I would like to enforce a password policy in Zotonic. My first impression would be to do this as a validator on the new_password
field in the Identity editor.
Here is an example policy:
- Have be at least 8 characters in length
- Have at least one upper case letter
- Have at least one lower case letter
- Have at least one number
- Have at least one non-alphanumeric character
- Not be based on account name
Here is a possible implementation (not tested):
string:length(Password) >= 8 andalso
re:run(Password, "[A-Z]") =/= nomatch andalso
re:run(Password, "[a-z]") =/= nomatch andalso
re:run(Password, "[0-9]") =/= nomatch andalso
re:run(Password, "[^A-Za-z0-9]") =/= nomatch andalso
re:run(Password, AccountName) =:= nomatch
How do you enforce password complexity rules in Zotonic?