diff --git a/src/util/passwordStrength.ts b/src/util/passwordStrength.ts
index 88155d82..f6cec9da 100644
--- a/src/util/passwordStrength.ts
+++ b/src/util/passwordStrength.ts
@@ -5,6 +5,7 @@ const reNUMBER = /[0-9]/g;
const reUPPERCASELETTER = /[A-Z]/g;
const reSYMBOLS = /[A-Z,a-z,0-9]/g;
+const blocklist: string[] = []; // TODO: update ones passwordblocklist is stored in db
/*
* https://en.wikipedia.org/wiki/Password_policy
* password must meet following criteria, to be perfect:
@@ -16,26 +17,32 @@ const reSYMBOLS = /[A-Z,a-z,0-9]/g;
* Returns: 0 > pw > 1
*/
export function check(password: string): number {
- const { pwMinLength, pwMinNumbers, pwMinUpperCase, pwMinSymbols } = Config.get().register.password;
+ const {
+ minLength,
+ minNumbers,
+ minUpperCase,
+ minSymbols,
+ blockInsecureCommonPasswords,
+ } = Config.get().register.password;
var strength = 0;
// checks for total password len
- if (password.length >= pwMinLength - 1) {
+ if (password.length >= minLength - 1) {
strength += 0.25;
}
// checks for amount of Numbers
- if (password.count(reNUMBER) >= pwMinNumbers - 1) {
+ if (password.count(reNUMBER) >= minNumbers - 1) {
strength += 0.25;
}
// checks for amount of Uppercase Letters
- if (password.count(reUPPERCASELETTER) >= pwMinUpperCase - 1) {
+ if (password.count(reUPPERCASELETTER) >= minUpperCase - 1) {
strength += 0.25;
}
// checks for amount of symbols
- if (password.replace(reSYMBOLS, "").length >= pwMinSymbols - 1) {
+ if (password.replace(reSYMBOLS, "").length >= minSymbols - 1) {
strength += 0.25;
}
@@ -44,5 +51,10 @@ export function check(password: string): number {
strength = 0;
}
+ if (blockInsecureCommonPasswords) {
+ if (blocklist.includes(password)) {
+ strength = 0;
+ }
+ }
return strength;
}
|
