Implement password validation fixes for Demo App

devondragon · claude · devondragon · commit 499f202722cd · 2025-10-26T12:49:16.000-06:00
This commit implements all required and optional password validation enhancements to work with the Spring User Framework 3.5.1-SNAPSHOT password validation fixes. ## Critical Fixes (Phase 1) - Fix password reset form action from /user/resetPassword to /user/savePassword - Add confirmPassword field name to match password input field - Update framework dependency to 3.5.1-SNAPSHOT ## Optional Improvements (Phase 2) - Update password field name from currentPassword to oldPassword for consistency with backend PasswordDto ## UX Enhancements (Phase 3) - Extract password strength meter to shared module (password-validation.js) - Refactor register.js to use shared password validation utilities - Add password strength meter to forgot-password-change form - Add password strength meter to update-password form - Add password requirements checklist to both forms ## Testing - All existing tests pass - Build successful ## Files Changed - src/main/resources/templates/user/forgot-password-change.html - src/main/resources/templates/user/update-password.html - src/main/resources/static/js/user/register.js - src/main/resources/static/js/user/reset-password.js - src/main/resources/static/js/user/update-password.js - src/main/resources/static/js/utils/password-validation.js (new) - build.gradle 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
diff --git a/build.gradle b/build.gradle
@@ -39,7 +39,7 @@ repositories {
 
 dependencies {
     // DigitalSanctuary Spring User Framework
-    implementation 'com.digitalsanctuary:ds-spring-user-framework:3.5.0'
+    implementation 'com.digitalsanctuary:ds-spring-user-framework:3.5.1-SNAPSHOT'
 
     // Spring Boot starters
     implementation 'org.springframework.boot:spring-boot-starter-actuator'
diff --git a/src/main/resources/static/js/user/register.js b/src/main/resources/static/js/user/register.js
@@ -6,6 +6,12 @@ import {
     hideError,
     clearErrors,
 } from "/js/shared.js";
+import {
+    calculateStrength,
+    updateStrengthBar,
+    initPasswordStrengthMeter,
+    initPasswordRequirements,
+} from "/js/utils/password-validation.js";
 
 document.addEventListener("DOMContentLoaded", () => {
     const form = document.querySelector("#registerForm");
@@ -31,33 +37,14 @@ document.addEventListener("DOMContentLoaded", () => {
         });
     });
 
-    // Toggle password requirements visibility
+    // Initialize password requirements visibility toggle
     const passwordRules = document.getElementById("password-requirements");
     const passwordError = document.querySelector("#passwordError");
-    if (passwordField && passwordRules) {
-        passwordField.addEventListener("focus", () => {
-            passwordRules.classList.remove("d-none");
-            // Hide the error while user is editing
-            passwordError.classList.add("d-none");
-        });
-
-        passwordField.addEventListener("blur", () => {
-            passwordRules.classList.add("d-none");
-        });
-    }
+    initPasswordRequirements(passwordField, passwordRules, passwordError);
 
-    // Password strength UI
-    passwordField.addEventListener("input", () => {
-        const passwordStrength = document.getElementById("password-strength");
-        const password = passwordField.value;
-        if (password) {
-            passwordStrength.classList.remove("d-none");
-            const score = calculateStrength(password);
-            updateStrengthBar(score, strengthLevel, strengthLabel);
-        } else {
-            passwordStrength.classList.add("d-none");
-        }
-    });
+    // Initialize password strength meter
+    const passwordStrength = document.getElementById("password-strength");
+    initPasswordStrengthMeter(passwordField, passwordStrength, strengthLevel, strengthLabel);
 });
 
