password validation using in bash script seems to confuse me in working

Question

I have created simple script which validate password for below criteria

1. password length must equal or greater then 8.

2. password optionally contain a-z,A-z,0-9 means user set password by only char,only digit or mix up char and digit.

3. Also user can mix this char like #,$,+,* in password.

So below password should match

ptr*1$#+22A
111111111BB
password123

but it reject if user pass character which out of criteria means below password should reject.

 ptr*1$#+22A: //because ":" at the end of string which not in criteria 

My scripts is as follows

#! /bin/bash

password="ptr*1$#+22A"

if [[ ${#password} -ge 8 && "$password" || *[A-Z]* || "$password" || *[a-z]* || "$password" || *[0-9]* && "$password" || *[*$#+]* ]]
then
    echo "pass"
else
    echo "fail"
fi

It's working for matching password but it also pass then password ptr*1$#+22A: which it must reject.

the problem in script is condition will true if after && any one statement true. I have tried this script by && in place of || but it demands password must contain at least one char which fit in criteria and this is not my requirement.

So any one have idea how to validate my password so it match if it fit in my criteria?

Answer 1

The logic can be rolled into a single regular expression that permits only those characters you wish to permit, and that requires a minimum of eight characters (I assume you probably need to limit the length to whatever can be stored in the database field, but you didn't specify that)

Your pattern should look like this:

^[A-Za-z0-9#$+*]{8,}$

This creates a character class consisting of the legal characters, and quantifies how many such characters are needed; a minimum of eight. It anchors to the start and the end of the string, so that the string must contain only those characters, from start to finish.

If you need to set a maximum length also, that can be placed after the comma, in the quantifier.