chore: update password policy regex and message

[nevil-mathew]

Summary by CodeRabbit

• New Features
  • Simplified password requirements: minimum 8 characters with at least one uppercase letter, one lowercase letter, one number, and one special character.
  • Expanded set of accepted special characters for passwords.
  • Updated on-screen password guidance to reflect the new policy.

[coderabbitai]

Walkthrough

Updated default password policy in src/envVariables.js by changing the regex to a more permissive set of criteria and adjusting the corresponding user-facing message. No other environment variables or control flow were modified.

Changes

Cohort / File(s)	Summary of Changes
Password policy defaults src/envVariables.js	Updated PASSWORD_POLICY_REGEX.default to require ≥8 chars with at least one uppercase, lowercase, digit, and special character; updated PASSWORD_POLICY_MESSAGE.default to match the new policy. No other edits.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Poem

I twitch my nose at passwords tight,
Eight hops long, with numbers bright—
Upper, lower, symbols too,
A burrow key for me and you.
Thump! The policy’s set just right—
Now onwards, safe into the night. 🐇🔐

✨ Finishing Touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch default-password-policy

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (3)

src/envVariables.js (3)

206-207: Widen special-char class to full ASCII punctuation to avoid user surprises.

Current set omits common symbols like colon (:), brackets ([]), and pipe (|). Using ASCII punctuation ranges is simpler and more inclusive.

-    default: '^(?=.*\\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[~!@#$%^&*()_+`\\-={}"\';<>?,./\\\\]).{8,}$',
+    default: '^(?=.*\\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[!-/:-@[-`{-~]).{8,}$',

---

212-213: Clarify and tighten the message (punctuation + wording).

Minor copy tweak; aligns with style and avoids “contain” ambiguity.

-      'Password must contain at least 8 characters, one uppercase, one lowercase, one number and one special character',
+      'Password must be at least 8 characters and include one uppercase, one lowercase, one number, and one special character.',

---

206-213: Policy note: consider length-over-complexity.

If compliance allows, prefer a longer minimum length (e.g., 12+) over composition rules; it improves usability without weakening security.

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between be09029 and 41c9917.

📒 Files selected for processing (1)

• src/envVariables.js (1 hunks)

🔇 Additional comments (1)

src/envVariables.js (1)

206-213: All downstream password validations and messages now reference PASSWORD_POLICY_REGEX and PASSWORD_POLICY_MESSAGE; no inconsistencies detected.