Merge pull request #5734 from heartcombo/password-length-dynamic

Use proc to set password length validator so it's possible to override it dynamically.
heartcombo · Nov 29, 2024 · fec67f9 · fec67f9
2 parents dce20b7 + 560a1cb
commit fec67f9
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 3 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -18,7 +18,19 @@
   * Removed deprecations warning output for `Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION` (@soartec-lab)
   * Add Rails 8 support.
     - Routes are lazy-loaded by default in test and development environments now so Devise loads them before `Devise.mappings` call.
+  * Password length validator is changed from
 
+    ```
+    validates_length_of :password, within: password_length, allow_blank: true`
+    ```
+
+    to
+
+    ```
+    validates_length_of :password, minimum: proc { password_length.min }, maximum: proc { password_length.max }, allow_blank: true
+    ```
+
+    so it's possible to override `password_length` at runtime. (@manojmj92)
 * bug fixes
   * Make `Devise` work without `ActionMailer` when `Zeitwerk` autoloader is used.
 

diff --git a/lib/devise/models/validatable.rb b/lib/devise/models/validatable.rb
@@ -14,6 +14,8 @@ module Models
     #   * +email_regexp+: the regular expression used to validate e-mails;
     #   * +password_length+: a range expressing password length. Defaults to 6..128.
     #
+    # Since +password_length+ is applied in a proc within `validates_length_of` it can be overridden
+    # at runtime.
     module Validatable
       # All validations used by this module.
       VALIDATIONS = [:validates_presence_of, :validates_uniqueness_of, :validates_format_of,
@@ -34,7 +36,7 @@ def self.included(base)
 
           validates_presence_of     :password, if: :password_required?
           validates_confirmation_of :password, if: :password_required?
-          validates_length_of       :password, within: password_length, allow_blank: true
+          validates_length_of       :password, minimum: proc { password_length.min }, maximum: proc { password_length.max }, allow_blank: true
         end
       end
 

diff --git a/test/models_test.rb b/test/models_test.rb
@@ -26,8 +26,8 @@ def assert_include_modules(klass, *modules)
   test 'validations options are not applied too late' do
     validators = WithValidation.validators_on :password
     length = validators.find { |v| v.kind == :length }
-    assert_equal 2, length.options[:minimum]
-    assert_equal 6, length.options[:maximum]
+    assert_equal 2, length.options[:minimum].call
+    assert_equal 6, length.options[:maximum].call
   end
 
   test 'validations are applied just once' do