fix(signup): align frontend password validation with backend Zod schema

[anshul23102]

Summary

Fixes #415

The password regex in Signup.tsx was weaker than the Zod schema in backend/validators/authValidator.js, creating a class of passwords that cleared the frontend check but were rejected by the server with a generic error and no inline guidance.

Mismatch table (before this fix)

Password	Frontend	Backend
password1	Valid	Rejected (no uppercase, no special char)
Password1	Valid	Rejected (no special char)
Password1#	Valid (# allowed by old frontend regex)	Rejected (# not in backend allowlist)
Password1!	Valid	Valid

Changes in src/pages/Signup/Signup.tsx

1. Extracted PASSWORD_REGEX constant placed at module level so there is a single source of truth rather than the same regex copy-pasted in two places:

const PASSWORD_REGEX = /^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*?&])[A-Za-z\d@$!%*?&]{8,}$/;

This is an exact copy of the Zod .regex(...) in authValidator.js, with {8,} appended to the character class to also enforce the .min(8) constraint inline.

2. Replaced both usages of the old regex in handleChange and handleSubmit with PASSWORD_REGEX.

3. Updated the error message from the vague "Password must be 8+ characters with letters and numbers" to a descriptive "Password must be at least 8 characters and include uppercase, lowercase, a number, and a special character (@$!%*?&)" so users know exactly what is required without trial and error.

No backend changes: authValidator.js is already correct and serves as the reference.

Test plan

• Enter password1 in the password field: inline error appears immediately
• Enter Password1 in the password field: inline error appears (no special char)
• Enter Password1# in the password field: inline error appears (# not allowed)
• Enter Password1! in the password field: no error shown, submit succeeds
• Submit with each of the above: confirm the frontend blocks submission before the network request is made for the invalid cases
• Confirm the error message text lists all four requirements clearly

[netlify]

❌ Deploy Preview for github-spy failed.

Name	Link
🔨 Latest commit	cb066b4
🔍 Latest deploy log	https://app.netlify.com/projects/github-spy/deploys/6a15e2aa77effd000851ba1b

[coderabbitai]

Warning

Review limit reached

@mehul-m-prajapati, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 53 minutes and 50 seconds. Learn how PR review limits work.

Your organization has run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: b4366c9f-7c72-422f-9009-16d4ea03aa18

📥 Commits

Reviewing files that changed from the base of the PR and between ce49e22 and cb066b4.

📒 Files selected for processing (1)

• src/pages/Signup/Signup.tsx

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[anshul23102]

Hi @GitMetricsLab team, following up on this PR. The frontend password regex was accepting passwords that the backend Zod schema would then reject, leaving users with a confusing server-side error and no inline guidance on what went wrong. The fix extracts a PASSWORD_REGEX constant that mirrors the backend rule exactly and updates the error message to spell out all four requirements clearly. No backend changes needed since authValidator.js was already correct. Let me know if you have any questions.

[github-actions]

🎉🎉 Thank you for your contribution! Your PR #465 has been merged! 🎉🎉