davidfowl/TodoApp

Client-side password validation is inaccurate

Closed this issue · 4 comments

At the moment, client-side validation checks whether the password given when creating a user is between 6 and 32 characters, and fails if it is not.

However the password is required to contain at least:

  • 1 upper-case letter
  • 1 lower-case letter
  • 1 digit
  • 1 non-alphanumeric character

So client-side validation can pass without the password being valid.

I'm submitting a PR shortly to fix this.

I don't want to rewrite this if the rules change 😄

I'll make sure to maintain it 😁

Fixed