 async function handleRegistration(event) {
@@ -160,29 +147,3 @@ async function handleRegistration(event) {
         return msg.toLowerCase().includes("password");
     }
 }
-
-function calculateStrength(password) {
-    let score = 0;
-    if (password.length >= 8) score++; // Rule 1: Length
-    if (/[A-Z]/.test(password)) score++; // Rule 2: Uppercase
-    if (/[a-z]/.test(password)) score++; // Rule 3: Lowercase
-    if (/[0-9]/.test(password)) score++; // Rule 4: Number
-    if (/[^A-Za-z0-9]/.test(password)) score++; // Rule 5: Special character
-    return score;
-}
-
-function updateStrengthBar(score, strengthLevel, strengthLabel) {
-    const levels = [
-        { width: "0%", color: "", label: "" },
-        { width: "20%", color: "bg-danger", label: "Very Weak" },
-        { width: "40%", color: "bg-warning", label: "Weak" },
-        { width: "60%", color: "bg-info", label: "Fair" },
-        { width: "80%", color: "bg-primary", label: "Strong" },
-        { width: "100%", color: "bg-success", label: "Very Strong" },
-    ];
-
-    const level = levels[score] || levels[0];
-    strengthLevel.style.width = level.width;
-    strengthLevel.className = `progress-bar ${level.color}`;
-    strengthLabel.textContent = `Password strength: ${level.label}`;
-}
diff --git a/src/main/resources/static/js/user/reset-password.js b/src/main/resources/static/js/user/reset-password.js
@@ -1,5 +1,9 @@
 // File: /js/user/reset-password.js
 import { showMessage, showError, clearErrors } from "/js/shared.js";
+import {
+    initPasswordStrengthMeter,
+    initPasswordRequirements,
+} from "/js/utils/password-validation.js";
 
 document.addEventListener("DOMContentLoaded", () => {
     const form = document.querySelector("#resetPasswordForm");
@@ -9,6 +13,17 @@ document.addEventListener("DOMContentLoaded", () => {
     const matchPasswordField = document.querySelector("#matchPassword");
     const matchPasswordError = document.querySelector("#matchPasswordError");
 
+    // Initialize password strength meter
+    const passwordStrength = document.getElementById("password-strength");
+    const strengthLevel = document.getElementById("strengthLevel");
+    const strengthLabel = document.getElementById("strengthLabel");
+    initPasswordStrengthMeter(passwordField, passwordStrength, strengthLevel, strengthLabel);
+
+    // Initialize password requirements visibility toggle
+    const passwordRules = document.getElementById("password-requirements");
+    const passwordError = document.querySelector("#passwordError");
+    initPasswordRequirements(passwordField, passwordRules, passwordError);
+
     form.addEventListener("submit", async (event) => {
         event.preventDefault();
         clearErrors();
diff --git a/src/main/resources/static/js/user/update-password.js b/src/main/resources/static/js/user/update-password.js
@@ -1,5 +1,9 @@
 // File: /js/user/update-password.js
 import { showMessage, showError, clearErrors } from "/js/shared.js";
+import {
+    initPasswordStrengthMeter,
+    initPasswordRequirements,
+} from "/js/utils/password-validation.js";
 
 document.addEventListener("DOMContentLoaded", () => {
     const form = document.querySelector("#updatePasswordForm");
@@ -9,6 +13,17 @@ document.addEventListener("DOMContentLoaded", () => {
     const confirmPasswordField = document.querySelector("#confirmPassword");
     const confirmPasswordError = document.querySelector("#confirmPasswordError");
 
+    // Initialize password strength meter for new password field
+    const passwordStrength = document.getElementById("password-strength");
+    const strengthLevel = document.getElementById("strengthLevel");
+    const strengthLabel = document.getElementById("strengthLabel");
+    initPasswordStrengthMeter(newPasswordField, passwordStrength, strengthLevel, strengthLabel);
+
+    // Initialize password requirements visibility toggle
+    const passwordRules = document.getElementById("password-requirements");
+    const newPasswordError = document.querySelector("#newPasswordError");
+    initPasswordRequirements(newPasswordField, passwordRules, newPasswordError);
+
     form.addEventListener("submit", async (event) => {
         event.preventDefault();
         clearErrors();
@@ -25,9 +40,8 @@ document.addEventListener("DOMContentLoaded", () => {
 
