From 08ccd29b5b1e3badc2176a8036fea138b774c38f Mon Sep 17 00:00:00 2001
From: Santiago Pastorino <santiago@wyeworks.com>
Date: Sun, 19 Dec 2010 14:58:14 -0200
Subject: Remove weak_passwords list and the length/strong password validator,
 leave that up to the programmer

---
 activemodel/lib/active_model/locale/en.yml      |  4 ---
 activemodel/lib/active_model/secure_password.rb | 37 ++++---------------------
 2 files changed, 6 insertions(+), 35 deletions(-)

(limited to 'activemodel/lib')

diff --git a/activemodel/lib/active_model/locale/en.yml b/activemodel/lib/active_model/locale/en.yml
index 4a27355c6c..44425b4a28 100644
--- a/activemodel/lib/active_model/locale/en.yml
+++ b/activemodel/lib/active_model/locale/en.yml
@@ -25,7 +25,3 @@ en:
       less_than_or_equal_to: "must be less than or equal to %{count}"
       odd: "must be odd"
       even: "must be even"
-
-    attributes:
-      password:
-        insecure: "is too weak and common"
diff --git a/activemodel/lib/active_model/secure_password.rb b/activemodel/lib/active_model/secure_password.rb
index 8da08f34ec..f4411cde80 100644
--- a/activemodel/lib/active_model/secure_password.rb
+++ b/activemodel/lib/active_model/secure_password.rb
@@ -1,22 +1,16 @@
-require 'active_support/core_ext/object/blank'
-require 'active_support/core_ext/class/attribute'
+require 'active_support/concern'
 require 'bcrypt'
 
 module ActiveModel
   module SecurePassword
     extend ActiveSupport::Concern
 
-    included do
-      class_attribute :weak_passwords
-      self.weak_passwords = %w( password qwerty 123456 )
-    end
-
     module ClassMethods
       # Adds methods to set and authenticate against a BCrypt password.
       # This mechanism requires you to have a password_digest attribute.
       #
-      # Validations for presence of password, confirmation of password (using a "password_confirmation" attribute),
-      # and strength of password (at least 6 chars, not "password", etc) are automatically added.
+      # Validations for presence of password, confirmation of password (using
+      # a "password_confirmation" attribute) are automatically added.
       # You can add more validations by hand if need be.
       #
       # Example using Active Record (which automatically includes ActiveModel::SecurePassword):
@@ -26,8 +20,8 @@ module ActiveModel
       #     has_secure_password
       #   end
       #
-      #   user = User.new(:name => "david", :password => "secret", :password_confirmation => "nomatch")
-      #   user.save                                                      # => false, password not long enough
+      #   user = User.new(:name => "david", :password => "", :password_confirmation => "nomatch")
+      #   user.save                                                      # => false, password required
       #   user.password = "mUc3m00RsqyRe"
       #   user.save                                                      # => false, confirmation doesn't match
       #   user.password_confirmation = "mUc3m00RsqyRe"
@@ -44,16 +38,6 @@ module ActiveModel
 
         validates_confirmation_of :password
         validates_presence_of     :password_digest
-        validate                  :password_must_be_strong
-      end
-
-      # Specify the weak passwords to be used in the model:
-      #
-      #   class User
-      #     set_weak_passwords %w( password qwerty 123456 mypass )
-      #   end
-      def set_weak_passwords(values)
-        self.weak_passwords = values
       end
     end
 
@@ -71,14 +55,5 @@ module ActiveModel
       @password = unencrypted_password
       self.password_digest = BCrypt::Password.create(unencrypted_password)
     end
-
-    private
-
-    def password_must_be_strong
-      if password.present?
-        errors.add(:password, :too_short, :count => 7) unless password.size > 6
-        errors.add(:password, :insecure) if self.class.weak_passwords.include?(password)
-      end
-    end
   end
-end
\ No newline at end of file
+end
-- 
cgit v1.2.3