Add qualifiers for has_secure_password options (validations:, reset_token:)

[matsales28]

Problem this feature will solve

has_secure_password accepts two options that have_secure_password cannot currently assert against:

• validations: false — disables the built-in password presence/confirmation validations (default: true).
• reset_token: true (Rails 7.1+) — generates a password_reset_token token and a Model.find_by_password_reset_token lookup (default: false).

Today the matcher only checks the attribute name and the canonical method set (password=, password_confirmation=, authenticate, etc.), so models that opt out of validations or opt in to the reset token have no way to express that contract in their specs.

Desired solution

Two new qualifiers, following the matcher's existing with_X / without_X convention (define_enum_for(...).without_scopes, have_many(...).without_validating_presence, with_prefix, etc.):

it { should have_secure_password(:password).without_validations }

it { should have_secure_password(:recovery_password).with_reset_token }

Omitting the qualifier preserves today's behavior (validations expected, reset token not expected), so this is additive.

Alternatives considered

• Asserting on the generated methods directly (respond_to?(:password_reset_token)) outside of shoulda-matchers.
• Skipping these specs and relying on Rails' own coverage.

Additional context

References:

• https://api.rubyonrails.org/classes/ActiveModel/SecurePassword/ClassMethods.html
• Rails 7.1 release notes for reset_token:.