aboutsummaryrefslogtreecommitdiffstats
path: root/activemodel/lib
diff options
context:
space:
mode:
authorMikel Lindsaar <mikel@rubyx.com>2010-12-19 20:39:54 +1100
committerMikel Lindsaar <mikel@rubyx.com>2010-12-19 20:39:54 +1100
commita39a3337698ca42ab158dc3b4b08ea75039b8a89 (patch)
tree094ec71054ed86e0bc71df4958423e775153ef48 /activemodel/lib
parent863de37b05900f037132656812b7ef550d096ae1 (diff)
downloadrails-a39a3337698ca42ab158dc3b4b08ea75039b8a89.tar.gz
rails-a39a3337698ca42ab158dc3b4b08ea75039b8a89.tar.bz2
rails-a39a3337698ca42ab158dc3b4b08ea75039b8a89.zip
Added ability to specify which passwords you want as weak passwords
Diffstat (limited to 'activemodel/lib')
-rw-r--r--activemodel/lib/active_model/secure_password.rb31
1 files changed, 25 insertions, 6 deletions
diff --git a/activemodel/lib/active_model/secure_password.rb b/activemodel/lib/active_model/secure_password.rb
index 1dcd389f8a..06af18dfd1 100644
--- a/activemodel/lib/active_model/secure_password.rb
+++ b/activemodel/lib/active_model/secure_password.rb
@@ -5,12 +5,10 @@ module ActiveModel
module SecurePassword
extend ActiveSupport::Concern
- WEAK_PASSWORDS = %w( password qwerty 123456 )
-
module ClassMethods
# Adds methods to set and authenticate against a BCrypt password.
# This mechanism requires you to have a password_digest attribute.
- #
+ #
# Validations for presence of password, confirmation of password (using a "password_confirmation" attribute),
# and strength of password (at least 6 chars, not "password", etc) are automatically added.
# You can add more validations by hand if need be.
@@ -24,9 +22,9 @@ module ActiveModel
#
# user = User.new(:name => "david", :password => "secret", :password_confirmation => "nomatch")
# user.save # => false, password not long enough
- # user.password = "mUc3m00RsqyRe"
+ # user.password = "mUc3m00RsqyRe"
# user.save # => false, confirmation doesn't match
- # user.password_confirmation = "mUc3m00RsqyRe"
+ # user.password_confirmation = "mUc3m00RsqyRe"
# user.save # => true
# user.authenticate("notright") # => false
# user.authenticate("mUc3m00RsqyRe") # => user
@@ -42,6 +40,27 @@ module ActiveModel
validates_presence_of :password_digest
validate :password_must_be_strong
end
+
+ # Allows you to specify the set of weak passwords that will be validated against
+ # if you specify has_secure_password in your model.
+ #
+ # The default set of weak passwords are:
+ #
+ # class User < ActiveRecord::Base
+ # weak_passwords = %w( password qwerty 123456 mypass )
+ # end
+ def weak_passwords=(*values)
+ @weak_passwords = values.flatten
+ end
+
+ # Returns the list of current weak passwords defined. Defaults to the standard
+ # list of 'password', 'qwerty' and '123456'
+ #
+ # User.weak_passwords #=> ['password', 'qwerty', '123456']
+ def weak_passwords
+ @weak_passwords ||= %w( password qwerty 123456 )
+ end
+
end
# Returns self if the password is correct, otherwise false.
@@ -64,7 +83,7 @@ module ActiveModel
def password_must_be_strong
if password.present?
errors.add(:password, :too_short, :count => 7) unless password.size > 6
- errors.add(:password, :insecure) if WEAK_PASSWORDS.include?(password)
+ errors.add(:password, :insecure) if self.class.weak_passwords.include?(password)
end
end
end