Treat non-ASCII characters as symbols in password strength calculation

Before, any non-ASCII characters were simply ignored for password strength.
nimiq · Jan 6, 2024 · 60732fd · 60732fd
1 parent 5666de9
commit 60732fd
Showing 1 changed file with 9 additions and 5 deletions.
diff --git a/src/lib/PasswordStrength.js b/src/lib/PasswordStrength.js
@@ -45,13 +45,17 @@ class PasswordStrength {
 
         const baseScore = 30;
 
-        for (let i = 0; i < password.length; i++) {
-            if (password.charAt(i).match(/[A-Z]/g)) { count.upperCase += 1; }
-            if (password.charAt(i).match(/[0-9]/g)) { count.numbers += 1; }
-            if (password.charAt(i).match(/(.*[!,@,#,$,%,^,&,*,?,_,~])/)) { count.symbols += 1; }
+        const characters = [...password];
+        const length = characters.length;
+
+        for (let i = 0; i < length; i++) {
+            if (characters[i].match(/[A-Z]/g)) { count.upperCase += 1; }
+            else if (characters[i].match(/[0-9]/g)) { count.numbers += 1; }
+            // Count everything else that is not a lowercase letter as a symbol
+            else if (characters[i].match(/[^a-z]/)) { count.symbols += 1; }
         }
 
-        count.excess = password.length - minLength;
+        count.excess = length - minLength;
 
         if (count.upperCase && count.numbers && count.symbols) {
             weight.combo = 25;