From 6bf27b7e8ab461b94c231c7d9127960387915496 Mon Sep 17 00:00:00 2001 From: Ben Wheeler Date: Tue, 29 Oct 2019 13:48:05 -0400 Subject: [PATCH 1/3] count unicode characters as single characters --- src/lib/validate.js | 4 +++- test/unit/lib/validate.test.js | 8 ++++++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/src/lib/validate.js b/src/lib/validate.js index 5df20b0e4..792266a8e 100644 --- a/src/lib/validate.js +++ b/src/lib/validate.js @@ -50,7 +50,9 @@ module.exports.validateUsernameRemotely = username => ( module.exports.validatePassword = (password, username) => { if (!password) { return {valid: false, errMsgId: 'general.required'}; - } else if (password.length < 6) { + // get length of password, considering unicode symbols as single chars. + // see discussion at https://stackoverflow.com/a/54370584/2308190 + } else if (Array.from(password).length < 6) { return {valid: false, errMsgId: 'registration.validationPasswordLength'}; } else if (password === 'password') { return {valid: false, errMsgId: 'registration.validationPasswordNotEquals'}; diff --git a/test/unit/lib/validate.test.js b/test/unit/lib/validate.test.js index a051e1faa..72dd7729b 100644 --- a/test/unit/lib/validate.test.js +++ b/test/unit/lib/validate.test.js @@ -39,6 +39,14 @@ describe('unit test lib/validate.js', () => { expect(response).toEqual({valid: false, errMsgId: 'registration.validationPasswordLength'}); response = validate.validatePassword('password'); expect(response).toEqual({valid: false, errMsgId: 'registration.validationPasswordNotEquals'}); + response = validate.validatePassword('😺'); + expect(response).toEqual({valid: false, errMsgId: 'registration.validationPasswordLength'}); + response = validate.validatePassword('😺🦆🐝'); + expect(response).toEqual({valid: false, errMsgId: 'registration.validationPasswordLength'}); + response = validate.validatePassword('😺🦆🐝🐮🐠'); + expect(response).toEqual({valid: false, errMsgId: 'registration.validationPasswordLength'}); + response = validate.validatePassword('😺🦆🐝🐮🐠🐻'); + expect(response).toEqual({valid: true}); response = validate.validatePassword('abcdefg', 'abcdefg'); expect(response).toEqual({valid: false, errMsgId: 'registration.validationPasswordNotUsername'}); response = validate.validatePassword('abcdefg', 'abcdefG'); From 7dff70778258891b9a5d44578c7c23428a69df72 Mon Sep 17 00:00:00 2001 From: Ben Wheeler Date: Wed, 30 Oct 2019 15:09:25 -0400 Subject: [PATCH 2/3] split password tests up --- test/unit/lib/validate.test.js | 23 ++++++++++++++++------- 1 file changed, 16 insertions(+), 7 deletions(-) diff --git a/test/unit/lib/validate.test.js b/test/unit/lib/validate.test.js index 72dd7729b..d839e3c8b 100644 --- a/test/unit/lib/validate.test.js +++ b/test/unit/lib/validate.test.js @@ -24,21 +24,21 @@ describe('unit test lib/validate.js', () => { expect(response).toEqual({valid: false, errMsgId: 'registration.validationUsernameRegexp'}); }); - test('validate password', () => { + test('validate password existence', () => { let response; expect(typeof validate.validatePassword).toBe('function'); response = validate.validatePassword('abcdef'); expect(response).toEqual({valid: true}); - response = validate.validatePassword('abcdefghijklmnopqrst'); - expect(response).toEqual({valid: true}); - response = validate.validatePassword('passwo'); - expect(response).toEqual({valid: true}); response = validate.validatePassword(''); expect(response).toEqual({valid: false, errMsgId: 'general.required'}); + }); + + test('validate password length', () => { + let response; + response = validate.validatePassword('abcdefghijklmnopqrst'); + expect(response).toEqual({valid: true}); response = validate.validatePassword('abcde'); expect(response).toEqual({valid: false, errMsgId: 'registration.validationPasswordLength'}); - response = validate.validatePassword('password'); - expect(response).toEqual({valid: false, errMsgId: 'registration.validationPasswordNotEquals'}); response = validate.validatePassword('😺'); expect(response).toEqual({valid: false, errMsgId: 'registration.validationPasswordLength'}); response = validate.validatePassword('😺🦆🐝'); @@ -47,6 +47,15 @@ describe('unit test lib/validate.js', () => { expect(response).toEqual({valid: false, errMsgId: 'registration.validationPasswordLength'}); response = validate.validatePassword('😺🦆🐝🐮🐠🐻'); expect(response).toEqual({valid: true}); + }); + + test('validate password cannot be "password"', () => { + const response = validate.validatePassword('password'); + expect(response).toEqual({valid: false, errMsgId: 'registration.validationPasswordNotEquals'}); + }); + + test('validate password cannot be same as username', () => { + let response; response = validate.validatePassword('abcdefg', 'abcdefg'); expect(response).toEqual({valid: false, errMsgId: 'registration.validationPasswordNotUsername'}); response = validate.validatePassword('abcdefg', 'abcdefG'); From 4c0026ab4147d4f6a68260efd8be4ca94bf6c1ed Mon Sep 17 00:00:00 2001 From: Ben Wheeler Date: Tue, 12 Nov 2019 16:57:49 -0500 Subject: [PATCH 3/3] revised comment explaining character length count --- src/lib/validate.js | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/src/lib/validate.js b/src/lib/validate.js index 792266a8e..6921b38d0 100644 --- a/src/lib/validate.js +++ b/src/lib/validate.js @@ -50,8 +50,14 @@ module.exports.validateUsernameRemotely = username => ( module.exports.validatePassword = (password, username) => { if (!password) { return {valid: false, errMsgId: 'general.required'}; - // get length of password, considering unicode symbols as single chars. - // see discussion at https://stackoverflow.com/a/54370584/2308190 + // Using Array.from(string).length, instead of string.length, improves unicode + // character counting for a subset of unicode characters, so that they are counted + // as single characters by js. + // However, this only helps with a subset of unicode. Characters combinations, + // including diacritical marks or skintone/gender variations, will still appear + // to be multiple characters. See discussions: + // https://blog.jonnew.com/posts/poo-dot-length-equals-two + // https://stackoverflow.com/a/54370584/2308190 } else if (Array.from(password).length < 6) { return {valid: false, errMsgId: 'registration.validationPasswordLength'}; } else if (password === 'password') {