zorn
Is there a way for me to customize the default password length requirement while using the Password strategy of `ash_authentication`?
I’m using a pretty vanilla implementation and seeing:
“length must be greater than or equal to 8”
I’d like that to be 20.
Ideally, I would like to see something like password_length_requirement in the DSL. Is that something the project would welcome as an addition?
I feel like people would want to customize that for different business needs too (so maybe the real solution is a little more customizable than just a single new DSL addition).
Most Liked
jimsynz
yeah, that’s what I was thinking but it occurs to me that :password is an argument to those actions and not actually an attribute as we never want to store the plaintext password.
jimsynz
@adw632 has it right.
The other options are to override the register_with_password action and add your own validations, but probable the best way is to add a custom validation in the global validations block.
For example:
validations do
validate string_length(:password. min: 20) do
where action_is(:register_with_password)
end
end
adw632
Probably some options for password validation would be useful. Password validation policies can be quite varied and often specified by corporate numskulls.
Examples of constraints can include password length, character complexity, dictionary word checks, blacklists, not “similar” to the previous one (or “recent” ones).
I think some escape hatch for specifying a validator would be good to provide full flexibility.
There may be some opportunity to avoid the specific racing/inconsistency problem above of “at least 8” and then “at least 20”, possibly by coalescing/overriding validations of the same type.
Popular in Questions
Other popular topics
Categories:
Sub Categories:
Forums
Popular Tags
- #ecto
- #liveview
- #troubleshooting
- #learning-elixir
- #deployment
- #library
- #erlang
- #testing
- #genserver
- #mix
- #absinthe
- #remote-other
- #otp
- #plug
- #how-to-question
- #macros
- #postgres
- #channels
- #elixirconf
- #exunit
- #discussion
- #code-sync
- #javascript
- #podcasts
- #onsite
- #dialyzer
- #docker
- #authentication
- #umbrella
- #full-time-contract
- #podcasts-by-brainlid
- #ecto-query
- #elixir-ls
- #phoenix_html
- #iex
- #blog-post
- #graphql
- #genstage
- #ai
- #websockets
- #supervisor
- #advent-of-code
- #elixirconf-us
- #distillery
- #processes
- #forms
- #api
- #metaprogramming
- #security
- #performance









