How to validate password using express-validator npm
Solution 1
The link you're referring to is almost 3 years old. Since then, the API of validator
changed.
To check against a regular expression, use .matches()
:
req.check("password", "...").matches(/^(?=.*\d)(?=.*[a-z])(?=.*[A-Z])[0-9a-zA-Z]{8,}$/, "i");
Solution 2
I believe the accepted answer is outdated. RegExp and express-validator are not the best ways to validate passwords in 2017, as the obscurity of regular expressions makes the app unmaintainable and prone to bugs.
password-validator makes it easy to define password rules and maintain them. Here's a sample:
var passwordValidator = require('password-validator');
var schema = new passwordValidator();
schema
.is().min(8)
.is().max(100)
.has().uppercase()
.has().lowercase();
console.log(schema.validate(req.body.password)); // prints a boolean
PS: I'm the author of the password-validator.
Solution 3
Chosen answer is incomplete as it's missing validation for special characters. Correct answer should be:
req.checkBody("password", "Password must include one lowercase character, one uppercase character, a number, and a special character.").matches(/^(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[^a-zA-Z0-9]).{8,}$/, "i");
Only real difference is that I added the (?=.*[^a-zA-Z0-9])
expression which ensures a user is using a character that's not a number or letter.
Solution 4
Using the built in validators of express-validator I was able to use built in validators without a regex to check the password.
const validateStrongPassword = body("password")
.isString()
.isLength({ min: 8 })
.not()
.isLowercase()
.not()
.isUppercase()
.not()
.isNumeric()
.not()
.isAlpha();
This verifies that there is at least one non letter character, one lowercase letter, one uppercase letter, a minimum length and that there are letters in the password.
Solution 5
check(
"password1",
"Please enter a password at least 8 character and contain At least one uppercase.At least one lower case.At least one special character. ",
)
.isLength({ min: 8 })
.matches(
/^(?=.*\d)(?=.*[a-z])(?=.*[A-Z])[a-zA-Z\d@$.!%*#?&]/,
)
Sunil Sharma
I am a very positive thinker and enthusiastic web developer, I always keen to learn new technologies, best programming practices. Well I am a Software Engineer with a particular interest in JavaScript and frameworks/libs runs over it, Java/J2EE. I also do lot of work in database schema designing, HTML, CSS and several other languages. I have been doing this professionally for 2.5 years. My blog site is on the way ..!! SOreadytohelp
Updated on February 06, 2022Comments
-
Sunil Sharma about 2 years
I am writing rest API using node , express web module. For validation I am using express-validator npm. I want to apply some validation rules on password field.
How can I achieve it using express-validator?
What validation rules I want to apply for password as:
- min 8 char long.
- At least one uppercase.
- At least one lower case.
- At least one special character.
I read in this link that there is a function available called regex() . So I tried it but not working at all.
My approach:
req.check("password", "Password should be combination of one uppercase , one lower case, one special char, one digit and min 8 , max 20 char long").regex("/^(?=.*\d)(?=.*[a-z])(?=.*[A-Z])[0-9a-zA-Z]{8,}$/", "i");
Error
In express-js they have listed all the methods but did not find method / trick which solve my problem.
-
Sunil Sharma over 8 yearsI have used 'matches()' in first attempt but I made a silly mistake. I put pattern in quotes. like ' req.check("password", "...").matches(/^(?=.*\d)(?=.*[a-z])(?=.*[A-Z])[0-9a-zA-Z]{8,}$/, "i"); ' .
-
Sunil Sharma over 8 yearsnow it is working. perfectly. :). Still I think my question does not fall in down vote bucket. In future definitely it will help others.
-
robertklep over 8 years@SunilSharma not anymore, no. I didn't downvote but I'll upvote to get it back to 0.
-
Admin over 7 years@robertklep can you please explain the regex.
-
robertklep over 7 years@dewnor check out this page, which does a pretty good job explaining how something similar works :)