How to validate password complexity

Hi,

I have a user model that saves password_salt and password_hash in DB,
there is no password attribute. I would like to validate the password
complexity with regular expression, but because password is not an
attribute validation always fails. How can I accomplish this
validation using the validation framework?

Thanks.

class User < ActiveRecord::Base
validates_format_of :password,
:with => /^.(?=.{6,})(?=.\d)(?=.[a-z])(?=.[A-Z]).*$/

def password=(pass)
salt = [Array.new(6){rand(256).chr}.join].pack(“m”).chomp
self.password_salt, self.password_hash =
salt, Digest::SHA256.hexdigest(pass + salt)
end

def password
end
end

On Wed, Jul 30, 2008 at 2:40 AM, GreenValley [email protected]
wrote:

Hi,

I have a user model that saves password_salt and password_hash in DB,
there is no password attribute. I would like to validate the password
complexity with regular expression, but because password is not an
attribute validation always fails. How can I accomplish this
validation using the validation framework?

You can always override validate or validate_on_create

See: Peak Obsession

Thank you Christopher. I will do that.