implement check for existing special character in password

2 years ago · 01aeaa20d5
2 changed files with 27 additions and 0 deletions
--- a/src/main/java/PasswordValidator.java
+++ b/src/main/java/PasswordValidator.java
@ -11,11 +11,13 @@ public class PasswordValidator {
    boolean requireUppercase = true;
    boolean requireLowercase = true;
    boolean requireDigit = true;
+    boolean requireSpecialChar = true;
    boolean checkPwned = true;

    private final Pattern uppercasePattern = Pattern.compile("^(?=.*[A-Z]).+$");
    private final Pattern lowercasePattern = Pattern.compile("^(?=.*[a-z]).+$");
    private final Pattern digitPattern = Pattern.compile("^(?=.*\\d).+$");
+    private final Pattern specialCharPattern = Pattern.compile("^(?=.*[.!?=@#$()%^&/*_\\-+]).+$");
    private static final String pwnedPasswordsApiUrl = "https://api.pwnedpasswords.com/range/";

    public boolean validate(String password) {
@ -27,6 +29,8 @@ public class PasswordValidator {
            return false;
        } else if (requireDigit && !digitPattern.matcher(password).matches()) {
            return false;
+        } else if (requireSpecialChar && !specialCharPattern.matcher(password).matches()) {
+            return false;
        } else if (checkPwned && isPwned(password)) {
            return false;
        }
@ -65,6 +69,14 @@ public class PasswordValidator {
        this.requireDigit = requireDigit;
    }

+    public boolean isRequireSpecialChar() {
+        return requireSpecialChar;
+    }
+
+    public void setRequireSpecialChar(boolean requireSpecialChar) {
+        this.requireSpecialChar = requireSpecialChar;
+    }
+
    public boolean isCheckPwned() {
        return checkPwned;
    }
--- a/src/test/java/PasswordValidatorTest.java
+++ b/src/test/java/PasswordValidatorTest.java
@ -15,6 +15,7 @@ class PasswordValidatorTest {
        passwordValidator.setRequireLowercase(false);
        passwordValidator.setRequireDigit(false);
        passwordValidator.setCheckPwned(false);
+        passwordValidator.setRequireSpecialChar(false);
        assertFalse(passwordValidator.validate("abcde"));
        assertTrue(passwordValidator.validate("abcdef"));
        assertTrue(passwordValidator.validate("abcdefg"));
@ -24,6 +25,7 @@ class PasswordValidatorTest {
        passwordValidator.setRequireLowercase(false);
        passwordValidator.setRequireDigit(false);
        passwordValidator.setCheckPwned(false);
+        passwordValidator.setRequireSpecialChar(false);
        assertFalse(passwordValidator.validate("abcdef"));
        assertTrue(passwordValidator.validate("abCdef"));
        assertTrue(passwordValidator.validate("ABCDEF"));
@ -33,6 +35,7 @@ class PasswordValidatorTest {
        passwordValidator.setRequireLowercase(true);
        passwordValidator.setRequireDigit(false);
        passwordValidator.setCheckPwned(false);
+        passwordValidator.setRequireSpecialChar(false);
        assertFalse(passwordValidator.validate("abcdef"));
        assertTrue(passwordValidator.validate("abCdef"));
        assertFalse(passwordValidator.validate("ABCDEF"));
@ -42,6 +45,7 @@ class PasswordValidatorTest {
        passwordValidator.setRequireLowercase(true);
        passwordValidator.setRequireDigit(true);
        passwordValidator.setCheckPwned(false);
+        passwordValidator.setRequireSpecialChar(false);
        assertFalse(passwordValidator.validate("8"));
        assertFalse(passwordValidator.validate("12345678"));
        assertFalse(passwordValidator.validate("abcdef"));
@ -51,6 +55,17 @@ class PasswordValidatorTest {
        assertFalse(passwordValidator.validate("ABCDEF8"));
        assertTrue(passwordValidator.validate("abCDE8F"));

+        // test special chars requirement
+        passwordValidator.setRequireUppercase(true);
+        passwordValidator.setRequireLowercase(true);
+        passwordValidator.setRequireDigit(true);
+        passwordValidator.setCheckPwned(false);
+        passwordValidator.setRequireSpecialChar(true);
+        assertFalse(passwordValidator.validate("*"));
+        assertFalse(passwordValidator.validate("abCDE8F"));
+        assertTrue(passwordValidator.validate("abCDE8_F"));
+        assertTrue(passwordValidator.validate("abCDE*/8_F"));
+
        // test password pwned check
        passwordValidator.setRequireUppercase(true);
        passwordValidator.setRequireLowercase(true);