feat: add validation for strong password

2022-03-17 15:35:07 +05:30 · 2022-03-17 15:35:07 +05:30 · ec4ef97766
commit ec4ef97766
parent 47d67bf3cd
8 changed files with 84 additions and 4 deletions
--- a/server/resolvers/reset_password.go
+++ b/server/resolvers/reset_password.go
@ -35,6 +35,10 @@ func ResetPasswordResolver(ctx context.Context, params model.ResetPasswordInput)
 		return res, fmt.Errorf(`passwords don't match`)
 	}
 	if !utils.IsValidPassword(params.Password) {
 		return res, fmt.Errorf(`password is not valid. It needs to be at least 6 characters long and contain at least one number, one uppercase letter, one lowercase letter and one special character`)
 	}
 	// verify if token exists in db
 	hostname := utils.GetHost(gc)
 	claim, err := token.ParseJWTToken(params.Token, hostname, verificationRequest.Nonce, verificationRequest.Email)
--- a/server/resolvers/signup.go
+++ b/server/resolvers/signup.go
@ -40,6 +40,10 @@ func SignupResolver(ctx context.Context, params model.SignUpInput) (*model.AuthR
 		return res, fmt.Errorf(`password and confirm password does not match`)
 	}
 	if !utils.IsValidPassword(params.Password) {
 		return res, fmt.Errorf(`password is not valid. It needs to be at least 6 characters long and contain at least one number, one uppercase letter, one lowercase letter and one special character`)
 	}
 	params.Email = strings.ToLower(params.Email)
 	if !utils.IsValidEmail(params.Email) {
--- a/server/test/magic_link_login_test.go
+++ b/server/test/magic_link_login_test.go
@ -6,6 +6,7 @@ import (
 	"github.com/authorizerdev/authorizer/server/constants"
 	"github.com/authorizerdev/authorizer/server/db"
 	"github.com/authorizerdev/authorizer/server/envstore"
 	"github.com/authorizerdev/authorizer/server/graph/model"
 	"github.com/authorizerdev/authorizer/server/resolvers"
 	"github.com/stretchr/testify/assert"
@ -16,11 +17,17 @@ func magicLinkLoginTests(t *testing.T, s TestSetup) {
 	t.Run(`should login with magic link`, func(t *testing.T) {
 		req, ctx := createContext(s)
 		email := "magic_link_login." + s.TestInfo.Email
-
+		envstore.EnvStoreObj.UpdateEnvVariable(constants.BoolStoreIdentifier, constants.EnvKeyDisableSignUp, true)
 		_, err := resolvers.MagicLinkLoginResolver(ctx, model.MagicLinkLoginInput{
 			Email: email,
 		})
-		assert.Nil(t, err)
+		assert.NotNil(t, err, "signup disabled")
 		envstore.EnvStoreObj.UpdateEnvVariable(constants.BoolStoreIdentifier, constants.EnvKeyDisableSignUp, false)
 		_, err = resolvers.MagicLinkLoginResolver(ctx, model.MagicLinkLoginInput{
 			Email: email,
 		})
 		assert.Nil(t, err, "signup should be successful")
 		verificationRequest, err := db.Provider.GetVerificationRequestByEmail(email, constants.VerificationTypeMagicLinkLogin)
 		verifyRes, err := resolvers.VerifyEmailResolver(ctx, model.VerifyEmailInput{
--- a/server/test/reset_password_test.go
+++ b/server/test/reset_password_test.go
@ -43,6 +43,14 @@ func resetPasswordTest(t *testing.T, s TestSetup) {
 			ConfirmPassword: "test1",
 		})
 		assert.NotNil(t, err, "invalid password")
 		_, err = resolvers.ResetPasswordResolver(ctx, model.ResetPasswordInput{
 			Token:           verificationRequest.Token,
 			Password:        "Test@1234",
 			ConfirmPassword: "Test@1234",
 		})
 		assert.Nil(t, err, "password changed successfully")
 		cleanData(email)
--- a/server/test/signup_test.go
+++ b/server/test/signup_test.go
@ -5,6 +5,7 @@ import (
 	"github.com/authorizerdev/authorizer/server/constants"
 	"github.com/authorizerdev/authorizer/server/db"
 	"github.com/authorizerdev/authorizer/server/envstore"
 	"github.com/authorizerdev/authorizer/server/graph/model"
 	"github.com/authorizerdev/authorizer/server/resolvers"
 	"github.com/stretchr/testify/assert"
@ -20,14 +21,30 @@ func signupTests(t *testing.T, s TestSetup) {
