I need to check for password complexity on a flask user registration form. I thought about using the password_strength python library but didn't have much success with it. I only need to check to make sure the password matches the following criteria:
Min of 12 char at least 1 UC at least 1 LC at least 1 Num at least 1 Sym
Here is my Login Registration code within Flask:
@auth.route('/signup', methods=['POST'])
def signup_post():
email = request.form.get('email')
name = request.form.get('name')
password = request.form.get('password')
# if re.match(r"^(?=.*[\d])(?=.*[A-Z])(?=.*[a-z])(?=.*[@#$])[\w\d@#$]{6,12}$", password):
user = User.query.filter_by(email=email).first() # check to see if user already exists
if user: # if a user is found, we want to redirect back to signup page so user can try again
flash('email address already exists')
return redirect(url_for('auth.signup'))
new_user = User(email=email, name=name, password=generate_password_hash(password, method='sha256'))
# add the new user to the database
db.session.add(new_user)
db.session.commit()
return redirect(url_for('auth.login'))
As you can see, I was thinking of using a regex to perform this task but I'm not sure how to inform the user the password doesn't meet the complexity requirements and re-prompt for a more secure password. Thanks
