Closed maartenvanvliet closed 4 years ago
Made a mistake in the regex for validation string repetitions, will fix it
Looks great, thanks! If you don't mind, I'll update it with more or all NIST rules, and also how to deal with prompting for password change if a weak password is detected on sign in, also adding a unit test example so all of it is copy-paste 😄
I'm working on a package with a set of Ecto validations to check the NIST rules :)
I've added more examples and refactored/rewritten some parts of it (e.g. I feel pattern match is more elixir friendly than using regex for repetition check :smile:). I've also written an introduction for password validation, instead of diving straight into the password breach validation.
I'm not done yet, as you can see there are three empty sections that I plan to fill out. Does this look alright for you?
Also when you release your package, we'll add it to the top of this guide, or where ever it fits so people can just plug it in instead of adding all of this. It's pretty nice to be able to just cherry pick a few lines here and there though 😄
Oh yeah, I'm not sure if I'll add any the dictionary validation code. That's where a library definitely would be better than writing it yourself since you'll need to constantly update the dictionary list yourself otherwise.
I've cleaned it up and tested all examples locally, if you don't have any comments on it @maartenvanvliet then this can be merged :rocket:
LGTM :)
See https://github.com/danschultzer/pow/issues/264
I added a guide to add custom password validation to Pow with some examples of how to do it.