add isStrongPassword method

README.md

@@ -150,6 +150,7 @@ Validator                               | Description
 **isSurrogatePair(str)**                | check if the string contains any surrogate pairs chars.
 **isUppercase(str)**                    | check if the string is uppercase.
 **isSlug**                              | Check if the string is of type slug. `Options` allow a single hyphen between string. e.g. [`cn-cn`, `cn-c-c`]
+**isStrongPassword(str [, options])**   | Check if a password is strong or not based on containing a lowercase letter, uppercase letter, number, symbol, as well as the number of uniqe characters and overall length.<br/><br/>Options:<br/>`score`: if true, will return the score calculated for the password rather than true/false.<br/>`strongThreshold`: overrides the default minimum score for a password to be considered strong.
 **isTaxID(str, locale)**                | Check if the given value is a valid Tax Identification    Number. Default locale is `en-US`
 **isURL(str [, options])**              | check if the string is an URL.<br/><br/>`options` is an object which defaults to `{ protocols: ['http','https','ftp'], require_tld: true, require_protocol: false, require_host: true, require_valid_protocol: true, allow_underscores: false, host_whitelist: false, host_blacklist: false, allow_trailing_dot: false, allow_protocol_relative_urls: false, disallow_auth: false }`.<br/><br/>require_protocol - if set as true isURL will return false if protocol is not present in the URL.<br/>require_valid_protocol - isURL will check if the URL's protocol is present in the protocols option.<br/>protocols - valid protocols can be modified with this option.<br/>require_host - if set as false isURL will not check if host is present in the URL.<br/>allow_protocol_relative_urls - if set as true protocol relative URLs will be allowed.
 **isUUID(str [, version])**             | check if the string is a UUID (version 3, 4 or 5).

src/index.js

@@ -114,6 +114,7 @@ import isWhitelisted from './lib/isWhitelisted';
 import normalizeEmail from './lib/normalizeEmail';
 
 import isSlug from './lib/isSlug';
+import isStrongPassword from './lib/isStrongPassword';
 
 const version = '13.0.0';
 
@@ -211,6 +212,7 @@ const validator = {
   normalizeEmail,
   toString,
   isSlug,
+  isStrongPassword,
   isTaxID,
   isDate,
 };

src/lib/isStrongPassword.js

@@ -0,0 +1,73 @@
+import assertString from './util/assertString';
+
+const upperCaseRegex = /^[A-Z]$/;
+const lowerCaseRegex = /^[a-z]$/;
+const numberRegex = /^[0-9]$/;
+const symbolRegex = /^[-#!$%^&*()_+|~=`{}\[\]:";'<>?,.\/ ]$/;
+
+/* Counts number of occurances of each char in a string
+ * could be moved to util/ ?
+*/
+function countFrom(str) {
+  let result = {};
+  Array.from(str).forEach((char) => {
+    let curVal = result[char];
+    if (curVal) {
+      result[char] += 1;
+    } else {
+      result[char] = 1;
+    }
+  });
+  return result;
+}
+
+/* Return information about a password */
+function analyzePassword(password) {
+  let charMap = countFrom(password);
+  let analysis = {
+    length: password.length,
+    uniqueChars: Object.keys(charMap).length,
+    uppercaseCount: 0,
+    lowercaseCount: 0,
+    numberCount: 0,
+    symbolCount: 0,
+  };
+  Object.keys(charMap).forEach((char) => {
+    if (upperCaseRegex.test(char)) {
+      analysis.uppercaseCount += charMap[char];
+    } else if (lowerCaseRegex.test(char)) {
+      analysis.lowercaseCount += charMap[char];
+    } else if (numberRegex.test(char)) {
+      analysis.numberCount += charMap[char];
+    } else if (symbolRegex.test(char)) {
+      analysis.symbolCount += charMap[char];
+    }
+  });
+  return analysis;
+}
+
+/* Scores passwords
+ * Optional Parameters for isStrongPassword:
+ * score           : if true, will return the calculated score rather than true/false
+ * strongThreshold : replace the default threshold for what score a strong password receives
+*/
+
+export default function isStrongPassword(password, score = false, strongThreshold = 50) {
+  assertString(password);
+  let analysis = analyzePassword(password);
+  let points = analysis.uniqueChars;
+  points += (analysis.length - analysis.uniqueChars) * 0.2;
+  if (analysis.lowercaseCount > 0) {
+    points += 10;
+  }
+  if (analysis.uppercaseCount > 0) {
+    points += 10;
+  }
+  if (analysis.numberCount > 0) {
+    points += 10;
+  }
+  if (analysis.symbolCount > 0) {
+    points += 10;
+  }
+  return score ? points : points >= strongThreshold;
+}

test/validators.js

@@ -8475,6 +8475,28 @@ describe('Validators', () => {
     });
   });
 
+  it('should validate strong passwords', () => {
+    test({
+      validator: 'isStrongPassword',
+      valid: [
+        '%2%k{7BsL"M%Kd6e',
+        'EXAMPLE of very long_password!',
+        'mxH_+2vs&54_+H3P',
+        '+&DxJ=X7-4L8jRCD',
+        'etV*p%Nr6w&H%FeF',
+      ],
+      invalid: [
+        '',
+        'password',
+        'hunter2',
+        'hello world',
+        'passw0rd',
+        'password!',
+        'PASSWORD!',
+      ],
+    });
+  });
+
   it('should validate base64URL', () => {
     test({
       validator: 'isBase64',