Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prevent credentials from being filled in without validation #46

Closed
8 tasks
aeneasr opened this issue Jul 24, 2019 · 0 comments
Closed
8 tasks

Prevent credentials from being filled in without validation #46

aeneasr opened this issue Jul 24, 2019 · 0 comments
Assignees
@aeneasr
Labels
package/selfservice Affects selfservice components
Milestone
v0.1.0-alpha.1

Comments

@aeneasr
Copy link
Member

aeneasr commented Jul 24, 2019
edited
Loading

Assuming we have strategy "password" and "google-oidc" enabled. Assuming foo@bar.com has a registered account at hive using the password strategy. If another user with "google-oidc" signs up, and also has foo@bar.com as email, this should not be allowed. This should work with all strategies.

Instead, the user should be requested to "combine" his/her accounts by linking them.

We need to make sure that our validator checks for this usecase and rejects any requests not compliant with this policy.

  • Disallow oidc strategy sign up for identities that already have the email registered (form error)
  • Disallow password strategy sign up for identities that already have the email registered (form error)
  • Write test for oidc strategy
    • Test double sign up with existing identifier from password strategy
    • Test double sign up with existing identifier from oidc strategy
  • Write test for password strategy
    • Test double sign up with existing identifier from password strategy
    • Test double sign up with existing identifier from oidc strategy
@aeneasr aeneasr added package/selfservice Affects selfservice components security labels Jul 24, 2019
@aeneasr aeneasr added this to the v0.0.1 milestone Jul 24, 2019
@aeneasr aeneasr self-assigned this Jul 24, 2019
aeneasr added a commit that referenced this issue Nov 4, 2019
@aeneasr
Prevent duplicate signups (#76)
4c88968 
Closes #46
mcjimenez added a commit to mcjimenez/kratos that referenced this issue Jul 9, 2023
@mcjimenez
[VIAM-736] Panic on Kratos on POST /self-service/login (ory#46)
f20698f
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@aeneasr aeneasr

Labels
package/selfservice Affects selfservice components
Projects
None yet
Milestone
v0.1.0-alpha.1
Development

No branches or pull requests
1 participant
@aeneasr