Skip to content

Devise extension to prevent users from using a common password.

License

Notifications You must be signed in to change notification settings

Negotiatus/devise-uncommon_password

This branch is 1 commit ahead of, 2 commits behind HCLarsen/devise-uncommon_password:master.

Folders and files

NameName
Last commit message
Last commit date
Jun 13, 2017
Aug 29, 2024
Nov 21, 2024
Sep 4, 2024
Sep 4, 2024
Aug 29, 2024
Jun 11, 2018
Sep 14, 2024
Jun 13, 2017
Dec 30, 2021
Jun 13, 2017
Sep 14, 2024

Repository files navigation

Devise Uncommon Password

Build Status Code Climate

Devise::UncommonPassword is an extension for the devise gem, which prevents users from signing up using one of the 100 most common passwords. The list is derived from the darkweb2017_top10K.txt found at: https://github.com/danielmiessler/SecLists/tree/master/Passwords.

Usage

Add the :uncommon_password module to your model:

class AdminUser < ApplicationRecord
  devise :database_authenticatable,
         :recoverable, :rememberable, :trackable, :validatable, :uncommon_password
end

By default, the password is checked against the 100 most common passwords that fit within the minimum and maximum lengths specified in the /config/initializers/devise.rb file. However, if a developer wants to check against a larger list, they may override this default by adding the following line to that same file:

# Number of common passwords to check entered password against.
config.password_matches = 1000

Internationalization and Customization

The default message for users who attempt to use a common password is:

is a very common password. Please choose something harder to guess.

This can be changed by modifying the devise.en.yml file, under errors/messages/common_password. Translations can be provided using the devise translation files in the same location.

en:
  errors:
    messages:
      common_password: 'is a very common password. Please choose something harder to guess.'

Installation

Add this line to your application's Gemfile:

gem 'devise-uncommon_password'

And then execute:

$ bundle install

Contributing

You can contribute by doing the following:

  • Check out the issue tracker to make sure someone already hasn't requested it and/or contributed it
  • Fork it
  • Write your changes
  • Test
  • Commit
  • Send a pull request

License

The gem is available as open source under the terms of the MIT License.

About

Devise extension to prevent users from using a common password.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • JavaScript 88.2%
  • Ruby 7.6%
  • CSS 3.2%
  • HTML 1.0%