password not long enough
- user.password = "mUc3m00RsqyRe"
+
+ user = User.new(:name => "david", :password => "", :password_confirmation => "nomatch")
+ user.save # => false, password required
+ user.password = "mUc3m00RsqyRe"
user.save # => false, confirmation doesn't match
- user.password_confirmation = "mUc3m00RsqyRe"
+ user.password_confirmation = "mUc3m00RsqyRe"
user.save # => true
user.authenticate("notright") # => false
user.authenticate("mUc3m00RsqyRe") # => user