Merge pull request #3484 from benjiwheeler/join-flow-count-unicode

count unicode characters as single characters

src/lib/validate.js

@@ -57,7 +57,15 @@ module.exports.validateUsernameRemotely = username => (
 module.exports.validatePassword = (password, username) => {
     if (!password) {
         return {valid: false, errMsgId: 'general.required'};
-    } else if (password.length < 6) {
+    // Using Array.from(string).length, instead of string.length, improves unicode
+    // character counting for a subset of unicode characters, so that they are counted
+    // as single characters by js.
+    // However, this only helps with a subset of unicode. Characters combinations,
+    // including diacritical marks or skintone/gender variations, will still appear
+    // to be multiple characters. See discussions:
+    // https://blog.jonnew.com/posts/poo-dot-length-equals-two
+    // https://stackoverflow.com/a/54370584/2308190
+    } else if (Array.from(password).length < 6) {
         return {valid: false, errMsgId: 'registration.validationPasswordLength'};
     } else if (password === 'password') {
         return {valid: false, errMsgId: 'registration.validationPasswordNotEquals'};

test/unit/lib/validate.test.js

@@ -52,21 +52,38 @@ describe('unit test lib/validate.js', () => {
         expect(response).toEqual({valid: false, errMsgId: 'registration.validationUsernameRegexp'});
     });
 
-    test('validate password', () => {
+    test('validate password existence', () => {
         let response;
         expect(typeof validate.validatePassword).toBe('function');
         response = validate.validatePassword('abcdef');
         expect(response).toEqual({valid: true});
-        response = validate.validatePassword('abcdefghijklmnopqrst');
-        expect(response).toEqual({valid: true});
-        response = validate.validatePassword('passwo');
-        expect(response).toEqual({valid: true});
         response = validate.validatePassword('');
         expect(response).toEqual({valid: false, errMsgId: 'general.required'});
+    });
+
+    test('validate password length', () => {
+        let response;
+        response = validate.validatePassword('abcdefghijklmnopqrst');
+        expect(response).toEqual({valid: true});
         response = validate.validatePassword('abcde');
         expect(response).toEqual({valid: false, errMsgId: 'registration.validationPasswordLength'});
-        response = validate.validatePassword('password');
+        response = validate.validatePassword('😺');
+        expect(response).toEqual({valid: false, errMsgId: 'registration.validationPasswordLength'});
+        response = validate.validatePassword('😺🦆🐝');
+        expect(response).toEqual({valid: false, errMsgId: 'registration.validationPasswordLength'});
+        response = validate.validatePassword('😺🦆🐝🐮🐠');
+        expect(response).toEqual({valid: false, errMsgId: 'registration.validationPasswordLength'});
+        response = validate.validatePassword('😺🦆🐝🐮🐠🐻');
+        expect(response).toEqual({valid: true});
+    });
+
+    test('validate password cannot be "password"', () => {
+        const response = validate.validatePassword('password');
         expect(response).toEqual({valid: false, errMsgId: 'registration.validationPasswordNotEquals'});
+    });
+
+    test('validate password cannot be same as username', () => {
+        let response;
         response = validate.validatePassword('abcdefg', 'abcdefg');
         expect(response).toEqual({valid: false, errMsgId: 'registration.validationPasswordNotUsername'});
         response = validate.validatePassword('abcdefg', 'abcdefG');