[ZendTo] Limit authentication by user-name

Jules Field Jules at Zend.To
Thu Jun 16 14:09:41 BST 2022


Hi John,

Greg's suggestion should work fine if he says it does.

I just wanted to say that there isn't an exclusion regexp, you can stop 
looking for one. :-)

Cheers,
Jules.

On 16/06/2022 12:02 am, John Thurston via ZendTo wrote:
> Experimentation shows I can get the behavior I seek by prepending
>   (?!.*-(foo|bar|baz)$)
> to the default usernameRegexp (well, prepending it to the expression, 
> not the string. So stuffing it between the / and the ^)
>
> The result is a line in the log, of the form:
>   Warning: illegal username "jimmy-joe-foo" attempted to login
>
> I still haven't found an exclusion regexp, so this may have to do.
>
>
>
> -- 
> Do things because you should, not just because you can.
>
> John Thurston    907-465-8591
> John.Thurston at alaska.gov
> Department of Administration
> State of Alaska
>
> On 6/15/2022 12:08 PM, John Thurston via ZendTo wrote:
>> We expect internal users to authenticate to ZendTo to perform their
>> transfers. There is a subset of accounts we think should _not_ be
>> allowed to authenticate. These accounts are recognizable because their
>> usernames end with magic strings:
>>    -foo
>>    -bar
>>
>> I see 'usernameRegexp' in the config file:
>>    // Regular expression defining a valid username for the Login page.
>>    // Usually no need to change this.
>>    'usernameRegexp'    => '/^([a-zA-Z0-9][a-zA-Z0-9\_\.\-\@\\\]*)$/i',
>>
>> Is this where I might try to hack together a regexp which would fail to
>> match those magic strings?
>>
>> Is there a different regexp (which I have not yet found) which defines
>> an exclusion list of usernames?
>
> _______________________________________________
> ZendTo mailing list
> ZendTo at zend.to
> http://jul.es/mailman/listinfo/zendto

Jules

-- 
Julian Field MEng CEng CITP MBCS MIEEE MACM

'What happened before no longer exists. What will happen next has
  not yet been written. We have only now. That is our greatest
  advantage. What we do now, here, in this moment has the power to
  determine the future. Instinct and logic, together. ...All of history
  can change with our next move.' - Spock

www.Zend.To
Twitter: @JulesFM
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://jul.es/pipermail/zendto/attachments/20220616/0dc06db0/attachment.html>


More information about the ZendTo mailing list