Enable password_complexity
As it seems that adding complexity to the password is something that might be wanted from the Consul applications, we added the necessary changes to allow it. In this version we simply: - Uncomment the configuration variable "password_complexity" - Set this variable without any restrictions - Adapt the application so that everything still works normally. One of the things that had to be done to adapt the application was to remove the overwriting of the "self.included" method. The original idea of overwriting the "self.included" method seems to be the possibility of being able to overwrite the :current_equal_password_validation validation. The problem comes from the fact that by only calling that validation, the rest of the validations that are defined (in this case "password_complexity") are no longer applied. It seems like a good idea to remove the overwrite of the "self.included" method to allow all the defined validations to be applied and simply overwrite the :current_equal_password_validation method so that everything behaves the same. :allow_passwords_equal_to_email configuration has been enabled too, in order to allow existing records with this configuration. Another change made was to uncomment the line: and to keep everything working the same set the value to false: config.email_validation = false. This change has had to be made because in the documentation of devise-security it says the following: In other words, if we want to use the :secure_validatable module we have to enable this configuration even if its value is "false". If we kept the configuration variable commented out: The following error appears: "uninitialized constant Devise::Models::SecureValidatable::EmailValidator". So it has been verified that if before making any change we decommented the line and added the value of "false", the application worked as normal.
This commit is contained in:
taitus
@@ -8,7 +8,7 @@ Devise.setup do |config|
|
||||
# Need 1 char each of: A-Z, a-z, 0-9, and a punctuation mark or symbol
|
||||
# You may use "digits" in place of "digit" and "symbols" in place of
|
||||
# "symbol" based on your preference
|
||||
# config.password_complexity = { digit: 1, lower: 1, symbol: 1, upper: 1 }
|
||||
config.password_complexity = { digit: 0, lower: 0, symbol: 0, upper: 0 }
|
||||
|
||||
# How many passwords to keep in archive
|
||||
# config.password_archiving_count = 5
|
||||
@@ -21,7 +21,7 @@ Devise.setup do |config|
|
||||
|
||||
# enable email validation for :secure_validatable. (true, false, validation_options)
|
||||
# dependency: see https://github.com/devise-security/devise-security/blob/master/README.md#e-mail-validation
|
||||
# config.email_validation = true
|
||||
config.email_validation = false
|
||||
|
||||
# captcha integration for recover form
|
||||
# config.captcha_for_recover = true
|
||||
@@ -42,7 +42,7 @@ Devise.setup do |config|
|
||||
# config.expire_after = 90.days
|
||||
|
||||
# Allow password to equal the email
|
||||
# config.allow_passwords_equal_to_email = false
|
||||
config.allow_passwords_equal_to_email = true
|
||||
end
|
||||
|
||||
module Devise
|
||||
@@ -58,14 +58,6 @@ module Devise
|
||||
end
|
||||
|
||||
module SecureValidatable
|
||||
def self.included(base)
|
||||
base.extend ClassMethods
|
||||
assert_secure_validations_api!(base)
|
||||
base.class_eval do
|
||||
validate :current_equal_password_validation
|
||||
end
|
||||
end
|
||||
|
||||
def current_equal_password_validation
|
||||
if !new_record? && !encrypted_password_change.nil? && !erased?
|
||||
dummy = self.class.new
|
||||
|
||||
Reference in New Issue
Block a user