Devise::UncommonPassword is an extension for the devise gem, which prevents users from signing up using one of the 100 most common passwords. The list is derived from the darkweb2017_top10K.txt found at: https://github.com/danielmiessler/SecLists/tree/master/Passwords.
Add the :uncommon_password module to your model:
class AdminUser < ApplicationRecord
devise :database_authenticatable,
:recoverable, :rememberable, :trackable, :validatable, :uncommon_password
endBy default, the password is checked against the 100 most common passwords that fit within the minimum and maximum lengths specified in the /config/initializers/devise.rb file. However, if a developer wants to check against a larger list, they may override this default by adding the following line to that same file:
# Number of common passwords to check entered password against.
config.password_matches = 1000Add this line to your application's Gemfile:
gem 'devise-uncommon_password'And then execute:
$ bundle installYou can contribute by doing the following:
- Check out the issue tracker to make sure someone already hasn't requested it and/or contributed it
- Fork it
- Write your changes
- Commit
- Send a pull request
The gem is available as open source under the terms of the MIT License.