In my application, I want users to be able to specify their own password security.
I am using devise , and the Devise Security Extension looks good.
The disadvantage of the proposed configurations in the Devise security extension is that all this happens in the devise.rb configuration file in the initializer directory. I would like to be able to selectively enable certain configuration options.
I think I could, for example, include everything, and then override methods like need_change_password? in the user model need_change_password? in my user model for password expiration. But I'm not sure if this is the best approach.
Any recommendations regarding best practices are greatly appreciated.
source share