Create a password strength policy #24
Description
The current registration form basically allows the password to be anything other than blank. Nowadays it's common to set password complexity rules for user security. An example of this for Spring Security can be seen in this article: https://www.geeksforgeeks.org/advance-java/spring-security-set-password-strength-and-rules/
We don't need to do anything special with the password, just some basic complexity rules around:
- Password length
- Inclusion of special characters
- Inclusion of numbers/capitals
Of these, length is most important.
Expected outcome is that if a user attempts to register an account on the server with a weak password, the form will be returned with a meaningful error message that conveys the password rules.
Client-side validation would also be helpful. I'll see if there's a way to do this with a minimal amount of JavaScript.