diff options
author | Mikel Lindsaar <mikel@rubyx.com> | 2010-12-19 20:39:54 +1100 |
---|---|---|
committer | Mikel Lindsaar <mikel@rubyx.com> | 2010-12-19 20:39:54 +1100 |
commit | a39a3337698ca42ab158dc3b4b08ea75039b8a89 (patch) | |
tree | 094ec71054ed86e0bc71df4958423e775153ef48 /activemodel/lib | |
parent | 863de37b05900f037132656812b7ef550d096ae1 (diff) | |
download | rails-a39a3337698ca42ab158dc3b4b08ea75039b8a89.tar.gz rails-a39a3337698ca42ab158dc3b4b08ea75039b8a89.tar.bz2 rails-a39a3337698ca42ab158dc3b4b08ea75039b8a89.zip |
Added ability to specify which passwords you want as weak passwords
Diffstat (limited to 'activemodel/lib')
-rw-r--r-- | activemodel/lib/active_model/secure_password.rb | 31 |
1 files changed, 25 insertions, 6 deletions
diff --git a/activemodel/lib/active_model/secure_password.rb b/activemodel/lib/active_model/secure_password.rb index 1dcd389f8a..06af18dfd1 100644 --- a/activemodel/lib/active_model/secure_password.rb +++ b/activemodel/lib/active_model/secure_password.rb @@ -5,12 +5,10 @@ module ActiveModel module SecurePassword extend ActiveSupport::Concern - WEAK_PASSWORDS = %w( password qwerty 123456 ) - module ClassMethods # Adds methods to set and authenticate against a BCrypt password. # This mechanism requires you to have a password_digest attribute. - # + # # Validations for presence of password, confirmation of password (using a "password_confirmation" attribute), # and strength of password (at least 6 chars, not "password", etc) are automatically added. # You can add more validations by hand if need be. @@ -24,9 +22,9 @@ module ActiveModel # # user = User.new(:name => "david", :password => "secret", :password_confirmation => "nomatch") # user.save # => false, password not long enough - # user.password = "mUc3m00RsqyRe" + # user.password = "mUc3m00RsqyRe" # user.save # => false, confirmation doesn't match - # user.password_confirmation = "mUc3m00RsqyRe" + # user.password_confirmation = "mUc3m00RsqyRe" # user.save # => true # user.authenticate("notright") # => false # user.authenticate("mUc3m00RsqyRe") # => user @@ -42,6 +40,27 @@ module ActiveModel validates_presence_of :password_digest validate :password_must_be_strong end + + # Allows you to specify the set of weak passwords that will be validated against + # if you specify has_secure_password in your model. + # + # The default set of weak passwords are: + # + # class User < ActiveRecord::Base + # weak_passwords = %w( password qwerty 123456 mypass ) + # end + def weak_passwords=(*values) + @weak_passwords = values.flatten + end + + # Returns the list of current weak passwords defined. Defaults to the standard + # list of 'password', 'qwerty' and '123456' + # + # User.weak_passwords #=> ['password', 'qwerty', '123456'] + def weak_passwords + @weak_passwords ||= %w( password qwerty 123456 ) + end + end # Returns self if the password is correct, otherwise false. @@ -64,7 +83,7 @@ module ActiveModel def password_must_be_strong if password.present? errors.add(:password, :too_short, :count => 7) unless password.size > 6 - errors.add(:password, :insecure) if WEAK_PASSWORDS.include?(password) + errors.add(:password, :insecure) if self.class.weak_passwords.include?(password) end end end |