Validate password strength for internal users

This commit is contained in:
Sebastian Serth
2022-09-14 01:38:18 +02:00
parent f1aa004284
commit d02a1eae81
6 changed files with 39 additions and 3 deletions

View File

@ -1,5 +1,7 @@
# frozen_string_literal: true
require 'zxcvbn'
class InternalUser < User
authenticates_with_sorcery!
@ -7,6 +9,7 @@ class InternalUser < User
validates :email, presence: true, uniqueness: true
validates :password, confirmation: true, if: -> { password_void? && validate_password? }, on: :update, presence: true
validate :password_strength, if: -> { password_void? && validate_password? }, on: :update
validates :role, inclusion: {in: ROLES}
def activated?
@ -25,6 +28,11 @@ class InternalUser < User
end
private :validate_password?
def password_strength
result = Zxcvbn.test(password, [email, name, 'CodeOcean'])
errors.add(:password, :weak) if result.score < 4
end
def teacher?
role == 'teacher'
end