Easy way to add configurable strong password format to ajv to use in schema validations
npm install ajv-formats-strong-password --save
Similar flow as ajv-formats, you simply import the addStrongPasswordFormat
function and then pass it your ajv instance and the requirements you've determined for the password.
Example:
import ajv from 'ajv';
import addStrongPasswordFormat from 'ajv-formats-strong-password';
const ajv = new Ajv();
const myPasswordCriteriaObj = {
... // see below
}
ajv.addStrongPasswordFormat({
ajvInstance: ajv,
passwordCriteria: myPasswordCriteriaObj
});
Where the passwordCriteria
parameter of addStrongPasswordFormat
accepts an object with the following properties:
- minUpper?: number
- minimum # of uppercase letters required
- defaults to 0
- minLower?: number
- minimum # of uppercase letters required
- defaults to 0
- minSpecial?: number
- minimum # of special characters required
- defaults to 0
- minDigit?: number
- minimum # of digits required
- defaults to 0
- minLength?: number
- minimum length of the overall password
- defaults to 0
- NOTE: If the sum of minUpper, minLower, minSpecial, and minDigit is larger than minLength it uses that sum as the effective max length and ignores this parameter
- upperCharacters?: string
- characters that count towards minUpper requirement
- defaults to "ABCDEFGHIJKLMNOPQRSTUVWXYZ" (ignoring quotes)
- lowerCharacters?: string
- characters that count towards minLower requirement
- defaults to "abcdefghijklmnopqrstuvwxyz" (ignoring quotes)
- digitCharacters?: string
- characters that count towards minDigit requirement
- defaults to "0123456789" (ignoring quotes)
- specialCharacters?: string
- characters that count towards minSpecial requirement
- defaults to (values between wrapper single quotes, first character is a space last is a tilde) ' !"#$%&'()*+,-./:;<=>?@[\]^_`{|}~' as defined by OWASP https://owasp.org/www-community/password-special-characters
If you desire just to add some characters to the out-of-the-box defaults you can import them as named imports, add to the strings, and pass those in using the upperCharacters
/lowerCharacters
/digitCharacters
/specialCharacters
properties of passwordCriteria
. Those available to import include defaultUpperCharacters
, defaultLowerCharacters
, defaultDigitCharacters
, and defaultSpecialCharacters
.
Example:
import ajv from 'ajv';
import addStrongPasswordFormat, {defaultSpecialCharacters} from 'ajv-formats-strong-password';
const ajv = new Ajv();
const myPasswordCriteriaObj = {
...
specialCharacters: `${defaultSpecialCharacters}¤ẟ▶`
...
}
ajv.addStrongPasswordFormat({
ajvInstance: ajv,
passwordCriteria: myPasswordCriteriaObj
});
After adding it to your ajv instance use it just as you would any other ajv format.
Example:
const exampleAjvSchema = {
type: "object",
properties: {
password: { type: "string", format: "strong-password" },
},
required: ["password"],
};
You can combine it with things like maxLength if you want to set limits outside of the scope of password strength enforcement:
const exampleAjvSchema = {
type: "object",
properties: {
password: { type: "string", format: "strong-password", maxLength: 50 },
},
required: ["password"],
};