UNPKG

ajv-formats-strong-password

Version:

Easy way to add configurable strong password format to ajv to use in schema validations

110 lines (87 loc) 3.57 kB
# ajv-formats-strong-password Easy way to add configurable strong password format to ajv to use in schema validations ## installation ` npm install ajv-formats-strong-password --save` ## setup Similar flow as ajv-formats, you simply import the `addStrongPasswordFormat` function and then pass it your ajv instance and the requirements you've determined for the password. Example: ``` import ajv from 'ajv'; import addStrongPasswordFormat from 'ajv-formats-strong-password'; const ajv = new Ajv(); const myPasswordCriteriaObj = { ... // see below } ajv.addStrongPasswordFormat({ ajvInstance: ajv, passwordCriteria: myPasswordCriteriaObj }); ``` Where the `passwordCriteria` parameter of `addStrongPasswordFormat` accepts an object with the following properties: - minUpper?: number - minimum # of uppercase letters required - defaults to 0 - minLower?: number - minimum # of uppercase letters required - defaults to 0 - minSpecial?: number - minimum # of special characters required - defaults to 0 - minDigit?: number - minimum # of digits required - defaults to 0 - minLength?: number - minimum length of the overall password - defaults to 0 - NOTE: If the sum of minUpper, minLower, minSpecial, and minDigit is larger than minLength it uses that sum as the effective max length and ignores this parameter - upperCharacters?: string - characters that count towards minUpper requirement - defaults to "ABCDEFGHIJKLMNOPQRSTUVWXYZ" (ignoring quotes) - lowerCharacters?: string - characters that count towards minLower requirement - defaults to "abcdefghijklmnopqrstuvwxyz" (ignoring quotes) - digitCharacters?: string - characters that count towards minDigit requirement - defaults to "0123456789" (ignoring quotes) - specialCharacters?: string - characters that count towards minSpecial requirement - defaults to (values between wrapper single quotes, first character is a space last is a tilde) ' !\"#$%&'()\*+,-./:;<=>?@[\\]^\_`{|}~' as defined by OWASP https://owasp.org/www-community/password-special-characters ### extending defaults If you desire just to add some characters to the out-of-the-box defaults you can import them as named imports, add to the strings, and pass those in using the `upperCharacters`/`lowerCharacters`/`digitCharacters`/`specialCharacters` properties of `passwordCriteria`. Those available to import include `defaultUpperCharacters`, `defaultLowerCharacters`, `defaultDigitCharacters`, and `defaultSpecialCharacters`. Example: ``` import ajv from 'ajv'; import addStrongPasswordFormat, {defaultSpecialCharacters} from 'ajv-formats-strong-password'; const ajv = new Ajv(); const myPasswordCriteriaObj = { ... specialCharacters: `${defaultSpecialCharacters}¤ẟ▶` ... } ajv.addStrongPasswordFormat({ ajvInstance: ajv, passwordCriteria: myPasswordCriteriaObj }); ``` ## use After adding it to your ajv instance use it just as you would any other ajv format. Example: ``` const exampleAjvSchema = { type: "object", properties: { password: { type: "string", format: "strong-password" }, }, required: ["password"], }; ``` You can combine it with things like maxLength if you want to set limits outside of the scope of password strength enforcement: ``` const exampleAjvSchema = { type: "object", properties: { password: { type: "string", format: "strong-password", maxLength: 50 }, }, required: ["password"], }; ```