Ruby on Rails Password Validation

Building slightly on the accepted answer, here's the code that I used in a Rails project at work. (Note: We're using devise to handle user authentication, and devise_invitable to create new users.)

PASSWORD_FORMAT = /\A  (?=.{8,})          # Must contain 8 or more characters  (?=.*\d)           # Must contain a digit  (?=.*[a-z])        # Must contain a lower case character  (?=.*[A-Z])        # Must contain an upper case character  (?=.*[[:^alnum:]]) # Must contain a symbol/xvalidates :password,   presence: true,   length: { in: Devise.password_length },   format: { with: PASSWORD_FORMAT },   confirmation: true,   on: :create validates :password,   allow_nil: true,   length: { in: Devise.password_length },   format: { with: PASSWORD_FORMAT },   confirmation: true,   on: :update

The below seem to meet my requirements...I am actually now requiring a confirmation for all users.. (It makes the view cleaner). But on an update I am allowing blanks.

  validates :password, :presence => true,                       :confirmation => true,                       :length => {:within => 6..40},                       :on => :create  validates :password, :confirmation => true,                       :length => {:within => 6..40},                       :allow_blank => true,                       :on => :update

this works for blank password on update action:

validates :password, :presence => true, :on => :update, :if => lambda{ !password.nil? }validates :password,  :confirmation => true,  :length => { :minimum => 6},  :if => lambda{ new_record? || !password.nil? }