Malicious password change request

[benel]

Alice has the account "alice.dodgson" with the following e-mail: "alice@wonderland.org". Malory has also an account and want to steal Alice's. He sends an invitation to alice.dodgson but to his own e-mail "malory@hell.com".

A functional test will have to be created to check if this scenario is prevented. If not, the code will have to be fixed.

[FengLU]

Hello Mr.Benel,

After a deep discussion about this issue, we (Jean-eudes and me) found that the solution of this issue depends on whether we should take a case, 'Is user’s name unique in our system?’, into account.

If we take it into account, which means every user's first name and last name is unique, the solution will be quite simple. We just need to create a method to verifier whether Alice.Dodgson already exists in our system or not as Malory tries to send an invitation to himself in order to steal Alice's login.

Otherwise, the situation gonna be much more complicated. Because it could have several "Alice Dodgson" in our system, we couldn't stop Malory’s attempt just by verifying Alice’s existence in our system. So, our proposition is to replace the initial user ID “firstname.lastname” by “user's email address” which must be unique.

Look forward to your response.

Best regards FengLU

[benel]

every user's first name and last name is unique

Yes.

We just need to create a method to verifier whether Alice.Dodgson already exists in our system or not as Malory tries to send an invitation to himself in order to steal Alice's login.

The e-mail must be compared to Alice's not to Malory's (he could have several ones).

the solution will be quite simple.

Sure, but it has to be done:

if Alice has no account yet
    create an account for her
    send her an e-mail
else if the e-mail is the same
    send her an e-mail
else 
    Malory should be reported