Browse files

Change the minimum password length to 8

  • Loading branch information...
1 parent 1579ec9 commit c179cef365f7188c91cbbc3db924a9f1f9563c3c @carlosgaldino carlosgaldino committed Jul 6, 2012
View
2 lib/devise.rb
@@ -90,7 +90,7 @@ module Strategies
# Range validation for password length
mattr_accessor :password_length
- @@password_length = 6..128
+ @@password_length = 8..128
# The time the user will be remembered without asking for credentials again.
mattr_accessor :remember_for
View
2 lib/devise/models/validatable.rb
@@ -10,7 +10,7 @@ module Models
# Validatable adds the following options to devise_for:
#
# * +email_regexp+: the regular expression used to validate e-mails;
- # * +password_length+: a range expressing password length. Defaults to 6..128.
+ # * +password_length+: a range expressing password length. Defaults to 8..128.
#
module Validatable
# All validations used by this module.
View
6 lib/generators/templates/devise.rb
@@ -113,8 +113,8 @@
# config.rememberable_options = {}
# ==> Configuration for :validatable
- # Range for password length. Default is 6..128.
- # config.password_length = 6..128
+ # Range for password length. Default is 8..128.
+ # config.password_length = 8..128
# Email regex used to validate email formats. It simply asserts that
# an one (and only one) @ exists in the given string. This is mainly
@@ -229,4 +229,4 @@
# When using omniauth, Devise cannot automatically set Omniauth path,
# so you need to do it manually. For the users scope, it would be:
# config.omniauth_path_prefix = "/my_engine/users/auth"
-end
+end
View
6 test/integration/authenticatable_test.rb
@@ -483,7 +483,7 @@ class AuthenticationOthersTest < ActionController::IntegrationTest
test 'sign in with xml format returns xml response' do
create_user
- post user_session_path(:format => 'xml'), :user => {:email => "user@test.com", :password => '123456'}
+ post user_session_path(:format => 'xml'), :user => {:email => "user@test.com", :password => '12345678'}
assert_response :success
assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<user>)
end
@@ -493,13 +493,13 @@ class AuthenticationOthersTest < ActionController::IntegrationTest
assert_response :success
create_user
- post user_session_path(:format => 'xml'), :user => {:email => "user@test.com", :password => '123456'}
+ post user_session_path(:format => 'xml'), :user => {:email => "user@test.com", :password => '12345678'}
assert_response :success
get new_user_session_path(:format => 'xml')
assert_response :success
- post user_session_path(:format => 'xml'), :user => {:email => "user@test.com", :password => '123456'}
+ post user_session_path(:format => 'xml'), :user => {:email => "user@test.com", :password => '12345678'}
assert_response :success
assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<user>)
end
View
20 test/integration/database_authenticatable_test.rb
@@ -3,44 +3,44 @@
class DatabaseAuthenticationTest < ActionController::IntegrationTest
test 'sign in with email of different case should succeed when email is in the list of case insensitive keys' do
create_user(:email => 'Foo@Bar.com')
-
+
sign_in_as_user do
fill_in 'email', :with => 'foo@bar.com'
end
-
+
assert warden.authenticated?(:user)
end
test 'sign in with email of different case should fail when email is NOT the list of case insensitive keys' do
swap Devise, :case_insensitive_keys => [] do
create_user(:email => 'Foo@Bar.com')
-
+
sign_in_as_user do
fill_in 'email', :with => 'foo@bar.com'
end
-
+
assert_not warden.authenticated?(:user)
end
end
-
+
test 'sign in with email including extra spaces should succeed when email is in the list of strip whitespace keys' do
create_user(:email => ' foo@bar.com ')
-
+
sign_in_as_user do
fill_in 'email', :with => 'foo@bar.com'
end
-
+
assert warden.authenticated?(:user)
end
test 'sign in with email including extra spaces should fail when email is NOT the list of strip whitespace keys' do
swap Devise, :strip_whitespace_keys => [] do
create_user(:email => 'foo@bar.com')
-
+
sign_in_as_user do
fill_in 'email', :with => ' foo@bar.com '
end
-
+
assert_not warden.authenticated?(:user)
end
end
@@ -79,4 +79,4 @@ class DatabaseAuthenticationTest < ActionController::IntegrationTest
assert_contain 'Invalid credentials'
end
end
-end
+end
View
6 test/integration/http_authenticatable_test.rb
@@ -4,7 +4,7 @@ class HttpAuthenticationTest < ActionController::IntegrationTest
test 'handles unverified requests gets rid of caches but continues signed in' do
swap UsersController, :allow_forgery_protection => true do
create_user
- post exhibit_user_url(1), {}, "HTTP_AUTHORIZATION" => "Basic #{Base64.encode64("user@test.com:123456")}"
+ post exhibit_user_url(1), {}, "HTTP_AUTHORIZATION" => "Basic #{Base64.encode64("user@test.com:12345678")}"
assert warden.authenticated?(:user)
assert_equal "User is authenticated", response.body
end
@@ -82,7 +82,7 @@ class HttpAuthenticationTest < ActionController::IntegrationTest
private
- def sign_in_as_new_user_with_http(username="user@test.com", password="123456")
