From john.thurston at alaska.gov Wed Jun 15 21:08:42 2022 From: john.thurston at alaska.gov (John Thurston) Date: Wed, 15 Jun 2022 12:08:42 -0800 Subject: [ZendTo] Limit authentication by user-name References: Message-ID: We expect internal users to authenticate to ZendTo to perform their transfers. There is a subset of accounts we think should _not_ be allowed to authenticate. These accounts are recognizable because their usernames end with magic strings: -foo -bar I see 'usernameRegexp' in the config file: // Regular expression defining a valid username for the Login page. // Usually no need to change this. 'usernameRegexp' => '/^([a-zA-Z0-9][a-zA-Z0-9\_\.\-\@\\\]*)$/i', Is this where I might try to hack together a regexp which would fail to match those magic strings? Is there a different regexp (which I have not yet found) which defines an exclusion list of usernames? -- -- Do things because you should, not just because you can. John Thurston 907-465-8591 John.Thurston at alaska.gov Department of Administration State of Alaska From john.thurston at alaska.gov Thu Jun 16 00:02:32 2022 From: john.thurston at alaska.gov (John Thurston) Date: Wed, 15 Jun 2022 15:02:32 -0800 Subject: [ZendTo] Limit authentication by user-name In-Reply-To: References: <28292bd1-ba33-97d6-cddb-31baa90ff9ab@alaska.gov> Message-ID: Experimentation shows I can get the behavior I seek by prepending (?!.*-(foo|bar|baz)$) to the default usernameRegexp (well, prepending it to the expression, not the string. So stuffing it between the / and the ^) The result is a line in the log, of the form: Warning: illegal username "jimmy-joe-foo" attempted to login I still haven't found an exclusion regexp, so this may have to do. -- Do things because you should, not just because you can. John Thurston 907-465-8591 John.Thurston at alaska.gov Department of Administration State of Alaska On 6/15/2022 12:08 PM, John Thurston via ZendTo wrote: > We expect internal users to authenticate to ZendTo to perform their > transfers. There is a subset of accounts we think should _not_ be > allowed to authenticate. These accounts are recognizable because their > usernames end with magic strings: > ? -foo > ? -bar > > I see 'usernameRegexp' in the config file: > ? // Regular expression defining a valid username for the Login page. > ? // Usually no need to change this. > ? 'usernameRegexp'??? => '/^([a-zA-Z0-9][a-zA-Z0-9\_\.\-\@\\\]*)$/i', > > Is this where I might try to hack together a regexp which would fail to > match those magic strings? > > Is there a different regexp (which I have not yet found) which defines > an exclusion list of usernames? From greg.clarke at waikato.ac.nz Thu Jun 16 02:52:23 2022 From: greg.clarke at waikato.ac.nz (Greg Clarke) Date: Thu, 16 Jun 2022 13:52:23 +1200 Subject: [ZendTo] Limit authentication by user-name In-Reply-To: References: <28292bd1-ba33-97d6-cddb-31baa90ff9ab@alaska.gov> Message-ID: Hi there This will handle full addressing as will as domain origin. (?!.*-(foo|bar|baz)(\@|$)) All the best Greg On Thu, 16 Jun 2022 at 11:22, John Thurston via ZendTo wrote: > Experimentation shows I can get the behavior I seek by prepending > (?!.*-(foo|bar|baz)$) > to the default usernameRegexp (well, prepending it to the expression, > not the string. So stuffing it between the / and the ^) > > The result is a line in the log, of the form: > Warning: illegal username "jimmy-joe-foo" attempted to login > > I still haven't found an exclusion regexp, so this may have to do. > > > > -- > Do things because you should, not just because you can. > > John Thurston 907-465-8591 > John.Thurston at alaska.gov > Department of Administration > State of Alaska > > On 6/15/2022 12:08 PM, John Thurston via ZendTo wrote: > > We expect internal users to authenticate to ZendTo to perform their > > transfers. There is a subset of accounts we think should _not_ be > > allowed to authenticate. These accounts are recognizable because their > > usernames end with magic strings: > > -foo > > -bar > > > > I see 'usernameRegexp' in the config file: > > // Regular expression defining a valid username for the Login page. > > // Usually no need to change this. > > 'usernameRegexp' => '/^([a-zA-Z0-9][a-zA-Z0-9\_\.\-\@\\\]*)$/i', > > > > Is this where I might try to hack together a regexp which would fail to > > match those magic strings? > > > > Is there a different regexp (which I have not yet found) which defines > > an exclusion list of usernames? > > _______________________________________________ > ZendTo mailing list > ZendTo at zend.to > http://jul.es/mailman/listinfo/zendto > -------------- next part -------------- An HTML attachment was scrubbed... URL: From Jules at Zend.To Thu Jun 16 14:09:41 2022 From: Jules at Zend.To (Jules Field) Date: Thu, 16 Jun 2022 14:09:41 +0100 Subject: [ZendTo] Limit authentication by user-name In-Reply-To: References: <28292bd1-ba33-97d6-cddb-31baa90ff9ab@alaska.gov> Message-ID: Hi John, Greg's suggestion should work fine if he says it does. I just wanted to say that there isn't an exclusion regexp, you can stop looking for one. :-) Cheers, Jules. On 16/06/2022 12:02 am, John Thurston via ZendTo wrote: > Experimentation shows I can get the behavior I seek by prepending > ? (?!.*-(foo|bar|baz)$) > to the default usernameRegexp (well, prepending it to the expression, > not the string. So stuffing it between the / and the ^) > > The result is a line in the log, of the form: > ? Warning: illegal username "jimmy-joe-foo" attempted to login > > I still haven't found an exclusion regexp, so this may have to do. > > > > -- > Do things because you should, not just because you can. > > John Thurston??? 907-465-8591 > John.Thurston at alaska.gov > Department of Administration > State of Alaska > > On 6/15/2022 12:08 PM, John Thurston via ZendTo wrote: >> We expect internal users to authenticate to ZendTo to perform their >> transfers. There is a subset of accounts we think should _not_ be >> allowed to authenticate. These accounts are recognizable because their >> usernames end with magic strings: >> ?? -foo >> ?? -bar >> >> I see 'usernameRegexp' in the config file: >> ?? // Regular expression defining a valid username for the Login page. >> ?? // Usually no need to change this. >> ?? 'usernameRegexp'??? => '/^([a-zA-Z0-9][a-zA-Z0-9\_\.\-\@\\\]*)$/i', >> >> Is this where I might try to hack together a regexp which would fail to >> match those magic strings? >> >> Is there a different regexp (which I have not yet found) which defines >> an exclusion list of usernames? > > _______________________________________________ > ZendTo mailing list > ZendTo at zend.to > http://jul.es/mailman/listinfo/zendto Jules -- Julian Field MEng CEng CITP MBCS MIEEE MACM 'What happened before no longer exists. What will happen next has not yet been written. We have only now. That is our greatest advantage. What we do now, here, in this moment has the power to determine the future. Instinct and logic, together. ...All of history can change with our next move.' - Spock www.Zend.To Twitter: @JulesFM -------------- next part -------------- An HTML attachment was scrubbed... URL: