Notice
This project is not frequently maintained. Please check the original source: https://github.com/HCLarsen/devise-uncommon_password.
Devise Uncommon Password
Devise::UncommonPassword is an extension for the devise gem, which prevents users from signing up using one of the 100 most common passwords. The list is derived from 10-million-password-list-top-1000000.txt found at: https://github.com/danielmiessler/SecLists/blob/master/Passwords/Common-Credentials/10-million-password-list-top-1000000.txt.
Usage
Add the :uncommon_password
module to your model:
class AdminUser < ApplicationRecord
devise :database_authenticatable,
:recoverable, :rememberable, :trackable, :validatable, :uncommon_password
end
If it doesn't load, include this in the file you need or in application.rb
require 'devise/uncommon_password'
By default, the password is checked against the 100 most common passwords that fit within the minimum and maximum lengths specified in the /config/initializers/devise.rb file. However, if a developer wants to check against a larger list, they may override this default by adding the following line to that same file:
config.password_matches = 1000
Additional Enhancements
Added support to allow different password files to be loaded depending on environment
Internationalization and Customization
The default message for users who attempt to use a common password is:
is a very common password. Please choose something harder to guess.
This can be changed by modifying the devise.en.yml
file, under errors/messages/common_password. Translations can be provided using the devise translation files in the same location.
en:
errors:
messages:
common_password: 'is a very common password. Please choose something harder to guess.'
Installation
Add this line to your application's Gemfile:
gem 'devise-uncommon_password-alt'
And then execute:
$ bundle install
Contributing
You can contribute by doing the following:
- Check out the issue tracker to make sure someone already hasn't requested it and/or contributed it
- Fork it
- Write your changes
- Commit
- Send a pull request
License
The gem is available as open source under the terms of the MIT License.