diff options
| -rw-r--r-- | config/initializers/devise_password_length.rb.example | 6 | ||||
| -rw-r--r-- | doc/security/password_length_limits.md | 9 |
2 files changed, 15 insertions, 0 deletions
diff --git a/config/initializers/devise_password_length.rb.example b/config/initializers/devise_password_length.rb.example new file mode 100644 index 00000000000..97305825e07 --- /dev/null +++ b/config/initializers/devise_password_length.rb.example @@ -0,0 +1,6 @@ +Devise.setup do |config| + # The following line changes the password length limits for new users. In the + # example below the minimum length is 12 characters, and the maximum length + # is 128 characters. + config.password_length = 12..128 +end diff --git a/doc/security/password_length_limits.md b/doc/security/password_length_limits.md new file mode 100644 index 00000000000..dee2bcde3c3 --- /dev/null +++ b/doc/security/password_length_limits.md @@ -0,0 +1,9 @@ +# Custom password length limits + +If you want to enforce longer user passwords you can create an extra Devise initializer with the following steps: + +```bash +cd /home/git/gitlab +sudo -u git -H cp config/initializers/devise_password_length.rb.example config/initializers/devise_password_length.rb +sudo -u git -H editor config/initializers/devise_password_length.rb # inspect and edit the new password length limits +``` |