Add configurable password length validation (#64)

* Add configurable password length validation - Replaces the hardcoded password length minimum validator (12 characters) with a configuration variable - Adds test to check validation with multiple configurations - Adds documentation to README.md * Simplify tests * Update user_test.rb --------- Co-authored-by: Chris Oliver <[email protected]>
excid3 · Feb 27, 2024 · 325afc9 · 325afc9
1 parent 623b76f
commit 325afc9
Show file tree

Hide file tree

Showing 4 changed files with 23 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -140,6 +140,15 @@ authenticated do
 end
 ```
 
+### Password Length
+
+The minimum acceptable password length for validation defaults to 12 characters but this can be configured in either `config/initializers/revise_auth.rb` or your environment configuration:
+```ruby
+ReviseAuth.configure do |config|
+  config.minimum_password_length = 42
+end
+```
+
 ## Contributing
 
 If you have an issue you'd like to submit, please do so using the issue tracker in GitHub. In order for us to help you in the best way possible, please be as detailed as you can.

diff --git a/lib/revise_auth.rb b/lib/revise_auth.rb
@@ -12,4 +12,5 @@ module ReviseAuth
 
   config_accessor :sign_up_params, default: [:email, :password, :password_confirmation]
   config_accessor :update_params, default: []
+  config_accessor :minimum_password_length, default: 12
 end
diff --git a/lib/revise_auth/model.rb b/lib/revise_auth/model.rb
@@ -21,7 +21,7 @@ module Model
 
       validates :email, format: {with: URI::MailTo::EMAIL_REGEXP}, presence: true, uniqueness: true
       validates :unconfirmed_email, format: {with: URI::MailTo::EMAIL_REGEXP}, allow_blank: true
-      validates_length_of :password, minimum: 12, allow_nil: true
+      validates_length_of :password, minimum: ReviseAuth.minimum_password_length, allow_nil: true
     end
 
     # Generates a confirmation token and send email to the user

diff --git a/test/models/user_test.rb b/test/models/user_test.rb
@@ -19,6 +19,18 @@ class UserTest < ActiveSupport::TestCase
     refute_empty user.errors.where(:password, :blank)
   end
 
+  test "password meets minimum length" do
+    valid_user = User.new(email: "[email protected]")
+
+    valid_user.password = "a" * (ReviseAuth.minimum_password_length - 1)
+    valid_user.valid?
+    refute_empty valid_user.errors.where(:password, :too_short)
+
+    valid_user.password = "a" * ReviseAuth.minimum_password_length
+    valid_user.valid?
+    assert_empty valid_user.errors.where(:password, :too_short)
+  end
+
   test "email is downcased" do
     user = User.new(email: "[email protected]")
     user.valid?