add isStrongPassword method #1348
Conversation
There was a problem hiding this comment.
It looks good to me. Great job @door-bell 🎉
I have two comments:
- I think Readme is missing default values for
strongThresholdandscore - Since there is no standard defined for a strong password. I think the validator is a little biased. Generally validators are based on norms, standards or definitions but here this is not the case. I'm not saying that this validator is a bad thing but I think we should rather let the user choose his own definition rather than create a custom scoring system
|
@tux-tn Yeah, I agree that the validator is biased and won't necessarily meet the user's expectations every time. I implemented the scoring system since it was suggested in the feature request #1145 . Do you think it would be helpful to allow the user to pass in a list of requirements like this as an optional usage? let requirements = {
minCharCount = 8,
mustContainUpper = true,
mustContainNumber = true,
mustContainSymbol = true
}I will hold off on fixing readme just in case we want to change things further, but I'll be sure to update that as well. |
passing options looks good plus it gives user some customizability on the parameters values |
|
Now the user can decide to check the password by score or by requirements with these defaults specified: const defaultRequirementOptions = {
minLength: 8,
minLowercase: 1,
minUppercase: 1,
minNumbers: 1,
minSymbols: 1,
};
const defaultScoringOptions = {
returnScore: false,
pointsPerUnique: 1,
pointsPerRepeat: 0.5,
pointsForContainingLower: 10,
pointsForContainingUpper: 10,
pointsForContainingNumber: 10,
pointsForContainingSymbol: 10,
minStrongScore: 50,
};
|
…nto strong-password
|
After some more consideration I decided to change how the options work. Now there is a single options parameter with these defaults: const defaultOptions = {
minLength: 8,
minLowercase: 1,
minUppercase: 1,
minNumbers: 1,
minSymbols: 1,
returnScore: false,
pointsPerUnique: 1,
pointsPerRepeat: 0.5,
pointsForContainingLower: 10,
pointsForContainingUpper: 10,
pointsForContainingNumber: 10,
pointsForContainingSymbol: 10,
};The user simply decides if they want a score or not using |
|
@profnandaa Yep I'm available for any more comments! |
|
Looks good here @profnandaa but I need to confirm something on percentage scoring. |
| 'EXAMPLE of very long_password123!', | ||
| 'mxH_+2vs&54_+H3P', | ||
| '+&DxJ=X7-4L8jRCD', | ||
| 'etV*p%Nr6w&H%FeF', |
There was a problem hiding this comment.
There is a need for tests that pass returnScore as an option
There was a problem hiding this comment.
Added the tests for this case in the sanitizers.js test file since with this option, the function essentially becomes a sanitizer, turning the string into a number. Hope that makes sense
README.md
Outdated
| @@ -150,6 +150,7 @@ Validator | Description | |||
| **isSurrogatePair(str)** | check if the string contains any surrogate pairs chars. | |||
| **isUppercase(str)** | check if the string is uppercase. | |||
| **isSlug** | Check if the string is of type slug. `Options` allow a single hyphen between string. e.g. [`cn-cn`, `cn-c-c`] | |||
| **isStrongPassword(str, requirementOptions?, scoringOptions?)** | Check if a password is strong or not. Allows for custom requirements or scoring rules. If `returnScore` is true, then the function returns an integer score for the password rather than a boolean.<br/>Default options: <br/>`{ minLength: 8, minLowercase: 1, minUppercase: 1, minNumbers: 1, minSymbols: 1, returnScore: false, pointsPerUnique: 1, pointsPerRepeat: 0.5, pointsForContainingLower: 10, pointsForContainingUpper: 10, pointsForContainingNumber: 10, pointsForContainingSymbol: 10 }` | |||
There was a problem hiding this comment.
From my look of the eye, I thought, I needed to pass 3 parameters, though 2 are optional.
But, from function arguments call, it takes str & option.
I expected something like below...
isStrongPassword(str [, options])
It is not a priority but my suggestion for consistency and easy readability/usage.
There was a problem hiding this comment.
Missed this, thanks!
|
@door-bell -- you can address Ez's comments and we land this soonest. We would like to make a release this Friday. |
|
Travis job stuck in the queue D: However I pushed some changes to address those comments and this should be good to go |
Codecov Report
@@ Coverage Diff @@
## master #1348 +/- ##
=========================================
Coverage ? 99.92%
=========================================
Files ? 97
Lines ? 1332
Branches ? 0
=========================================
Hits ? 1331
Misses ? 1
Partials ? 0 Continue to review full report at Codecov.
|
|
@profnandaa when will the next release be available |
|
Hopefully today buddy.
On Thu, Nov 19, 2020 at 12:53 PM Rubin Bhandari ***@***.***> wrote:
@profnandaa <https://github.com/profnandaa> when will the next release be
available
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#1348 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAB7ZELVKXCHE5HKFKNS34LSQTTIVANCNFSM4NXTY4AQ>
.
--
Sent from a tiny device while on the move.
|
For issue #1145
This adds the
isStrongPasswordmethod. It does include tests for when returning true/false, but not for when returning the score due to issues with test design decried here: #1145 (comment)I am open to suggestions on how the passwords are scored since this algorithm is pretty rudimentary.
This is my first contribution to a public project, please let me know if there is anything else I can change to make this better :)
Checklist