diff options
| -rw-r--r-- | config/initializers/devise_password_length.rb.example | 6 | ||||
| -rw-r--r-- | doc/security/password_length_limits.md | 10 |
2 files changed, 16 insertions, 0 deletions
diff --git a/config/initializers/devise_password_length.rb.example b/config/initializers/devise_password_length.rb.example new file mode 100644 index 00000000000..97305825e07 --- /dev/null +++ b/config/initializers/devise_password_length.rb.example @@ -0,0 +1,6 @@ +Devise.setup do |config| + # The following line changes the password length limits for new users. In the + # example below the minimum length is 12 characters, and the maximum length + # is 128 characters. + config.password_length = 12..128 +end diff --git a/doc/security/password_length_limits.md b/doc/security/password_length_limits.md new file mode 100644 index 00000000000..c8d66e9636c --- /dev/null +++ b/doc/security/password_length_limits.md @@ -0,0 +1,10 @@ +# Custom password length limits + +If you want to enforce longer user passwords you can create an extra Devise initializer with the steps below. +If you do not use the `devise_password_length.rb` initializer the password length is set to a minimum of 8 characters in `config/initializers/devise.rb`. + +```bash +cd /home/git/gitlab +sudo -u git -H cp config/initializers/devise_password_length.rb.example config/initializers/devise_password_length.rb +sudo -u git -H editor config/initializers/devise_password_length.rb # inspect and edit the new password length limits +``` |