added passwordStrength estimator

2024-09-20 09:41:35 +02:00 · 2021-02-03 19:39:37 +01:00 · 2021-02-03 19:39:37 +01:00 · 9ee879dc04
commit 9ee879dc04
parent 5534592888
3 changed files with 73 additions and 1 deletions
--- a/src/test/password_test.ts
+++ b/src/test/password_test.ts
@ -0,0 +1,12 @@
+import { check } from "./../util/passwordStrength";
+
+console.log(check("123456789012345"));
+// -> 0.25
+console.log(check("ABCDEFGHIJKLMOPQ"));
+// -> 0.25
+console.log(check("ABC123___...123"));
+// ->
+console.log(check(""));
+// ->
+// console.log(check(""));
+// // ->
--- a/src/util/Constants.ts
+++ b/src/util/Constants.ts
@ -71,6 +71,12 @@ export interface DefaultOptions {
 		requireInvite: boolean;
 		allowNewRegistration: boolean;
 		allowMultipleAccounts: boolean;
+		password: {
+			pwMinLength: number;
+			pwMinNumbers: number;
+			pwMinUpperCase: number;
+			pwMinSymbols: number;
+		};
 	};
 }

@ -123,7 +129,7 @@ export const DefaultOptions: DefaultOptions = {
 			required: true,
 			allowlist: false,
 			blocklist: true,
-			domains: [], // TODO: efficicently save domain blocklist in database
+			domains: [], // TODO: efficiently save domain blocklist in database
 			// domains: fs.readFileSync(__dirname + "/blockedEmailDomains.txt", { encoding: "utf8" }).split("\n"),
 		},
 		dateOfBirth: {
@ -134,6 +140,12 @@ export const DefaultOptions: DefaultOptions = {
 		requireCaptcha: true,
 		allowNewRegistration: true,
 		allowMultipleAccounts: true,
+		password: {
+			pwMinLength: 8,
+			pwMinNumbers: 2,
+			pwMinUpperCase: 2,
+			pwMinSymbols: 0,
+		},
 	},
 };

--- a/src/util/passwordStrength.ts
+++ b/src/util/passwordStrength.ts
@ -0,0 +1,48 @@
+import "missing-native-js-functions";
+import Config from "./Config";
+
+const reNUMBER = /[0-9]/g;
+const reUPPERCASELETTER = /[A-Z]/g;
+const reSYMBOLS = /[A-Z,a-z,0-9]/g;
+
+/*
+ * https://en.wikipedia.org/wiki/Password_policy
+ * password must meet following criteria, to be perfect:
+ *  - min <n> chars
+ *  - min <n> numbers
+ *  - min <n> symbols
+ *  - min <n> uppercase chars
+ *
+ * Returns: 0 > pw > 1
+ */
+export function check(password: string): number {
+	const { pwMinLength, pwMinNumbers, pwMinUpperCase, pwMinSymbols } = Config.get().register.password;
+	var strength = 0;
+
+	// checks for total password len
+	if (password.length >= pwMinLength - 1) {
+		strength += 0.25;
+	}
+
+	// checks for amount of Numbers
+	if (password.count(reNUMBER) >= pwMinNumbers - 1) {
+		strength += 0.25;
+	}
+
+	// checks for amount of Uppercase Letters
+	if (password.count(reUPPERCASELETTER) >= pwMinUpperCase - 1) {
+		strength += 0.25;
+	}
+
+	// checks for amount of symbols
+	if (password.replace(reSYMBOLS, "").length >= pwMinSymbols - 1) {
+		strength += 0.25;
+	}
+
+	// checks if password only consists of numbers or only consists of chars
+	if (password.length == password.count(reNUMBER) || password.length === password.count(reUPPERCASELETTER)) {
+		strength = 0;
+	}
+
+	return strength;
+}