主要问题:
如何实现密码验证不能包含严格递增的数字/字符(如1234/abcd)、严格递减的数字/字符(如4321/dcba)、严格重复(如aaaa)或连续键盘(如qwer)。在 PHP 和 JavaScript 中
<小时/>问题详细信息:
今天我们的客户要求我们根据中国政府的政策实现密码强度。该政策主要有以下条件
- 字符类别:小写字母、大写字母、数字、特殊字符。
- 如果密码长度< 10,那么它应该包含所有四类字符
- 如果密码长度 >= 10,则密码应至少包含两类字符
- 密码不能包含名字、姓氏、出生日期和电话号码。
- 密码不能包含严格递增的数字/字符(例如 1234/abcd)、严格递减的数字/字符(例如 4321/dcba)、严格重复(例如 aaaa)或连续键盘(例如 qwer)
- 最近 5 次使用的密码不允许
- 通知客户在 90 天内更改密码
- 对数据库中的用户信息(名字、姓氏、电话和出生日期)进行加密,然后解密以在前端显示。
我正在一一实现,只看到规则 5 的问题。但是如果您有任何想法可以根据中国政府政策详细解释密码强度的脚本或教程,请推荐我。
目前我已经实现了规则1-4。在 Javascript 和 Magento 开发人员中,我重写了 javascript 类 lib/web/mage/validation.js。
"validate-customer-password": [
function (v, elm) {
var validator = this,
length = 0,
counter = 0;
var passwordMinLength = $(elm).data('password-min-length');
var passwordMinCharacterSets = $(elm).data('password-min-character-sets');
var pass = $.trim(v);
//Added By Abbas
var firstname = $('#firstname').val().toLowerCase();
var lastname = $('#lastname').val().toLowerCase();
var phoneNumber = $('#phone_number').val();
var dob = $('#dob').val();
var lowerPass = pass.toLowerCase();
//End Added By Abbas
//Validation of strictly increasing, decreasing and repeating
//Validation of strictly increasing, decreasing and repeating
if(pass.match(/^(?=\d{4}$)(?:(.)\1*|0?1?2?3?4?5?6?7?8?9?|9?8?7?6?5?4?3?2?1?0?)/)){
result = false;
validator.passwordErrorMessage = $.mage.__(
"Password can not contain strictly increasing, decreasing or repeating sub string." +
" Example: 1234, 4321, 44444."
);
return result;
}
var result = pass.length >= passwordMinLength;
if (result == false) {
validator.passwordErrorMessage = $.mage.__(
"Minimum length of this field must be equal or greater than %1 symbols." +
" Leading and trailing spaces will be ignored."
).replace('%1', passwordMinLength);
return result;
}
if (pass.match(/\d+/)) {
counter ++;
}
if (pass.match(/[a-z]+/)) {
counter ++;
}
if (pass.match(/[A-Z]+/)) {
counter ++;
}
if (pass.match(/[^a-zA-Z0-9]+/)) {
counter ++;
}
/**
* Changed by Abbas to add the character classes validation based on the password length
*/
if (pass.length < 10 && counter < 4) {
result = false;
validator.passwordErrorMessage = $.mage.__(
"Minimum of different classes of characters in password is %1." +
" Classes of characters: Lower Case, Upper Case, Digits, Special Characters."
).replace('%1', 4);
return result;
}
if (pass.length >= 10 && counter < 2) {
result = false;
validator.passwordErrorMessage = $.mage.__(
"Minimum of different classes of characters in password is %1." +
" Classes of characters: Lower Case, Upper Case, Digits, Special Characters."
).replace('%1', 2);
return result;
}
//Validation of personal information
if((firstname.trim() != '' && lowerPass.includes(firstname)) ||
(firstname.trim() != '' && lowerPass.includes(lastname)) ||
(phoneNumber.trim() != '' && pass.includes(phoneNumber)) ||
(dob.trim() != '' && pass.includes(dob))){
result = false;
validator.passwordErrorMessage = $.mage.__(
"Pasword can not contain personal information." +
" Personal Information: First Name, Last Name, Date of birth, phone number."
);
return result;
}
return result;
}, function () {
return this.passwordErrorMessage;
}
]
最佳答案
我解决了这个问题,但没有任何正则表达式。它是用 JavaScript 编写的
var pass = $.trim(v);//Password
var firstname = $('#firstname').val().toLowerCase();
var lastname = $('#lastname').val().toLowerCase();
var phoneNumber = $('#phone_number').val();
var dob = $('#dob').val();
var lowerPass = pass.toLowerCase();
var increasingNumber = '0123456789';
var decreasingNumber = '9876543210';
var increasingAlphabets = 'abcdefghijklmnopqrstuvwxyz';
var decreasingAlphabets = 'zyxwvutsrqponmlkjihgfedcba';
var increasingQwerty1 = '`1234567890-=\\qwertyuiop[]asdfghjkl;\'zxcvbnm,./ ';
var increasingQwerty2 = '~!@#$%^&*()_+|QWERTYUIOP{}ASDFGHJKL:"ZXCVBNM<>?';
var decreasingQwerty1 = ' /.,mnbvcxz\';lkjhgfdsa][poiuytrewq\=-0987654321\`';
var decreasingQwerty2 = ' ?><MNBVCXZ":LKJHGFDSA}{POIUYTREWQ|+_)(*&^%$#@!~';
var passParts = new Array();
if(pass.match(/([a-zA-Z0-9])\1{3,}/)){
result = false;
validator.passwordErrorMessage = $.mage.__(
"Same Character can not repeat four times." +
" Example: aaa,DDDD, 44444."
