feat: add password complexity validation

Passwords must now contain at least one uppercase letter, one lowercase letter, and one digit (in addition to the existing 10-char minimum). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-06 00:20:21 -05:00
parent 741938cf1f
commit 02e00963e1
2 changed files with 46 additions and 1 deletions
--- a/backend/app/schemas/user.py
+++ b/backend/app/schemas/user.py
@@ -1,7 +1,8 @@
 from datetime import datetime
 from typing import Literal, Optional
 from uuid import UUID
-from pydantic import BaseModel, EmailStr, Field
+import re
+from pydantic import BaseModel, EmailStr, Field, field_validator


 class UserBase(BaseModel):
@@ -13,6 +14,17 @@ class UserCreate(UserBase):
    password: str = Field(..., min_length=10, description="Password must be at least 10 characters")
    invite_code: Optional[str] = Field(None, description="Invite code for registration (required when invite system is enabled)")

+    @field_validator('password')
+    @classmethod
+    def password_complexity(cls, v: str) -> str:
+        if not re.search(r'[A-Z]', v):
+            raise ValueError('Password must contain at least one uppercase letter')
+        if not re.search(r'[a-z]', v):
+            raise ValueError('Password must contain at least one lowercase letter')
+        if not re.search(r'[0-9]', v):
+            raise ValueError('Password must contain at least one digit')
+        return v
+

 class UserUpdate(BaseModel):
    name: Optional[str] = Field(None, min_length=1, max_length=255)