         // Prepare JSON payload
         const requestData = {
-            currentPassword: currentPassword,
+            oldPassword: currentPassword,
             newPassword: newPassword,
-            confirmPassword: confirmPassword,
         };
 
         try {
diff --git a/src/main/resources/static/js/utils/password-validation.js b/src/main/resources/static/js/utils/password-validation.js
@@ -0,0 +1,93 @@
+// File: /js/utils/password-validation.js
+/**
+ * Shared password strength calculation and UI update utilities.
+ * Used across registration, password reset, and password update forms.
+ */
+
+/**
+ * Calculate password strength score based on policy requirements.
+ * @param {string} password - The password to evaluate
+ * @returns {number} Score from 0-5 based on criteria met
+ */
+export function calculateStrength(password) {
+    let score = 0;
+    if (password.length >= 8) score++; // Rule 1: Length (min 8 chars)
+    if (/[A-Z]/.test(password)) score++; // Rule 2: Uppercase letter
+    if (/[a-z]/.test(password)) score++; // Rule 3: Lowercase letter
+    if (/[0-9]/.test(password)) score++; // Rule 4: Digit
+    if (/[^A-Za-z0-9]/.test(password)) score++; // Rule 5: Special character
+    return score;
+}
+
+/**
+ * Update the password strength progress bar and label.
+ * @param {number} score - Strength score (0-5)
+ * @param {HTMLElement} strengthLevel - Progress bar element
+ * @param {HTMLElement} strengthLabel - Label element for text
+ */
+export function updateStrengthBar(score, strengthLevel, strengthLabel) {
+    const levels = [
+        { width: "0%", color: "", label: "" },
+        { width: "20%", color: "bg-danger", label: "Very Weak" },
+        { width: "40%", color: "bg-warning", label: "Weak" },
+        { width: "60%", color: "bg-info", label: "Fair" },
+        { width: "80%", color: "bg-primary", label: "Strong" },
+        { width: "100%", color: "bg-success", label: "Very Strong" },
+    ];
+
+    const level = levels[score] || levels[0];
+    strengthLevel.style.width = level.width;
+    strengthLevel.className = `progress-bar ${level.color}`;
+    strengthLabel.textContent = `Password strength: ${level.label}`;
+}
+
+/**
+ * Initialize password strength meter on a password field.
+ * @param {HTMLElement} passwordField - The password input field
+ * @param {HTMLElement} strengthContainer - Container for the strength meter
+ * @param {HTMLElement} strengthLevel - Progress bar element
+ * @param {HTMLElement} strengthLabel - Label element
+ */
+export function initPasswordStrengthMeter(
+    passwordField,
+    strengthContainer,
+    strengthLevel,
+    strengthLabel
+) {
+    passwordField.addEventListener("input", () => {
+        const password = passwordField.value;
+        if (password) {
+            strengthContainer.classList.remove("d-none");
+            const score = calculateStrength(password);
+            updateStrengthBar(score, strengthLevel, strengthLabel);
+        } else {
+            strengthContainer.classList.add("d-none");
+        }
+    });
+}
+
+/**
+ * Initialize password requirements visibility toggle.
+ * Shows requirements on focus, hides on blur.
+ * @param {HTMLElement} passwordField - The password input field
+ * @param {HTMLElement} requirementsContainer - Requirements list container
+ * @param {HTMLElement} errorContainer - Error message container (optional)
+ */
+export function initPasswordRequirements(
+    passwordField,
+    requirementsContainer,
+    errorContainer = null
+) {
+    if (!passwordField || !requirementsContainer) return;
+
+    passwordField.addEventListener("focus", () => {
+        requirementsContainer.classList.remove("d-none");
+        if (errorContainer) {
+            errorContainer.classList.add("d-none");
+        }
+    });
+
+    passwordField.addEventListener("blur", () => {
+        requirementsContainer.classList.add("d-none");
+    });
+}
diff --git a/src/main/resources/templates/user/forgot-password-change.html b/src/main/resources/templates/user/forgot-password-change.html
@@ -22,15 +22,36 @@ <h1 th:utext="#{password.reset-your-password}">Reset Your Password</h1>
 						<div id="globalError" class="alert alert-danger d-none text-center" role="alert"></div>
 
 						<!-- Form -->
-						<form id="resetPasswordForm" th:action="@{/user/resetPassword}" method="POST">
+						<form id="resetPasswordForm" th:action="@{/user/savePassword}" method="POST">
 							<div class="mb-3">
 								<label for="password" class="form-label" th:utext="#{label.user.password}">New Password</label>
 								<input type="password" id="password" name="newPassword" class="form-control" required>
+								<!-- Password Strength display -->
+								<div id="password-strength" class="mt-1 d-none">
+									<div id="strengthBar" class="progress">
+										<div id="strengthLevel" class="progress-bar" role="progressbar"
+											style="width: 0%;"></div>
+									</div>
+									<small id="strengthLabel" class="text-muted">Password strength: </small>
+								</div>
+								<!-- Password requirements displayed on focus -->
+								<div id="password-requirements" class="form-text text-muted mt-1 d-none"
+									style="font-size: 0.875rem;">
+									<strong>Password must:</strong>
+									<ul class="mb-0 ps-3">
+										<li>Be at least <strong>8</strong> characters</li>
+										<li>Include at least <strong>1 uppercase</strong> letter (A–Z)</li>
+										<li>Include at least <strong>1 lowercase</strong> letter (a–z)</li>
+										<li>Include at least <strong>1 digit</strong> (0–9)</li>
+										<li>Include at least <strong>1 special</strong> character (~`!@#$%^&*()_-+={}[]|\:;"'&lt;&gt;,.?/)</li>
+									</ul>
+								</div>
+								<div id="passwordError" class="form-text text-danger d-none"></div>
 							</div>
 
 							<div class="mb-3">
 								<label for="matchPassword" class="form-label" th:utext="#{label.user.confirm-pass}">Confirm Password</label>
-								<input type="password" id="matchPassword" class="form-control" required>
+								<input type="password" id="matchPassword" name="confirmPassword" class="form-control" required>
 								<div id="matchPasswordError" class="form-text text-danger d-none"></div>
 							</div>
 
diff --git a/src/main/resources/templates/user/update-password.html b/src/main/resources/templates/user/update-password.html
@@ -34,6 +34,26 @@ <h1 th:utext="#{password.update-password}">Update Password</h1>
 								<label for="newPassword" class="col-sm-4 col-form-label" th:utext="#{label.user.new-password}">New Password</label>
 								<div class="col-sm-8">
 									<input type="password" id="newPassword" name="newPassword" class="form-control" required>
+									<!-- Password Strength display -->
+									<div id="password-strength" class="mt-1 d-none">
+										<div id="strengthBar" class="progress">
+											<div id="strengthLevel" class="progress-bar" role="progressbar"
+												style="width: 0%;"></div>
+										</div>
+										<small id="strengthLabel" class="text-muted">Password strength: </small>
+									</div>
+									<!-- Password requirements displayed on focus -->
+									<div id="password-requirements" class="form-text text-muted mt-1 d-none"
+										style="font-size: 0.875rem;">
+										<strong>Password must:</strong>
+										<ul class="mb-0 ps-3">
+											<li>Be at least <strong>8</strong> characters</li>
+											<li>Include at least <strong>1 uppercase</strong> letter (A–Z)</li>
+											<li>Include at least <strong>1 lowercase</strong> letter (a–z)</li>
+											<li>Include at least <strong>1 digit</strong> (0–9)</li>
+											<li>Include at least <strong>1 special</strong> character (~`!@#$%^&*()_-+={}[]|\:;"'&lt;&gt;,.?/)</li>
+										</ul>
+									</div>
 									<div id="newPasswordError" class="form-text text-danger d-none"></div>
 								</div>
 							</div>
