fix: update Zod password regex to accept all special characters

[SUMIQVERSE]

Related Issue

• Closes 🐛 Bug Report: Strict Regex rejecting valid passwords with certain special characters during Signup #567

---

Description

Fixed a bug in the backend authentication validation logic where valid passwords containing certain special characters (like #, ^, -) were being incorrectly rejected during signup.

The Zod validation schema previously used a restrictive regex [@$!%*?&] that hardcoded a limited list of allowed special characters. I updated the regex to use [\W_], which universally accepts all standard special characters while maintaining the required security constraints (min 8 chars, uppercase, lowercase, number, and special character).

---

How Has This Been Tested?

• Ran the backend server locally.
• Attempted to create an account via the frontend using a password that includes the # symbol (e.g., Jps@#1357).
• Verified that the 400 Bad Request validation error no longer occurs and the account is created successfully.

---

Type of Change

• Bug fix
• New feature
• Code style update
• Breaking change
• Documentation update

Summary by CodeRabbit

• Bug Fixes
  • Strengthened signup password rules: now requires at least one uppercase, one lowercase, one digit, and one special (non-alphanumeric, non-whitespace) character, allows a broader set of characters, and enforces a minimum length of 8.

[netlify]

✅ Deploy Preview for github-spy ready!

Name	Link
🔨 Latest commit	30f1584
🔍 Latest deploy log	https://app.netlify.com/projects/github-spy/deploys/6a16e53ba4c4ec00089b01db
😎 Deploy Preview	https://deploy-preview-568--github-spy.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 4e188c0d-ca86-40ba-93d1-9c457191d38d

📥 Commits

Reviewing files that changed from the base of the PR and between 6ab6cd3 and 30f1584.

📒 Files selected for processing (1)

• backend/validators/authValidator.js

🚧 Files skipped from review as they are similar to previous changes (1)

• backend/validators/authValidator.js

---

📝 Walkthrough

Walkthrough

Updated the signup password validation regex to a lookahead-based pattern that requires lowercase, uppercase, digit, and a non-word/non-whitespace character and enforces a minimum length of 8, allowing a broader set of special characters.

Changes

Password Validation Fix

Layer / File(s)	Summary
Password validation schema update backend/validators/authValidator.js	Password validation regex replaced with a lookahead-based pattern requiring lowercase ([a-z]), uppercase ([A-Z]), digit (\d), and a non-word/non-whitespace character (e.g., \W or _) assertions, and matching any non-whitespace characters with minimum length 8. The prior enumerated special-character restriction was removed.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Possibly related PRs

• GitMetricsLab/github_tracker#279: Prior password complexity rules in the same signupSchema validation file that this PR's regex update affects.

Suggested labels

level:intermediate, quality:clean

Poem

🐰 I hopped through code to mend the gate,
A regex loosened, freed from fate.
Lookaheads guard the secrets tight,
Now symbols dance in password light,
Signup smiles—no more rejected crate. ✨🔐

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately summarizes the main change: updating the Zod password regex to accept all special characters instead of a limited set.
Description check	✅ Passed	The description follows the repository template with all required sections completed: Related Issue, Description, How Has This Been Tested, and Type of Change.
Linked Issues check	✅ Passed	The code change directly addresses issue #567 by updating the password regex from a restrictive character class to accept all special characters while maintaining security constraints.
Out of Scope Changes check	✅ Passed	The change is narrowly focused on the password validation regex in authValidator.js, directly addressing the linked issue with no unrelated modifications.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

🎉 Thank you @SUMIQVERSE for your contribution. Please make sure your PR follows https://github.com/GitMetricsLab/github_tracker/blob/main/CONTRIBUTING.md#-pull-request-guidelines

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@backend/validators/authValidator.js`:
- Around line 20-22: The password regex in the .regex(...) call in
authValidator.js uses [\W_] which counts whitespace as a "special" character;
replace the fourth positive lookahead with one that requires a non-alphanumeric,
non-whitespace character (for example (?=.*[^A-Za-z0-9\s])) so the full pattern
becomes /^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[^A-Za-z0-9\s]).{8,}$/ to prevent
spaces/tabs from satisfying the special-character requirement.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 17259622-bf87-42bc-94db-198228a4cc91

📥 Commits

Reviewing files that changed from the base of the PR and between 4ae0ef6 and 6ab6cd3.

📒 Files selected for processing (1)

• backend/validators/authValidator.js

[SUMIQVERSE]

@coderabbitai resolve

[coderabbitai]

✅ Actions performed

Comments resolved. Approval is disabled; enable reviews.request_changes_workflow to allow explicit top-level @coderabbitai resolve or @coderabbitai approve commands.