-
Notifications
You must be signed in to change notification settings - Fork 36
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AshAuthentication.Strategy.Password
should allow configuration of what should be considered a valid password.
#497
Comments
Yeah, this one is pretty interesting. I think the password validation should maybe be simplified to a single module/function, with the default being one that validates the length. i.e password do
...
password_validator PasswordValidator
end defmodule PasswordValidator do
def validate(password) do
with :ok <- validate_length(password),
:ok <- validate_characters(password) do
:ok
end
end
...
end |
yeah that makes sense. we could have a behaviour like the password hashing behaviour. |
@zachdaniel @jimsynz I have a similar problem. I want to check for a minimum password length of 9 and I want to check if that password is in table with bad passwords (e.g. "111111111"). Is there some work around which I can use right away? |
I believe you can add a global validation. validations do
validate ValidatePassword, where: [action_is([:register, :change_password])] # whatever your actions are called
end Then you can match on the changeset to see what argument/value you should check. |
I'm using
AshAuthentication.Strategy.Password
in my app and was interested in customizing the default8
character requirement of a password. I am interested in having it be20
. To the best of my early research, I could not find a way to change or influence the current8
character setting.I started asking questions on the forum, and there seemed to be interest in expanding the customizations of the Password strategy so I'm making this new issue to help center discussion and efforts toward this new logic.
https://elixirforum.com/t/is-there-a-way-for-me-to-customize-the-default-password-length-requirement-while-using-the-password-strategy-of-ash-authentication/59329/1
The text was updated successfully, but these errors were encountered: