knicola
commented
2 years ago Hello, there is no option to specify which special characters should be allowed at the moment.
Open swalahamani opened 2 years ago
knicola
commented
2 years ago Hello, there is no option to specify which special characters should be allowed at the moment.
swalahamani
commented
2 years ago Okay, thanks for the prompt response @knicola 🚀
knicola
commented
2 years ago I can't think of a valid reason why limit which symbols one can pick for their password so I'll be closing this ticket for now.
ada-cienciala
commented
1 year ago Commenting cause I've found a reason that might be valid enough to consider 😄 @knicola
The regex in yup-password for special symbols allows for more than popular identity providers like AWS Cognito do. I've encountered a problem when trying to pass £ as a symbol. yup-password indicated that yes, everything is fine. Cognito threw an error, breaking my app.
Cognito uses the same subset as OWASP proposes (^ $ * . [ ] { } ( ) ? - " ! @ # % & / \ , > < ' : ; | _ ~ ` + = and spaces). If there was a way to pass a regex or subset of symbols, it could be used with applications using AWS services on the backend.
Of course, I can always use regex with .matches but something to consider
knicola
commented
1 year ago Thank you for reporting this @ada-cienciala !
That is indeed good enough reason to reconsider my decision. I'll look into it once I find a free moment. Feel free to suggest ideas on what should the API look like and/or provide a PR if interested.
knicola
commented
4 months ago Sorry for the delay, I'm slowly getting to this.
Just wanted to drop a note here for anyone wanting to limit input to OWASP-friendly symbols, such as Cognito users:
I think limiting input to ASCII (non-control) characters should be enough, ie [\x20-\x7E]*. see ref table.
I could perhaps add a helper method to limit input to ascii only, ie .password().onlyASCII().
Hi,
Any option to specify which "Symbols" or "Special Characters" to be allowed?