Ruby on Rails 密码验证
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/5123972/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Ruby on Rails Password Validation
提问by Chris Muench
So I have interesting password validation requirements:
所以我有有趣的密码验证要求:
When a user signs up, I want them to have to type in password and confirm and be between
6..40(GOT THIS WORKING 100%)When a user updates their profile, the same validation rules apply (GOT THIS WORKING 100%)
When an admin adds a user, they only have to enter the password once and it should be validated (NOT WORKIG)
When an admin edits a user and the password field is blank, it shouldn't update the password, if they type something, it should be validated. (PARTIAL WORKING)
validates :password, :presence => true, :confirmation => true, :length => {:within => 6..40}, :unless => :force_submit
当用户注册时,我希望他们必须输入密码并确认并介于两者之间
6..40(让这个工作 100%)当用户更新他们的个人资料时,相同的验证规则适用(100% 成功)
当管理员添加用户时,他们只需要输入一次密码并且应该进行验证(NOT WORKIG)
当管理员编辑用户并且密码字段为空时,不应更新密码,如果他们键入内容,则应进行验证。(部分工作)
validates :password, :presence => true, :confirmation => true, :length => {:within => 6..40}, :unless => :force_submit
The only cases I can't cover are when an admin adds a user, it is not validated and when an admin edits a user (and types in a password) it is not validated.
我无法涵盖的唯一情况是当管理员添加用户时,它没有经过验证,当管理员编辑用户(并输入密码)时,它没有经过验证。
the :force_submitis passed in from the admin form, so the password isn't validated. (So the case of an updating empty password works)
将:force_submit在从管理形式传递,所以密码没有被验证。(因此更新空密码的情况有效)
Any ideas/magic?
任何想法/魔法?
回答by Tom Lord
Building slightly on the accepted answer, here's the code that I used in a Rails project at work. (Note: We're using deviseto handle user authentication, and devise_invitableto create new users.)
稍微建立在接受的答案的基础上,这是我在工作中的 Rails 项目中使用的代码。(注意:我们devise用于处理用户身份验证和devise_invitable创建新用户。)
PASSWORD_FORMAT = /\A
(?=.{8,}) # Must contain 8 or more characters
(?=.*\d) # Must contain a digit
(?=.*[a-z]) # Must contain a lower case character
(?=.*[A-Z]) # Must contain an upper case character
(?=.*[[:^alnum:]]) # Must contain a symbol
/x
validates :password,
presence: true,
length: { in: Devise.password_length },
format: { with: PASSWORD_FORMAT },
confirmation: true,
on: :create
validates :password,
allow_nil: true,
length: { in: Devise.password_length },
format: { with: PASSWORD_FORMAT },
confirmation: true,
on: :update
回答by Chris Muench
The below seem to meet my requirements...I am actually now requiring a confirmation for all users.. (It makes the view cleaner). But on an update I am allowing blanks.
下面的内容似乎符合我的要求......我实际上现在需要对所有用户进行确认......(它使视图更清晰)。但是在更新时我允许空白。
validates :password, :presence => true,
:confirmation => true,
:length => {:within => 6..40},
:on => :create
validates :password, :confirmation => true,
:length => {:within => 6..40},
:allow_blank => true,
:on => :update
回答by Joe Ritchey
this works for blank password on update action:
这适用于更新操作的空白密码:
validates :password, :presence => true, :on => :update,
:if => lambda{ !password.nil? }
validates :password,
:confirmation => true,
:length => { :minimum => 6},
:if => lambda{ new_record? || !password.nil? }
回答by achempion
yet another variant
另一个变种
validates_presence_of :password_digest
validates_length_of :password, minimum: 6, if: Proc.new { |user| user.password.present? }
