Magic number 72 is used many times throughout the tests, which is actually present under ActiveModel::SecurePassword::MAX_PASSWORD_LENGTH_ALLOWED constant. I propose to replace that magic number either by the constant or method call.
I have never contributed to such large open source project as Rails. Please let me know your thoughts.
I could see an argument made for making it a constant in the test (EXPECTED_MAX_PASSWORD_LENGTH), which at least would document /why/ the number is being used.
Not to “well actually” myself but another option might be to use MAX_PASSWORD_LENGTH_ALLOWED as the OP suggested, but have an explicit test for MAX_PASSWORD_LENGTH_ALLOWED=72… which might actually be a better approach, since it’ll isolate the exact defect case (MAX_PASSWORD_LENGTH_ALLOWED != 72) rather than have it be implied by a well-named-but-oddly-disconnected constant.