add validatePassword option for custom password validation

Fixes #31

Author: SpaceK33z

README.md

@@ -253,6 +253,16 @@ graphqlAuthentication: graphqlAuthenticationConfig({
 });
 ```
 
+## Custom password validation
+
+The users password is validated with `password.length >= 8` by default. Maybe you want stricter or less stricter validation on this. You will need to pass this option to change it:
+
+```js
+graphqlAuthentication: graphqlAuthenticationConfig({
+  validatePassword: value => value.length >= 10
+});
+```
+
 ## Writing an adapter
 
 An adapter sits between GraphQL Authentication and your own ORM/database thingy. If you are using Prisma, there is already [graphql-authentication-prisma](https://github.com/Volst/graphql-authentication/tree/master/packages/graphql-authentication-prisma) for you.

packages/graphql-authentication/src/Config.ts

@@ -14,13 +14,15 @@ export interface IGraphqlAuthenticationConfig {
     user: User
   ) => Promise<any>;
   adapter: GraphqlAuthenticationAdapter;
+  validatePassword?: (value: string) => boolean;
 }
 
 export function graphqlAuthenticationConfig(
   options: IGraphqlAuthenticationConfig
 ) {
   const defaults = {
-    requiredConfirmedEmailForLogin: false
+    requiredConfirmedEmailForLogin: false,
+    validatePassword: value => value.length >= 8
   };
   if (!options.adapter) {
     throw new Error(

packages/graphql-authentication/src/__tests__/mutations.ts

@@ -29,10 +29,10 @@ test('signup - with existent user', async () => {
 
   try {
     await req.request(`mutation {
-    signup(data: {name: "Kees", email: "[email protected]", password: "testtest2"}) {
-      token
-    }
-  }`);
+      signup(data: {name: "Kees", email: "[email protected]", password: "testtest2"}) {
+        token
+      }
+    }`);
   } catch (e) {
     expect(String(e)).toMatch(/User already exists with this email/);
   }
@@ -44,10 +44,33 @@ test('signup - with weak password', async () => {
 
   try {
     await req.request(`mutation {
-    signup(data: {name: "Roger", email: "[email protected]", password: "test"}) {
-      token
-    }
-  }`);
+      signup(data: {name: "Roger", email: "[email protected]", password: "test"}) {
+        token
+      }
+    }`);
+  } catch (e) {
+    expect(String(e)).toMatch(/Password is too short/);
+  }
+});
+
+test('signup - with custom password validation', async () => {
+  expect.assertions(1);
+  const req = client(
+    await startServer({
+      graphqlAuthentication: {
+        validatePassword: value => {
+          return value.length > 400;
+        }
+      }
+    })
+  );
+
+  try {
+    await req.request(`mutation {
+      signup(data: {name: "Roger", email: "[email protected]", password: "testtest2"}) {
+        token
+      }
+    }`);
   } catch (e) {
     expect(String(e)).toMatch(/Password is too short/);
   }

packages/graphql-authentication/src/__tests__/setup.ts

@@ -87,7 +87,7 @@ const AUTH_KEY =
   'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiIyIiwiaWF0IjoxNTI5MjUxNjQ4fQ.Tw4a0CI3r_8GmyuO1v2aMonrQtKV9QFYnXoxQz0cyRQ';
 
 let http: any;
-export async function startServer() {
+export async function startServer(options: any = {}) {
   if (http) {
     await http.close();
   }
@@ -106,7 +106,8 @@ export async function startServer() {
       ...req,
       graphqlAuthentication: graphqlAuthenticationConfig({
         secret: 'wherearemyshoes',
-        adapter
+        adapter,
+        ...options.graphqlAuthentication
       })
     })
   });

packages/graphql-authentication/src/mutations.ts

@@ -29,8 +29,8 @@ function generateToken(user: User, ctx: Context) {
   return jwt.sign({ userId: user.id }, ctx.graphqlAuthentication.secret);
 }
 
-function validatePassword(value: string) {
-  if (value.length <= 8) {
+function validatePassword(ctx: Context, value: string) {
+  if (!ctx.graphqlAuthentication.validatePassword!(value)) {
     throw new PasswordTooShortError();
   }
 }
@@ -62,7 +62,7 @@ export const mutations = {
       throw new InvalidInviteTokenError();
     }
 
-    validatePassword(data.password);
+    validatePassword(ctx, data.password);
     const hashedPassword = await getHashedPassword(data.password);
 
     const updatedUser = await ctx.graphqlAuthentication.adapter.updateUserCompleteInvite(
@@ -94,7 +94,7 @@ export const mutations = {
       throw new UserEmailExistsError();
     }
 
-    validatePassword(data.password);
+    validatePassword(ctx, data.password);
     const hashedPassword = await getHashedPassword(data.password);
     const emailConfirmToken = uuid();
 
@@ -221,7 +221,7 @@ export const mutations = {
       throw new InvalidOldPasswordError();
     }
 
-    validatePassword(newPassword);
+    validatePassword(ctx, newPassword);
     const password = await getHashedPassword(newPassword);
 
     const newUser = await ctx.graphqlAuthentication.adapter.updateUserPassword(
@@ -379,7 +379,7 @@ export const mutations = {
       throw new ResetTokenExpiredError();
     }
 
-    validatePassword(password);
+    validatePassword(ctx, password);
     const hashedPassword = await getHashedPassword(password);
 
     await ctx.graphqlAuthentication.adapter.updateUserResetToken(ctx, user.id, {