@@ -1,5 +1,12 @@
 Revision history for Dancer2-Plugin-Auth-Extensible
 
+0.401 Wed Jun 10 19:23:30 2015 CEST
+
+	[ENHANCEMENTS]
+
+	* Allow custom random password generator to be specified
+	  (Andrew Beverly, GH #23).
+
 0.400 Thu May 21 08:36:36 2015 CEST
 
     [ENHANCEMENTS]

@@ -4,7 +4,7 @@
       "David Precious <davidp@preshweb.co.uk>"
    ],
    "dynamic_config" : 1,
-   "generated_by" : "ExtUtils::MakeMaker version 7.04, CPAN::Meta::Converter version 2.142690",
+   "generated_by" : "ExtUtils::MakeMaker version 6.98, CPAN::Meta::Converter version 2.150001",
    "license" : [
       "perl_5"
    ],
@@ -50,5 +50,5 @@
          "url" : "https://github.com/PerlDancer/Dancer2-Plugin-Auth-Extensible"
       }
    },
-   "version" : "0.400"
+   "version" : "0.401"
 }

@@ -7,7 +7,7 @@ build_requires:
 configure_requires:
   ExtUtils::MakeMaker: '0'
 dynamic_config: 1
-generated_by: 'ExtUtils::MakeMaker version 7.04, CPAN::Meta::Converter version 2.142690'
+generated_by: 'ExtUtils::MakeMaker version 6.98, CPAN::Meta::Converter version 2.150001'
 license: perl
 meta-spec:
   url: http://module-build.sourceforge.net/META-spec-v1.4.html
@@ -27,4 +27,4 @@ resources:
   bugtracker: https://github.com/PerlDancer/Dancer2-Plugin-Auth-Extensible/issues
   homepage: https://github.com/PerlDancer/Dancer2-Plugin-Auth-Extensible/
   repository: https://github.com/PerlDancer/Dancer2-Plugin-Auth-Extensible
-version: '0.400'
+version: '0.401'

@@ -525,6 +525,11 @@ CONTROLLING ACCESS TO ROUTES
     allow the user to enter their username and request a reset password
     link.
 
+    By default, the default handlers will generate a random 8 character
+    password using Session::Token. To use your own function, set
+    `password_generator' in your configuration. See the SAMPLE CONFIGURATION
+    for an example.
+
     If using `login_page_handler' to replace the default login page, you can
     still use the default password reset handlers. Add 2 controls to your
     form for submitting a password reset request: a text input called
@@ -568,6 +573,7 @@ CONTROLLING ACCESS TO ROUTES
 
                 # Set to true to enable password reset code in the default handlers
                 reset_password_handler: 1
+                password_generator: My::App::random_pw # Optional random password generator
 
                 # Set to a true value to enable recording of successful last login times
                 record_lastlogin: 1

@@ -3,7 +3,7 @@ package Dancer2::Plugin::Auth::Extensible::Provider::Base;
 use strict;
 use Crypt::SaltedHash;
 
-our $VERSION = '0.400';
+our $VERSION = '0.401';
 
 =head1 NAME
 

@@ -3,7 +3,7 @@ package Dancer2::Plugin::Auth::Extensible::Provider::Config;
 use strict;
 use base "Dancer2::Plugin::Auth::Extensible::Provider::Base";
 
-our $VERSION = '0.400';
+our $VERSION = '0.401';
 
 =head1 NAME 
 

@@ -5,7 +5,7 @@ use base 'Dancer2::Plugin::Auth::Extensible::Provider::Base';
 use Dancer2::Plugin::Database;
 use Dancer2 qw(:syntax);
 
-our $VERSION = '0.400';
+our $VERSION = '0.401';
 
 =head1 NAME 
 

@@ -3,7 +3,7 @@ package Dancer2::Plugin::Auth::Extensible::Provider::Example;
 use strict;
 use base "Dancer2::Plugin::Auth::Extensible::Provider::Base";
 
-our $VERSION = '0.400';
+our $VERSION = '0.401';
 
 # A more sensible provider would be likely to get this information from e.g. a
 # database (or LDAP, or...) rather than hardcoding it.  This, however, is an

@@ -5,7 +5,7 @@ use base 'Dancer2::Plugin::Auth::Extensible::Provider::Base';
 use Authen::Simple::PAM;
 use Unix::Passwd::File;
 
-our $VERSION = '0.400';
+our $VERSION = '0.401';
 
 =head1 NAME
 

@@ -8,7 +8,7 @@ use Dancer2::Plugin;
 use Class::Load qw(try_load_class);
 use Session::Token;
 
-our $VERSION = '0.400';
+our $VERSION = '0.401';
 
 my $settings;
 
@@ -1000,6 +1000,10 @@ documentation above). Once this is done, the default login page will contain
 additional form controls to allow the user to enter their username and request
 a reset password link.
 
+By default, the default handlers will generate a random 8 character password using
+L<Session::Token>. To use your own function, set C<password_generator> in your
+configuration. See the L<SAMPLE CONFIGURATION> for an example.
+
 If using C<login_page_handler> to replace the default login page, you can still
 use the default password reset handlers. Add 2 controls to your form for
 submitting a password reset request: a text input called username_reset for the
@@ -1050,6 +1054,7 @@ In your application's configuation file:
 
             # Set to true to enable password reset code in the default handlers
             reset_password_handler: 1
+            password_generator: My::App::random_pw # Optional random password generator
 
             # Set to a true value to enable recording of successful last login times
             record_lastlogin: 1
@@ -1218,6 +1223,10 @@ on_plugin_import {
     }
 };
 
+sub _default_password_generator {
+    Session::Token->new(length => 8)->get;
+}
+
 # implementation of post login route
 sub _post_login_route {
     my $app = shift;
@@ -1235,7 +1244,11 @@ sub _post_login_route {
         && $app->request->param('confirm_reset')
         && $app->request->splat;
     if ($code) {
-        my $randompw = Session::Token->new(length => 8)->get;
+        my $_password_generator =
+            $settings->{password_generator}
+            || '_default_password_generator';
+        no strict 'refs';
+        my $randompw = &{$_password_generator};
         if (user_password($app, code => $code, new_password => $randompw)) {
             $app->forward($loginpage, { new_password => $randompw }, { method => 'GET' });
         }