 			Password:        s.TestInfo.Password,
 			ConfirmPassword: s.TestInfo.Password + "s",
 		})
-		assert.NotNil(t, err, "invalid password errors")
+		assert.NotNil(t, err, "invalid password")
 		res, err = resolvers.SignupResolver(ctx, model.SignUpInput{
 			Email:           email,
 			Password:        "test",
 			ConfirmPassword: "test",
 		})
 		assert.NotNil(t, err, "invalid password")
 		envstore.EnvStoreObj.UpdateEnvVariable(constants.BoolStoreIdentifier, constants.EnvKeyDisableSignUp, true)
 		res, err = resolvers.SignupResolver(ctx, model.SignUpInput{
 			Email:           email,
 			Password:        s.TestInfo.Password,
 			ConfirmPassword: s.TestInfo.Password,
 		})
 		assert.NotNil(t, err, "singup disabled")
 		envstore.EnvStoreObj.UpdateEnvVariable(constants.BoolStoreIdentifier, constants.EnvKeyDisableSignUp, false)
 		res, err = resolvers.SignupResolver(ctx, model.SignUpInput{
 			Email:           email,
 			Password:        s.TestInfo.Password,
 			ConfirmPassword: s.TestInfo.Password,
 		})
 		assert.Nil(t, err, "signup should be successful")
 		user := *res.User
 		assert.Equal(t, email, user.Email)
 		assert.Nil(t, res.AccessToken, "access token should be nil")
--- a/server/test/test.go
+++ b/server/test/test.go
@ -68,7 +68,7 @@ func createContext(s TestSetup) (*http.Request, context.Context) {
 func testSetup() TestSetup {
 	testData := TestData{
 		Email:    fmt.Sprintf("%d_authorizer_tester@yopmail.com", time.Now().Unix()),
-		Password: "test",
+		Password: "Test@123",
 	}
 	envstore.EnvStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyEnvPath, "../../.env.sample")
--- a/server/test/validator_test.go
+++ b/server/test/validator_test.go
@ -41,3 +41,11 @@ func TestIsValidIdentifier(t *testing.T) {
 	assert.True(t, utils.IsValidVerificationIdentifier(constants.VerificationTypeUpdateEmail), "it should be valid identifier")
 	assert.True(t, utils.IsValidVerificationIdentifier(constants.VerificationTypeForgotPassword), "it should be valid identifier")
 }
 func TestIsValidPassword(t *testing.T) {
 	assert.False(t, utils.IsValidPassword("test"), "it should be invalid password")
 	assert.False(t, utils.IsValidPassword("Te@1"), "it should be invalid password")
 	assert.False(t, utils.IsValidPassword("n*rp7GGTd29V{xx%{pDb@7n{](SD.!+.Mp#*$EHDGk&$pAMf7e#432Sg,Gr](j3n]jV/3F8BJJT+9u9{q=8zK:8u!rpQBaXJp%A+7r!jQj)M(vC$UX,h;;WKm$U6i#7dBnC&2ryKzKd+(y&=Ud)hErT/j;v3t..CM).8nS)9qLtV7pmP;@2QuzDyGfL7KB()k:BpjAGL@bxD%r5gcBfh7$&wutk!wzMfPFY#nkjjqyZbEHku,{jc;gvbYq2)3w=KExnYz9Vbv:;*;?f##faxkULdMpmm&yEfePixzx+[{[38zGN;3TzF;6M#Xy_tMtx:yK*n$bc(bPyGz%EYkC&]ttUF@#aZ%$QZ:u!icF@+"), "it should be invalid password")
 	assert.False(t, utils.IsValidPassword("test@123"), "it should be invalid password")
 	assert.True(t, utils.IsValidPassword("Test@123"), "it should be valid password")
 }
--- a/server/utils/validator.go
+++ b/server/utils/validator.go
@ -86,3 +86,35 @@ func IsStringArrayEqual(a, b []string) bool {
 	}
 	return true
 }
 // ValidatePassword to validate the password against the following policy
 // min char length: 6
 // max char length: 36
 // at least one upper case letter
 // at least one lower case letter
 // at least one digit
 // at least one special character
 func IsValidPassword(password string) bool {
 	if len(password) < 6 || len(password) > 36 {
 		return false
 	}
 	hasUpperCase := false
 	hasLowerCase := false
 	hasDigit := false
 	hasSpecialChar := false
 	for _, char := range password {
 		if char >= 'A' && char <= 'Z' {
 			hasUpperCase = true
 		} else if char >= 'a' && char <= 'z' {
 			hasLowerCase = true
 		} else if char >= '0' && char <= '9' {
 			hasDigit = true
 		} else {
 			hasSpecialChar = true
 		}
 	}
 	return hasUpperCase && hasLowerCase && hasDigit && hasSpecialChar
 }