Ruby on Rails Password Validation
Building slightly on the accepted answer, here's the code that I used in a Rails project at work. (Note: We're using devise
to handle user authentication, and devise_invitable
to create new users.)
PASSWORD_FORMAT = /\A (?=.{8,}) # Must contain 8 or more characters (?=.*\d) # Must contain a digit (?=.*[a-z]) # Must contain a lower case character (?=.*[A-Z]) # Must contain an upper case character (?=.*[[:^alnum:]]) # Must contain a symbol/xvalidates :password, presence: true, length: { in: Devise.password_length }, format: { with: PASSWORD_FORMAT }, confirmation: true, on: :create validates :password, allow_nil: true, length: { in: Devise.password_length }, format: { with: PASSWORD_FORMAT }, confirmation: true, on: :update
The below seem to meet my requirements...I am actually now requiring a confirmation for all users.. (It makes the view cleaner). But on an update I am allowing blanks.
validates :password, :presence => true, :confirmation => true, :length => {:within => 6..40}, :on => :create validates :password, :confirmation => true, :length => {:within => 6..40}, :allow_blank => true, :on => :update
this works for blank password on update action:
validates :password, :presence => true, :on => :update, :if => lambda{ !password.nil? }validates :password, :confirmation => true, :length => { :minimum => 6}, :if => lambda{ new_record? || !password.nil? }