https://github.com/havardt/passwordvalidator

A .NET standard library for advanced password validation.
https://github.com/havardt/passwordvalidator

csharp easy-to-use library password password-validation password-validator validator

Last synced: about 1 year ago
JSON representation

A .NET standard library for advanced password validation.

• Host: GitHub
• URL: https://github.com/havardt/passwordvalidator
• Owner: havardt
• License: mit
• Created: 2019-03-02T14:58:27.000Z (over 7 years ago)
• Default Branch: master
• Last Pushed: 2024-05-24T19:35:42.000Z (about 2 years ago)
• Last Synced: 2024-12-05T02:15:57.362Z (over 1 year ago)
• Topics: csharp, easy-to-use, library, password, password-validation, password-validator, validator
• Language: C#
• Homepage:
• Size: 88.9 KB
• Stars: 10
• Watchers: 2
• Forks: 2
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • Contributing: .github/CONTRIBUTING.md
  • License: LICENSE.md
  • Code of conduct: .github/CODE_OF_CONDUCT.md

Awesome Lists containing this project

README

          
> **Warning**    

> This package has been deprecated as it is no longer maintained.

# PasswordValidator      

[![NuGet version (EzPasswordValidator)](https://img.shields.io/nuget/v/EzPasswordValidator.svg)](https://www.nuget.org/packages/EzPasswordValidator/)

[![Downloads](https://img.shields.io/nuget/dt/EzPasswordValidator)](https://www.nuget.org/packages/EzPasswordValidator/)

[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)    

A .NET standard library for easy password validation.

This library defines 11 predefined checks and an easy way to implement custom checks.     

## :scroll: Table of contents :scroll:

* [Predefined checks](#Checks)

* [Install](#Install)

* [Usage](#Usage)

* [How to contribute](#Contribute)

* [License info](#License)

## Checks

There are 11 predfined checks each representing a password criteria. Each check type is defined as a bit flag. A combination of checks can thus be simply refrenced using a single integer. All predefined check types are defined [here.](source/EzPasswordValidator/Checks/CheckTypes.cs)

> **NIST Special Publication [800-63B](https://pages.nist.gov/800-63-3/sp800-63b.html#AAL_SEC5)**              

> The following are the key takeaways from these guidelines:

> - SHALL ensure that passwords are at least 8 characters in length and MAY all be numeric.

> - SHALL permit passwords at least 64 characters in length.

> - SHALL disallow passwords that appear on a blacklist of commonly-used or compromised values.

> - SHOULD not enforce any other constraints.    

>

#### Length check (CheckTypes.Length)

Checks if the given password is equal to or longer than the required minimum length

and equal to or shorter than the maximum allowed length.     

```

Default minimum length: 8     

Default maximum length: 128

```

Changing length bounds example:

```C#

validator.MinLength = 10;

validator.MaxLength = 256;

//OR

validator.SetLengthBounds(10, 256);

```

#### Check for numbers (CheckTypes.Numbers)

Checks that the password contains at least one digit.

#### Check for letters (CheckTypes.Letters)

Checks that the password contains at least one letter. This check supports multiple alphabets. For more information about how we classify a letter see [this](https://docs.microsoft.com/en-us/dotnet/api/system.char.isletter?view=netframework-4.8#remarks) refrence.

#### Check for symbols (CheckTypes.Symbols)

Checks that the password contains at least one symbol.

#### Case check (CheckTypes.CaseUpperLower)

Checks that the password contains at least one upper- and lower-case letter. This check supports multiple alphabets. For more information about how we classify a letter see [this](https://docs.microsoft.com/en-us/dotnet/api/system.char.isletter?view=netframework-4.8#remarks) refrence.

#### Check for number sequences (CheckTypes.NumberSequence)

Checks if the password contains a number series/sequence equal to or longer than the set length. This length can be updated by setting the          ```EzPasswordValidator.Validators.PasswordValidator.NumberSequenceLength``` property (from v2.0.0). By default this has the following values: 

Default number sequence length (version < 2.0.0): 3     

Default number sequence length (version >= 2.0.0): 4    

Both increasing sequences and decreasing sequences are checked.

```

Example number sequence: 12345  or  987654321

```

#### Check for number repetition (CheckTypes.NumberRepetition)  

 This type has been replaced with digit repetition from v2.0.0  

Checks if the password contains number repetition equal to or longer than 3 in a row.

```

Example number repetition: 444  or  222

```

#### Check for digit repetition (CheckTypes.DigitRepetition) - New in v2.0.0

Checks if the password contains digit repetition equal to or longer than the set length. This length can be updated by setting the          ```EzPasswordValidator.Validators.PasswordValidator.DigitRepetitionLength``` property. By default this has the following values: 

   

Default digit repetition length: 4    

```

Example digit repetition: 4444  or  2222

```

#### Check for number location (CheckTypes.NumberMixed)

Checks that the password does not only have numbers in the front and/or end of the password. To pass this check the password must have a non-digit character before and after a digit character, only one digit must match this pattern.

```

Example invalid password: 2password   |  password2

Example valid   password: 2pass9word  |  p6ssword

```

#### Check for letter sequences (CheckTypes.LetterSequence)

Checks if the password contains an alphabetical letter sequence consisting of a set amount of letters or more. This length can be updated by setting the  ```EzPasswordValidator.Validators.PasswordValidator.LetterSequenceLength``` property (from v2.0.0). By default this has the following values: 

   

Default letter sequence length: 4    

Note: this check currently only supports ISO basic latin alphabet (A-Z a-z).

```

Example letter sequence: abcd or bcde

```

For versions prior to v2.0.0 two three letter sequences where also checked for: ```abc``` and ```xyz```.

