strong password

AceJobAgency/Controllers/UserController.cs

@@ -1,8 +1,10 @@
 using System.IdentityModel.Tokens.Jwt;
 using System.Security.Claims;
 using System.Text;
+using System.Text.RegularExpressions;
 using AceJobAgency.Data;
 using AceJobAgency.Entities;
+using AceJobAgency.Utilities;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.IdentityModel.Tokens;
@@ -25,8 +27,13 @@ namespace AceJobAgency.Controllers
         [HttpPost("register")]
         public async Task<IActionResult> Register(User user)
         {
-            bool emailExists = _context.Users.Any(u => u.Email == user.Email);
+            if (!AccountManagement.IsPasswordComplex(user.Password))
-            bool nricExists = _context.Users.Any(u =>
+            {
+                return BadRequest("Password must be at least 12 characters long and include uppercase, lowercase, number, and special character.");
+            }
+            
+            var emailExists = _context.Users.Any(u => u.Email == user.Email);
+            var nricExists = _context.Users.Any(u =>
                 u.NationalRegistrationIdentityCardNumber == user.NationalRegistrationIdentityCardNumber);
             if (emailExists || nricExists)
             {

AceJobAgency/Utilities/AcountManagement.cs

@@ -0,0 +1,20 @@
+using System.Text.RegularExpressions;
+
+namespace AceJobAgency.Utilities;
+
+public class AccountManagement
+{
+    public static bool IsPasswordComplex(string password)
+    {
+        if (string.IsNullOrEmpty(password) || password.Length < 12)
+            return false;
+
+        // Require at least one uppercase, one lowercase, one digit, and one special character
+        bool hasUpperCase = Regex.IsMatch(password, @"[A-Z]");
+        bool hasLowerCase = Regex.IsMatch(password, @"[a-z]");
+        bool hasDigit = Regex.IsMatch(password, @"\d");
+        bool hasSpecialChar = Regex.IsMatch(password, @"[^a-zA-Z0-9]");
+
+        return hasUpperCase && hasLowerCase && hasDigit && hasSpecialChar;
+    }
+}