Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
张重言
rails
提交
a39a3337
R
rails
项目概览
张重言
/
rails
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
R
rails
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
a39a3337
编写于
12月 19, 2010
作者:
M
Mikel Lindsaar
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Added ability to specify which passwords you want as weak passwords
上级
863de37b
变更
2
隐藏空白更改
内联
并排
Showing
2 changed file
with
56 addition
and
17 deletion
+56
-17
activemodel/lib/active_model/secure_password.rb
activemodel/lib/active_model/secure_password.rb
+25
-6
activemodel/test/cases/secure_password_test.rb
activemodel/test/cases/secure_password_test.rb
+31
-11
未找到文件。
activemodel/lib/active_model/secure_password.rb
浏览文件 @
a39a3337
...
...
@@ -5,12 +5,10 @@ module ActiveModel
module
SecurePassword
extend
ActiveSupport
::
Concern
WEAK_PASSWORDS
=
%w( password qwerty 123456 )
module
ClassMethods
# Adds methods to set and authenticate against a BCrypt password.
# This mechanism requires you to have a password_digest attribute.
#
#
# Validations for presence of password, confirmation of password (using a "password_confirmation" attribute),
# and strength of password (at least 6 chars, not "password", etc) are automatically added.
# You can add more validations by hand if need be.
...
...
@@ -24,9 +22,9 @@ module ClassMethods
#
# user = User.new(:name => "david", :password => "secret", :password_confirmation => "nomatch")
# user.save # => false, password not long enough
# user.password = "mUc3m00RsqyRe"
# user.password = "mUc3m00RsqyRe"
# user.save # => false, confirmation doesn't match
# user.password_confirmation = "mUc3m00RsqyRe"
# user.password_confirmation = "mUc3m00RsqyRe"
# user.save # => true
# user.authenticate("notright") # => false
# user.authenticate("mUc3m00RsqyRe") # => user
...
...
@@ -42,6 +40,27 @@ def has_secure_password
validates_presence_of
:password_digest
validate
:password_must_be_strong
end
# Allows you to specify the set of weak passwords that will be validated against
# if you specify has_secure_password in your model.
#
# The default set of weak passwords are:
#
# class User < ActiveRecord::Base
# weak_passwords = %w( password qwerty 123456 mypass )
# end
def
weak_passwords
=
(
*
values
)
@weak_passwords
=
values
.
flatten
end
# Returns the list of current weak passwords defined. Defaults to the standard
# list of 'password', 'qwerty' and '123456'
#
# User.weak_passwords #=> ['password', 'qwerty', '123456']
def
weak_passwords
@weak_passwords
||=
%w( password qwerty 123456 )
end
end
# Returns self if the password is correct, otherwise false.
...
...
@@ -64,7 +83,7 @@ def password=(unencrypted_password)
def
password_must_be_strong
if
password
.
present?
errors
.
add
(
:password
,
:too_short
,
:count
=>
7
)
unless
password
.
size
>
6
errors
.
add
(
:password
,
:insecure
)
if
WEAK_PASSWORDS
.
include?
(
password
)
errors
.
add
(
:password
,
:insecure
)
if
self
.
class
.
weak_passwords
.
include?
(
password
)
end
end
end
...
...
activemodel/test/cases/secure_password_test.rb
浏览文件 @
a39a3337
...
...
@@ -2,37 +2,57 @@
require
'models/user'
class
SecurePasswordTest
<
ActiveModel
::
TestCase
setup
do
User
.
weak_passwords
=
%w( password qwerty 123456 )
@user
=
User
.
new
end
test
"there should be a list of default weak passwords"
do
assert_equal
%w( password qwerty 123456 )
,
User
.
weak_passwords
end
test
"specifying the list of passwords"
do
User
.
weak_passwords
=
%w( pass )
assert_equal
%w( pass )
,
User
.
weak_passwords
end
test
"adding to the list of passwords"
do
User
.
weak_passwords
<<
'pass'
@user
.
password
=
"password"
assert
!
@user
.
valid?
@user
.
password
=
"pass"
assert
!
@user
.
valid?
end
test
"password must be present"
do
assert
!
@user
.
valid?
assert_equal
1
,
@user
.
errors
.
size
end
test
"password must match confirmation"
do
@user
.
password
=
"thiswillberight"
@user
.
password_confirmation
=
"wrong"
assert
!
@user
.
valid?
@user
.
password_confirmation
=
"thiswillberight"
assert
@user
.
valid?
end
test
"password must pass validation rules"
do
@user
.
password
=
"password"
assert
!
@user
.
valid?
@user
.
password
=
"short"
assert
!
@user
.
valid?
@user
.
password
=
"plentylongenough"
assert
@user
.
valid?
end
test
"too weak passwords"
do
@user
.
password
=
"012345"
assert
!
@user
.
valid?
...
...
@@ -41,14 +61,14 @@ class SecurePasswordTest < ActiveModel::TestCase
@user
.
password
=
"password"
assert
!
@user
.
valid?
assert_equal
[
"is too weak and common"
],
@user
.
errors
[
:password
]
@user
.
password
=
"d9034rfjlakj34RR$!!"
assert
@user
.
valid?
end
test
"authenticate"
do
@user
.
password
=
"secret"
assert
!
@user
.
authenticate
(
"wrong"
)
assert
@user
.
authenticate
(
"secret"
)
end
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录