feat: Improved password security policy (#2345)

Co-authored-by: Pranav Raj S <pranav@chatwoot.com>

config/initializers/liquid_handler.rb

@@ -1 +1,3 @@
+require Rails.root.join('lib/action_view/template/handlers/liquid')
+
 ActionView::Template.register_template_handler :liquid, ActionView::Template::Handlers::Liquid

config/initializers/secure_password.rb

@@ -0,0 +1,44 @@
+# frozen_string_literal: true
+
+Devise.setup do |config|
+  # ==> Configuration for the Devise Secure Password extension
+  #     Module: password_has_required_content
+  #
+  # Configure password content requirements including the number of uppercase,
+  # lowercase, number, and special characters that are required. To configure the
+  # minimum and maximum length refer to the Devise config.password_length
+  # standard configuration parameter.
+
+  # The number of uppercase letters (latin A-Z) required in a password:
+  config.password_required_uppercase_count = 1
+
+  # The number of lowercase letters (latin A-Z) required in a password:
+  config.password_required_lowercase_count = 1
+
+  # The number of numbers (0-9) required in a password:
+  config.password_required_number_count = 1
+
+  # The number of special characters (!@#$%^&*()_+-=[]{}|') required in a password:
+  config.password_required_special_character_count = 1
+
+  # we are not using the configurations below
+  # ==> Configuration for the Devise Secure Password extension
+  #     Module: password_disallows_frequent_reuse
+  #
+  # The number of previously used passwords that can not be reused:
+  # config.password_previously_used_count = 8
+
+  # ==> Configuration for the Devise Secure Password extension
+  #     Module: password_disallows_frequent_changes
+  #     *Requires* password_disallows_frequent_reuse
+  #
+  # The minimum time that must pass between password changes:
+  # config.password_minimum_age = 1.days
+
+  # ==> Configuration for the Devise Secure Password extension
+  #     Module: password_requires_regular_updates
+  #     *Requires* password_disallows_frequent_reuse
+  #
+  # The maximum allowed age of a password:
+  # config.password_maximum_age = 180.days
+end

config/initializers/sidekiq.rb

@@ -1,3 +1,5 @@
+require Rails.root.join('lib/redis/config')
+
 schedule_file = 'config/schedule.yml'
 
 Sidekiq.configure_client do |config|

config/locales/secure_password.en.yml

@@ -0,0 +1,74 @@
+en:
+  secure_password:
+    character:
+      one: "character"
+      other: "characters"
+
+    types:
+      uppercase: "uppercase"
+      downcase: "downcase"
+      lowercase: "lowercase"
+      number: "number"
+      special: "special"
+
+    password_has_required_content:
+      errors:
+        messages:
+          unknown_characters: "contains %{count} invalid %{subject}"
+          minimum_characters: "must contain at least %{count} %{type} %{subject}"
+          maximum_characters: "must contain less than %{count} %{type} %{subject}"
+          minimum_length: "must contain at least %{count} %{subject}"
+          maximum_length: "must contain less than %{count} %{subject}"
+    password_disallows_frequent_reuse:
+      errors:
+        messages:
+          password_is_recent: "Last %{count} passwords may not be reused"
+    password_disallows_frequent_changes:
+      errors:
+        messages:
+          password_is_recent: "Password cannot be changed more than once per %{timeframe}"
+    password_requires_regular_updates:
+      alerts:
+        messages:
+          password_updated: "Your password has been updated."
+      errors:
+        messages:
+          password_expired: "Your password has expired. Passwords must be changed every %{timeframe}"
+    datetime:
+      # update distance_in_words translations to remove the determiner words:
+      #   about, almost, over, less than, etc.
+      precise_distance_in_words:
+        half_a_minute: "half a minute"
+        less_than_x_seconds:
+          one:   "1 second" # default was: "less than 1 second"
+          other: "%{count} seconds" # default was: "less than %{count} seconds"
+        x_seconds:
+          one:   "1 second"
+          other: "%{count} seconds"
+        less_than_x_minutes:
+          one:   "a minute" # default was: "less than a minute"
+          other: "%{count} minutes" # default was: "less than %{count} minutes"
+        x_minutes:
+          one:   "1 minute"
+          other: "%{count} minutes"
+        about_x_hours:
+          one:   "1 hour" # default was: "about 1 hour"
+          other: "%{count} hours" # default was: "about %{count} hours"
+        x_days:
+          one:   "1 day"
+          other: "%{count} days"
+        about_x_months:
+          one:   "1 month" # default was: "about 1 month"
+          other: "%{count} months" # default was: "about %{count} months"
+        x_months:
+          one:   "1 month"
+          other: "%{count} months"
+        about_x_years:
+          one:   "1 year" # default was: "about 1 year"
+          other: "%{count} years" # default was: "about %{count} years"
+        over_x_years:
+          one:   "1 year" # default was: "over 1 year"
+          other: "%{count} years" # default was: "over %{count} years"
+        almost_x_years:
+          one:   "1 year" # default was: "almost 1 year"
+          other: "%{count} years" # default was: "almost %{count} years"