A more strict and secure ensureCredentials

[brielov]

Hi there, I follow this project since you are one of the very few people that uses typed. Browsing your code I noticed a function called ensureCredentials which uses credentialsType to validate email and password. Since I use typed to do the same thing on my own projects, I created two extra add-ons to deal with emails and passwords that may worth you checking them out. typed-email uses RFC822 compliant regex to validate emails. It also trims and lowercase them before validation. typed-password enforces a set of rules that a password must pass to be considered valid (useful for account creation). Anyways, here is an example:

import * as T from 'typed'
import * as P from 'typed-password'
import { email } from 'typed-email'

const password = P.password(
  P.nospace, // don't allow whitespaces
  P.min(8),  // at least 8 characters
  P.max(20), // at most 20 characters
  P.upper(), // at least 1 uppercase letter
  P.lower(), // at least 1 lowercase letter
  P.digit(), // at least 1 digit
  P.symbol() // at least 1 special character
)

const credentialsType = T.object({
  email,
  password,
})

Hope you find them useful.

[ValeriaVG]

I'm not sure I agree with the restrictions you're setting.
For example, I myself prefer to use whitespace and multi-word senseless passwords like r0ck p@rrot dieSel, which are easy to remember, but relatively hard to guess.

I'm against hard restrictions on the password, as they are not only annoying but limit the number of possible variations, making it easier to guess.

Instead, I was going for the visual aid for the password field, which would rank a password from weak to strong and let the user decide if the security level is appropriate.

I'll leave the issue up for future development though, thank you for bringing it up!