Implement password policy checklist with live validation

[AvaneeshKesavan]

• Closes : Password Policy Checklist Implementation #66

Rationale for this change

This PR implements a Password Policy Checklist on the signup page. The checklist visually shows users whether their password meets the following requirements:

• At least 8 characters
• Contains an uppercase letter
• Contains a lowercase letter
• Contains a number
• Contains a special character

The "Sign Up" button remains disabled until all requirements are met, improving UX by giving immediate feedback on password strength.

Changes made

• Added password validation state and regex checks for all password rules.
• Added a live checklist under the password input showing which rules are satisfied.
• Updated the signup form to disable submission until all rules are met.
• Minor UI improvements for better accessibility and dark mode support.

[vercel]

@AvaneeshKesavan is attempting to deploy a commit to the mihir2006's projects Team on Vercel.

A member of the Team first needs to authorize it.

[github-actions]

Thanks for creating this PR

We'll review it as soon as possible.
In the meantime, please double-check the file changes and ensure that all commits are accurate.

If there are any unresolved review comments, feel free to resolve them.

[gemini-code-assist]

Summary of Changes

Hello @AvaneeshKesavan, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly enhances the user signup experience by integrating a live password policy checklist. Users now receive instant visual feedback as they type their password, ensuring it meets criteria such as minimum length, inclusion of uppercase, lowercase, numbers, and special characters. The 'Sign Up' button is intelligently disabled until all these conditions are satisfied, streamlining the process and promoting stronger password creation.

Highlights

• Password Policy Checklist: A visual checklist is now displayed on the signup page, outlining required password criteria for users.
• Live Validation: Password rules are validated in real-time as the user types, providing immediate feedback on compliance with requirements.
• Signup Button Control: The 'Sign Up' button remains disabled until all password policy requirements (length, uppercase, lowercase, number, special character) are met.
• Enhanced User Experience: The signup process is improved by guiding users to create strong, compliant passwords with instant feedback.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request successfully implements a password policy checklist on the signup page, which greatly improves user experience by providing live feedback. My review includes suggestions to refactor the new client-side logic for better maintainability and performance. However, there is a critical security issue: the password policy is only enforced on the client side. It is essential to add the same validation logic to the backend API (/api/auth/signup/route.ts) to prevent users from bypassing the checks and creating accounts with weak passwords.

[gemini-code-assist]

The regular expressions for password validation are being re-created inside the useEffect hook on every password change. For better performance and code clarity, you should define them as constants outside the component. This avoids unnecessary re-creation and makes the validation logic easier to read and maintain.

For example, you could define them at the top of the file:

const UPPERCASE_REGEX = /[A-Z]/;
const LOWERCASE_REGEX = /[a-z]/;
const NUMBER_REGEX = /[0-9]/;
const SPECIAL_CHAR_REGEX = /[!@#$%^&*(),.?\":{}|<>]/;

And then use them in your useEffect:

useEffect(() => {
  setPasswordRules({
    minLength: password.length >= 8,
    uppercase: UPPERCASE_REGEX.test(password),
    lowercase: LOWERCASE_REGEX.test(password),
    number: NUMBER_REGEX.test(password),
    specialChar: SPECIAL_CHAR_REGEX.test(password),
  });
}, [password]);

[gemini-code-assist]

The JSX for the password policy checklist is very repetitive. You can make this code more maintainable and less error-prone by defining the rules in an array and then mapping over it to render the list items. This is a common pattern in React for rendering lists of similar items.

For even better performance, you could define the array of rules outside of the component function so it's not recreated on every render.

          <ul className="text-sm space-y-1">
            {[
              { key: "minLength", text: "At least 8 characters" },
              { key: "uppercase", text: "Contains uppercase letter" },
              { key: "lowercase", text: "Contains lowercase letter" },
              { key: "number", text: "Contains number" },
              { key: "specialChar", text: "Contains special character" },
            ].map((rule) => (
              <li
                key={rule.key}
                className={
                  passwordRules[rule.key as keyof typeof passwordRules]
                    ? "text-green-600"
                    : "text-red-600"
                }
              >
                {rule.text}
              </li>
            ))}
          </ul>

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
stock-vision	Ready	Preview	Comment	Sep 20, 2025 8:29am