feature: implement strong password policy for signup and reset-password

[PranavObliterates]

🔒 Fixes #90

Summary

This PR implements a comprehensive strong password policy for user authentication to enhance account security across the Edulume platform.

Changes Made

New Files

• server/utils/passwordValidator.js: Created a new utility module for password validation with comprehensive security checks

Modified Files

• server/routes/auth.js:
  • Added import for password validation utilities
  • Updated /signup route to use strong password validation
  • Updated /reset-password route to use strong password validation

Password Policy Requirements

The new password policy enforces the following requirements:

✅ Minimum 8 characters long
✅ At least one uppercase letter (A-Z)
✅ At least one lowercase letter (a-z)
✅ At least one number (0-9)
✅ At least one special character (!@#$%^&*...)
✅ Not a common/weak password (e.g., 'password', '123456')
✅ No sequential characters (e.g., 'abc', '123')
✅ No repeated characters (e.g., 'aaa', '111')

Validation Examples

❌ Passwords that will be REJECTED:

• password → Too common
• Pass123 → No special character, too short
• Password1 → No special character
• Password123! → Contains sequential characters
• Passss123! → Contains repeated characters
• 123456 → Too common, no letters
• Abc123! → Too short (only 7 characters)

✅ Passwords that will be ACCEPTED:

• MyP@ssw0rd!
• Secure#Pass123
• C0mpl3x!Pass
• Str0ng&Secur3

Implementation Details

Backend Validation

• Password validation occurs on the server side in both /signup and /reset-password endpoints
• Clear, detailed error messages are returned to users
  

[PranavObliterates]

@Community-Programmer please review and merge.
Thanks for this opportunity to contribute to this wonderful repo!
If any changes you need then let me know

[Community-Programmer]

Use Zod + zxcvbn (if needed) and remove the custom validator.
Please verify the policy is fully aligned with frontend validation and reuse the same schema to keep messages consistent. Consider this together with PR #85 and specifically check that it reflects the intent of #85

[PranavObliterates]

@Community-Programmer please review and let me know

✅ Updated based on review feedback

Changes made:

• ✅ Replaced custom validator with Zod schema validation
• ✅ Aligned password validation with PR Added password security (visibility toggle, strength meter, generator) #85 frontend PasswordInput component
• ✅ Ensured frontend and backend use the same validation criteria:
  • Minimum 8 characters
  • At least one uppercase letter
  • At least one lowercase letter
  • At least one number
  • At least one special character
• ✅ Reusable schema structure for future validation needs
• ✅ Consistent error messages between frontend and backend

The password policy now matches the strength meter from PR #85 exactly. 🎯