This adds a username_regexp option to the authenticator configuration, which if specified will be used to decide if a username can be authenticated via an authenticator. This can be used to prevent credentials being leaked to third party services. If the option isn't present the authenticator will behave as before, trying whatever credentials are given to it.
Assuming your users login with their email address, this configuration will authenticate GMail addresses via Google, and company addresses via LDAP:
Additionally the internal API adds a #can_validate? method to the authenticator base class. This can be used to do the same thing, but at the authenticator level rather than in configuration. So you could for example write an OpenID authenticator, that only accepts usernames that are URIs.
This adds a
username_regexp
option to the authenticator configuration, which if specified will be used to decide if a username can be authenticated via an authenticator. This can be used to prevent credentials being leaked to third party services. If the option isn't present the authenticator will behave as before, trying whatever credentials are given to it.Assuming your users login with their email address, this configuration will authenticate GMail addresses via Google, and company addresses via LDAP:
Additionally the internal API adds a
#can_validate?
method to the authenticator base class. This can be used to do the same thing, but at the authenticator level rather than in configuration. So you could for example write an OpenID authenticator, that only accepts usernames that are URIs.