Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

jQuery Validate plugin - password check - minimum requirements - Regex

I've got a little problem with my password-checker.

There's got a registration form with some fields. I use jQuery Validate plugin to validate user-inputs.

It all works except the password-validation:

The password should meet some minimum requirements:

  • minimum length: 8 -> I just use 'minlength: 8'
  • at least one lower-case character
  • at least one digit
  • Allowed Characters: A-Z a-z 0-9 @ * _ - . !

At the moment I use this code to validate the password:

$.validator.addMethod("pwcheck",
function(value, element) {
   return /^[A-Za-z0-9\d=!\-@._*]+$/.test(value);
});

This Code works for the allowed characters but not for minimum requirements. I know that you can use for example (?=.*[a-z]) for a lower-case-requirement. But I just don't get it to work.

If I add (?=.*[a-z]) the whole code doesn't work anymore. I need to know how to properly add the code to the existing one.

Thank you for your answers!

This is the complete code

<script>
                $(function() {
                    $("#regform").validate({
                        rules: {
                            forename: {
                                required: true
                            },
                            surname: {
                                required: true
                            },
                            username: {
                                required: true
                            },
                            password: {
                                required: true,
                                pwcheck: true,
                                minlength: 8
                            },
                            password2: {
                                required: true,
                                equalTo: "#password"
                            },
                            mail1: {
                                required: true,
                                email: true
                            },
                            mail2: {
                                required: true,
                                equalTo: "#mail1"
                            }
                        },
                        messages: {
                            forename: {
                                required: "Vornamen angeben"
                            },
                            surname: {
                                required: "Nachnamen angeben"
                            },
                            username: {
                                required: "Usernamen angeben"
                            },
                            password: {
                                required: "Passwort angeben",
                                pwcheck: "Das Passwort entspricht nicht den Kriterien!",
                                minlength: "Das Passwort entspricht nicht den Kriterien!"
                            },
                            password2: {
                                required: "Passwort wiederholen",
                                equalTo: "Die Passwörter stimmen nicht überein"
                            },
                            mail1: {
                                required: "Mail-Adresse angeben",
                                email: "ungültiges Mail-Format"
                            },
                            mail2: {
                                required: "Mail-Adresse wiederholen",
                                equalTo: "Die Mail-Adressen stimmen nicht überein"
                            }
                        }
                    });

                    $.validator.addMethod("pwcheck",
                        function(value, element) {
                            return /^[A-Za-z0-9\d=!\-@._*]+$/.test(value);
                    });
                });
                </script>
like image 969
bayerphi Avatar asked Sep 11 '13 16:09

bayerphi


3 Answers

If I add (?=.*[a-z]) the whole code doesn't work anymore.

Add it here:

/^(?=.*[a-z])[A-Za-z0-9\d=!\-@._*]+$/

However, it's much easier to do this without a lookahead:

$.validator.addMethod("pwcheck", function(value) {
   return /^[A-Za-z0-9\d=!\-@._*]*$/.test(value) // consists of only these
       && /[a-z]/.test(value) // has a lowercase letter
       && /\d/.test(value) // has a digit
});
like image 143
Bergi Avatar answered Nov 13 '22 20:11

Bergi


You can create your own custom jQuery validation rule. which returns a valid message for all the conditions with 100% accuracy.

$.validator.addMethod("strong_password", function (value, element) {
    let password = value;
    if (!(/^(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])(?=.*[@#$%&])(.{8,20}$)/.test(password))) {
        return false;
    }
    return true;
}, function (value, element) {
    let password = $(element).val();
    if (!(/^(.{8,20}$)/.test(password))) {
        return 'Password must be between 8 to 20 characters long.';
    }
    else if (!(/^(?=.*[A-Z])/.test(password))) {
        return 'Password must contain at least one uppercase.';
    }
    else if (!(/^(?=.*[a-z])/.test(password))) {
        return 'Password must contain at least one lowercase.';
    }
    else if (!(/^(?=.*[0-9])/.test(password))) {
        return 'Password must contain at least one digit.';
    }
    else if (!(/^(?=.*[@#$%&])/.test(password))) {
        return "Password must contain special characters from @#$%&.";
    }
    return false;
});
like image 29
ketan chaudhari Avatar answered Nov 13 '22 20:11

ketan chaudhari


Well you can use {8,} instead of "+" for a minimum of 8 chars with no maximum or better yet a {8, 20} for a minimum of 8 and a maximum of 20.

Really though I don't see the value in trying to squeeze all of your validation into a single regexp. If you break it up it makes it much easier to maintain, less bug prone, and it enables you to report back to the user the specific reason WHY the password failed instead of the entire requirement.

You could break it up into a few checks

//proper length
value.length >= 8 
//only allowed characters
/^[A-Za-z0-9\d=!\-@._*]+$/.test(value) 
//has a digit
/\d/.test(value)
//has a lowercase letter
/[a-z]/.test(value)

I'm not familiar with the jQuery Validation plugin, but I assume you could then return helpful a helpful message for each test that failed.

like image 3
Anon Avatar answered Nov 13 '22 21:11

Anon