feat: add password validation

[KaWaite]

Overview

The passwordModal for changing your password merely disables the submit button unless new password and confirmation password match. This adds validation and feedback to make sure users are using secure passwords.

What I've done

• Small update to TextBox to allow for feedback messages
• Added several regex checks for validation (based on Auth0 setup) as a password policy (setup to not need much changed if begin receiving unique policy from backend (aka after auth is opened to other options other than Auth0))
  • Note: passwordPolicy is setup the way it is so in the future we could fetch the passwordPolicy from the backend (when we are auth-agnostic and not relying on Auth0).
• Some small fixes/improvements
  • language updates
  • link update/opens new page

Please check

• Please add Japanese translations where appropriate.

Memo

• Depending on how we implement Authentication locally in the future, we COULD potentially make the PrivacyPolicy have a RegEx AND Text field for each check (which would be passed from the backends Config) and then populate the PasswordModal with the Text to show a detailed description of the password requirements being used to the user. But I have read being too specific about a password policy can be bad and lead to someone figuring out passwords easier.

[netlify]

❌ Deploy Preview for reearth-web failed.

🔨 Explore the source changes: a913b27

🔍 Inspect the deploy log: https://app.netlify.com/sites/reearth-web/deploys/616d167235ee360007a6adf3

[codecov]

Codecov Report

Merging #86 (a913b27) into main (778395e) will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##             main      #86   +/-   ##
=======================================
  Coverage   53.53%   53.53%           
=======================================
  Files          48       48           
  Lines         891      891           
  Branches      119      119           
=======================================
  Hits          477      477           
  Misses        364      364           
  Partials       50       50           

[rot1024]

It turns out that this PR actually contains a problem that we need to think about.

• Why do you limit passwords to between 5 and 25 characters? It is usually safe to not limit the maximum number of characters unless it is very long.
• Is the password policy in sync with the backend implementation and the OAuth provider's settings? If you don't have such a restriction in the backend or the provider, then trying to restrict it only in the frontend will result in a restriction that doesn't make much sense from a security perspective.
• Don't forget that users can also change the password from the login page provided by the OAuth provider. What if a different password policy is applied there?

Re:Earth is OSS, so we never know who will use it and where will be used it, and even what OAuth2 provider will be used. Considering the possibility that various password policies may be required, it would be desirable to be able to change the password policy in, for example, reearth_config.json.

[rot1024]

Additional implementation: to make password policy changeable by reearth-config.json (https://github.com/reearth/reearth-web/blob/main/src/config.ts)

• note: if no password policy is set, there is no limitation
• note: JSON does not support regexp, so Re:Earth should parse string and handle errors (if there is any error, treat as no password policy is set)

[HideBa]

Thank you for your implementation. 👍
I've left a couple of comments. Plz, check them.

[HideBa]

Seems good! 👍