Like what we’re doing? Star us on GitHub!

Password validation

KokutseDJ
5 months ago
16

Hello, I hope you’re having a fantastic day. Is there any way to access the password field for custom validation purposes ?

  • jmikrut
    Payload Team
    5 months ago

    Yes! You can pass in your own password field directly into your auth-enabled config, and whatever you define on it (including custom validate function) will be merged into the default password field



    just make sure you have it named appropriately



    hmm wait i may have spoken too soon. that works for any other field

    besides

    password



    it looks like right now this is not possible, but it would be a great feature to add



    and a simple PR to make if you were interested in contributing



    I could help document the work necessary to implement it and then you could make it happen if you were up for it. Otherwise we can get to it at some point - just not sure when

  • KokutseDJ
    5 months ago

    Thanks for the response, I really appreciate the work you guys are doing here. Whenever you have the time please do document the work necessary. I will be happy to help implement it.

  • KasparTr
    3 months ago

    Hi, is there any update on this topic?


    Is it possible to enforce password strength without creating custom auth strategy?

  • jmikrut
    Payload Team
    3 months ago

    I will add this as a feature request right now and tag it on the roadmap



    https://github.com/payloadcms/payload/discussions/1713
  • DU DA
    last week

    Are there any news to this topic? I need to validate my password (min. length, has to include at least one number, one special character,...)

  • Jarrod
    Payload Team
    last week

    In the meantime you could validate the password field with a beforeValidate hook on the collection. Throw an error if it does not meet your requirements

  • KasparTr
    last week

    How can one access password field of the document in the Collection hook?

  • Jarrod
    Payload Team
    last week

    If the operation is create or update it will live on

    data
  • DU DA
    last week

    We created a workaround:



    hooks: { beforeOperation: [ ({args, operation}) => { if ((operation == 'update' || operation == 'create') && args?.data.password) { const {password} = args?.data const passwordLength = 18 // check if the password is at least X chars long and contains 3 of 4 conditions: // lowercase / uppercase / digit / sepcial character const regexString =

    ^((?=.

    [a-z])(?=.

    [A-Z])(?=.

    \d)|(?=.

    [a-z])(?=.

    \d)(?=.

    [\W

    ])|(?=.[a-z])(?=.[A-Z])(?=.*[\W

    ])|(?=.

    [A-Z])(?=.

    \d)(?=.*[\W_])).{${passwordLength},}$

    const regex = new RegExp(regexString) const isValid = regex.test(password) if (!isValid) { throw new APIError('Error Message', httpStatus.BAD_REQUEST) } } return args }, ], },
  • Jarrod
    Payload Team
    last week

    Yes exactly ⬆️

Open the post
Continue the discussion in Discord
Can't find what you're looking for?
Get help straight from the Payload team with an Enterprise License.Learn More