+ def sign_in_as_new_user_with_http(username="user@test.com", password="12345678")
user = create_user
get users_path(:format => :xml), {}, "HTTP_AUTHORIZATION" => "Basic #{Base64.encode64("#{username}:#{password}")}"
user
@@ -91,7 +91,7 @@ def sign_in_as_new_user_with_http(username="user@test.com", password="123456")
# Sign in with oauth2 token. This is just to test that it isn't misinterpreted as basic authentication
def add_oauth2_header
user = create_user
- get users_path(:format => :xml), {}, "HTTP_AUTHORIZATION" => "OAuth #{Base64.encode64("#{user.email}:123456")}"
+ get users_path(:format => :xml), {}, "HTTP_AUTHORIZATION" => "OAuth #{Base64.encode64("#{user.email}:12345678")}"
end
end
View
4 test/integration/omniauthable_test.rb
@@ -61,8 +61,8 @@ def stub_action!(name)
assert_difference "User.count" do
visit "/users/sign_up"
- fill_in "Password", :with => "123456"
- fill_in "Password confirmation", :with => "123456"
+ fill_in "Password", :with => "12345678"
+ fill_in "Password confirmation", :with => "12345678"
click_button "Sign up"
end
View
20 test/integration/registerable_test.rb
@@ -144,7 +144,7 @@ def user_sign_up
get edit_user_registration_path
fill_in 'email', :with => 'user.new@example.com'
- fill_in 'current password', :with => '123456'
+ fill_in 'current password', :with => '12345678'
click_button 'Update'
assert_current_url '/'
@@ -157,9 +157,9 @@ def user_sign_up
sign_in_as_user
get edit_user_registration_path
- fill_in 'password', :with => '12345678'
- fill_in 'password confirmation', :with => '12345678'
- fill_in 'current password', :with => '123456'
+ fill_in 'password', :with => '1234567890'
+ fill_in 'password confirmation', :with => '1234567890'
+ fill_in 'current password', :with => '12345678'
click_button 'Update'
assert_contain 'You updated your account successfully.'
@@ -186,15 +186,15 @@ def user_sign_up
sign_in_as_user
get edit_user_registration_path
- fill_in 'password', :with => 'pas123'
- fill_in 'password confirmation', :with => 'pas123'
- fill_in 'current password', :with => '123456'
+ fill_in 'password', :with => 'pass1234'
+ fill_in 'password confirmation', :with => 'pass1234'
+ fill_in 'current password', :with => '12345678'
click_button 'Update'
assert_current_url '/'
assert_contain 'You updated your account successfully.'
- assert User.first.valid_password?('pas123')
+ assert User.first.valid_password?('pass1234')
end
test 'a signed in user should not be able to edit his password with invalid confirmation' do
@@ -272,7 +272,7 @@ def user_sign_up
test 'a user update information with valid data in XML format should return valid response' do
user = sign_in_as_user
- put user_registration_path(:format => 'xml'), :user => { :current_password => '123456', :email => 'user.new@test.com' }
+ put user_registration_path(:format => 'xml'), :user => { :current_password => '12345678', :email => 'user.new@test.com' }
assert_response :success
assert_equal user.reload.email, 'user.new@test.com'
end
@@ -321,4 +321,4 @@ class ReconfirmableRegistrationTest < ActionController::IntegrationTest
assert Admin.first.valid_password?('pas123')
end
-end
+end
View
46 test/models/database_authenticatable_test.rb
@@ -66,14 +66,14 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase
test 'should test for a valid password' do
user = create_user
- assert user.valid_password?('123456')
+ assert user.valid_password?('12345678')
assert_not user.valid_password?('654321')
end
test 'should not raise error with an empty password' do
user = create_user
user.encrypted_password = ''
- assert_nothing_raised { user.valid_password?('123456') }
+ assert_nothing_raised { user.valid_password?('12345678') }
end
test 'should be an invalid password if the user has an empty password' do
@@ -88,31 +88,31 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase
test 'should update password with valid current password' do
user = create_user
- assert user.update_with_password(:current_password => '123456',
- :password => 'pass321', :password_confirmation => 'pass321')
- assert user.reload.valid_password?('pass321')
+ assert user.update_with_password(:current_password => '12345678',
+ :password => 'pass4321', :password_confirmation => 'pass4321')
+ assert user.reload.valid_password?('pass4321')
end
test 'should update password with valid current password and :as option' do
user = create_user
- assert user.update_with_password(:current_password => '123456',
- :password => 'pass321', :password_confirmation => 'pass321', :as => :admin)
- assert user.reload.valid_password?('pass321')
+ assert user.update_with_password(:current_password => '12345678',
+ :password => 'pass4321', :password_confirmation => 'pass4321', :as => :admin)
+ assert user.reload.valid_password?('pass4321')
end
test 'should add an error to current password when it is invalid' do
user = create_user
assert_not user.update_with_password(:current_password => 'other',
- :password => 'pass321', :password_confirmation => 'pass321')
- assert user.reload.valid_password?('123456')
