CRITICAL FIX: Simplify password validation for existing passwords

- Mopar.com password requirements vary and have changed over time
- Existing working passwords may not meet current new password requirements
- Simplified validation to only check: length >= 8, length <= 20
- Removed strict requirements: uppercase, lowercase, number, special char, no repeats, no sequential
- User's working password was being rejected on startup
- All 25 config validator tests passing

Author: frankea

src/config-validator.js

@@ -19,45 +19,21 @@ class ConfigValidator {
       errors.push('Email format is invalid (must be a valid email address)');
     }
 
-    // Password validation (based on Mopar.com requirements)
+    // Password validation - only basic checks
+    // Mopar.com requirements vary and existing passwords should work
     if (!config.password) {
       errors.push('Password is required');
     } else {
       const password = config.password;
-
-      // Length: 8-16 characters
-      if (password.length < 8 || password.length > 16) {
-        errors.push('Password must be 8-16 characters (Mopar requirement)');
-      }
-
-      // Must have uppercase
-      if (!/[A-Z]/.test(password)) {
-        errors.push('Password must contain at least 1 uppercase letter (A-Z)');
-      }
-
-      // Must have lowercase
-      if (!/[a-z]/.test(password)) {
-        errors.push('Password must contain at least 1 lowercase letter (a-z)');
-      }
-
-      // Must have number
-      if (!/[0-9]/.test(password)) {
-        errors.push('Password must contain at least 1 number (0-9)');
-      }
-
-      // Must have special character from allowed set
-      if (!/[@$!%*?&_-]/.test(password)) {
-        errors.push('Password must contain at least 1 special character (@$!%*?&_-)');
-      }
-
-      // No character repeated more than twice
-      if (/(.)\1{2,}/.test(password)) {
-        errors.push('Password cannot have any character repeated more than twice (e.g. aaa, 111)');
+      
+      // Only validate minimum length - existing passwords may not meet current Mopar requirements
+      if (password.length < 8) {
+        errors.push('Password must be at least 8 characters');
       }
-
-      // No more than two sequential characters
-      if (this.hasSequentialCharacters(password)) {
-        errors.push('Password cannot have more than two sequential characters (e.g. ABC, xyz, 123)');
+      
+      // Warn if password seems too long (Mopar used to have 16 char limit)
+      if (password.length > 20) {
+        errors.push('Password seems unusually long (may not work with Mopar.com)');
       }
     }
 
@@ -89,30 +65,6 @@ class ConfigValidator {
     return /^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(email);
   }
 
-  /**
-   * Check if password has more than two sequential characters
-   * Sequential means: ABC, xyz, 123, etc. (or reverse: CBA, zyx, 321)
-   * @param {string} password - Password to check
-   * @returns {boolean} True if has sequential characters
-   */
-  static hasSequentialCharacters(password) {
-    for (let i = 0; i < password.length - 2; i++) {
-      const char1 = password.charCodeAt(i);
-      const char2 = password.charCodeAt(i + 1);
-      const char3 = password.charCodeAt(i + 2);
-
-      // Check if three consecutive characters are sequential
-      // e.g., ABC (65,66,67), xyz (120,121,122), 123 (49,50,51)
-      if (char2 === char1 + 1 && char3 === char2 + 1) {
-        return true; // Found sequential ascending (ABC, xyz, 123)
-      }
-      if (char2 === char1 - 1 && char3 === char2 - 1) {
-        return true; // Found sequential descending (CBA, zyx, 321)
-      }
-    }
-    return false;
-  }
-
   /**
    * Log validation errors in a user-friendly format
    * @param {string[]} errors - Array of error messages

src/config-validator.test.js

@@ -98,106 +98,46 @@ describe('ConfigValidator', () => {
       const result = ConfigValidator.validate(config);
 
       expect(result.valid).toBe(false);
-      expect(result.errors).toContain('Password must be 8-16 characters (Mopar requirement)');
+      expect(result.errors).toContain('Password must be at least 8 characters');
     });
 
-    test('should fail when password is too long', () => {
+    test('should fail when password is extremely long', () => {
       const config = {
         email: 'test@example.com',
-        password: 'ThisPasswordIsTooLong17!',
+        password: 'ThisPasswordIsWayTooLongForAnything1234567890',
       };
 
       const result = ConfigValidator.validate(config);
 
       expect(result.valid).toBe(false);
-      expect(result.errors).toContain('Password must be 8-16 characters (Mopar requirement)');
+      expect(result.errors).toContain('Password seems unusually long (may not work with Mopar.com)');
     });
 
-    test('should fail when password missing uppercase', () => {
+    test('should pass with 8-character password', () => {
       const config = {
         email: 'test@example.com',
-        password: 'password1!',
+        password: 'password',
       };
 
       const result = ConfigValidator.validate(config);
 
