Merge pull request #2377 from Ericsson/base64-password

[api] Allow all base64 encoding characters in passwords.
openSUSE · Dec 8, 2016 · 3b6a0c0 · 3b6a0c0
2 parents 55de1e1 + 4f24716
commit 3b6a0c0
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/src/api/app/models/user.rb b/src/api/app/models/user.rb
@@ -78,11 +78,11 @@ class User < ApplicationRecord
                       message: 'must be a valid email address.'
 
   # We want to validate the format of the password and only allow alphanumeric
-  # and some punctiation characters.
+  # and some punctiation/base64 characters.
   # The format must only be checked if the password has been set and the record
   # has not been stored yet.
   validates_format_of :password,
-                      with: %r{\A[\w\.\- !?(){}|~*]+\z},
+                      with: %r{\A[\w\.\- /+=!?(){}|~*]+\z},
                       message: 'must not contain invalid characters.',
                       if: Proc.new { |user| user.new_password? && !user.password.nil? }