Skip to content

fix: leading and trailing spaces issue while password matching #101

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix: leading and trailing spaces issue while password matching #101

wants to merge 1 commit into from

Conversation

@jajjibhai008
Copy link
Contributor

@jajjibhai008 jajjibhai008 commented Nov 12, 2025
edited by atlassian bot
Loading

Description##

JIRA -> ENT-11132

Screenshot 2025-11-12 at 4 47 20 PM

Copilot AI review requested due to automatic review settings November 12, 2025 11:50
Copilot finished reviewing on behalf of jajjibhai008 November 12, 2025 11:52
Copilot AI reviewed Nov 12, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR addresses password validation issues by adding .trim() to password and confirmPassword fields to handle leading and trailing whitespace. However, there are critical security and validation concerns with this approach.

Key Changes:

  • Added .trim() method to password and confirmPassword validation in the registration schema
  • Added comprehensive test coverage for whitespace handling in password fields
  • Tests verify trimming behavior, internal space preservation, and edge cases

Reviewed Changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File Description
src/constants/checkout.ts Added .trim() to password and confirmPassword field validations to remove leading/trailing whitespace
src/components/FormFields/tests/RegisterAccountFields.test.tsx Added comprehensive test suite for password whitespace handling, including edge cases for trimming, internal spaces, and validation after trimming

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

src/constants/checkout.ts
Comment on lines +84 to 89
password: z.string().trim()
.min(2, 'This password is too short. It must contain at least 2 characters.')
.max(75, 'This password is too long. It must contain no more than 75 characters.'),
confirmPassword: z.string()
confirmPassword: z.string().trim()
.min(8, 'Please confirm your password')
.max(75, 'This password is too long. It must contain no more than 75 characters.'),
Copy link

Copilot AI Nov 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Trimming password fields is a security anti-pattern. While trimming leading/trailing whitespace makes sense for usernames and emails, passwords should preserve all characters including leading and trailing spaces, as users may intentionally include them for security.

Instead of trimming the password fields, consider:

  1. Validating that passwords don't contain only whitespace
  2. Warning users about leading/trailing spaces in the UI
  3. Allowing the passwords to be stored as-is to preserve user intent

This change could lock out users who intentionally included spaces in their passwords.

Copilot uses AI. Check for mistakes.
src/constants/checkout.ts
.max(75, 'This password is too long. It must contain no more than 75 characters.'),
confirmPassword: z.string()
confirmPassword: z.string().trim()
.min(8, 'Please confirm your password')
Copy link

Copilot AI Nov 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The minimum length validation for confirmPassword is inconsistent with the password field. The password field requires a minimum of 2 characters, but confirmPassword requires a minimum of 8 characters. These should be the same value.

Change line 88 to:

.min(2, 'Please confirm your password')

This inconsistency would cause validation errors when users enter matching passwords between 2-7 characters.

Suggested change
.min(8, 'Please confirm your password')
.min(2, 'Please confirm your password')

Copilot uses AI. Check for mistakes.
zamanafzal
zamanafzal approved these changes Nov 12, 2025
View reviewed changes
Copy link

@zamanafzal zamanafzal left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good. Did you check the suggestion of Copilot?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

+1 more reviewer

@zamanafzal zamanafzal zamanafzal approved these changes

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jajjibhai008 @zamanafzal