password requirements more strict

2025-12-01 06:55:45 +01:00 · 2025-10-29 11:05:05 +01:00
parent 0363505126
commit 86166048e8
1 changed files with 85 additions and 81 deletions
--- a/backend/src/middleware/validation.ts
+++ b/backend/src/middleware/validation.ts
@@ -9,10 +9,11 @@ export const validateLogin = [
    .normalizeEmail(),
  body('password')
-    .isLength({ min: 6 })
+    .optional()
-    .withMessage('Password must be at least 6 characters')
+    .isLength({ min: 8 })
-    .trim()
+    .withMessage('Password must be at least 8 characters')
-    .escape()
+    .matches(/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*?&])/)
    .withMessage('Password must contain uppercase, lowercase, number and special character (@$!%*?&)'),
 ];
 export const validateRegister = [
@@ -29,10 +30,11 @@ export const validateRegister = [
    .escape(),
  body('password')
    .optional()
    .isLength({ min: 8 })
    .withMessage('Password must be at least 8 characters')
-    .matches(/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)/)
+    .matches(/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*?&])/)
-    .withMessage('Password must contain uppercase, lowercase and number')
+    .withMessage('Password must contain uppercase, lowercase, number and special character (@$!%*?&)'),
 ];
 // ===== EMPLOYEE VALIDATION =====
@@ -53,8 +55,8 @@ export const validateEmployee = [
    .optional()
    .isLength({ min: 8 })
    .withMessage('Password must be at least 8 characters')
-    .matches(/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)/)
+    .matches(/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*?&])/)
-    .withMessage('Password must contain uppercase, lowercase and number'),
+    .withMessage('Password must contain uppercase, lowercase, number and special character (@$!%*?&)'),
  body('employeeType')
    .isIn(['manager', 'personell', 'apprentice', 'guest'])
@@ -145,14 +147,15 @@ export const validateEmployeeUpdate = [
 export const validateChangePassword = [
  body('currentPassword')
    .optional()
    .isLength({ min: 6 })
    .withMessage('Current password must be at least 6 characters'),
  body('newPassword')
    .isLength({ min: 8 })
-    .withMessage('New password must be at least 8 characters')
+    .withMessage('Current password must be at least 8 characters'),
-    .matches(/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)/)
+
-    .withMessage('New password must contain uppercase, lowercase and number')
+  body('password')
    .optional()
    .isLength({ min: 8 })
    .withMessage('Password must be at least 8 characters')
    .matches(/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*?&])/)
    .withMessage('Password must contain uppercase, lowercase, number and special character (@$!%*?&)'),
 ];
 // ===== SHIFT PLAN VALIDATION =====
@@ -284,7 +287,7 @@ export const validateCreateFromPreset = [
  body('presetName')
    .isLength({ min: 1 })
    .withMessage('Preset name is required')
-    .isIn(['standardWeek', 'extendedWeek', 'weekendFocused', 'morningOnly', 'eveningOnly', 'ZEBRA_STANDARD'])
+    .isIn(['GENERAL_STANDARD', 'ZEBRA_STANDARD'])
    .withMessage('Invalid preset name'),
  body('name')
@@ -340,10 +343,11 @@ export const validateSetupAdmin = [
    .escape(),
  body('password')
    .optional()
    .isLength({ min: 8 })
    .withMessage('Password must be at least 8 characters')
-    .matches(/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)/)
+    .matches(/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*?&])/)
-    .withMessage('Password must contain uppercase, lowercase and number')
+    .withMessage('Password must contain uppercase, lowercase, number and special character (@$!%*?&)'),
 ];
 // ===== SCHEDULING VALIDATION =====