Sign up rejects presumed strong password

[Okeanos]

I wanted to give HyperDX a spin via the local docker compose stack and tried to create the initial account.

When using Safari's autofill to generate a strong password for me HyperDX will reject the password (see screenshots). The password contains a dash - as special character.

As you can see the UI thinks this is a good and valid (strong) password.

However, the backend does not agree.

The error message from the backend is as follows:

[{
    "type": "Body",
    "errors": {
        "issues": [{
            "code": "custom",
            "message": "Password must include at least one special character",
            "path": ["password"]
        }],
        "name": "ZodError"
    }
}]

The HyperDX Git commit being run here is d59bef130bd23de7c9dc2b6b5b12fdefec155ca2.

[wrn14897]

Hi @Okeanos , thanks for the bug report. It looks like the - is missing in the zod validator (

hyperdx/packages/api/src/routers/api/root.ts

Lines 29 to 32 in d59bef1

	.refine(
	pass => /[!@#$%^&*(),.?":{}|<>]/.test(pass),
	'Password must include at least one special character',
	),

). If you want, I can assign this ticket to you. Or I can assign it to someone else. Thanks

[Okeanos]

Hey, thanks for fixing this :)

I have a couple of thoughts on the topics now that I see the solution:

• The UI should, if possible, display the list of expected characters that are considered special characters
• The UI should get the same list/regex to test as the backend (which was obviously not the case given the UI said I fulfilled the requirements)
• Consider whether the special character test can be simplified, i.e. by using something like a \W (non-word) character class or combination of \p{} classes; because Emoji etc. are also special characters, right? 🤔