Help Needed with Zod Schema for Password Confirmation Validation

[MonaAghili]

Hello everyone,

I'm working on a form validation using the Zod library in JavaScript and I've run into an issue with validating that the password_confirmation field matches the password field. Here’s how I defined
my schema:

export const CreateOperatorSchema = BaseOperatorDataSchema.extend({
  password: z
    .string({
      required_error: 'Required',
    })
    .min(8, { message: 'min 8' }),
  password_confirmation: z
    .string({
      required_error: 'Required',
    })
    .min(8, { message: 'min 8' }),
}).refine(
  (values) => {
    return values.password === values.password_confirmation;
  },
  {
    message: 'Don't match',
    path: ['password_confirmation'],
  }
);

[colinhacks]

What's the problem exactly?

[wsambian]

Hello there,

This is how I got mine to work.

First, you need to create a password schema. I added additional validation rules:

const passwordSchema = z
  .string()
  .min(8, { message: minLengthErrorMessage })
  .max(20, { message: maxLengthErrorMessage })
  .refine((password) => /[A-Z]/.test(password), {
    message: uppercaseErrorMessage,
  })
  .refine((password) => /[a-z]/.test(password), {
    message: lowercaseErrorMessage,
  })
  .refine((password) => /[0-9]/.test(password), { message: numberErrorMessage })
  .refine((password) => /[!@#$%^&*]/.test(password), {
    message: specialCharacterErrorMessage,
  });

Then you can proceed to create the additional schema to handle password confirmation:

export const updatePasswordSchema = z
  .object({
    currentPassword: z.string(),
    password: passwordSchema,
    confirmPassword: z.string(),
  })
  .refine((data) => data.password === data.confirmPassword, {
    message: passwordMismatchErrorMessage,
    path: ['confirmPassword'],
  });

I hope the above helps.

[drewkiimon]

Absolutely phenomenal. Thank you!

[arman94]

[viniciusofp]

DON'T CLICK THE LINK IN THIS COMMENT!

It's a scam that must be removed.

[nouralddin-abdullah]

Hello everyone,

I'm working on a form validation using the Zod library in JavaScript and I've run into an issue with validating that the password_confirmation field matches the password field. Here’s how I defined my schema:

export const CreateOperatorSchema = BaseOperatorDataSchema.extend({
  password: z
    .string({
      required_error: 'Required',
    })
    .min(8, { message: 'min 8' }),
  password_confirmation: z
    .string({
      required_error: 'Required',
    })
    .min(8, { message: 'min 8' }),
}).refine(
  (values) => {
    return values.password === values.password_confirmation;
  },
  {
    message: 'Don't match',
    path: ['password_confirmation'],
  }
);

since @wsambian already provided an answer, i will try say my suggestion about sending confirm password in the body and validate it on backend, honestly i find this approach is not needed because it's not in the business logic in the backend, it just about encrypt the password and save it why would i transfer/ add field and do validation on it then just threw it into the trash 5ms after?

i think this should be frontend responsibility to make a signup form that can actually validate the password, even in api consuming if I use curl or Postman to hit your API, I am a developer I know what I am doing. I don't need you to force me to type the password twice in my JSON body.

we just need to enforce the business logic about the password, like having a symbol and max, min characters and so on, that's my opinion about it.