Closed ilmartyrk closed 2 years ago
loorm
commented
2 years ago Wait, so essentially we're logging a user into an account, that they did not provide credentials for. I understand, that the user actually intends to log into A2 in this case. But if they provide credentials for A1 and get into A2, doesn't that open up some avenues of attack? It seems a bit fishy, but maybe it's not. I can't come up with an immediate attack vector. @tiblu, can you?
ilmartyrk
commented
2 years ago @loorm nope, this is not the case. Both accounts are linked with users personal ID, And this login method is also listed under users available login methods when they click on invite link and are prompted to login. This will not be implemented for any e-mail based authentication methods.
tiblu
commented
2 years ago Wait, so essentially we're logging a user into an account, that they did not provide credentials for. I understand, that the user actually intends to log into A2 in this case. But if they provide credentials for A1 and get into A2, doesn't that open up some avenues of attack? It seems a bit fishy, but maybe it's not. I can't come up with an immediate attack vector. @tiblu, can you?
IF A1 is created using e-ID login, IF A2 has UserConnection because they used e-ID signing while being logged into account A2, THEN I see no problem in the described implementation as the User has basically used their e-ID to claim the account or show access to that account.
Also is it true that you CANNOT have n+1 EID UserConnections per account (user ID)? @ilmartyrk
ilmartyrk
commented
2 years ago @loorm @tiblu your description is correct. User has multiple accounts connected with e-ID. One account can only have ONE EID UserConnection.
What is the problem? When user has 2 accounts. Account 1 (A1) has been created in the past using e-ID login method and account 2 (A2) has been created through user invite e-mail or simply using e-mail based login methods. A1 has no e-mail address connected, A2 has some topic where user has signed his/her vote using e-ID signing. Now both accounts have personal ID connection in UserConnections table. When user gets invited to a new topic with A2 e-mail. After clicking the invite link we display login methods for that account that includes e-ID methods. But when user chooses one of them we actually login to A1 account because in the login process our system selects the user that had the initial e-ID connection made to.
Solution As invite is linked to a certain user we use the invite link during the e-ID login and choose A2 when the invitation has been sent to A2 user