The Password Check Application is designed to enhance security by ensuring users set strong passwords. This is achieved by validating passwords against a set of configurable rules and checking if they have been compromised. The project includes a REST API for real-time password validation and a script for batch-validating existing passwords stored in a database.
- Business Requirements
- Functional Requirements
- Prerequisites
- Setup Instructions
- Running the Application
- Sample Output
- Notes
To prevent unauthorized access due to weak passwords, the system must:
- Validate passwords against predefined rules.
- Check if passwords have been previously compromised.
- Update password validity status in the database.
-
Password Validation API
- Endpoint to validate passwords against a set of rules.
- Responds with
204 No Contentif the password is valid. - Responds with
400 Bad Requestand error messages if the password is invalid. - Validation rules are defined in a separate configuration file.
-
Batch Validation Script
- Reads passwords from a MySQL database.
- Uses the Password Validation API to validate each password.
- Checks each password against a compromised password API.
- Updates the
validfield in the database based on the validation results.
- Node.js installed on the system.
- Docker running the compromised passwords API image (
amburi/compromised-passwords) athttp://localhost:8080. Refer: docker-image - MySQL database with connection details configured in the script.
Update the database connection details in index.js:
var dbCon = mysql.createConnection({
host: "localhost", // host
user: "root", // username
password: "", // password
database: "passwordDb", // database name
});Define password validation rules in configuration.json:
[
{
"rex": "^(?=.{5,}).*$",
"error": "Password length must be minimum 5 characters"
},
{
"rex": "\\d",
"error": "Password should have atleast one digit"
},
{
"rex": "^(?!.*(.)\\1{2}).*$",
"error": "Password should not have more than two repeating characters"
},
{
"rex": "^((?=.*[A-Z])|(?=.*[~@#$%^&*+=`|'{}<>:;!.,?\"_\\\/\\[\\]()-]+)).*$",
"error": "Password should have at least one upper-case character or alternatively one special character"
}
]- Navigate to the project folder.
- Install required dependencies:
npm install- Start the API server:
node endpoint.jsThe server will run at http://localhost:3000.
- Open a new terminal.
- Run the validation script:
node index.jsThis script will validate passwords based on the rules specified in configuration.json and check for compromised passwords.
Example output from the validation script:
-------
Password: AKp$
Error Message(s):
Password length must be minimum 5 characters and include at least one digit.
Password is compromised.
-------
Password: amhhy
Error Message(s):
Password should have at least one digit.
Password should have at least one upper-case character or one special character.
Password is not compromised.
-------
Password: a1g!7
Password is valid.
Password is not compromised.
The script updates the valid field in the passwords table to 1 for valid passwords and 0 for invalid passwords.
- Ensure the Docker container for the compromised passwords API is running at http://localhost:8080.
- Modify the database connection details as necessary.
This Password Check Application ensures enhanced security by validating passwords against configurable rules and checking for compromised passwords. By integrating this application, we can significantly reduce the risk of unauthorized access due to weak passwords.