feat(user-manager): add password strength validation for each applicable route

5ab2f3db · Andrei Cioromila · e4872bcc · 5ab2f3db · 5ab2f3db · 5ab2f3db
Commit 5ab2f3db authored 6 years ago by Andrei Cioromila
--- a/packages/component-user-manager/src/routes/users/changePassword.js
+++ b/packages/component-user-manager/src/routes/users/changePassword.js
 const { services } = require('pubsweet-component-helper-service')
 const { token } = require('pubsweet-server/src/authentication')
+const { passwordStrengthRegex } = require('config')

 module.exports = models => async (req, res) => {
  const { password, newPassword } = req.body
  if (!services.checkForUndefinedParams(password, newPassword))
    return res.status(400).json({ error: 'Missing required params.' })

-  if (newPassword.length < 7)
-    return res
-      .status(400)
-      .json({ error: 'Password needs to be at least 7 characters long.' })
+  if (!passwordStrengthRegex.test(newPassword))
+    return res.status(400).json({
+      error: 'Password is too weak. Please check password requirements.',
+    })

  let user
  try {

--- a/packages/component-user-manager/src/routes/users/post.js
+++ b/packages/component-user-manager/src/routes/users/post.js
 const { pick } = require('lodash')
 const Chance = require('chance')
+const { passwordStrengthRegex } = require('config')

 const chance = new Chance()

@@ -15,6 +16,10 @@ module.exports = models => async (req, res) => {
        error: 'Terms & Conditions must be read and approved.',
      })
    }
+    if (!passwordStrengthRegex.test(req.body.password))
+      return res.status(400).json({
+        error: 'Password is too weak. Please check password requirements.',
+      })
    req.body = pick(req.body, [
      'email',
      'title',

--- a/packages/component-user-manager/src/routes/users/resetPassword.js
+++ b/packages/component-user-manager/src/routes/users/resetPassword.js
 const { services } = require('pubsweet-component-helper-service')

+const { passwordStrengthRegex } = require('config')
+
 module.exports = models => async (req, res) => {
  const { email, password, token } = req.body
  if (!services.checkForUndefinedParams(email, password, token))
    return res.status(400).json({ error: 'missing required params' })

-  if (password.length < 7)
-    return res
-      .status(400)
-      .json({ error: 'password needs to be at least 7 characters long' })
+  if (!passwordStrengthRegex.test(req.body.password))
+    return res.status(400).json({
+      error: 'Password is too weak. Please check password requirements.',
+    })

  const validateResponse = await services.validateEmailAndToken({
    email,

--- a/packages/xpub-faraday/config/default.js
+++ b/packages/xpub-faraday/config/default.js
@@ -142,4 +142,7 @@ module.exports = {
      editor: 'editorRecommendation',
    },
  },
+  passwordStrengthRegex: new RegExp(
+    '^(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])(?=.*[!@#$%^&*])(?=.{6,128})',
+  ),
 }