I’m using the Parse Dashboard 1.2.0 and the Ruby API for a Rails app.
I’ve set the PARSE_SERVER_PASSWORD_POLICY_VALIDATOR_PATTERN
env variable on the config page to “/^(?=.?[A-Z])(?=.?[a-z])(?=.?[0-9])(?=.?[#?!@$ %^&*-]).{8,}$/”. My impression is that this will force validation of passwords, ensuring a length of 8, one each of lower- and uppercase, digits, and “special” characters.
At the Rails model validation level, I’ve tried using:
validates :password, format: {with: /^(?=.*?[A-Z])(?=.*?[a-z])(?=.*?[0-9])(?=.*?[#?!@$ %^&*-]).{8,}$/, message: "Invalid password."}
I am, however, able to turn off javascript while setting a password, enter a password like “junkpass” with no apparent warnings, and later be able to login with it.
Am I missing a step? How do I ensure that ill-formed passwords do not pass validation, and notify the user of this fact?