DEV Community

Daily Challenge #224 - Password Validator

dev.to staff on April 13, 2020

Write a quick password validator to make sure that the people that visit your site use appropriate passwords. Respond with "VALID" if the string ...
Collapse
 
franky47 profile image
François Best • Edited

Please, please, please... do not set maximum lengths on passwords. [1]

It's 2020, you should be hashing [2] your passwords (so the output is constant length no matter what the input). Password strength is based on two things: entropy (randomness) and length. Since people are usually bad at entropy, let them enter long passwords or passphrases if they want to. Also it sucks for people with password managers to have to generate custom rules. Accept any character, even spaces (you're hashing the password, so you can even accept ';-- for that matter), for passphrases.

[1] If you really want to set one to avoid 1GiB passwords, put it at 256 characters, so that password managers can go wild.
[2] Yes, I mean hashing + salting, don't roll it yourself and use bcrypt.

I know this is a training exercise, but cargo cult security is real.

Collapse
 
merrickfox profile image
Merrick Fox

Nice idea but it's not always your choice.

Case in point, you're advocating using bcrypt when bcrypt itself can only support 72 characters maximum, anything larger is truncated.

Collapse
 
lunaticneko profile image
Chawanat Nakasan

Maybe archaic systems, and also, shorter lengths are easier to make test cases that are easy for inspection. Most programming challenges I know are usually short and sweet (unless we're dealing with huge data deliberately).

Collapse
 
vidit1999 profile image
Vidit Sarkar

Python solution

passwordValidator = lambda password : "VALID" if((3 < len(password) < 20) and password.isalnum() and any(map(str.isdigit, password)) and any(map(str.isalpha, password))) else "INVALID"

Here is the detailed version of above,

def passwordValidator(password : str) -> str:
    if(3 < len(password) < 20):
        if(password.isalnum()):
            if(any(map(str.isdigit, password)) and any(map(str.isalpha, password))):
                return "VALID"
    return "INVALID"

Output,

print(passwordValidator('Username123!')) # output -> INVALID
print(passwordValidator('123')) # output -> INVALID
print(passwordValidator('Username123')) # output -> VALID
print(passwordValidator('Username')) # output -> INVALID
print(passwordValidator('IsThisPasswordTooLong')) # output -> INVALID
print(passwordValidator('DEVCommunity')) # output -> INVALID
Collapse
 
mburszley profile image
Maximilian Burszley

A little more readable example that is explicit about the lazy evaluation (chaining and)

def validatePassword(password: str) -> str:
    if (3 < len(password) < 20
            and password.isalnum()
            and any(map(str.isdigit, password))
            and any(map(str.isalpha, password))):
        return 'VALID'
    return 'INVALID'

assert validatePassword('Username123!') == 'INVALID'
assert validatePassword('123') == 'INVALID'
assert validatePassword('Username123') == 'VALID'

assert validatePassword('Username') == 'INVALID'
assert validatePassword('IsThisPasswordTooLong') == 'INVALID'
assert validatePassword('DEVCommunity') == 'INVALID'
Collapse
 
mburszley profile image
Maximilian Burszley • Edited

A lazy JS implementation:

function validatePassword(password) {
  const pattern = /^[a-z0-9]{4,19}$/i;
  const test = pattern.test(password) && /[a-z]/i.test(password) && /[0-9]/.test(password);

  return test ? 'VALID' : 'INVALID';
}

function testValidatePassword() {
  console.assert(validatePassword('Username123!') === 'INVALID');
  console.assert(validatePassword('123') === 'INVALID');
  console.assert(validatePassword('Username123') === 'VALID');

  console.assert(validatePassword('Username') === 'INVALID');
  console.assert(validatePassword('IsThisPasswordTooLong') === 'INVALID');
  console.assert(validatePassword('DEVCommunity') === 'INVALID');
}
Collapse
 
qm3ster profile image
Mihail Malo • Edited

Rust

fn validize(pwd: &str) -> bool {
    if !(3..=20).contains(&pwd.len()) {
        return false;
    }
    let mut alph = false;
    let mut num = false;
    for c in pwd.chars() {
        match c {
            '0'..='9' => num = true,
            'a'..='z' | 'A'..='Z' => alph = true,
            _ => return false,
        }
    }
    alph && num
}

// usage
fn main() {
    let t = |pwd| println!("{} => {}", pwd, validize(pwd));
    t("Username");
    t("IsThisPasswordTooLong");
    t("DEVCommunity");
    t("Username123!");
    t("123");
    t("Username123");
}

Imperative, because two predicates of any and one of all would be three iterations, and that is simply not acceptable.
The lambda is only a lambda to save lines on the internet. Don't do such things.
Look at it go.

Collapse
 
maskedman99 profile image
Rohit Prasad

Python

var = input("Enter the password: ")
aflag = 0
nflag = 0
sflag = 0

if len(var) < 4 or len(var) > 19:
        print("INNVALID")
else:
        for i in var:
                if i.isalpha():
                        aflag += 1
                elif i.isnumeric():
                        nflag += 1
                else:
                        sflag += 1
                        break

        if aflag == 0 or nflag == 0 or sflag != 0:
                print("INVALID")
        else:
                print("VALID")
Collapse
 
kesprit profile image
kesprit • Edited

My swift solution :

func passwordValidator(password: String) -> String {
    ((password.reduce(true) { $0 == true && ($1.isLetter || $1.isNumber) }) &&
        3..<20 ~= password.count &&
        (password.contains { $0.isLetter }) &&
        (password.contains { $0.isNumber })) ? "VALID" : "INVALID"
}

passwordValidator(password:"Username123!") // INVALID
passwordValidator(password:"123") // INVALID
passwordValidator(password:"Username123") // VALID
 
neradev profile image
Moritz Schramm

DEVCommunity would be invalid because it's missing the numeric part ;)

Collapse
 
shhdharmen profile image
Dharmen Shah

A quick JS function:

const PASS_REGEX = /^(?=.*[A-Za-z])(?=.*\d)[A-Za-z\d]{4,20}$/g;
function validPass(password){
  return password.search(PASS_REGEX) < 0 ? 'INVALID' : 'VALID';
}
Collapse
 
davidmmooney profile image
davidmmooney

I think you missed rule 3. The password needs both alpha and numeric.