Fix password_length for new generated templates and default due to bcrypt gem work

Author: le0pard

lib/devise.rb

@@ -117,7 +117,7 @@ module Test
 
   # Range validation for password length
   mattr_accessor :password_length
-  @@password_length = 6..128
+  @@password_length = 6..72 # max 72 byte for bcrypt
 
   # The time the user will be remembered without asking for credentials again.
   mattr_accessor :remember_for

lib/generators/templates/devise.rb

@@ -180,8 +180,8 @@
   # config.rememberable_options = {}
 
   # ==> Configuration for :validatable
-  # Range for password length.
-  config.password_length = 6..128
+  # Range for password length. 72 bytes max for bcrypt
+  config.password_length = 6..72
 
   # Email regex used to validate email formats. It simply asserts that
   # one (and only one) @ exists in the given string. This is mainly