fix: increase max password length to 64 and improve validation error message (#3713)

Author: NathanDrake007

api/v1/server/handlers/users/update_login.go

@@ -27,7 +27,9 @@ func (u *UserService) UserUpdateLogin(ctx echo.Context, request gen.UserUpdateLo
 	if apiErrors, err := u.config.Validator.ValidateAPI(request.Body); err != nil {
 		return nil, err
 	} else if apiErrors != nil {
-		return gen.UserUpdateLogin400JSONResponse(*apiErrors), nil
+		return gen.UserUpdateLogin400JSONResponse(
+			apierrors.NewAPIErrors(ErrInvalidCredentials),
+		), nil
 	}
 
 	if err := u.checkUserRestrictionsForEmail(u.config, string(request.Body.Email)); err != nil {

frontend/app/src/pages/auth/register/components/user-register-form.tsx

@@ -11,7 +11,13 @@ import { z } from 'zod';
 const schema = z.object({
   name: z.string().min(3, 'Name must be at least 3 characters long'),
   email: z.string().email('Invalid email address'),
-  password: z.string().min(8, 'Password must be at least 8 characters long'),
+  password: z
+    .string()
+    .min(8, 'Password must be at least 8 characters long')
+    .max(64, 'Password must be at most 64 characters long')
+    .regex(/[A-Z]/, 'Password must contain at least one uppercase letter')
+    .regex(/[a-z]/, 'Password must contain at least one lowercase letter')
+    .regex(/[0-9]/, 'Password must contain at least one number'),
 });
 
 type SubmitType = z.infer<typeof schema>;

pkg/validator/default.go

@@ -15,7 +15,7 @@ import (
 
 const (
 	EmailErr       = "Invalid email address"
-	PasswordErr    = "Invalid password. Passwords must be at least 8 characters in length, contain an upper and lowercase letter, and contain at least one number."
+	PasswordErr    = "Invalid password. Passwords must be between 8 and 64 characters in length, contain an upper and lowercase letter, and contain at least one number."
 	UUIDErr        = "Invalid UUID reference"
 	HatchetNameErr = "Hatchet names must match the regex ^[a-zA-Z0-9\\.\\-_]+$"
 	ActionIDErr    = "Invalid action ID. Action IDs must be in the format <integrationId>:<verb>"

pkg/validator/validator.go

@@ -104,7 +104,7 @@ func passwordValidation(pw string) bool {
 		}
 	}
 
-	return hasNumber && hasUpper && hasLower && pwLen >= 8 && pwLen <= 32
+	return hasNumber && hasUpper && hasLower && pwLen >= 8 && pwLen <= 64
 }
 
 func IsValidUUID(u string) bool {

pkg/validator/validator_test.go

@@ -12,70 +12,151 @@ type nameResource struct {
 	DisplayName string `validate:"hatchetName"`
 }
 
-func TestValidatorInvalidName(t *testing.T) {
-	v := newValidator()
-
-	err := v.Struct(&nameResource{
-		DisplayName: "&&!!",
-	})
-
-	assert.ErrorContains(t, err, "validation for 'DisplayName' failed on the 'hatchetName' tag", "should throw error on invalid name")
-}
+func TestValidatorName(t *testing.T) {
+	tests := []struct {
+		name       string
+		input      string
+		wantErrTag string
+	}{
+		{
+			name:  "valid name",
+			input: "test-name",
+		},
+		{
+			name:       "invalid name with special characters",
+			input:      "&&!!",
+			wantErrTag: "hatchetName",
+		},
+	}
 
-func TestValidatorValidName(t *testing.T) {
 	v := newValidator()
 
