-3

I have a requirement to validate password using regular expression and below is the validation criteria

Password should contain any 3 out of the 4 types of character:

  1. Lower case letters (a,b,c,d,.......,y,z)
  2. Upper case letters (A,B,C,D,......,Y,Z)
  3. Numerals (0,1,2,3,4,5,6,7,8,9)
  4. Special characters ($,&,%,!,#,@)"

I have come up with below regex, but the problem is it only validates till first 9 characters and allows any character after words

^(?=.{9,})((?=.*\d)(?=.*[a-z])(?=.*[A-Z])|(?=.*\d)(?=.*[a-z])(?=.*[!@#$%&])|(?=.*\d)(?=.*[A-Z])(?=.*[!@#$%&])|(?=.*[a-z])(?=.*[A-Z])(?=.*[!@#$%&])).*$

EDIT : I have gone through similar questions, but my question is different because it expects 3 out of 4 criteria to be satisfied and with only limited set of characters.

Any help would be appreciated!

ThePravinDeshmukh
  • 1,823
  • 12
  • 21
  • 2
    Possible duplicate of [Validating password using regex c#](http://stackoverflow.com/questions/34715501/validating-password-using-regex-c-sharp) – Mohit S Nov 23 '16 at 06:56
  • If you could add an example it would be great. – J. Pichardo Nov 23 '16 at 06:56
  • 2
    Each of those tests would be trivial to implement in a few lines of non-regex code. Is there some reason you must combine them all into a single regex? If you come back to that bit of code six months later when the requirement change...will you still remember how the regex version works? – Jim Lewis Nov 23 '16 at 07:00
  • The `(?=.{9,})` requires the string to have *at least* 9 chars. – Wiktor Stribiżew Nov 23 '16 at 07:09
  • 2
    I also believe it would be much better to drop the regex in this case, it's just too hard to get it right in a reasonable amount of time. As a rule of thumb, regex should be avoided whenever possible – slawekwin Nov 23 '16 at 07:13
  • You can combine 3 cases **1. 2. 3.** to `\w` for writing code shorter. – Tân Nov 23 '16 at 07:22
  • 2
    Looks like you may try replacing `.*$` with `[a-zA-Z\d!@#$%&]*$` – Wiktor Stribiżew Nov 23 '16 at 07:36
  • Yes @WiktorStribiżew, It definitely worked :) Thanks a lot!! I would have accepted it as answer if you had posted it as answer instead as a comment. I could only mark your comment to be useful :( – ThePravinDeshmukh Nov 24 '16 at 06:39

2 Answers2

1

Replace your final "is made of characters" check

.*$

with a check for "is made of only allowed characters"

[A-Za-z0-9$&%!#@]*$

The former allows you to use any character you want as long as the other rules are satisfied; the latter ensures every character in the input is one of the allowed characters.

Rawling
  • 49,248
  • 7
  • 89
  • 127
-1

That's a strange password regex check requirement...

(^[a-zA-Z0-9]+$)|(^[a-z0-9!@#$%&]+$)|(^[A-Z0-9!@#$%&]+$)|(^[a-zA-Z!@#$%&]+$)

4 choose 3 has 4 possibilities. There are 4 capturing groups here. I think you can figure out what it's doing...

Hong
  • 172
  • 5
  • 2
    This does not work since there must be 3 out 4 types (that is, you cannot combine them into character classes since that means OR). – Wiktor Stribiżew Nov 23 '16 at 07:32
  • If you think it doesn't work, please give me a pattern that should match but this regex fails to match. It works for what is asked and is more efficient than the author's mess. – Hong Nov 23 '16 at 19:07
  • Look, not only I think it does not work. Someone gave your answer a downvote. – Wiktor Stribiżew Nov 23 '16 at 19:31