From f6c9a22fdbbf4479731936b3ec9869f4451aba88 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=B6ren?= <hello@soerenschwert.de>
Date: Sat, 6 Jan 2024 16:51:33 +0100
Subject: [PATCH] Treat non-ASCII characters as symbols in password strength
 calculation

Before, any non-ASCII characters were simply ignored for password strength.
---
 src/lib/PasswordStrength.js | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

diff --git a/src/lib/PasswordStrength.js b/src/lib/PasswordStrength.js
index 02a419ae9..c40a51cf7 100644
--- a/src/lib/PasswordStrength.js
+++ b/src/lib/PasswordStrength.js
@@ -45,13 +45,21 @@ class PasswordStrength {
 
         const baseScore = 30;
 
-        for (let i = 0; i < password.length; i++) {
-            if (password.charAt(i).match(/[A-Z]/g)) { count.upperCase += 1; }
-            if (password.charAt(i).match(/[0-9]/g)) { count.numbers += 1; }
-            if (password.charAt(i).match(/(.*[!,@,#,$,%,^,&,*,?,_,~])/)) { count.symbols += 1; }
+        const characters = [...password];
+        const length = characters.length;
+
+        for (let i = 0; i < length; i++) {
+            if (characters[i].match(/[A-Z]/g)) {
+                count.upperCase += 1;
+            } else if (characters[i].match(/[0-9]/g)) {
+                count.numbers += 1;
+            } else if (characters[i].match(/[^a-z]/)) {
+                // Count everything else that is not a lowercase letter as a symbol
+                count.symbols += 1;
+            }
         }
 
-        count.excess = password.length - minLength;
+        count.excess = length - minLength;
 
         if (count.upperCase && count.numbers && count.symbols) {
             weight.combo = 25;