No commit activity in last 3 years
No release in over 3 years
Provides validates :password for ActiveModel
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Dependencies

Development

>= 5.4.1, ~> 5
>= 1.0.5, ~> 1
~> 10

Runtime

 Project Readme

Password Validation for Rails and ActiveModel

This gem provides validates :password for any ActiveModel class (including Rails models).

Installation

Put this in your Gemfile:

gem 'password_validation'

Then run bundle install.

Basic Usage

The simplest way to use the validator is like this:

class User < ActiveRecord::Base
  validates :password, password: true
end

Defaults

The default requirements are:

  • At least eight characters.
  • At least one uppercase character.
  • At least one lowercase character.
  • At least one numeral.
  • At least one special character.

A default error message is provided for each.

Customization

The requirements and the error message can be customized by passing an options hash:

# Override the default length requirement.
validates :password, password: length: {minimum: 10}}

# Turn off the uppercase requirement.
validates :password, password: {uppercase: {required: false}}

# Turn off the lowercase requirement.
validates :password, password: {lowercase: {required: false}}

# Turn off the numeral requirement.
validates :password, password: {numeral: {required: false}}

# Turn off the special character requirement.
validates :password, password: {special: {required: false}}

# Use a custom message. This works not just for length but for all requirements.
validates uppercase: {message: 'needs an uppercase letter'}

# Dynamically generate a message from a proc. The first parameter is the options hash
# with the gem's default settings merged in. The second is the password.
validates length: {message: ->(opts, p) {
  "#{p} is too short. Must be at least #{opts[:minimum]} characters."
}}

Conditional Validation

In many applications, you don't want to validate the password every time the record is saved. Instead, you want to validate only when the record is created or the password is being changed. So you might consider something like this:

class User < ActiveRecord::Base
  validates :password, password: true, if: require_password?
  
  def require_password?
    password.present? or new_record?
  end
end