kykyi
commented
1 week ago Great call @angelamchoi! @carlosantoniodasilva and Devise team can I open a PR adding some config which essentially does this?
# devise initializer
Devise.setup do |config|
config.password_length = 8..128
config.password_require_lower_case = true
config.password_require_upper_case = true
config.password_require_special_character = true
config.password_require_number = true
end
# on devise model
def password_complexity
lower_case_regex = /(?=.*[a-z])/
upper_case_regex = /(?=.*[A-Z])/
digit_regex = /(?=.*[0-9])/
special_char_regex = /(?=.*[\W])/
[
[lower_case_regex, :no_lowercase],
[upper_case_regex, :no_uppercase],
[digit_regex, :no_digit],
[special_char_regex, :no_special]
].each do |regex, error|
if !password.match?(regex)
errors.add :password, error
end
end
end
Hi @Carlosantoniodasilva and Devise team!
Currently, Devise's minimum password length is 6 characters long without any strict requirements on uppercase and lowercase, letters and symbols. For example, 123456, would be an acceptable password. I wanted to know if Devise would consider increasing the default password length to 10-12 min. characters long with stronger password requirements such as adding uppercase, lowercase, letters, and/or symbols to ensure all users have a secure password. I have attached an image for more information. I would love to work on this issue.
Please let me know if you have any questions.
Thank you.