Permalink
Browse files

Added ability to specify which passwords you want as weak passwords

  • Loading branch information...
mikel committed Dec 19, 2010
1 parent 863de37 commit a39a3337698ca42ab158dc3b4b08ea75039b8a89
Showing with 56 additions and 17 deletions.
  1. +25 −6 activemodel/lib/active_model/secure_password.rb
  2. +31 −11 activemodel/test/cases/secure_password_test.rb
@@ -5,12 +5,10 @@ module ActiveModel
module SecurePassword
extend ActiveSupport::Concern
- WEAK_PASSWORDS = %w( password qwerty 123456 )
-
module ClassMethods
# Adds methods to set and authenticate against a BCrypt password.
# This mechanism requires you to have a password_digest attribute.
- #
+ #
# Validations for presence of password, confirmation of password (using a "password_confirmation" attribute),
# and strength of password (at least 6 chars, not "password", etc) are automatically added.
# You can add more validations by hand if need be.
@@ -24,9 +22,9 @@ module ClassMethods
#
# user = User.new(:name => "david", :password => "secret", :password_confirmation => "nomatch")
# user.save # => false, password not long enough
- # user.password = "mUc3m00RsqyRe"
+ # user.password = "mUc3m00RsqyRe"
# user.save # => false, confirmation doesn't match
- # user.password_confirmation = "mUc3m00RsqyRe"
+ # user.password_confirmation = "mUc3m00RsqyRe"
# user.save # => true
# user.authenticate("notright") # => false
# user.authenticate("mUc3m00RsqyRe") # => user
@@ -42,6 +40,27 @@ def has_secure_password
validates_presence_of :password_digest
validate :password_must_be_strong
end
+
+ # Allows you to specify the set of weak passwords that will be validated against
+ # if you specify has_secure_password in your model.
+ #
+ # The default set of weak passwords are:
+ #
+ # class User < ActiveRecord::Base
+ # weak_passwords = %w( password qwerty 123456 mypass )

This comment has been minimized.

Show comment
Hide comment
@drodriguez

drodriguez Dec 19, 2010

Contributor

Defaults in the documentation of this method differs from defaults in the next method and the code.

@drodriguez

drodriguez Dec 19, 2010

Contributor

Defaults in the documentation of this method differs from defaults in the next method and the code.

This comment has been minimized.

Show comment
Hide comment
@mikel

mikel Dec 19, 2010

Member

Thanks, fixed in #fa14df0

@mikel

mikel Dec 19, 2010

Member

Thanks, fixed in #fa14df0

+ # end
+ def weak_passwords=(*values)
+ @weak_passwords = values.flatten
+ end
+
+ # Returns the list of current weak passwords defined. Defaults to the standard
+ # list of 'password', 'qwerty' and '123456'
+ #
+ # User.weak_passwords #=> ['password', 'qwerty', '123456']
+ def weak_passwords
+ @weak_passwords ||= %w( password qwerty 123456 )
+ end
+
end
# Returns self if the password is correct, otherwise false.
@@ -64,7 +83,7 @@ def password=(unencrypted_password)
def password_must_be_strong
if password.present?
errors.add(:password, :too_short, :count => 7) unless password.size > 6
- errors.add(:password, :insecure) if WEAK_PASSWORDS.include?(password)
+ errors.add(:password, :insecure) if self.class.weak_passwords.include?(password)
end
end
end
@@ -2,37 +2,57 @@
require 'models/user'
class SecurePasswordTest < ActiveModel::TestCase
+
setup do
+ User.weak_passwords = %w( password qwerty 123456 )
@user = User.new
end
+ test "there should be a list of default weak passwords" do
+ assert_equal %w( password qwerty 123456 ), User.weak_passwords
+ end
+
+ test "specifying the list of passwords" do
+ User.weak_passwords = %w( pass )
+ assert_equal %w( pass ), User.weak_passwords
+ end
+
+ test "adding to the list of passwords" do
+ User.weak_passwords << 'pass'
+ @user.password = "password"
+ assert !@user.valid?
+
+ @user.password = "pass"
+ assert !@user.valid?
+ end
+
test "password must be present" do
assert !@user.valid?
assert_equal 1, @user.errors.size
end
-
+
test "password must match confirmation" do
@user.password = "thiswillberight"
@user.password_confirmation = "wrong"
-
+
assert !@user.valid?
-
+
@user.password_confirmation = "thiswillberight"
-
+
assert @user.valid?
end
-
+
test "password must pass validation rules" do
@user.password = "password"
assert !@user.valid?
-
+
@user.password = "short"
assert !@user.valid?
-
+
@user.password = "plentylongenough"
assert @user.valid?
end
-
+
test "too weak passwords" do
@user.password = "012345"
assert !@user.valid?
@@ -41,14 +61,14 @@ class SecurePasswordTest < ActiveModel::TestCase
@user.password = "password"
assert !@user.valid?
assert_equal ["is too weak and common"], @user.errors[:password]
-
+
@user.password = "d9034rfjlakj34RR$!!"
assert @user.valid?
end
-
+
test "authenticate" do
@user.password = "secret"
-
+
assert !@user.authenticate("wrong")
assert @user.authenticate("secret")
end

0 comments on commit a39a333

Please sign in to comment.