Regex.. Regex.. Regex.. What a pain. How to make the regex im after?

Question

Here is a link to a website im using to validate and check the regex is working : https://regex101.com/

Here is the regex im using so far :

/(?=[\x21-\x7e]{8,20})(?=[^0-9]*[0-9])(?=[^a-z]*[a-z])(?=[^A-Z]*[A-Z]).*/g

Heres the text im testing :

"1abcderfggdgf sdvhbsdifsdfsdf1 Ghhuidicbdbuhbdc bhdbcdbebvuheY uuvvvyuv1G 1Guhuuuyuyuby Y%*&^$^%^(^(GVGVYUKVYTUHBKBUFygyygyg

ebfuiuberiueu23423HHII"

This is what i think this is doing :

1. Looking to match any ascii character between 33 and 126 indexed and is between 8-20 in length
2. look for a non number that precedes a number 0 or more times (from what ive read apparently this detects if there is a number present)
3. Check for lower case letter that is preceded my 0 or more non lower case letters.
4. do the same thing ^^ with upper case letters
5. throw it an any character using ".*" 0 or more times because with the look aheads they should narrow it down so not every character is allowed and it should match what the look aheads select

This is what I want it to do :

validate passwords that follow these specifics -

• Must have at least 1 lowercase letter
• Must have at least 1 uppercase letter
• Must have at least 1 number
• can only be between and including 8 - 20 characters in length
• characters can only be from and including 33 to 126 in ascii NOT including white-space characters (where did i get this from? - https://kb.wisc.edu/page.php?id=4073)

Extra Notes :

Ive been using the global (?thing) on the end of the regex to specify not to stop at the first match I think for my password field I dont need this because it should only be limited to 20 characters anyway.(im not sure about this)

also itd be cool to detect whether a character has been used consecutively more then 3 times but its not necessary at the moment.

The password is input to a form in my php file. Im trying to use this as a validator for an input tag.

there is no code to not allow spaces as of yet.

Answer 1

The only "bug" I saw is that you are trying to limit the length without using anchors - you are allowing 20 characters to match, but you don't check you've matched the whole input. This should work:

(?=^[\x21-\x7e]{8,20}$)(?=[^0-9]*[0-9])(?=[^a-z]*[a-z])(?=[^A-Z]*[A-Z]).*

Working example (click on "Run Tests"): https://regex101.com/r/L4uia8/3/tests

This is a matter of style, but I tend to prefer to replace .* with the more significant lookahead, as such (this is similar to removing and true in conditions):

^(?=[^0-9]*[0-9])(?=[^a-z]*[a-z])(?=[^A-Z]*[A-Z])[\x21-\x7e]{8,20}$

Working example: https://regex101.com/r/L4uia8/4/tests

In general, you shouldn't limit the length of passwords.

Answer 2

You can use a RegExp for each of

• Must have at least 1 lowercase letter
• Must have at least 1 uppercase letter
• Must have at least 1 number

[/[a-z]/, /[A-Z]/, /[0-9]/]

create a string having characters to match

• characters can only be from and including 33 to 126 in ascii NOT including white-space characters

[match] = Array.from({length:126 + 1 - 33})
.reduce(([key, prop]) => 
 [key += String.fromCharCode(prop), ++prop], ["", 33]))

check if character in string is within range of valid characters

 && [...str].every(s => match.indexOf(s) > -1)

and check .length of the string

&& str.length.length >= 8 
&& str.length < 21;

const check = (str
              , [match] = Array.from({length:126 + 1 - 33})
                .reduce(([key, prop]) => 
                  [key += String.fromCharCode(prop), ++prop],["", 33])
              , re = [/[a-z]/, /[A-Z]/, /[0-9]/]
              , minLength = 8
              , maxLength = 20 + 1) => 
                  re.every(regex => regex.test(str)) 
                  && [...str].every(s => match.indexOf(s) > -1)
                  && str.length >= minLength
                  && str.length < maxLength;

let [...strings] = ["aB1!!@{@@}}", "Def//3\\21", "gHI//0 \12"];

strings.forEach(str => console.log(check(str)))