-1

I wrote a code to generate a random password, but in which way i can check that in the password there is a number, uppercase, lowercase and special characters?

function randomPassword(length) {
  var chars = "abcdefghijklmnopqrstuvwxyz!@#$%^&*1234567890ABCDEFGHIJKLMNOPQRSTUVWYZ";
  var pass = "";
  for (var x = 0; x < length; x++) {
    var i = Math.floor(Math.random() * chars.length);
    pass += chars.charAt(i);
  }
  return pass;
}
radulle
  • 1,437
  • 13
  • 19
Alessia
  • 59
  • 7
  • 1
    Does this answer your question? [Regex for password must contain at least eight characters, at least one number and both lower and uppercase letters and special characters](https://stackoverflow.com/questions/19605150/regex-for-password-must-contain-at-least-eight-characters-at-least-one-number-a) – Namaskar May 11 '20 at 20:12
  • There are definitely cases where, even with `length` being absurdly high, you'll still end up with a `pass` variable that doesn't meet your criteria. Such is the case with randomness... – Tim Lewis May 11 '20 at 20:16

3 Answers3

1

Why not loop over the different sets of characters. Then you don't have to check it at all:

function randomPassword(length) {
  var chars = [
    "abcdefghijklmnopqrstuvwxyz",
    "!@#$%^&*",
    "1234567890",
    "ABCDEFGHIJKLMNOPQRSTUVWYZ"
  ];
  var pass = "";
  while (pass.length < length) {
    chars.forEach(set => {
      if(pass.length < length) {
        var i = Math.floor(Math.random() * set.length);
        pass += set.charAt(i);
      };
    });
  };
  return pass;
};

Every iteration of the while loop will add one character from each of the sets. We check the pass.length the second time to make sure we aren't going over the limit when in the middle of a while loop. You should probably also make sure you return early if the length parameter is less than 4.

lawrence-witt
  • 8,094
  • 3
  • 13
  • 32
0

What you need is RegEx. Here are a few examples:

https://www.thepolyglotdeveloper.com/2015/05/use-regex-to-test-password-strength-in-javascript/

https://gist.github.com/leandromoh/470b0b54208f02a9ba223cdbdd1534bd

https://www.w3schools.com/howto/howto_js_password_validation.asp

You could generate passwords untill you get one that satisfies RegEx which would be the most random way:

function randomPassword(length) {
  var chars = "abcdefghijklmnopqrstuvwxyz!@#$%^&*1234567890ABCDEFGHIJKLMNOPQRSTUVWYZ";
  var pass = "";
  for (var x = 0; x < length; x++) {
    var i = Math.floor(Math.random() * chars.length);
    pass += chars.charAt(i);
  }
  return pass;
}

function randomStrongPassword(length) {
const strongRegex = new RegExp(`^(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])(?=.*[!@#\$%\^&\*])(?=.{${length},})`)
let pass, valid
do {
  pass = randomPassword(length)
  valid = strongRegex.test(pass)
  } while (valid !== true)
  return pass
}
  
console.log(randomStrongPassword(8))

Or generate it like this and than randomize (I've added a test at end):

function randomPassword(length) {
const lower = 'abcdefghijklmnopqrstuvwxyz'
const upper = lower.toUpperCase()
const special ='!@#$%^&*'
const numbers = '1234567890'
const characters = [lower, upper, special, numbers]
let pass = ""
for (var x = 0; x < length; x++) {
    characters.forEach(e => {
      const i = Math.floor(Math.random() * e.length)
      pass += e.charAt(i)
    })
}
const splice = Math.max(Math.floor(Math.random() * length) - length, 0)
return [...pass].splice(splice, length).sort(e => Math.random() - 0.5).join('')
}
console.log(randomPassword(10))
// Test password
const minLength = 8
const strongRegex = new RegExp(`^(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])(?=.*[!@#\$%\^&\*])(?=.{${minLength},})`)
console.log(strongRegex.test(randomPassword(6)))
console.log(strongRegex.test(randomPassword(8)))
radulle
  • 1,437
  • 13
  • 19
0

Maybe you can leave the password like it is, but to make sure you have the four required characters (number, uppercase, lowercase and special characters), you can later add one of each. These can also be chosen at random.

cluelessdev
  • 187
  • 1
  • 5
  • nope, it's important check the generate password, to security – Alessia May 11 '20 at 20:26
  • I don't exactly understand. You would still be checking the generated password. You then will know that you will also have your four separate characters on top of the random generated password. And the characters will be random as well. – cluelessdev May 11 '20 at 20:29
  • OK if I did what you told me how could I accidentally put them inside the string? Without putting them in at the end – Alessia May 11 '20 at 20:32
  • You can add them to your password in your loop when creating the password. Or shuffle the resulting string. – cluelessdev May 11 '20 at 20:35