Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Fix in has_secure_password for passwords containing only spaces. #16412
Not sure if we need actually want to block blank passwords. It seems like the original code was written this way to catch the
added a commit
this pull request
Aug 7, 2014
The original intention of this code was not to validate password strength, it was just to check if
If you needed to verify password strength (e.g. it needs to be longer than X characters, contains a mix of alphanumeric characters and symbols, etc), then you should add your own validation.
Protecting against "blank" passwords but not, say, "123456" or "password", doesn't make a lot of sense.
Not sure if this is the commit to blame as I migrated from