Bump timeout to 2.hours and minimum password length

Follow the guidelines we proposed.
nhsuk · Nov 24, 2023 · 17a1fd8 · 17a1fd8
1 parent 6aeaf07
commit 17a1fd8
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb
@@ -178,7 +178,7 @@
 
   # ==> Configuration for :validatable
   # Range for password length.
-  config.password_length = 8..128
+  config.password_length = 10..128
 
   # Email regex used to validate email formats. It simply asserts that
   # one (and only one) @ exists in the given string. This is mainly
@@ -188,7 +188,7 @@
   # ==> Configuration for :timeoutable
   # The time you want to timeout the user session without activity. After this
   # time the user will be asked for credentials again. Default is 30 minutes.
-  # config.timeout_in = 30.minutes
+  config.timeout_in = 2.hours
 
   # ==> Configuration for :lockable
   # Defines which strategy will be used to lock an account.

diff --git a/spec/factories/users.rb b/spec/factories/users.rb
@@ -27,6 +27,6 @@
     full_name { |n| "Test User #{n}" }
     email { |n| "test-#{n}@localhost" }
     teams { [Team.first || create(:team)] }
-    password { "rosebud1" }
+    password { "power overwhelming" }
   end
 end