fyindr
/
siimee
Sledovat 4
Oblíbit 3
Rozštěpit 1
Zdrojový kód Požadavky na natažení 1 Vydání 4 Wiki Aktivita
Procházet zdrojové kódy

:lock: Added more extensive password regex for auth

tags/0.0.3^2
tomit4 před 3 roky
rodič
f3485d3b91
revize
9e74255526
2 změnil soubory, kde provedl 13 přidání a 5 odebrání
Rozdělené zobrazení Ukázat statistiku rozdílových dat
  1. 1
    1
      backend/db/data-generator/mock.js
  2. 12
    4
      frontend/src/entities/survey/survey.answer.validator.js

+ 1
- 1
backend/db/data-generator/mock.js Zobrazit soubor 

@@ -510,7 +510,7 @@ module.exports = {
510 510 
         {
511 511 
             response_key_id: 9,
512 512 
             response_key_category: 'profile',
513 
-            response_key_prompt: 'So far so good! Next we will need you to establish a super secret password. Your password should be at least 10 characters long and have at least 2 special characters.[break]My [break] is a very secure passcode that only I will have access to!',
513 
+            response_key_prompt: 'So far so good! Next we will need you to establish a super secret password. Your password should be at least 14 characters long and have at least 2 special characters.[break]My [break] is a very secure passcode that only I will have access to!',
514 514 
             response_key_description: 'required for profile creation',
515 515 
             aspect: null,
516 516 
             category: 'input',

+ 12
- 4
frontend/src/entities/survey/survey.answer.validator.js Zobrazit soubor 

@@ -1,11 +1,19 @@
1 1 
 import Joi from 'joi'
2 
-import domains from './tlds-alpha-by-domain.js'
2 
+import domains from './tlds-alpha-by-domain.js'
3 3
4 4 
 const answerValidator = {
5 5 
     name: Joi.string().required(),
6 
-    email: Joi.string().email({ minDomainSegments: 2, tlds: { allow: domains }}),
7 
-    // TODO: Refine password regex to have more secure requirements
8 
-    password: Joi.string().min(10).max(30).pattern(new RegExp('[a-zA-Z0-9]+')),
6 
+    email: Joi.string().email({
7 
+        minDomainSegments: 2,
8 
+        tlds: { allow: domains },
9 
+    }),
10 
+    // TODO: password validation is a moving target with regex,
11 
+    // consider using a more robust library?
12 
+    password: Joi.string()
13 
+        .min(14)
14 
+        .max(30)
15 
+        .pattern(
16 
+            new RegExp('^(?=.*[!@#$%^&*()_+\\-=[\\]{};\':"\\\\|,.<>\\/?])(?=.*[!@#$%^&*()_+\\-=[\\]{};\':"\\\\|,.<>\\/?])[a-zA-Z0-9!@#$%^&*()_+\\-=[\\]{};\':"\\\\|,.<>\\/?]{10,}$')),
9 17 
     // TODO: Change if going international (only works in usa)
10 18 
     zipcode: Joi.string().min(5).max(5).pattern(new RegExp('^[0-9]{5}$')),
11 19 
     seeking: Joi.string(),

Zapsat Náhled
Načítá se…
Zrušit
Uložit