Update password validation and error messages

- Simplify password validation to only check byte size for BCrypt limit (72 bytes)
- Replace specific error messages with a single "is too long" message
- Update test cases to reflect new error message

Co-authored-by: ChatGPT

activemodel/lib/active_model/locale/en.yml

@@ -18,7 +18,7 @@ en:
       too_long:
         one: "is too long (maximum is 1 character)"
         other: "is too long (maximum is %{count} characters)"
-      too_long_in_bytes: "is too long (maximum is %{count} bytes)"
+      password_too_long: "is too long"
       too_short:
         one: "is too short (minimum is 1 character)"
         other: "is too short (minimum is %{count} characters)"

activemodel/lib/active_model/secure_password.rb

@@ -132,18 +132,11 @@ def has_secure_password(attribute = :password, validations: true)
             end
           end
 
-          # Validates that the password does not exceed the maximum allowed characters (72 characters) and
-          # the maximum allowed bytes (72 bytes) for BCrypt. The character length validation is checked first
-          # to provide a more user-friendly error message. However, the byte size validation is still necessary
-          # due to BCrypt's inherent limitation of 72 bytes.
+          # Validates that the password does not exceed the maximum allowed bytes for BCrypt (72 bytes).
           validate do |record|
             password_value = record.public_send(attribute)
-            if password_value.present?
-              if password_value.length > ActiveModel::SecurePassword::MAX_PASSWORD_LENGTH_ALLOWED
-                record.errors.add(attribute, :too_long, count: ActiveModel::SecurePassword::MAX_PASSWORD_LENGTH_ALLOWED)
-              elsif password_value.bytesize > ActiveModel::SecurePassword::MAX_PASSWORD_LENGTH_ALLOWED
-                record.errors.add(attribute, :too_long_in_bytes, count: ActiveModel::SecurePassword::MAX_PASSWORD_LENGTH_ALLOWED)
-              end
+            if password_value.present? && password_value.bytesize > ActiveModel::SecurePassword::MAX_PASSWORD_LENGTH_ALLOWED
+              record.errors.add(attribute, :password_too_long)
             end
           end
 

activemodel/test/cases/secure_password_test.rb

@@ -67,7 +67,7 @@ class SecurePasswordTest < ActiveModel::TestCase
     @user.password_confirmation = "a" * 73
     assert_not @user.valid?(:create), "user should be invalid"
     assert_equal 1, @user.errors.count
-    assert_equal ["is too long (maximum is 72 characters)"], @user.errors[:password]
+    assert_equal ["is too long"], @user.errors[:password]
   end
 
   test "create a new user with validation and password byte size greater than 72 bytes" do
@@ -77,7 +77,7 @@ class SecurePasswordTest < ActiveModel::TestCase
     @user.password_confirmation = "あ" * 24 + "a"
     assert_not @user.valid?(:create), "user should be invalid"
     assert_equal 1, @user.errors.count
-    assert_equal ["is too long (maximum is 72 bytes)"], @user.errors[:password]
+    assert_equal ["is too long"], @user.errors[:password]
   end
 
   test "create a new user with validation and a blank password confirmation" do
@@ -152,7 +152,7 @@ class SecurePasswordTest < ActiveModel::TestCase
     @existing_user.password_confirmation = "a" * 73
     assert_not @existing_user.valid?(:update), "user should be invalid"
     assert_equal 1, @existing_user.errors.count
-    assert_equal ["is too long (maximum is 72 characters)"], @existing_user.errors[:password]
+    assert_equal ["is too long"], @existing_user.errors[:password]
   end
 
   test "updating an existing user with validation and a blank password confirmation" do