在验证模式中使用 isStrongPassword。

huangapple go评论70阅读模式
英文:

Use isStrongPassword in validation schema

问题

以下是翻译好的部分:

"usernameSchema" 的代码部分不需要翻译。

"passwordSchema" 的代码部分不需要翻译。

"Even if I enter a password that matches the requirements, I get the following error:" 可以翻译为:"即使我输入符合要求的密码,我仍然会收到以下错误消息:"

{
    "errors": [
        {
            "type": "field",
            "value": "124sdjAfsd",
            "msg": "Password doesn't match the requirements.",
            "path": "password",
            "location": "query"
        }
    ]
}

"Can someone help me with this?" 可以翻译为:"有人能帮助我吗?"

英文:

I'm trying to define a schema using express-validator in which I set the "isStrongPassword" option. The "usernameSchema" works fine, but the "passwordSchema" doesn't pass my entered passwords through, even if they match the requirements.

Here is my code:

userRouter.js

const { usernameSchema, passwordSchema } = require("../services/validationSchemas");

router.post("/register", checkSchema({ username: usernameSchema, password: passwordSchema }), (req, res) => {
  const result = validationResult(req);
  if (result.isEmpty()) {
    res.json({
      username: req.query.username,
      password: req.query.password
    });
  } else {
    res.send({
      errors: result.array()
    });
  }
});

validationSchemas.js

const usernameSchema = {...};

const passwordSchema = {
  errorMessage: "Enter a valid password.",
  trim: true,
  notEmpty: {
    bail: true
  },
  isStrongPassword: {
    minLength: 8,
    minLowercase: 1,
    minUppercase: 1,
    minNumbers: 1
  },
  errorMessage: "Password doesn't match the requirements."
};

module.exports = {
  usernameSchema: usernameSchema,
  passwordSchema: passwordSchema
};

Even if I enter a password that matches the requirements, I get the following error:

{
    "errors": [
        {
            "type": "field",
            "value": "124sdjAfsd",
            "msg": "Password doesn't match the requirements.",
            "path": "password",
            "location": "query"
        }
    ]
}

Can someone help me with this?

答案1

得分: 3

以下是翻译好的部分:

"Did some testing now (version 7.0.1)"
现在进行了一些测试(版本 7.0.1)

"Express validator uses the default values unless you override them, you are not passing because you didn't override the minSymbols, so it is requiring 1 special char."
Express 验证器使用默认值,除非您覆盖它们,您未覆盖 minSymbols,因此它要求 1 个特殊字符。

"BUT If you use schema, there is a bug, you simply cannot override the default values (8 chars, 1 lower, 1 upper, 1 number and 1 special),"
但是,如果您使用模式(schema),存在错误,您根本无法覆盖默认值(8 个字符,1 个小写字母,1 个大写字母,1 个数字和 1 个特殊字符)。

"I can pass with this password: aA1@1245 even with this crazy config:"
我可以使用此密码通过:aA1@1245,即使使用这个疯狂的配置:

"const passwordSchema = {
trim: true,
notEmpty: {
bail: true
},
isStrongPassword: {
minLength: 1000000000,
minLowercase: 1000000000,
minUppercase: 1000000000,
minNumbers: 1000000000,
minSymbols: 1000000000
},
errorMessage: "Gotta be kidding"
};"
const 密码模式 = {
trim: true,
notEmpty: {
bail: true
},
isStrongPassword: {
minLength: 1000000000,
minLowercase: 1000000000,
minUppercase: 1000000000,
minNumbers: 1000000000,
minSymbols: 1000000000
},
errorMessage: "开玩笑吧"
};

"To be able to achieve what you want (override the minSymbol) you have to use chain validation:"
要能够实现您想要的(覆盖 minSymbol),您必须使用链验证:

"const passwordConfig = {
minLength: 8,
minLowercase: 1,
minUppercase: 1,
minNumbers: 1,
minSymbols: 0 //🟥 dont require special chars
}"
const 密码配置 = {
minLength: 8,
minLowercase: 1,
minUppercase: 1,
minNumbers: 1,
minSymbols: 0 // 不需要特殊字符
}

"router.post("/register",
checkSchema({ username: usernameSchema }), //🟥 first middleware - schema validation
query('password').isStrongPassword(passwordConfig), //🟥 second middleware - chain validation
(req, res) => {
const result = validationResult(req);
if (result.isEmpty()) {
res.json({
username: req.query.username,
password: req.query.password
});
} else {
res.send({
errors: result.array()
});
}
});"
router.post("/register",
checkSchema({ username: usernameSchema }), // 第一个中间件 - 模式验证
query('password').isStrongPassword(passwordConfig), // 第二个中间件 - 链验证
(req, res) => {
const result = validationResult(req);
if (result.isEmpty()) {
res.json({
username: req.query.username,
password: req.query.password
});
} else {
res.send({
errors: result.array()
});
}
});

英文:

Did some testing now (version 7.0.1)

Express validator uses the default values unless you override them, you are not passing because you didn't override the minSymbols, so it is requiring 1 special char.

BUT If you use schema, there is a bug, you simply cannot override the default values (8 chars, 1 lower, 1 upper, 1 number and 1 special),

I can pass with this password: aA1@1245 even with this crazy config:

const passwordSchema = {
    trim: true,
    notEmpty: {
        bail: true
    },
    isStrongPassword: {
        minLength: 1000000000,
        minLowercase: 1000000000,
        minUppercase: 1000000000,
        minNumbers: 1000000000,
        minSymbols: 1000000000
    },
    errorMessage: "Gotta be kidding"
};

To be able to achieve what you want (override the minSymbol) you have to use chain validation:

const passwordConfig = {
    minLength: 8,
    minLowercase: 1,
    minUppercase: 1,
    minNumbers: 1,
    minSymbols: 0 //🟥 dont require special chars
}

router.post("/register",
    checkSchema({ username: usernameSchema }), //🟥 first middleware - schema validation
    query('password').isStrongPassword(passwordConfig), //🟥 second middleware - chain validation
    (req, res) => {
        const result = validationResult(req);
        if (result.isEmpty()) {
            res.json({
                username: req.query.username,
                password: req.query.password
            });
        } else {
            res.send({
                errors: result.array()
            });
        }
    });

答案2

得分: 1

使用模式验证时,需要将选项传递给验证器的 options 属性下。如果直接将它们传递给验证器,它们将无法正常工作。

isStrongPassword: {
  options: {
    minLength: 8,
    minLowercase: 1,
    minUppercase: 1,
    minNumbers: 1
  }
}

文档

英文:

When using schema validation, you need to pass options under the options property of the validator. They won't work if you pass them directly to the validator.

isStrongPassword: {
  options: {
    minLength: 8,
    minLowercase: 1,
    minUppercase: 1,
    minNumbers: 1
  }
}

Docs

huangapple
  • 本文由 发表于 2023年6月16日 05:02:04
  • 转载请务必保留本文链接:https://go.coder-hub.com/76485486.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定