regex - Validating an obfuscation token

问题描述

I am building a secured algorithm to get rid of obfuscation attacks. The user is validated with the token which should satisfy following condition:

1. username in lowercase letters only and username is at least 5 digit long.
2. username is followed with #.
3. After # first two characters are important. A digit and a character always. This part contains at least a digit, a lowercase and an upperCase Letter.
4. In between there could be any number of digits or letters only.
5. In the last the digit and character should exactly match point-3's digit and character.
6. It should end with #.
7. The characters in the middle of two # should be at least 5 characters long.
8. The complete token consists only of two #, lowercase and uppercase letters and digits. And

I don't know about regular expression but my guide told me this task is easily achieved at validation time by regular expressions. After I looked for long on the internet and found some links which are similar and tried to combine them and got this:

^[a-z]{5,}#[a-zA-Z0-9]{2}[A-Z][0-9A-Za-z]*[a-zA-Z0-9]{2}#$

But this only matches 1 test case. I don't know how I can achieve the middle part of two hashes. I tried to explain my problem as per my english. Please help.

Below test cases should pass

userabcd#4a39A234a#

randomuser#4A39a234A#

abcduser#2Aa39232A#

abcdxyz#1q39A231q#

randzzs#1aB1a#

Below test cases should fail:

randuser#1aaa1a#

randuser#1112#

randuser#a1a1##

randuser#1aa#

u#4a39a234a#

userstre#1qqeqe123231q$

user#1239a23$a#

useabcd#4a39a234a#12

标签： regexlanguage-agnosticpenetration-testingwebsecurity