-
-
Notifications
You must be signed in to change notification settings - Fork 2.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add isStrongPassword method #1348
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It looks good to me. Great job @door-bell 🎉
I have two comments:
- I think Readme is missing default values for
strongThreshold
andscore
- Since there is no standard defined for a strong password. I think the validator is a little biased. Generally validators are based on norms, standards or definitions but here this is not the case. I'm not saying that this validator is a bad thing but I think we should rather let the user choose his own definition rather than create a custom scoring system
@tux-tn Yeah, I agree that the validator is biased and won't necessarily meet the user's expectations every time. I implemented the scoring system since it was suggested in the feature request #1145 . Do you think it would be helpful to allow the user to pass in a list of requirements like this as an optional usage? let requirements = {
minCharCount = 8,
mustContainUpper = true,
mustContainNumber = true,
mustContainSymbol = true
} I will hold off on fixing readme just in case we want to change things further, but I'll be sure to update that as well. |
passing options looks good plus it gives user some customizability on the parameters values |
Now the user can decide to check the password by score or by requirements with these defaults specified: const defaultRequirementOptions = {
minLength: 8,
minLowercase: 1,
minUppercase: 1,
minNumbers: 1,
minSymbols: 1,
};
const defaultScoringOptions = {
returnScore: false,
pointsPerUnique: 1,
pointsPerRepeat: 0.5,
pointsForContainingLower: 10,
pointsForContainingUpper: 10,
pointsForContainingNumber: 10,
pointsForContainingSymbol: 10,
minStrongScore: 50,
};
|
…nto strong-password
After some more consideration I decided to change how the options work. Now there is a single options parameter with these defaults: const defaultOptions = {
minLength: 8,
minLowercase: 1,
minUppercase: 1,
minNumbers: 1,
minSymbols: 1,
returnScore: false,
pointsPerUnique: 1,
pointsPerRepeat: 0.5,
pointsForContainingLower: 10,
pointsForContainingUpper: 10,
pointsForContainingNumber: 10,
pointsForContainingSymbol: 10,
}; The user simply decides if they want a score or not using |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This LGTM for the most part. I like the flexibility in scoring!
@profnandaa Yep I'm available for any more comments! |
Looks good here @profnandaa but I need to confirm something on percentage scoring. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Generally good work.
'EXAMPLE of very long_password123!', | ||
'mxH_+2vs&54_+H3P', | ||
'+&DxJ=X7-4L8jRCD', | ||
'etV*p%Nr6w&H%FeF', |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There is a need for tests that pass returnScore as an option
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added the tests for this case in the sanitizers.js
test file since with this option, the function essentially becomes a sanitizer, turning the string into a number. Hope that makes sense
README.md
Outdated
@@ -150,6 +150,7 @@ Validator | Description | |||
**isSurrogatePair(str)** | check if the string contains any surrogate pairs chars. | |||
**isUppercase(str)** | check if the string is uppercase. | |||
**isSlug** | Check if the string is of type slug. `Options` allow a single hyphen between string. e.g. [`cn-cn`, `cn-c-c`] | |||
**isStrongPassword(str, requirementOptions?, scoringOptions?)** | Check if a password is strong or not. Allows for custom requirements or scoring rules. If `returnScore` is true, then the function returns an integer score for the password rather than a boolean.<br/>Default options: <br/>`{ minLength: 8, minLowercase: 1, minUppercase: 1, minNumbers: 1, minSymbols: 1, returnScore: false, pointsPerUnique: 1, pointsPerRepeat: 0.5, pointsForContainingLower: 10, pointsForContainingUpper: 10, pointsForContainingNumber: 10, pointsForContainingSymbol: 10 }` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
From my look of the eye, I thought, I needed to pass 3 parameters, though 2 are optional.
But, from function arguments call, it takes str & option
.
I expected something like below...
isStrongPassword(str [, options])
It is not a priority but my suggestion for consistency and easy readability/usage.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Missed this, thanks!
@door-bell -- you can address Ez's comments and we land this soonest. We would like to make a release this Friday. |
Travis job stuck in the queue D: However I pushed some changes to address those comments and this should be good to go |
Codecov Report
@@ Coverage Diff @@
## master #1348 +/- ##
=========================================
Coverage ? 99.92%
=========================================
Files ? 97
Lines ? 1332
Branches ? 0
=========================================
Hits ? 1331
Misses ? 1
Partials ? 0 Continue to review full report at Codecov.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, once again, thanks for your contrib! 🎉
@profnandaa when will the next release be available |
Hopefully today buddy.
On Thu, Nov 19, 2020 at 12:53 PM Rubin Bhandari ***@***.***> wrote:
@profnandaa <https://github.com/profnandaa> when will the next release be
available
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#1348 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAB7ZELVKXCHE5HKFKNS34LSQTTIVANCNFSM4NXTY4AQ>
.
--
Sent from a tiny device while on the move.
|
For issue #1145
This adds the
isStrongPassword
method. It does include tests for when returning true/false, but not for when returning the score due to issues with test design decried here: #1145 (comment)I am open to suggestions on how the passwords are scored since this algorithm is pretty rudimentary.
This is my first contribution to a public project, please let me know if there is anything else I can change to make this better :)
Checklist