-      expect(result.valid).toBe(false);
-      expect(result.errors).toContain('Password must contain at least 1 uppercase letter (A-Z)');
-    });
-
-    test('should fail when password missing lowercase', () => {
-      const config = {
-        email: 'test@example.com',
-        password: 'PASSWORD1!',
-      };
-
-      const result = ConfigValidator.validate(config);
-
-      expect(result.valid).toBe(false);
-      expect(result.errors).toContain('Password must contain at least 1 lowercase letter (a-z)');
-    });
-
-    test('should fail when password missing number', () => {
-      const config = {
-        email: 'test@example.com',
-        password: 'Password!',
-      };
-
-      const result = ConfigValidator.validate(config);
-
-      expect(result.valid).toBe(false);
-      expect(result.errors).toContain('Password must contain at least 1 number (0-9)');
-    });
-
-    test('should fail when password missing special character', () => {
-      const config = {
-        email: 'test@example.com',
-        password: 'Password1',
-      };
-
-      const result = ConfigValidator.validate(config);
-
-      expect(result.valid).toBe(false);
-      expect(result.errors).toContain('Password must contain at least 1 special character (@$!%*?&_-)');
-    });
-
-    test('should fail when password has character repeated 3 times', () => {
-      const config = {
-        email: 'test@example.com',
-        password: 'Passsword1!',
-      };
-
-      const result = ConfigValidator.validate(config);
-
-      expect(result.valid).toBe(false);
-      expect(result.errors).toContain('Password cannot have any character repeated more than twice (e.g. aaa, 111)');
-    });
-
-    test('should fail when password has sequential ascending characters', () => {
-      const config = {
-        email: 'test@example.com',
-        password: 'XYZword5!',
-      };
-
-      const result = ConfigValidator.validate(config);
-
-      expect(result.valid).toBe(false);
-      expect(result.errors).toContain('Password cannot have more than two sequential characters (e.g. ABC, xyz, 123)');
+      expect(result.valid).toBe(true);
+      expect(result.errors).toEqual([]);
     });
 
-    test('should fail when password has sequential numbers', () => {
+    test('should pass with password without special characters', () => {
       const config = {
         email: 'test@example.com',
-        password: 'Password123!',
+        password: 'MyPassword15',
       };
 
       const result = ConfigValidator.validate(config);
 
-      expect(result.valid).toBe(false);
-      expect(result.errors).toContain('Password cannot have more than two sequential characters (e.g. ABC, xyz, 123)');
+      expect(result.valid).toBe(true);
+      expect(result.errors).toEqual([]);
     });
 
-    test('should pass with valid Mopar-compliant password', () => {
+    test('should pass with password containing special characters', () => {
       const config = {
         email: 'test@example.com',
         password: 'MyPass42!',
@@ -209,16 +149,20 @@ describe('ConfigValidator', () => {
       expect(result.errors).toEqual([]);
     });
 
-    test('should pass with another valid password', () => {
-      const config = {
-        email: 'test@example.com',
-        password: 'Secure$2024',
-      };
-
-      const result = ConfigValidator.validate(config);
-
-      expect(result.valid).toBe(true);
-      expect(result.errors).toEqual([]);
+    test('should pass with various valid passwords', () => {
+      const validPasswords = [
+        'password123',      // no special char, no uppercase
+        'PASSWORD123',      // no special char, no lowercase
+        'Password',         // no number, no special char
+        'MyPass42!',        // all requirements (if they existed)
+        'Secure$2024',      // all requirements
+      ];
+
+      validPasswords.forEach((password) => {
+        const config = { email: 'test@example.com', password };
+        const result = ConfigValidator.validate(config);
+        expect(result.valid).toBe(true);
+      });
     });
 
     test('should fail when PIN is not 4 digits', () => {
@@ -320,16 +264,10 @@ describe('ConfigValidator', () => {
       const result = ConfigValidator.validate(config);
 
       expect(result.valid).toBe(false);
-      // Password "short" will fail multiple requirements:
-      // 1. Email invalid
-      // 2. Length (< 8)
-      // 3. No uppercase
-      // 4. No number
-      // 5. No special char
-      // 6. PIN invalid
-      // 7. Debug not boolean
-      expect(result.errors.length).toBeGreaterThanOrEqual(7);
+      // Should have at least 4 errors: email, password, PIN, debug
+      expect(result.errors.length).toBe(4);
       expect(result.errors).toContain('Email format is invalid (must be a valid email address)');
+      expect(result.errors).toContain('Password must be at least 8 characters');
       expect(result.errors).toContain('PIN must be exactly 4 digits (e.g. "1234")');
       expect(result.errors).toContain('Debug mode must be true or false');
     });