doc/guides/password_requirements.rdoc in rodauth-2.27.0 vs doc/guides/password_requirements.rdoc in rodauth-2.28.0
- old
+ new
@@ -1,15 +1,18 @@
= Customize password requirements
By default, Rodauth requires passwords to have at least 6 characters. You can
-modify the minimum length:
+modify the minimum and maximum length:
plugin :rodauth do
enable :login, :logout, :create_account
# Require passwords to have at least 8 characters
password_minimum_length 8
+
+ # Don't allow passwords to be too long, to prevent long password DoS attacks
+ password_maximum_length 64
end
You can use the {disallow common passwords feature}[rdoc-ref:doc/disallow_common_passwords.rdoc]
to prevent the usage of common passwords (the most common 10,000 by default).
@@ -23,8 +26,18 @@
plugin :rodauth do
enable :login, :logout, :create_account
password_meets_requirements? do |password|
- #true if password meets requirements, false otherwise
+ super(password) && password_complex_enough?(password)
+ end
+
+ auth_class_eval do
+ # If password doesn't pass custom validation, add field error with error
+ # reason, and return false.
+ def password_complex_enough?(password)
+ return true if password.match?(/\d/) && password.match?(/[^a-zA-Z\d]/)
+ set_password_requirement_error_message(:password_simple, "requires one number and one special character")
+ false
+ end
end
end