Repository files navigation

Devise::UncommonPassword is an extension for thedevise gem, which prevents users from signing up using one of the 1000 most common passwords. The list is derived from:https://github.com/danielmiessler/SecLists/blob/master/Passwords/Common-Credentials/10-million-password-list-top-100000.txt.

Add the:uncommon_password module to your model:

classAdminUser <ApplicationRecorddevise:database_authenticatable,:recoverable,:rememberable,:trackable,:validatable,:uncommon_passwordend

By default, the password is checked against the 1000 most common passwords that fit within the minimum and maximum lengths specified in the /config/initializers/devise.rb file. However, if a developer wants to check against a smaller list, they may override this default by adding the following line to that same file:

# Number of common passwords to check entered password against.config.password_matches=100

The default message for users who attempt to use a common password is:

is a very common password. Please choose something harder to guess.

This can be changed by modifying thedevise.en.yml file, under errors/messages/common_password. Translations can be provided using the devise translation files in the same location.

en:errors:messages:common_password:'is a very common password. Please choose something harder to guess.'

Add this line to your application's Gemfile:

gem'devise-uncommon_password'

And then execute:

$ bundle install

You can contribute by doing the following:

• Check out the issue tracker to make sure someone already hasn't requested it and/or contributed it
• Fork it
• Write your changes
• Test
• Commit
• Send a pull request

The gem is available as open source under the terms of theMIT License.