0

I need to implement client side Password validation such that password should not contain user's account name or parts of the user's full name that exceed two consecutive characters.

I'm exposing the user name and full name on the client side. But so far I couldn't figure out the regex or any other approach to implement on the client side.

Example 

username: test20@xyz.com
password: Usertest123 --> this should fail the validation since it contains "test" in both password and username.
gen_Eric
  • 223,194
  • 41
  • 299
  • 337
pranay vadel
  • 82
  • 1
  • 9
  • This doesn't sound like a regular expression. AFAIK, I think you'll need to solve this with good old fashioned code – Nick Aug 06 '12 at 20:27
  • 1
    The only way to do what you're asking is to pick apart the username and full name in chunks of 3 characters and do a bunch of `indexOf` checks. However, this approach is silly for a great many reasons. Are you doing this because of an explicit business requirement? If not, there are much better ways to coax password entropy out of your users. – Justin ᚅᚔᚈᚄᚒᚔ Aug 06 '12 at 20:32
  • +1 this is a legitimate question. – Tom Aug 06 '12 at 20:41
  • 3
    These are are horrible password rules to force on users. – E.J. Brennan Aug 06 '12 at 20:41
  • @E.J.Brennan: I agree, though not as offensive as some others I've seen. I would be entirely happy if we abolished "password complexity requirements" completely (barring, perhaps, some high-security systems -- but ideally those would be using two- or three-factor authentication anyway). – Justin ᚅᚔᚈᚄᚒᚔ Aug 06 '12 at 20:47
  • 1
    @Tom: It would be a better question if it showed some effort to solve it first. – Keith Thompson Aug 06 '12 at 20:48

2 Answers2

3

I can only think of this:

var name = "test20@xyz", password = "usertest123"

var partsOfThreeLetters = name.match(/.{3}/g).concat(
                           name.substr(1).match(/.{3}/g),
                           name.substr(2).match(/.{3}/g) );
new RegExp(partsOfThreeLetters.join("|"), "i").test(password); // true

but I don't think regex is the appropriate tool here, since it would need escaping etc. You'd better use a simple substr/indexOf algorithm (see JavaScript case insensitive string comparison, How to check whether a string contains a substring in JavaScript?).

Community
  • 1
  • 1
Bergi
  • 630,263
  • 148
  • 957
  • 1,375
  • 1
    Reluctant +1 here, but only because this is a legitimate answer to the OP's question... not because I think it's a particularly good idea. In fact, now I have a headache. – Justin ᚅᚔᚈᚄᚒᚔ Aug 06 '12 at 20:48
  • Thanks, the problem for me to adopt the regex approach is to be consistent with my client side javascript validation library. I have implemented the logic in the Server side. But the error response some times take quite a long time to respond hence creating a Bad user experience. Hence for faster error response I need to take this approach. Thanks for the answer. – pranay vadel Aug 06 '12 at 22:35
  • Could you show us the serverside logic? The js should be the same one – Bergi Aug 06 '12 at 22:38
1

If you need it in TS you can type: ` const threeParts = email.match(/.{3}/g) || [];

const allThreeParts = threeParts.concat(email.slice(1).match(/.{3}/g) ?? [], email.slice(2).match(/.{3}/g) ?? []);

return new RegExp(allThreeParts.join("|"), "i").test(password);

`

Дмитрий Давыдов
  • 11
  • 2