SecurePassword with a standalone PasswordValidator

[franckverrot]

I took some pieces of (ActiveValidators)[https://github.com/cesario/activevalidators] and added it to ActiveModel.

has_secure_password :strength => :strong

now accepts an option:strength, which can be weak, medium and strong

By default the 7 chars policy + WEAK_PASSWORD array are evaluated, if they are all OK, the strength will use the right regex.

[paneq]

This is really poorly implemented.

record.errors.add(:password, "is too weak and common")

1. Errors are added on :password attribute instead of the attribute user wanted to validate
2. Previous implementation was I18n aware. This is not. English message is always added.

Nice idea but needs much better implementation in my opinion.

[franckverrot]

Agreed. Do you see anything else that should be improved?

Thanks for your review!

[josevalim]

Thanks for the pull requests, the SecurePassword module is meant to be very very simple. We have a huge amount of authentication solutions today and if someone wants something more robust, with several options, I recommend them to use it, not Rails one.

[franckverrot]

Alright, thanks anyway for reviewing it :)