Project

devise-uncommon_password

0.04
A long-lived project that still receives updates
devise-uncommon_passwordhclarsen/devise-uncommon_passwordsHomepageDocumentationSource CodeBug TrackerWiki
Devise extension to prevent users from using a common password.
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Popularity
Downloads
179,885
Stars
28
Forks
21
Watchers
3
 Releases
Current version
0.4.6
Total releases
20
First release
2017-07-06
Latest release
2024-09-18
 Issues
Open Issues
0
Closed Issues
7
Total Issues
7
Issue Closure Rate
100%
 Pull Requests
Open Pull Requests
1
Closed Pull Requests
19
Merged Pull Requests
35
Pull Request Acceptance Rate
63%
 Development
Primary Language
JavaScript
Licenses
MIT
Average date of last 50 commits
2023-01-29
Reverse Dependencies
0

 Dependencies

Development

sqlite3
>= 1.7.0
sprockets-rails
>= 0

Runtime

devise
>= 3.5, < 5.0
rails
>= 4.2, < 7.3
 Project Readme

Devise Uncommon Password

Build Status Code Climate

Devise::UncommonPassword is an extension for the devise gem, which prevents users from signing up using one of the 100 most common passwords. The list is derived from the darkweb2017_top10K.txt found at: https://github.com/danielmiessler/SecLists/tree/master/Passwords.

Usage

Add the :uncommon_password module to your model:

class AdminUser < ApplicationRecord
  devise :database_authenticatable,
         :recoverable, :rememberable, :trackable, :validatable, :uncommon_password
end

By default, the password is checked against the 100 most common passwords that fit within the minimum and maximum lengths specified in the /config/initializers/devise.rb file. However, if a developer wants to check against a larger list, they may override this default by adding the following line to that same file:

# Number of common passwords to check entered password against.
config.password_matches = 1000

Internationalization and Customization

The default message for users who attempt to use a common password is:

is a very common password. Please choose something harder to guess.

This can be changed by modifying the devise.en.yml file, under errors/messages/common_password. Translations can be provided using the devise translation files in the same location.

en:
  errors:
    messages:
      common_password: 'is a very common password. Please choose something harder to guess.'

Installation

Add this line to your application's Gemfile:

gem 'devise-uncommon_password'

And then execute:

$ bundle install

Contributing

You can contribute by doing the following:

  • Check out the issue tracker to make sure someone already hasn't requested it and/or contributed it
  • Fork it
  • Write your changes
  • Test
  • Commit
  • Send a pull request

License

The gem is available as open source under the terms of the MIT License.