From abe6ff074b22059d60dd497d3f4e24f51f88aeba Mon Sep 17 00:00:00 2001
From: Kyle Spearrin <kyle.spearrin@gmail.com>
Date: Mon, 3 Oct 2016 23:21:23 -0400
Subject: [PATCH] Password rules for registration and change.

---
 .../app/accounts/accountsRegisterController.js   | 13 +++++++++++++
 .../settings/settingsChangePasswordController.js | 16 +++++++++++++++-
 2 files changed, 28 insertions(+), 1 deletion(-)

diff --git a/src/Web/wwwroot/app/accounts/accountsRegisterController.js b/src/Web/wwwroot/app/accounts/accountsRegisterController.js
index dd48a964..3ba2860e 100644
--- a/src/Web/wwwroot/app/accounts/accountsRegisterController.js
+++ b/src/Web/wwwroot/app/accounts/accountsRegisterController.js
@@ -11,8 +11,21 @@ angular
 
         $scope.registerPromise = null;
         $scope.register = function (form) {
+            var error = false;
+
+            if ($scope.model.masterPassword.length < 8 || !/[a-z]/i.test($scope.model.masterPassword) ||
+                /^[a-zA-Z]*$/.test($scope.model.masterPassword)) {
+                validationService.addError(form, 'MasterPassword',
+                    'Master password must be at least 8 characters long and contain at least 1 letter and 1 number ' +
+                    'or special character.', true);
+                error = true;
+            }
             if ($scope.model.masterPassword !== $scope.model.confirmMasterPassword) {
                 validationService.addError(form, 'ConfirmMasterPassword', 'Master password confirmation does not match.', true);
+                error = true;
+            }
+
+            if (error) {
                 return;
             }
 
diff --git a/src/Web/wwwroot/app/settings/settingsChangePasswordController.js b/src/Web/wwwroot/app/settings/settingsChangePasswordController.js
index 82676442..7c2dd8bf 100644
--- a/src/Web/wwwroot/app/settings/settingsChangePasswordController.js
+++ b/src/Web/wwwroot/app/settings/settingsChangePasswordController.js
@@ -5,8 +5,22 @@
         cryptoService, authService, cipherService, validationService, $q, toastr, $analytics) {
         $analytics.eventTrack('settingsChangePasswordController', { category: 'Modal' });
         $scope.save = function (model, form) {
+            var error = false;
+
+            if ($scope.model.newMasterPassword.length < 8 || !/[a-z]/i.test($scope.model.newMasterPassword) ||
+                /^[a-zA-Z]*$/.test($scope.model.newMasterPassword)) {
+                validationService.addError(form, 'NewMasterPasswordHash',
+                    'Master password must be at least 8 characters long and contain at least 1 letter and 1 number ' +
+                    'or special character.', true);
+                error = true;
+            }
             if ($scope.model.newMasterPassword !== $scope.model.confirmNewMasterPassword) {
-                validationService.addError(form, 'ConfirmNewMasterPassword', 'New master password confirmation does not match.', true);
+                validationService.addError(form, 'ConfirmNewMasterPasswordHash',
+                    'New master password confirmation does not match.', true);
+                error = true;
+            }
+
+            if (error) {
                 return;
             }