Validating Passwords

To ensure that passwords have an adequate level of complexity, you may use Simple Body Validator Password rule object.

    const { Password } = require('simple-body-validator');

    import { Password } from 'simple-body-validator';

Below we will showcase a basic example on how to use the Password rule object.

    const { make, Password } = require('simple-body-validator');

    const validator = make(data, {
        password: [ 'required', 'confirmed', Password.default() ],
    });

The default method

When using the default method, the validation requires the password to have at least 8 characters.

The Password rule object allows you to easily customize the password complexity requirements for your application, such as specifying that passwords require at least n letters, numbers, symbols, or characters with mixed casing.

Password Complexity Methods

min

The min method can be used to specify the minimum amount of characters required in the password.

    // The password must have at least three characters
    password: Password.create().min(12);

mixedCase

The mixedCase method can be used to specify the minimum amount of Uppercase and Lowercase characters required in the password. If no values are given to the method, the password must contain at least 1 Uppercase and 1 lowercase letter.

    // The password must contain at least one uppercase and one lowercase letter
    password: Password.create().mixedCase();

    // The password must contain at least two uppercase and three lowecase letters
    password: Password.create().mixedCase(2, 3);

info

The first parameter assigned to the mixedCase method is the number of Uppercase letters, while the second parameter is the number of Lowercase letters.

letters

The letters method can be used to specify the minimum amount of letters required in the password. If no value is given to the method, the password must contain at least 1 letter.

    // The password must at least contain one letter
    password: Password.create().letters();

    // The password must at least contain three letters
    password: Password.create().letters(3);

numbers

The numbers method can be used to specify the minimum amount of numbers required in the password. If no value is given to the method, the password must contain at least 1 number.

    // The password must at least contain one number
    password: Password.create().numbers();

    // The password must at least contain three numbers
    password: Password.create().numbers(3);

symbols

The symbols method can be used to specify the minimum amount of symbols required in the password. If no value is given to the method, the password must contain at least 1 symbol.

    // The password must at least contain one symbol
    password: Password.create().symbols();

    // The password must at least contain three symbols
    password: Password.create().symbols(3);

Chain Password methods

Of course, you may want to chain the methods in the examples above.

    // The password must at least contain 12 characters, 6 letters, 
    // 3 uppercase letters, 3 lowercase letters, 3 numbers, and 3 symbols
    password: Password.create()
                .min(12)
                .letters(6)
                .mixedCase(3,3)
                .numbers(3)
                .symbols(3);

Defining Default Password Rules

You may find it convenient to specify the default validation rules for password in a single location of your application. You can easily accomplish this using the Password.setDefault() method, which accepts a Password object or a Closure that returns a Password object.

    const { Password } = required('simple-body-validator');

    Password.setDefault(() => {
        return process.env.APP_ENV === 'production' ?
            Password.create().min(12).numbers().symbols() :
            Password.create().min(8);
    });

    // Or alternatively you can pass the Password object 
    // direcly to the setDefaut method
    Password.setDefault(
        Password.create().min(12).numbers().symbols()
    );

Occasionally, you may want to attach additional validation rules to your default password validation rules. You may use the rules method to accomplish this.

    Password.setDefault(
        Password.create().numbers().rules([ 'max:10', new CustomRule ]),
    );

Handling Password Error Messages

You can override or translate the default password error messages by using the following attributes in your translation files.

     password: {
        letter: 'The :attribute must contain at least one letter.',
        letters: 'The :attribute must contain at least :amount letters.',
        lower_case: 'The :attribute must contain at least one lowercase letter.',
        lower_cases: 'The :attribute must contain at least :amount lowercase letters.',
        number: 'The :attribute must contain at least one number.',
        numbers: 'The :attribute must contain at least :amount numbers.',
        symbol: 'The :attribute must contain at least one symbol.',
        symbols: 'The :attribute must contain at least :amount symbols.',
        upper_case: 'The :attribute must contain at least one uppercase letter.',
        upper_cases: 'The :attribute must contain at least :amount uppercase letters.',
    }

The default method

Password Complexity Methods​

min​

mixedCase​

info

letters​

numbers​

symbols​

Chain Password methods​

Defining Default Password Rules​

Handling Password Error Messages​

Password Complexity Methods

min

mixedCase

letters

numbers

symbols

Chain Password methods

Defining Default Password Rules

Handling Password Error Messages