I’m surprised I haven’t seen this question or any way to do this yet. We have some password strength / complexity requirements we need to meet. I see the Valid username regex, but is there a password regex or validation function somewhere that I’m missing? If not, is there a recommended best approach to accomplish this?
You can override the Validator for the Service by inheriting it and adding your own additional validation rules as done in the Validation Configure.Auth.cs:
// Custom Validator to add custom validators to built-in /register Service requiring DisplayName and ConfirmPassword
public class CustomRegistrationValidator : RegistrationValidator
{
public CustomRegistrationValidator()
{
RuleSet(ApplyTo.Post, () =>
{
RuleFor(x => x.DisplayName).NotEmpty();
RuleFor(x => x.ConfirmPassword).NotEmpty();
});
}
}
And register in your AppHost with:
// override the default registration validation with your own custom implementation
appHost.RegisterAs<CustomRegistrationValidator, IValidator<Register>>();
Otherwise both the AuthenticateService and the RegisterService have a static ValidateFn where you can add your own custom validation function, e.g:
Plugins.Add(new RegistrationFeature {
ValidateFn = (service, httpMethod, requestDto) => {
var register = (Register)requestDto;
if (!MyIsValid(register.Password))
throw new ArgumentException("Invalid Password", nameof(register.Password));
return null;
}
});