+ :password => 'pass4321', :password_confirmation => 'pass4321')
+ assert user.reload.valid_password?('12345678')
assert_match "is invalid", user.errors[:current_password].join
end
test 'should add an error to current password when it is blank' do
user = create_user
- assert_not user.update_with_password(:password => 'pass321',
- :password_confirmation => 'pass321')
- assert user.reload.valid_password?('123456')
+ assert_not user.update_with_password(:password => 'pass4321',
+ :password_confirmation => 'pass4321')
+ assert user.reload.valid_password?('12345678')
assert_match "can't be blank", user.errors[:current_password].join
end
@@ -127,21 +127,21 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase
test 'should ignore password and its confirmation if they are blank' do
user = create_user
- assert user.update_with_password(:current_password => '123456', :email => "new@example.com")
+ assert user.update_with_password(:current_password => '12345678', :email => "new@example.com")
assert_equal "new@example.com", user.email
end
test 'should not update password with invalid confirmation' do
user = create_user
- assert_not user.update_with_password(:current_password => '123456',
- :password => 'pass321', :password_confirmation => 'other')
- assert user.reload.valid_password?('123456')
+ assert_not user.update_with_password(:current_password => '12345678',
+ :password => 'pass4321', :password_confirmation => 'other')
+ assert user.reload.valid_password?('12345678')
end
test 'should clean up password fields on failure' do
user = create_user
- assert_not user.update_with_password(:current_password => '123456',
- :password => 'pass321', :password_confirmation => 'other')
+ assert_not user.update_with_password(:current_password => '12345678',
+ :password => 'pass4321', :password_confirmation => 'other')
assert user.password.blank?
assert user.password_confirmation.blank?
end
@@ -160,9 +160,9 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase
test 'should not update password without password' do
user = create_user
- user.update_without_password(:password => 'pass321', :password_confirmation => 'pass321')
- assert !user.reload.valid_password?('pass321')
- assert user.valid_password?('123456')
+ user.update_without_password(:password => 'pass4321', :password_confirmation => 'pass4321')
+ assert !user.reload.valid_password?('pass4321')
+ assert user.valid_password?('12345678')
end
test 'downcase_keys with validation' do
@@ -186,4 +186,4 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase
]
end
end
-end
+end
View
6 test/models/validatable_test.rb
@@ -76,10 +76,10 @@ class ValidatableTest < ActiveSupport::TestCase
assert_equal 'doesn\'t match confirmation', user.errors[:password].join
end
- test 'should require a password with minimum of 6 characters' do
- user = new_user(:password => '12345', :password_confirmation => '12345')
+ test 'should require a password with minimum of 8 characters' do
+ user = new_user(:password => '1234567', :password_confirmation => '1234567')
assert user.invalid?
- assert_equal 'is too short (minimum is 6 characters)', user.errors[:password].join
+ assert_equal 'is too short (minimum is 8 characters)', user.errors[:password].join
end
test 'should require a password with maximum of 128 characters long' do
View
4 test/rails_app/config/initializers/devise.rb
@@ -85,8 +85,8 @@
# config.extend_remember_period = false
# ==> Configuration for :validatable
- # Range for password length. Default is 6..128.
- # config.password_length = 6..128
+ # Range for password length. Default is 8..128.
+ # config.password_length = 8..128
# Regex to use to validate the email address
# config.email_regexp = /^([\w\.%\+\-]+)@([\w\-]+\.)+([\w]{2,})$/i
View
4 test/support/helpers.rb
@@ -25,8 +25,8 @@ def generate_unique_email
def valid_attributes(attributes={})
{ :username => "usertest",
:email => generate_unique_email,
- :password => '123456',
- :password_confirmation => '123456' }.update(attributes)
+ :password => '12345678',
+ :password_confirmation => '12345678' }.update(attributes)
end
def new_user(attributes={})
View
6 test/support/integration.rb
@@ -10,8 +10,8 @@ def create_user(options={})
user = User.create!(
:username => 'usertest',
:email => options[:email] || 'user@test.com',
- :password => options[:password] || '123456',
- :password_confirmation => options[:password] || '123456',
+ :password => options[:password] || '12345678',
+ :password_confirmation => options[:password] || '12345678',
:created_at => Time.now.utc
)
user.confirm! unless options[:confirm] == false
@@ -36,7 +36,7 @@ def sign_in_as_user(options={}, &block)
user = create_user(options)
visit_with_option options[:visit], new_user_session_path
fill_in 'email', :with => options[:email] || 'user@test.com'
- fill_in 'password', :with => options[:password] || '123456'
+ fill_in 'password', :with => options[:password] || '12345678'
check 'remember me' if options[:remember_me] == true
yield if block_given?
click_button 'Sign In'

0 comments on commit c179cef

Please sign in to comment.