auth0-password-policies 2.0.0 → 2.2.0

package/README.md

@@ -37,7 +37,9 @@ const { createRulesFromOptions } = require('auth0-password-policies');
 const passwordOptions = {
   character_types: ["uppercase","lowercase","number","special"],
   character_type_rule: "three_of_four",
-  identical_characters: "block"
+  identical_characters: "block",
+  sequential_characters: "block",
+  max_length_exceeded: "error"
 };
 
 const rules = createRulesFromOptions(passwordOptions);
@@ -52,6 +54,8 @@ console.log(customPolicy.toString());
 *   * numbers (i.e. 0-9)
 *   * special characters (e.g. !@#$%^&*)
 * * No more than 2 identical characters in a row (e.g., "aaa" not allowed)
+* * No more than 2 sequential alphanumeric characters (e.g., "abc" not allowed)
+* * Maximum password length exceeded
 */
 ```
 

package/index.js

@@ -48,6 +48,8 @@ const CHARACTER_TYPES = {
  * @property {Array<'uppercase'|'lowercase'|'number'|'special'>} [character_types=[]] - Required character types
  * @property {'all'|'three_of_four'} [character_type_rule='all'] - How many character types are required
  * @property {'allow'|'block'} [identical_characters='allow'] - Whether to allow >2 identical consecutive characters
+ * @property {'allow'|'block'} [sequential_characters='allow'] - Whether to allow sequential_characters (increasing or decreasing) alphanumeric characters.
+ * @property {'error'|'truncate'} [max_length_exceeded='error'] - Behavior when password exceeds max length of 72 bytes
  */
 
 /**
@@ -60,6 +62,8 @@ const DEFAULT_PASSWORD_OPTIONS = {
   character_types: [],
   character_type_rule: "all",
   identical_characters: "allow",
+  sequential_characters: "allow",
+  max_length_exceeded: "error"
 };
 
 /**
@@ -78,6 +82,8 @@ function createRulesFromOptions(options = {}) {
     character_types: requiredTypes,
     character_type_rule: characterTypeRule,
     identical_characters: identicalChars,
+    sequential_characters: sequentialChars,
+    max_length_exceeded: maxLength
   } = { ...DEFAULT_PASSWORD_OPTIONS, ...options };
 
   // Validate min_length is within acceptable range
@@ -140,6 +146,14 @@ function createRulesFromOptions(options = {}) {
     rules.identicalChars = { max: 2 };
   }
 
+  if (sequentialChars === "block") {
+    rules.sequentialChars = { max: 2 }
+  }
+  
+  if (maxLength === "error") {
+    rules.maxLength = { maxBytes: 72 };
+  }
+
   return rules;
 }
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "auth0-password-policies",
-  "version": "2.0.0",
+  "version": "2.2.0",
   "main": "index.js",
   "repository": "git@github.com:auth0/auth0-password-policies.git",
   "author": "Shaun Starsprung <shaun.starsprung@auth0.com>",
@@ -12,6 +12,6 @@
     "jest": "^29.0.0"
   },
   "dependencies": {
-    "password-sheriff": "^1.1.0"
+    "password-sheriff": "^2.0.0"
   }
 }

package/test/test.js

@@ -1,5 +1,6 @@
 const policies = require("..");
 const { createRulesFromOptions } = policies;
+const { PasswordPolicy } = require("password-sheriff");
 
 describe("password policies", function () {
   describe("main export", function () {
@@ -23,6 +24,7 @@ describe("password policies", function () {
         const auth0Config1 = {
           min_length: 1,
           identical_characters: "allow",
+          max_length_exceeded: "truncate",
         };
         const rules = createRulesFromOptions(auth0Config1);
         expect(rules).toEqual({
@@ -34,6 +36,7 @@ describe("password policies", function () {
         const auth0Config72 = {
           min_length: 72,
           identical_characters: "allow",
+          max_length_exceeded: "truncate",
         };
         const rules72 = createRulesFromOptions(auth0Config72);
         expect(rules72).toEqual({
@@ -59,6 +62,7 @@ describe("password policies", function () {
           character_types: ["lowercase", "uppercase", "number", "special"],
           identical_characters: "allow",
           min_length: 4,
+          max_length_exceeded: "truncate",
         };
         const rules = createRulesFromOptions(auth0Config);
         expect(rules).toHaveProperty("length");
@@ -83,6 +87,7 @@ describe("password policies", function () {
           character_type_rule: "three_of_four",
           identical_characters: "allow",
           min_length: 3,
+          max_length_exceeded: "truncate",
         };
         const rules = createRulesFromOptions(auth0Config);
         expect(rules).toHaveProperty("length");
@@ -105,6 +110,7 @@ describe("password policies", function () {
           const auth0Config = {
             character_types: ["lowercase", "uppercase"],
             character_type_rule: "three_of_four",
+            max_length_exceeded: "error",
           };
           createRulesFromOptions(auth0Config);
         }).toThrow(
@@ -117,6 +123,7 @@ describe("password policies", function () {
       it("should disallow more than 2 identical characters when specified", function () {
         const auth0Config = {
           identical_characters: "block",
+          max_length_exceeded: "error",
         };
         const rules = createRulesFromOptions(auth0Config);