 

#### Check for letter repetition (CheckTypes.LetterRepetition)

Checks if the password contains letter repetition of a set length or longer. This length can be updated by setting the  ```EzPasswordValidator.Validators.PasswordValidator.LetterRepetitionLength``` property (from v2.0.0). Prior to v2.0.0 this check had hardcoded a repetition of 3 or more letters.

Note:    

- This check supports multiple alphabets. For more information about how we classify a letter see [this](https://docs.microsoft.com/en-us/dotnet/api/system.char.isletter?view=netframework-4.8#remarks) refrence.    

- This check is not case sensitive meaning 'aAA' and 'aaa' are both classified as letter repetition of length 3.   

```

Example letter repetition: aAAA  or  bbbb

```

#### Check for symbol repetition (CheckTypes.SymbolRepetition)

Checks if the password contains symbol repetition of a set length or longer. This length can be updated by setting the  ```EzPasswordValidator.Validators.PasswordValidator.SymbolRepetitionLength``` property (from v2.0.0). Prior to v2.0.0 this check had hardcoded a repetition of exactly 3 symbols.

For more information about how we classify a letter see [this](https://docs.microsoft.com/en-us/dotnet/api/system.char.issymbol?view=netframework-4.8#remarks) refrence.  

```

Example symbol repetiton of length 4: ////  or  @@@@

```

## Install

There are three main ways to install EzPasswordValidator:

- [NuGet](https://www.nuget.org/packages/EzPasswordValidator/) (Recommended)

- Download .dll from [releases](https://github.com/havardt/EzPasswordValidator/releases)

- Manually build .dll from source

## Usage

First create a validator. The constructor is overloaded and can take ```CheckTypes```.

```C#

var validator = new PasswordValidator(CheckTypes.Letters | CheckTypes.Numbers | CheckTypes.Length);

```

This example shows the creation of a validator that checks that a password contains letters, numbers and is within the set length bounds(default length bounds, since it is not explicitly set).

#### Validate

The ```Validate``` method runs through all the set checks and returns ```true``` if the password is valid according to the set criteria and ```false``` otherwise.

```C#

bool isValid = validator.Validate(password);

```

Partial criteria matching     

Partial criteria matching is a feature that allows a password to be validated even if only a subset of the checks pass. For example, if you add the check for letters, the check for numbers, and the check for upper and lower case, then you can pass a value of 2 to the validator indicating that the password is only required to pass two of these three checks. A password with letters and numbers, but no upper case is then still valid. You can also provide a value between 0 and 1 representing the % of checks that must pass.

```C#

bool isValid = validator.Validate(password, 2); // Two tests must pass for the password to be valid.

bool isValid = validator.Validate(password, 0.5); // 50% of the tests must pass for the password to be valid.

```

Failed checks     

One can iterate over the checks that failed by doing the following:

```C#

foreach (Check failedCheck in validator.FailedChecks)

{

    

}

```

Passed checks     

One can iterate over the checks that passed by doing the following:

```C#

foreach (Check passedCheck in validator.PassedChecks)

{

    

}

```

#### Add checks

Add single predefined check

```C#

 validator.AddCheck(CheckTypes.LetterSequence);

```

Add custom check


Custom checks can be added in two ways:

1. Anonymous method

2. Create a class that inherits EzPasswordValidator.Checks.CustomCheck

```C#

validator.AddCheck(nameof(MyCustomCheck), MyCustomCheck);

//or

validator.AddCheck("MyCustomCheckTag", psw => psw.Length > 8);

```

Add multiple checks

Multiple checks can be added at once as the ```CheckTypes``` are bit flags. See [CheckTypes](source/EzPasswordValidator/Checks/CheckTypes.cs) for a reference.

Add multiple checks by using bitwise OR:

```C#

 validator.AddCheck(CheckTypes.NumberSequence | CheckTypes.LetterSequenceCheck);

```

This adds both the number sequence check and the letter sequence check.

Add multiple checks by using a integer value:

```C#

 validator.AddCheck(288);

```

Here the number sequence (binary: 100000) and letter sequence (binary: 100000000) checks are added as the combined binary value is ‭100100000‬ which is the same as 288 in base 10.

There are also two predefined combinations: basic and advanced.

Basic contains length check, numbers check, letters check, symbols check, and upper-lower-case check.

Advanced contains all checks. These can be added by doing either of the following:

```C#

 validator.AddCheck(CheckTypes.Basic);

 validator.AddCheck(CheckTypes.Advanced);

```

#### Remove checks

```C#

validator.RemoveCheck(CheckTypes.Symbols);

validator.RemoveCheck(1); // 1 represents the length check

validator.RemoveCheck("MyCustomCheckTag"); // Removes the custom check with the given tag

```

## Contribute

We welcome all contributions, please see the [contribution guidelines](.github/CONTRIBUTING.md).

## License

This project is licensed under the MIT License - see [LICENSE.md](LICENSE.md) for details.