diff --git a/activemodel/lib/active_model/locale/en.yml b/activemodel/lib/active_model/locale/en.yml index 1c4fb9ca3d7cc..e96ce8ee18c30 100644 --- a/activemodel/lib/active_model/locale/en.yml +++ b/activemodel/lib/active_model/locale/en.yml @@ -18,7 +18,7 @@ en: too_long: one: "is too long (maximum is 1 character)" other: "is too long (maximum is %{count} characters)" - too_long_in_bytes: "is too long (maximum is %{count} bytes)" + password_too_long: "is too long" too_short: one: "is too short (minimum is 1 character)" other: "is too short (minimum is %{count} characters)" diff --git a/activemodel/lib/active_model/secure_password.rb b/activemodel/lib/active_model/secure_password.rb index ed1944a770679..2d5b564b7a3b2 100644 --- a/activemodel/lib/active_model/secure_password.rb +++ b/activemodel/lib/active_model/secure_password.rb @@ -132,18 +132,11 @@ def has_secure_password(attribute = :password, validations: true) end end - # Validates that the password does not exceed the maximum allowed characters (72 characters) and - # the maximum allowed bytes (72 bytes) for BCrypt. The character length validation is checked first - # to provide a more user-friendly error message. However, the byte size validation is still necessary - # due to BCrypt's inherent limitation of 72 bytes. + # Validates that the password does not exceed the maximum allowed bytes for BCrypt (72 bytes). validate do |record| password_value = record.public_send(attribute) - if password_value.present? - if password_value.length > ActiveModel::SecurePassword::MAX_PASSWORD_LENGTH_ALLOWED - record.errors.add(attribute, :too_long, count: ActiveModel::SecurePassword::MAX_PASSWORD_LENGTH_ALLOWED) - elsif password_value.bytesize > ActiveModel::SecurePassword::MAX_PASSWORD_LENGTH_ALLOWED - record.errors.add(attribute, :too_long_in_bytes, count: ActiveModel::SecurePassword::MAX_PASSWORD_LENGTH_ALLOWED) - end + if password_value.present? && password_value.bytesize > ActiveModel::SecurePassword::MAX_PASSWORD_LENGTH_ALLOWED + record.errors.add(attribute, :password_too_long) end end diff --git a/activemodel/test/cases/secure_password_test.rb b/activemodel/test/cases/secure_password_test.rb index 193bc8a804950..4357c9168b53f 100644 --- a/activemodel/test/cases/secure_password_test.rb +++ b/activemodel/test/cases/secure_password_test.rb @@ -67,7 +67,7 @@ class SecurePasswordTest < ActiveModel::TestCase @user.password_confirmation = "a" * 73 assert_not @user.valid?(:create), "user should be invalid" assert_equal 1, @user.errors.count - assert_equal ["is too long (maximum is 72 characters)"], @user.errors[:password] + assert_equal ["is too long"], @user.errors[:password] end test "create a new user with validation and password byte size greater than 72 bytes" do @@ -77,7 +77,7 @@ class SecurePasswordTest < ActiveModel::TestCase @user.password_confirmation = "あ" * 24 + "a" assert_not @user.valid?(:create), "user should be invalid" assert_equal 1, @user.errors.count - assert_equal ["is too long (maximum is 72 bytes)"], @user.errors[:password] + assert_equal ["is too long"], @user.errors[:password] end test "create a new user with validation and a blank password confirmation" do @@ -152,7 +152,7 @@ class SecurePasswordTest < ActiveModel::TestCase @existing_user.password_confirmation = "a" * 73 assert_not @existing_user.valid?(:update), "user should be invalid" assert_equal 1, @existing_user.errors.count - assert_equal ["is too long (maximum is 72 characters)"], @existing_user.errors[:password] + assert_equal ["is too long"], @existing_user.errors[:password] end test "updating an existing user with validation and a blank password confirmation" do