From 3d37e2012827bb55d626f48053649b2a65619fd7 Mon Sep 17 00:00:00 2001 From: mleanos Date: Tue, 22 Sep 2015 04:02:31 -0700 Subject: [PATCH] Repeating Characters condition Added a regular expression test to the while condition, in order to ensure no repeat characters are present in the generated password. --- modules/users/server/models/user.server.model.js | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/modules/users/server/models/user.server.model.js b/modules/users/server/models/user.server.model.js index ee5dbc6303..ca4d99edf3 100644 --- a/modules/users/server/models/user.server.model.js +++ b/modules/users/server/models/user.server.model.js @@ -175,10 +175,11 @@ UserSchema.statics.findUniqueUsername = function (username, suffix, callback) { UserSchema.statics.generateRandomPassphrase = function () { return new Promise(function (resolve, reject) { var password = ''; + var repeatingCharacters = new RegExp('(.)\\1{2,}', 'g'); // iterate until the we have a valid passphrase. // NOTE: Should rarely iterate more than once, but we need this to ensure no repeating characters are present. - while (password.length < 20) { + while (password.length < 20 || repeatingCharacters.test(password)) { // build the random password password = generatePassword.generate({ length: Math.floor(Math.random() * (20)) + 20, // randomize length between 20 and 40 characters @@ -188,8 +189,8 @@ UserSchema.statics.generateRandomPassphrase = function () { excludeSimilarCharacters: true, }); - // check if we need to remove any repeating characters. - password = password.replace(/(.)\1{2,}/g, ''); + // check if we need to remove any repeating characters. + password = password.replace(repeatingCharacters, ''); } // Send the rejection back if the passphrase fails to pass the strength test