Sha256: 1d47ea1536434f1108e82be531635b071f0e3bcf0441bb190cae0699e061e59e
Contents?: true
Size: 1.58 KB
Versions: 8
Compression:
Stored size: 1.58 KB
Contents
= Customize password requirements
By default, Rodauth requires passwords to have at least 6 characters. You can
modify the minimum and maximum length:
plugin :rodauth do
enable :login, :logout, :create_account
# Require passwords to have at least 8 characters
password_minimum_length 8
# Don't allow passwords to be too long, to prevent long password DoS attacks
password_maximum_length 64
end
You can use the {disallow common passwords feature}[rdoc-ref:doc/disallow_common_passwords.rdoc]
to prevent the usage of common passwords (the most common 10,000 by default).
You can use additional complexity checks on passwords via the {password
complexity feature}[rdoc-ref:doc/password_complexity.rdoc], though most of
those complexity checks are no longer considered modern security best
practices and are likely to decrease overall security.
If you want complete control over whether passwords meet requirements, you
can use the <tt>password_meets_requirements?</tt> configuration method.
plugin :rodauth do
enable :login, :logout, :create_account
password_meets_requirements? do |password|
super(password) && password_complex_enough?(password)
end
auth_class_eval do
# If password doesn't pass custom validation, add field error with error
# reason, and return false.
def password_complex_enough?(password)
return true if password.match?(/\d/) && password.match?(/[^a-zA-Z\d]/)
set_password_requirement_error_message(:password_simple, "requires one number and one special character")
false
end
end
end
Version data entries
8 entries across 8 versions & 1 rubygems