doc/guides/password_requirements.rdoc in rodauth-2.27.0 vs doc/guides/password_requirements.rdoc in rodauth-2.28.0

- old
+ new

@@ -1,15 +1,18 @@ = Customize password requirements By default, Rodauth requires passwords to have at least 6 characters. You can -modify the minimum length: +modify the minimum and maximum length: plugin :rodauth do enable :login, :logout, :create_account # Require passwords to have at least 8 characters password_minimum_length 8 + + # Don't allow passwords to be too long, to prevent long password DoS attacks + password_maximum_length 64 end You can use the {disallow common passwords feature}[rdoc-ref:doc/disallow_common_passwords.rdoc] to prevent the usage of common passwords (the most common 10,000 by default). @@ -23,8 +26,18 @@ plugin :rodauth do enable :login, :logout, :create_account password_meets_requirements? do |password| - #true if password meets requirements, false otherwise + super(password) && password_complex_enough?(password) + end + + auth_class_eval do + # If password doesn't pass custom validation, add field error with error + # reason, and return false. + def password_complex_enough?(password) + return true if password.match?(/\d/) && password.match?(/[^a-zA-Z\d]/) + set_password_requirement_error_message(:password_simple, "requires one number and one special character") + false + end end end