jQuery Validate plugin - password check - minimum requirements - Regex

Question

I\'ve got a little problem with my password-checker.

There\'s got a registration form with some fields. I use jQuery Validate plugin to validate user-inputs.

Answer 1

If you use ValidationEngine then you can use this

    "password": {
                    "regex": /^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[#$@!%&*?])[A-Za-z\d#$@!%&*?]{6,30}$/, // /^[A-Za-z0-9\d=!\-@._*]*$/i
                    "alertText": "* Invalid Password, <br/>"
                            + "   1] Min 1 uppercase letter.<br/>"
                            + "   2] Min 1 lowercase letter.<br/>"
                            + "   3] Min 1 special character.<br/>"
                            + "   4] Min 1 number."
                },

Add this code in jquery.validationEngine-en.js file

Then use

 class="validate[required,custom[password],minSize[6],maxSize[30]]"

in Text Box class

Answer 2

if you want to check confirm password and minimum character validation, then you can use

<input type="password" id="password" name="password"  class="validate[required,minSize[8]]"/>
<input type="password" id="confirm_password" name="confirm_password"  class="validate[required,equals[password]]"/>

Answer 3

Password validation can use several rules, for example:

var _validatePassword = function (validateUserNameRules, inputModel)
    {
        //bolean parameter validateUserNameRules -> true/false

        //this method recive a model like this:
        //inputModel.userName -> string
        //inputModel.password -> string
        //inputModel.password2 -> String

        var ResultModel = {
            ResultId: 1, //1 success
            Message: "Password is correct."
            };

        if (validateUserNameRules && inputModel.userName == "") {

            ResultModel.ResultId = 2;
            ResultModel.Message = "Error: User name cannot be blank.";
            return (ResultModel);
        }

        var re = /^\w+$/;
        if (validateUserNameRules && !re.test(inputModel.userName)) {

            ResultModel.ResultId = 2;
            ResultModel.Message = "Error: Username must contain only letters, numbers and underscores.";
            return (ResultModel);

        }

        if (inputModel.password != "" && inputModel.password == inputModel.password2) {
            if (inputModel.password.length < 6) {
                ResultModel.ResultId = 2;
                ResultModel.Message = "Error: Password must contain at least six characters.";
                return (ResultModel);
            }
            if (validateUserNameRules && inputModel.password == inputModel.userName) {
                ResultModel.ResultId = 2;
                ResultModel.Message = "Error: Password must be different from the Account Name.";
                return (ResultModel);
            }
            re = /[0-9]/;
            if (!re.test(inputModel.password)) {
                ResultModel.ResultId = 2;
                ResultModel.Message = "Error: Password must contain at least one number (0-9).";
                return (ResultModel);
            }
            re = /[a-z]/;
            if (!re.test(inputModel.password)) {

                ResultModel.ResultId = 2;
                ResultModel.Message = "Error: Password must contain at least one lowercase letter (a-z).";
                return (ResultModel);

            }
            re = /[A-Z]/;
            if (!re.test(inputModel.password)) {

                ResultModel.ResultId = 2;
                ResultModel.Message = "Error: Password must contain at least one uppercase letter (A-Z).";
                return (ResultModel);
            }
        } else {
            ResultModel.ResultId = 2;
            ResultModel.Message = "Error: Please check that you've entered and confirmed your password.";
            return (ResultModel);
        }

        return (ResultModel); //success password validation!!
    };

Answer 4

If I add (?=.*[a-z]) the whole code doesn't work anymore.

Add it here:

/^(?=.*[a-z])[A-Za-z0-9\d=!\-@._*]+$/

However, it's much easier to do this without a lookahead:

$.validator.addMethod("pwcheck", function(value) {
   return /^[A-Za-z0-9\d=!\-@._*]*$/.test(value) // consists of only these
       && /[a-z]/.test(value) // has a lowercase letter
       && /\d/.test(value) // has a digit
});

Answer 5

Well you can use {8,} instead of "+" for a minimum of 8 chars with no maximum or better yet a {8, 20} for a minimum of 8 and a maximum of 20.

Really though I don't see the value in trying to squeeze all of your validation into a single regexp. If you break it up it makes it much easier to maintain, less bug prone, and it enables you to report back to the user the specific reason WHY the password failed instead of the entire requirement.

You could break it up into a few checks

//proper length
value.length >= 8 
//only allowed characters
/^[A-Za-z0-9\d=!\-@._*]+$/.test(value) 
//has a digit
/\d/.test(value)
//has a lowercase letter
/[a-z]/.test(value)

I'm not familiar with the jQuery Validation plugin, but I assume you could then return helpful a helpful message for each test that failed.