-	err := v.Struct(&nameResource{
-		DisplayName: "test-name",
-	})
-
-	assert.NoError(t, err, "no error")
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			err := v.Struct(&nameResource{DisplayName: tt.input})
+			if tt.wantErrTag != "" {
+				assert.ErrorContains(t, err, "validation for 'DisplayName' failed on the '"+tt.wantErrTag+"' tag")
+			} else {
+				assert.NoError(t, err)
+			}
+		})
+	}
 }
 
 type cronResource struct {
 	Cron string `validate:"cron"`
 }
 
-func TestValidatorValidCron(t *testing.T) {
+func TestValidatorCron(t *testing.T) {
+	tests := []struct {
+		name       string
+		input      string
+		wantErrTag string
+	}{
+		{
+			name:  "valid cron expression",
+			input: "*/5 * * * *",
+		},
+		{
+			name:       "invalid cron expression (missing field)",
+			input:      "*/5 * * *",
+			wantErrTag: "cron",
+		},
+	}
+
 	v := newValidator()
 
-	err := v.Struct(&cronResource{
-		Cron: "*/5 * * * *",
-	})
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			err := v.Struct(&cronResource{Cron: tt.input})
+			if tt.wantErrTag != "" {
+				assert.ErrorContains(t, err, "validation for 'Cron' failed on the '"+tt.wantErrTag+"' tag")
+			} else {
+				assert.NoError(t, err)
+			}
+		})
+	}
+}
 
-	assert.NoError(t, err, "no error")
+type durationResource struct {
+	Duration string `validate:"duration"`
 }
 
-func TestValidatorInvalidCron(t *testing.T) {
-	v := newValidator()
+func TestValidatorDuration(t *testing.T) {
+	tests := []struct {
+		name       string
+		input      string
+		wantErrTag string
+	}{
+		{
+			name:  "valid duration",
+			input: "5s",
+		},
+		{
+			name:       "invalid duration (missing unit)",
+			input:      "5",
+			wantErrTag: "duration",
+		},
+	}
 
-	err := v.Struct(&cronResource{
-		Cron: "*/5 * * *",
-	})
+	v := newValidator()
 
-	assert.ErrorContains(t, err, "validation for 'Cron' failed on the 'cron' tag", "should throw error on invalid cron")
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			err := v.Struct(&durationResource{Duration: tt.input})
+			if tt.wantErrTag != "" {
+				assert.ErrorContains(t, err, "validation for 'Duration' failed on the '"+tt.wantErrTag+"' tag")
+			} else {
+				assert.NoError(t, err)
+			}
+		})
+	}
 }
 
-func TestValidatorValidDuration(t *testing.T) {
-	v := newValidator()
+type passwordResource struct {
+	Password string `validate:"password"`
+}
 
-	err := v.Struct(&struct {
-		Duration string `validate:"duration"`
+func TestValidatorPassword(t *testing.T) {
+	tests := []struct {
+		name       string
+		input      string
+		wantErrTag string
 	}{
-		Duration: "5s",
-	})
+		{
+			name:  "valid password",
+			input: "ValidPass1",
+		},
+		{
+			name:       "too short (under 8 characters)",
+			input:      "Short1",
+			wantErrTag: "password",
+		},
+		{
+			name:  "valid password between 32 and 64 characters",
+			input: "ThisPasswordIsLongerThan32CharsButValid1A123456789012",
+		},
+		{
+			name:  "valid password at exactly 64 characters",
+			input: "ValidPassword1AValidPassword1AValidPassword1AValidPassword1A1234",
+		},
+		{
+			name:       "too long (over 64 characters)",
+			input:      "ValidPassword1AValidPassword1AValidPassword1AValidPassword1A12345",
+			wantErrTag: "password",
+		},
+	}
 
-	assert.NoError(t, err, "no error")
-}
-
-func TestValidatorInvalidDuration(t *testing.T) {
 	v := newValidator()
 
-	err := v.Struct(&struct {
-		Duration string `validate:"duration"`
-	}{
-		Duration: "5",
-	})
-
-	assert.ErrorContains(t, err, "validation for 'Duration' failed on the 'duration' tag", "should throw error on invalid duration")
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			err := v.Struct(&passwordResource{Password: tt.input})
+			if tt.wantErrTag != "" {
+				assert.ErrorContains(t, err, "validation for 'Password' failed on the '"+tt.wantErrTag+"' tag")
+			} else {
+				assert.NoError(t, err)
+			}
+		})
+	}
 }