search

aws-amplify / amplify-ui

Amplify UI is a collection of accessible, themeable, performant React (and more!) components that can connect directly to the cloud.
https://ui.docs.amplify.aws
Apache License 2.0
914 stars 296 forks source link

FR (Authenticator): Password requirement hints in ConfirmResetPassword & ForceNewPassword #2422

Open themrwookiee opened 2 years ago

themrwookiee commented 2 years ago

On which framework/platform would you like to see this feature implemented?

React

Which UI component is this feature-request for?

Authenticator

Please describe your feature-request in detail.

Right now, in ConfirmResetPassword and ForceNewPassword, a validation about both PasswordField matching is being made but what about adding an option for additional requirements such as Length, Numbers, Special Characters, Capital and Lowercase letter, etc.

Please describe a solution you'd like.

Right now our team is using the package react-password-checklist (https://www.npmjs.com/package/react-password-checklist) in the Footer section of ConfirmResetPassword but this method requires adding eventListeners. Also we cannot use the same method for now in ForceNewPassword as it only supports FormFields instead of Footer like most of the components from Authenticator.

So the solution would be to simply add a props to the FormFields of each component with PasswordField like this : 

ForceNewPassword: {
      PasswordRequirement: () => {
        'match': true,
        'minLength': 8,
        'number': true,
        'specialChar': true,
        'capital': true,
        'lowercase': true
      }
    };

We love contributors! Is this something you'd be interested in working on?

slaymance commented 2 years ago

Thanks for your feature request, @CptnWookie. If you're looking to configure your password strength policy, you can currently do so through the Cognito dashboard. We'll take your feature request to configure password strength policy through the UI component into consideration in our roadmap. If others are interested, they can +1 this issue.

Morialkar commented 2 years ago

@slaymance I think there might be a misunderstanding. From what I gather this issue is not looking to set the security policy in the frontend but display UI to show how the imputed password fares against said policy so users are aware before they click if they can use the imputed password. This would reduce error calls and display and is pretty common place.

Garycc commented 1 year ago

Yes, it is nicer to show/validate users input on UI first than sending to cognito for checking.

lippmannr commented 1 year ago

We would also love to see the same behaviour in [ConfirmResetPassword; ForceNewPassword] like it is in SignUp where password is checked before sending and retrying. (see point 3: https://aws.amazon.com/blogs/mobile/8-new-features-in-the-amplify-authenticator-for-web-you-should-try/)