);
return result;
}
var result = pass.length >= passwordMinLength;
if (result == false) {
validator.passwordErrorMessage = $.mage.__(
"Minimum length of this field must be equal or greater than %1 symbols." +
" Leading and trailing spaces will be ignored."
).replace('%1', passwordMinLength);
return result;
}
if (pass.match(/\d+/)) {
counter ++;
}
if (pass.match(/[a-z]+/)) {
counter ++;
}
if (pass.match(/[A-Z]+/)) {
counter ++;
}
if (pass.match(/[^a-zA-Z0-9]+/)) {
counter ++;
}
/**
* Changed by Abbas to add the character classes validation based on the password length
*/
if (pass.length < 10 && counter < 4) {
result = false;
validator.passwordErrorMessage = $.mage.__(
"Minimum of different classes of characters in password is %1." +
" Classes of characters: Lower Case, Upper Case, Digits, Special Characters."
).replace('%1', 4);
return result;
}
if (pass.length >= 10 && counter < 2) {
result = false;
validator.passwordErrorMessage = $.mage.__(
"Minimum of different classes of characters in password is %1." +
" Classes of characters: Lower Case, Upper Case, Digits, Special Characters."
).replace('%1', 2);
return result;
}
//Validation of stricly increasing and descreasing
for(var i =0; i <= pass.length-4 ; i++)
{
if(i+4 <= pass.length)
{
passParts[i] = pass.substring(i, i+4);
}
}
for(var i =0; i< passParts.length; i++)
{
if(decreasingNumber.includes(passParts[i]))
{
result = false;
validator.passwordErrorMessage = $.mage.__(
"Password can not contain strictly increasing, decreasing or repeating sub string." +
" Example: 1234, 4321"
);
return result;
}else if(increasingNumber.includes(passParts[i]))
{
result = false;
validator.passwordErrorMessage = $.mage.__(
"Password can not contain strictly increasing, decreasing or repeating sub string." +
" Example: 1234, 4321"
);
return result;
}else if(increasingAlphabets.includes(passParts[i]))
{
result = false;
validator.passwordErrorMessage = $.mage.__(
"Password can not contain strictly increasing, decreasing or repeating sub string." +
" Example: abcd, dcba, ABCD, DCBA"
);
return result;
}else if(decreasingAlphabets.includes(passParts[i]))
{
result = false;
validator.passwordErrorMessage = $.mage.__(
"Password can not contain strictly increasing, decreasing or repeating sub string." +
" Example: Example: abcd, dcba, ABCD, DCBA."
);
return result;
}else if(increasingAlphabets.toUpperCase().includes(passParts[i]))
{
result = false;
validator.passwordErrorMessage = $.mage.__(
"Password can not contain strictly increasing, decreasing or repeating sub string." +
" Example: abcd, dcba, ABCD, DCBA"
);
return result;
}else if(decreasingAlphabets.toUpperCase().includes(passParts[i])) {
result = false;
validator.passwordErrorMessage = $.mage.__(
"Password can not contain strictly increasing, decreasing or repeating sub string." +
" Example: Example: abcd, dcba, ABCD, DCBA."
);
return result;
}else if(increasingQwerty1.includes(passParts[i]) || increasingQwerty2.includes(passParts[i]) || increasingQwerty1.toUpperCase().includes(passParts[i]) || increasingQwerty2.toUpperCase().includes(passParts[i]))
{
result = false;
validator.passwordErrorMessage = $.mage.__(
"Password can not contain strictly increasing qwerty sub string." +
" Example: Example: qwer, QWER etc.."
);
return result;
}else if(decreasingQwerty1.includes(passParts[i]) || decreasingQwerty2.includes(passParts[i]) || decreasingQwerty1.toUpperCase().includes(passParts[i]) || decreasingQwerty2.toUpperCase().includes(passParts[i]))
{
result = false;
validator.passwordErrorMessage = $.mage.__(
"Password can not contain strictly decreasing qwerty sub string." +
" Example: Example: rewq, REWQ etc.."
);
return result;
}
}
//Validation of personal information
if((firstname.trim() != '' && lowerPass.includes(firstname)) ||
(firstname.trim() != '' && lowerPass.includes(lastname)) ||
(phoneNumber.trim() != '' && pass.includes(phoneNumber)) ||
(dob.trim() != '' && pass.includes(dob))){
result = false;
validator.passwordErrorMessage = $.mage.__(
"Pasword can not contain personal information." +
" Personal Information: First Name, Last Name, Date of birth, phone number."
);
return result;
}
return result;
关于javascript - Magento 中使用 Javascript 和 PHP 的中国密码政策,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/43933919/