diff options
| author | Akshay Vishnoi <akshay.vishnoi@vinsol.com> | 2014-06-14 12:35:31 +0530 |
|---|---|---|
| committer | Akshay Vishnoi <akshay.vishnoi@vinsol.com> | 2014-06-14 12:35:31 +0530 |
| commit | cabbc8f6a58635bdae4002e6553ebed2206fd17d (patch) | |
| tree | 6f4cde539a1e260e041b38351b587e59767f35b2 /activemodel/lib/active_model/secure_password.rb | |
| parent | cf67031546735651375b7df06bda6721ad57fbe2 (diff) | |
| download | rails-cabbc8f6a58635bdae4002e6553ebed2206fd17d.tar.gz rails-cabbc8f6a58635bdae4002e6553ebed2206fd17d.tar.bz2 rails-cabbc8f6a58635bdae4002e6553ebed2206fd17d.zip | |
SecurePassword - Validate password must be less than or equal to 72
See #14591, Reason - BCrypt hash function can handle maximum 72 characters.
Diffstat (limited to 'activemodel/lib/active_model/secure_password.rb')
| -rw-r--r-- | activemodel/lib/active_model/secure_password.rb | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/activemodel/lib/active_model/secure_password.rb b/activemodel/lib/active_model/secure_password.rb index 4033eb5808..879db59b34 100644 --- a/activemodel/lib/active_model/secure_password.rb +++ b/activemodel/lib/active_model/secure_password.rb @@ -2,6 +2,11 @@ module ActiveModel module SecurePassword extend ActiveSupport::Concern + # BCrypt hash function can handle maximum 72 characters, and if we pass + # password of length more than 72 characters it ignores extra characters. + # Hence need to put a restriction on password length. + MAX_PASSWORD_LENGTH_ALLOWED = 72 + class << self attr_accessor :min_cost # :nodoc: end @@ -63,6 +68,7 @@ module ActiveModel record.errors.add(:password, :blank) unless record.password_digest.present? end + validates_length_of :password, maximum: ActiveModel::SecurePassword::MAX_PASSWORD_LENGTH_ALLOWED validates_confirmation_of :password, if: ->{ password.present? } end |