         expect(rules).toEqual({
@@ -126,22 +133,140 @@ describe("password policies", function () {
           identicalChars: {
             max: 2,
           },
+          maxLength: {
+            maxBytes: 72,
+          },
         });
       });
 
       it("should allow more than 2 identical characters when specified", function () {
         const auth0Config = {
           identical_characters: "allow",
+          max_length_exceeded: "error",
         };
         const rules = createRulesFromOptions(auth0Config);
         expect(rules).toEqual({
           length: {
             minLength: 15,
           },
+          maxLength: {
+            maxBytes: 72,
+          },
         });
       });
     });
 
+    describe("sequential_characters", function () {
+      it("should disallow more than 2 sequential characters when specified (set to block)", function () {
+        const auth0Config = {
+          sequential_characters: "block",
+        };
+        const rules = createRulesFromOptions(auth0Config);
+        expect(rules).toEqual({
+          length: {
+            minLength: 15,
+          },
+          sequentialChars: {
+            max: 2,
+          },
+          maxLength: {
+            maxBytes: 72,
+          },
+        });
+      });
+
+      it("should allow more than 2 sequential characters when specified (set to allow)", function () {
+        const auth0Config = {
+          sequential_characters: "allow",
+        };
+        const rules = createRulesFromOptions(auth0Config);
+        expect(rules).toEqual({
+          length: {
+            minLength: 15,
+          },
+          maxLength: {
+            maxBytes: 72,
+          },
+        });
+      });
+
+      it("should correctly validate a password when sequential_characters is set to allow", function () {
+        const auth0Config = {
+          min_length: 2,
+          sequential_characters: "allow",
+        };
+        const rules = createRulesFromOptions(auth0Config);
+        const policy = new PasswordPolicy(rules);
+        const result = policy.check("abcde");
+        expect(result).toBe(true);
+      });
+
+      it("should correctly validate a password when sequential_characters is set to block", function () {
+        const auth0Config = {
+          min_length: 2,
+          sequential_characters: "block",
+        };
+        const rules = createRulesFromOptions(auth0Config);
+        const policy = new PasswordPolicy(rules);
+        const result = policy.check("abcde");
+
+        expect(result).toBe(false);
+      });
+    });
+
+    describe("max_length_exceeded", function () {
+      it("should disallow more than 72 bytes when creating password if max_length_exceeded is set to error", function () {
+        const auth0Config = {
+          max_length_exceeded: "error",
+        };
+        const rules = createRulesFromOptions(auth0Config);
+        expect(rules).toEqual({
+          length: {
+            minLength: 15,
+          },
+          maxLength: {
+            maxBytes: 72,
+          },
+        });
+      });
+
+      it("should not set a maxLength on rules when max_length_exceeded is set to truncate", function () {
+        const auth0Config = {
+          max_length_exceeded: "truncate",
+        };
+        const rules = createRulesFromOptions(auth0Config);
+        expect(rules).toEqual({
+          length: {
+            minLength: 15,
+          },
+        });
+      });
+
+      it("should correctly validate a password when max_length_exceeded is set to error", function () {
+        const auth0Config = {
+          min_length: 2,
+          max_length_exceeded: "error",
+        };
+        const rules = createRulesFromOptions(auth0Config);
+        const policy = new PasswordPolicy(rules);
+        const password = "a".repeat(100);
+        const result = policy.check(password);
+        expect(result).toBe(false);
+      });
+
+      it("should correctly validate a password when max_length_exceeded is set to truncate", function () {
+        const auth0Config = {
+          min_length: 2,
+          max_length_exceeded: "truncate",
+        };
+        const rules = createRulesFromOptions(auth0Config);
+        const policy = new PasswordPolicy(rules);
+        const password = "a".repeat(100);
+        const result = policy.check(password);
+        expect(result).toBe(true);
+      });
+    });
+
     describe("default values", function () {
       it("should apply default values when not specified", function () {
         const auth0Config = {};
@@ -150,6 +275,9 @@ describe("password policies", function () {
           length: {
             minLength: 15,
           },
+          maxLength: {
+            maxBytes: 72,
+          },
         });
       });
 
@@ -157,6 +285,8 @@ describe("password policies", function () {
         const auth0Config = {
           min_length: 5,
           identical_characters: "allow",
+          sequential_characters: "allow",
+          max_length_exceeded: "truncate",
         };
         const rules = createRulesFromOptions(auth0Config);
         expect(rules).toEqual({