add the auth security password strength meter and validation to signup form

[krishnnag998-del]

description

add the auth security password strength meter and validation to signup form
add the password strengh.ts
User types a password >>analysePassword("Passw0rd!")
↓
┌──────────────────────────────┐
│ hasMinLength → ✓ (1pt) │
│ hasUppercase → ✓ (1pt) │
│ hasLowercase → ✓ (1pt) │
│ hasDigit → ✓ (1pt) │
│ hasSpecialChar → ✓ (1pt) │
└──────────────────────────────┘
↓
score = 5 → classifyStrength() → "Strong"

Scoring table:

Score	Strength	Colour
0–2	Weak	🔴 Red — blocks form submission
3–4	Medium	🟡 Amber — allowed
5	Strong	🟢 Emerald — allowed

enhance the signup.tsx , The original form had just a plain password . Here's what was added on top of it, without breaking anything:
-- Segmented Strength Bar
-- Live Requirements Checklist
-- Dynamic Border Colour
-- Weak Password Alert (on Submit)
-- Submit Button Feedback
-- Accessibility
closes #92

Summary by CodeRabbit

• New Features
  • Enhanced sign-up form with real-time password strength meter, animated requirements checklist, and weak-password alert after submission attempts
  • Added show/hide password toggle and stronger client-side password validation with improved accessibility and guidance
• Tests
  • Added comprehensive automated tests for password strength scoring, classification, requirement checks, and acceptance logic
• Chores
  • Updated test tooling to support Vitest runs and coverage reporting

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: 0fd6da11-6ef5-4d64-a0ce-4b82b4181a2f

📥 Commits

Reviewing files that changed from the base of the PR and between 15a9f0a and 3a33233.

📒 Files selected for processing (2)

• src/Firebase/passwordStrength.ts
• vite.config.ts

🚧 Files skipped from review as they are similar to previous changes (1)

• src/Firebase/passwordStrength.ts

---

📝 Walkthrough

Walkthrough

Introduces src/Firebase/passwordStrength.ts, a new utility module with types, five requirement checkers, scoring, classification, and Tailwind color maps. SignUp.tsx is extended with StrengthMeter, RequirementsChecklist, and WeakPasswordAlert components and a submission guard that blocks weak passwords. Vitest is configured in vite.config.ts and package.json, and passwordStrength.test.ts adds 553 lines of unit tests.

Changes

Password Strength Feature

Layer / File(s)	Summary
Password strength types, checkers, and scoring src/Firebase/passwordStrength.ts	Exports PasswordRequirement, PasswordScore, PasswordStrength, PasswordAnalysis types; five boolean checkers (hasMinLength, hasUppercase, hasLowercase, hasDigit, hasSpecialChar); calculatePasswordScore, classifyStrength, analysePassword, isPasswordAcceptable functions; and STRENGTH_COLORS/METER_BAR_COLORS Tailwind class maps.
SignUp form: new UI components and submission guard src/Firebase/SignUp.tsx	Adds StrengthMeter, RequirementsChecklist, and WeakPasswordAlert presentational components; enhances SignUp with showPassword, weakAttempt, passwordFocused state; blocks Firebase submission via isPasswordAcceptable guard; wires ARIA attributes and conditional rendering for the new components.
Vitest test infrastructure setup vite.config.ts, package.json	Changes vite.config.ts import to vitest/config and adds test block with jsdom, globals, v8 coverage, include/exclude patterns; adds test, test:watch, test:coverage scripts and @testing-library/*, jsdom, vitest, @vitest/coverage-v8 devDependencies to package.json.
Password strength utility test suite src/Firebase/passwordStrength.test.ts	553-line Vitest suite covering all five checkers (boundary/edge cases), calculatePasswordScore, classifyStrength, analysePassword (shape, determinism, unicode), isPasswordAcceptable (guard/consistency), color maps, edge cases (whitespace, digit-only), and form-submission guard alignment.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Possibly related PRs

• hrx01-dev/Servio#51: Introduced the Firebase-backed SignUp.tsx component that this PR extends with password-strength analysis and the weak-password submission guard.

Suggested reviewers

• hrx01-dev

Poem

🐇 A rabbit typed fast, then stopped with a pause,
"My password's weak!" — the meter gave cause.
Red bars turned green as each rule was met,
Uppercase, symbols — no weak hash yet!
Now Vitest stands guard with 553 checks,
Strong passwords only — no security wrecks! 🔐

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 78.57% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title directly addresses the main change: adding a password strength meter and validation to the signup form, which is the core purpose of this PR.
Linked Issues check	✅ Passed	The PR implements all required password strength features: 5 criteria evaluation, 3 strength levels, strength meter with color coding, requirements checklist, form submission blocking for weak passwords, and comprehensive unit tests.
Out of Scope Changes check	✅ Passed	All changes align with the PR objectives. Testing infrastructure additions (Vitest, jsdom, Testing Library) directly support the requirement for unit tests on password strength logic.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (2)

src/Firebase/SignUp.tsx (2)

30-35: 💤 Low value

Consider using PasswordScore type for the score prop.

