Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Multiple pattern checks #10

Closed
mleanos opened this issue Sep 18, 2015 · 2 comments
Closed

Multiple pattern checks #10

mleanos opened this issue Sep 18, 2015 · 2 comments

Comments

@mleanos
Copy link

mleanos commented Sep 18, 2015

I'm having a rough time with a specific requirement for a pattern. I'm following the OWASP password strength requirements in a project & I'm trying to provide a randomly generated password using this package. However, trying to write a pattern to pass into this generator is proving very difficult.

My requirements:

  1. Must contain at least one number
  2. Must contain at least one uppercase letter
  3. Must contain at least one lowercase letter
  4. Must contain at least one special character
  5. Must NOT contain sequences of three or more repeated characters

Any advice on how to pass these requirements into generatePassword ?

One issue I keep having with this package, when I pass in a seemingly correctly formatted pattern, is the following message..

[Error: Could not find characters that match the password pattern /([A-Z]\w+)([a-z]\w+)([0-9]\w+)([\!\?]+)/. Patterns must match individual characters, not the password as a whole.]

This error makes sense to me, but the limitation of the generator doesn't. Shouldn't I be able to match against the "password as a whole"?
@mleanos mleanos mentioned this issue Sep 18, 2015
Closed
@bermi
Copy link
Owner

bermi commented Sep 18, 2015

@mleanos The way the generator is built it could take forever to get to the password that matched that pattern. To allow that use case we would have to be able to parse the regexp and understand what should go next.

What you're doing on that regexp is basically telling what the password sequence should be, which could lead to a password like aa0? (\w+ could generate A or a)

You could use something like:

var generatePassword = require("password-generator");

var max = 15;
var min = 9;
var UPPERCASE_RE = /([A-Z])/g;
var LOWERCASE_RE = /([a-z])/g;
var NUMBER_RE = /([\d])/g;
var SPECIAL_CHAR_RE = /([\?\-])/g;

function isStrongEnough(password) {
  var uc = password.match(UPPERCASE_RE);
  var lc = password.match(LOWERCASE_RE);
  var n = password.match(NUMBER_RE);
  var sc = password.match(SPECIAL_CHAR_RE);
  return uc && lc && n && sc && password.length >= min;
}

function customPassword() {
  var password = "";
  while (!isStrongEnough(password)) {
    password = generatePassword(Math.floor(Math.random() * (max - min)) + min, false, /[\w\d\?\-]/);
  }
  return password;
}

console.log(customPassword());

I hope that helps you

@bermi bermi closed this as completed Sep 18, 2015
bermi added a commit that referenced this issue Sep 18, 2015
@bermi
Adding example with requirements suggested on #10
3098525
@mleanos
Copy link
Author

mleanos commented Sep 19, 2015

@bermi Thank you for your suggestion. I understand the limitations and I appreciate the example you provided. Others will surely benefit from it as well.

I went with a simplified version of your example. Rather than managing the requirements with the regular expression pattern matches, I'm using a package that was already implemented in the project for testing the strength.

Thanks much!

@mleanos mleanos mentioned this issue Sep 19, 2015
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bermi @mleanos