Any option to specify the Symbols?

[swalahamani]

Hi,

Any option to specify which "Symbols" or "Special Characters" to be allowed?

[knicola]

Hello, there is no option to specify which special characters should be allowed at the moment.

[swalahamani]

Okay, thanks for the prompt response @knicola 🚀

[knicola]

I can't think of a valid reason why limit which symbols one can pick for their password so I'll be closing this ticket for now.

[ada-cienciala]

Commenting cause I've found a reason that might be valid enough to consider 😄 @knicola

The regex in yup-password for special symbols allows for more than popular identity providers like AWS Cognito do. I've encountered a problem when trying to pass £ as a symbol. yup-password indicated that yes, everything is fine. Cognito threw an error, breaking my app.

Cognito uses the same subset as OWASP proposes (^ $ * . [ ] { } ( ) ? - " ! @ # % & / \ , > < ' : ; | _ ~ ` + = and spaces). If there was a way to pass a regex or subset of symbols, it could be used with applications using AWS services on the backend.

Of course, I can always use regex with .matches but something to consider

[knicola]

Thank you for reporting this @ada-cienciala !

That is indeed good enough reason to reconsider my decision. I'll look into it once I find a free moment. Feel free to suggest ideas on what should the API look like and/or provide a PR if interested.

[knicola]

Sorry for the delay, I'm slowly getting to this.

Just wanted to drop a note here for anyone wanting to limit input to OWASP-friendly symbols, such as Cognito users:

I think limiting input to ASCII (non-control) characters should be enough, ie [\x20-\x7E]*. see ref table.

I could perhaps add a helper method to limit input to ascii only, ie .password().onlyASCII().