Specify password requirements on password reset

[devgeek27]

Hi everyone

Is there any way we can set the password requirements for user on reset password? Like 8 characters minimum, 1 capital, 1 number, etc.

Thank you.

[flovilmart]

For now we don't have a password policy option. That would be a nice feature.

[gbrmachado]

Hello @flovilmart
I'd like to work on this feature.
Do you guys have an idea about how should the password policy be?

[flovilmart]

The password policy should be an option when creating the ParseServer instance. I believe we should support:

String, interpolated to regexp
Regex
Function, that return true / false

What do you think?

[gbrmachado]

Ok. So, basically, the user will specify the password policy on index.js(or other file), and this password policy would be used not only in case of password resets, but also when an user is created.

Right?

[flovilmart]

Yes, whenever a password is being set we need to add validation just before it's getting encrypted.

[gbrmachado]

Cool :)
I'm a little bit noob in terms of NodeJs, but what I think I sould do(in technical terms) is:

1. Create config variables to define the password policy(in index.js):
   • Minimum Password Length
   • Maximum Password Length
   • Minimum number of capital letters
   • Minimum number of numbers
2. Create a method to compare a string and the password policy. This method should be located in https://github.com/ParsePlatform/parse-server/blob/master/src/password.js
3. Call the method everytime the password is required, probably in https://github.com/ParsePlatform/parse-server/blob/master/src/Controllers/UserController.js

Are these steps enough?

[montymxb]

Closing as a PR was merged successfully for this.