havardt / passwordvalidator Goto Github PK

A PasswordValidator instantiated with CheckTypes.Basic will not validate any input, because the min and max length of the associated Length validator is 0:

var validator = new PasswordValidator(CheckTypes.Basic);

It is thus necessary to explicitly assign the MinLength and MaxLength properties:

var validator = new PasswordValidator(CheckTypes.Basic);
validator.MinLength = 6;
validator.MaxLength = 128;

It seems that the desired behavior in this scenario would be for the Length validator to use the default min/max length values.

Is your feature request related to a problem? Please describe.
Currently the length check only check if the given password is longer than the minimum length, but often you will also want to set an upper limit.

Describe the solution you'd like
The user should be able to set a maximum password length. The default maximum length should be 128 as described in the OWASP cheat sheet.

Describe the bug
The passwords Aaaa@2022 or aaaA@2012 are passed.
To Reproduce
Steps to reproduce the behavior:

1. Use parameter password
2. Set LetterRepetitionLength to 4
3. Call method Validate
   etc.

Expected behavior
Validate method returns False.

Is your feature request related to a problem? Please describe.
As a user, I would like to see if the entered password is on a common/bad/pwned passwords list.

Describe the solution you'd like
A predefined check that checks up against a solid password list.

Describe alternatives you've considered
Use sorted file to check if entered password exists in the list.

Describe the bug
Password is invalid when no checks have been added.

To Reproduce
Steps to reproduce the behavior:

1. Create a new validator object with no checks added.
2. Call Validate method.

Expected behavior
Validation should default to valid when no checks have been added as there is no check to fail and thus by definition the password is valid.

Describe the solution you'd like
Improved efficiency for predefined checks.

Describe alternatives you've considered
LINQ and manual looping through characters as a substitution for regex.

Additional context
From experience; regex is slow compared to manual looping. Regex provides a fair bit of simplicity altough at a cost of efficiency.

Is your feature request related to a problem? Please describe.
Yes, when a textbox adds leading white space it should not count as password length.

Describe the solution you'd like
Leading and traling white space should be removed when checking length.

For example, is it a good idea to check the "qwer asdf ZxcV" character on the keyboard？

Is your feature request related to a problem? Please describe.
Currently all predefined checks that execute checks on letters do so based on the ISO basic latin alphabet (A-Za-z).

Describe the solution you'd like
Predefined checks should support a wider range of alphabets.

Is your feature request related to a problem? Please describe.
Sometimes you don't need the users password to match all criterias.

Describe the solution you'd like
Developers should be able to set a count or percentage of checks that must pass validation. The default should be that all checks must pass.

Example:
Developer wants all password to match three of the four criterias:

• Atleast one upper-case
• Atleast one lower-case
• Atleast one digit
• Atleast one symbol

The developer would then provide the password validator object with a count of 3 or a double of 0.75 representing 75%.

Describe alternatives you've considered
Either use an int which sets the required amount of checks to pass or use a double which represnts a % of checks that needs to pass where 0.0 is no checks need to pass and 1.0 represents all checks needing to pass.