Since I mostly blog/commit to remember for my own future usage, another handy codesnip which I probably will need again. Requirement from our IAM provider for is user credentials was a certain password complexity of at least 8 characters (easy) and the combination of at least 3 out of 4 character sets (lowercase, uppercase, numbers and weird characters aka non-alphanumeric. The last criteria could be done with a blunt knife but we tried to be gentle.
// Check password complexity
const hasUpperCase = /[A-Z]/.test(password);
const hasLowerCase = /[a-z]/.test(password);
const hasNumbers = /d/.test(password);
const hasNonalphas = /W/.test(password);
const totalPassword = [ hasUpperCase, hasLowerCase, hasNumbers, hasNonalphas ].filter(v => v).length;
if (password.length < 8 || totalPassword < 3) {
console.error(`password length:${password.length} charsets:${totalPassword}`);
// fancy error handling stuff
}
The regex for frontend if usable:
^(?:(?=.*[a-z])(?:(?=.*[A-Z])(?=.*[dW])|(?=.*W)(?=.*d))|(?=.*W)(?=.*[A-Z])(?=.*d)).{8,}$