For consistency with the passwordStrength module and to enforce the valid 0–5 range at compile time, use the exported PasswordScore type instead of number.

♻️ Proposed change

+import {
+  analysePassword,
+  isPasswordAcceptable,
+  STRENGTH_COLORS,
+  METER_BAR_COLORS,
+  type PasswordStrength,
+  type PasswordScore,
+} from './passwordStrength';
+
 interface StrengthMeterProps {
   password: string;
   strength: PasswordStrength;
-  score: number;
+  score: PasswordScore;
   visible: boolean;
 }

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/Firebase/SignUp.tsx` around lines 30 - 35, The StrengthMeterProps
interface defines the score prop with type number, which lacks type safety for
the valid password strength range. Replace the number type with the
PasswordScore type for the score prop in the StrengthMeterProps interface to
enforce the 0-5 range at compile time and maintain consistency with the
passwordStrength module.

---

101-107: ⚡ Quick win

Avoid redundant analysePassword call by passing requirements as a prop.

The parent SignUp component already calls analysePassword(password) at line 226. Calling it again here duplicates computation on every keystroke. Pass the requirements array as a prop instead.

♻️ Proposed change

Update the props interface:

 interface RequirementsChecklistProps {
   password: string;
   visible: boolean;
+  requirements: PasswordRequirement[];
 }

-function RequirementsChecklist({ password, visible }: RequirementsChecklistProps) {
-  const { requirements } = analysePassword(password);
+function RequirementsChecklist({ password, visible, requirements }: RequirementsChecklistProps) {

Then in SignUp, pass the already-computed requirements:

<RequirementsChecklist
  password={password}
  visible={showStrengthUI}
  requirements={requirements}
/>

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/Firebase/SignUp.tsx` around lines 101 - 107, The RequirementsChecklist
component duplicates password analysis computation by calling analysePassword on
every render, when the parent SignUp component already computes this at line
226. Add a requirements property to the RequirementsChecklistProps interface,
remove the analysePassword call from inside the RequirementsChecklist function
body, and instead use the requirements value passed as a prop. Finally, update
the SignUp component where RequirementsChecklist is instantiated to pass the
already-computed requirements as a prop along with password and visible.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/Firebase/passwordStrength.test.ts`:
- Around line 175-177: The test case description "returns 1 when only min-length
criterion is met" is inaccurate because the assertion expects a score of 2,
which corresponds to both minimum length and lowercase criteria being satisfied
for the input 'abcdefgh'. Update the test description in the it() function to
accurately reflect that both minimum length and lowercase criteria are being
validated, not just the minimum length criterion alone.

In `@src/Firebase/passwordStrength.ts`:
- Around line 56-58: The regex pattern in the hasSpecialChar function contains
unnecessary escape characters that trigger ESLint warnings. Remove the backslash
before the square bracket in \[ and before the forward slash in \/ since these
characters do not require escaping when used inside a character class. Update
the regex pattern to remove these unnecessary escape sequences while maintaining
the same validation logic for special characters.

---

Nitpick comments:
In `@src/Firebase/SignUp.tsx`:
- Around line 30-35: The StrengthMeterProps interface defines the score prop
with type number, which lacks type safety for the valid password strength range.
Replace the number type with the PasswordScore type for the score prop in the
StrengthMeterProps interface to enforce the 0-5 range at compile time and
maintain consistency with the passwordStrength module.
- Around line 101-107: The RequirementsChecklist component duplicates password
analysis computation by calling analysePassword on every render, when the parent
SignUp component already computes this at line 226. Add a requirements property
to the RequirementsChecklistProps interface, remove the analysePassword call
from inside the RequirementsChecklist function body, and instead use the
requirements value passed as a prop. Finally, update the SignUp component where
RequirementsChecklist is instantiated to pass the already-computed requirements
as a prop along with password and visible.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: f3b3383c-5610-426f-8cb7-79fc45fc465d

📥 Commits

Reviewing files that changed from the base of the PR and between da9f0d0 and 15a9f0a.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (5)

• package.json
• src/Firebase/SignUp.tsx
• src/Firebase/passwordStrength.test.ts
• src/Firebase/passwordStrength.ts
• vite.config.ts

[coderabbitai]

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Test case description contradicts the asserted behavior.

At Line 175, the description says “only min-length criterion is met,” but Line 176 correctly expects 2 for 'abcdefgh' (minLength + lowercase). Please rename the test to match the behavior.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/Firebase/passwordStrength.test.ts` around lines 175 - 177, The test case
description "returns 1 when only min-length criterion is met" is inaccurate
because the assertion expects a score of 2, which corresponds to both minimum
length and lowercase criteria being satisfied for the input 'abcdefgh'. Update
the test description in the it() function to accurately reflect that both
minimum length and lowercase criteria are being validated, not just the minimum
length criterion alone.