Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Special characters are forbidden in password #22

Open
llaske opened this issue Mar 27, 2021 · 4 comments
Open

Special characters are forbidden in password #22

llaske opened this issue Mar 27, 2021 · 4 comments
Labels
enhancement New feature or request to be release

Comments

@llaske
Copy link
Collaborator

llaske commented Mar 27, 2021

Password are limited to [a-zA-X0-9] for new user. See https://github.com/NikhilM98/sugarizer-school-portal-server/blob/master/helper/regexValidate.js#L8.
This constraint seems inherited from Sugarizer user password but for security reason, it would be nice to authorize a broad range of characters.

@llaske llaske added the enhancement New feature or request label Mar 27, 2021
@ricknjacky
Copy link

Would changing

to

return /^[ A-Za-z0-9_@./#&+-]*$/ be enough?

@NikhilM98
Copy link
Owner

@ricknjacky it is the basic requirement to update the regex. However, it would be highly appreciated if you could also improve the current password input mechanism for user registration by implementing a password strength bar on user registration to promote stronger passwords.

@ricknjacky
Copy link

@ricknjacky it is the basic requirement to update the regex.

So, Do I procced with making changes to the regex?

However, it would be highly appreciated if you could also improve the current password input mechanism for user registration by implementing a password strength bar on user registration to promote stronger passwords.

Sounds exciting, can I use zxcvbn library for the same? I read the library's documentation blog and I presume this is what the expected outcome is here, am I right?

Please share your thoughts on this.

@NikhilM98
Copy link
Owner

@ricknjacky you can confirm with @llaske if the regex is strong enough. Also, you need to show users appropriate feedback if they enter invalid characters.

I checked the dropbox/zxcvbn library. It is no longer maintained by dropbox. There is a re-write of the library with some support on zxcvbn-ts/zxcvbn. This library looks preety good for password strength estimation. However, it'll be better if we can find and integrate a library with more stable support in the project.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request to be release
Projects
None yet
Development

No branches or pull requests

3 participants