enforcing strong passwords in the email handler

2025-02-23 06:14:00 +08:00 · 2022-09-28 12:46:11 +02:00 · 2022-09-28 12:46:11 +02:00 · b9f1caadcd
commit b9f1caadcd
parent 8bf5d451bd
1 changed files with 18 additions and 0 deletions
--- a/frontend/static/email-handler.html
+++ b/frontend/static/email-handler.html
@ -175,6 +175,16 @@
  <!-- Initialize Firebase -->
  <script src="/__/firebase/init.js?useEmulator=true'"></script>
  <script defer>
+    function isPasswordStrong(password) {
+      const hasCapital = !!password.match(/[A-Z]/);
+      const hasNumber = !!password.match(/[\d]/);
+      const hasSpecial = !!password.match(
+        /[!@#$%^&*()_+\-=[\]{};':"\\|,.<>/?]/
+      );
+      const isLong = password.length >= 8;
+      return hasCapital && hasNumber && hasSpecial && isLong;
+    }
+
    function handleVerifyEmail(actionCode, continueUrl) {
      firebase
        .auth()
@ -232,6 +242,14 @@
            return;
          }

+          if (!isPasswordStrong(newPassword)) {
+            alert(
+              "Password must be at least 8 characters long and contain at least one capital letter, one number and one special character."
+            );
+            showResetPassword();
+            return;
+          }
+
          // Save the new password.
          firebase
            .auth()