Open gorfreed opened 3 years ago
Hi Gorfreed,
thanks for the feedback, we will work to find a solution.
Is there any update on this? I have opted out for another solution on that project, but now I am setting up a new one and again I would love to use Stranoweb Ajax Login, as it just looks a lot better than other solutions. However, the security issue still persists and I wanted to check in with you to see if there was any development on this.
Hi Gorfreed,
Thanks for supporting our plugin. that fixing is still in our plan, unfortunatelly we didn’t have the time to work on it. We will do our best to fix asap.
Thanks for your patience.
Sent from Marco’s iPhone
Il giorno 3 nov 2021, alle ore 22:36, gorfreed @.***> ha scritto:
Is there any update on this? I have opted out for another solution on that project, but now I am setting up a new one and again I would love to use Stranoweb Ajax Login, as it just looks a lot better than other solutions. However, the security issue still persists and I wanted to check in with you to see if there was any development on this.
— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or unsubscribe. Triage notifications on the go with GitHub Mobile for iOS or Android.
Stranoweb's social login button will force create a user, no matter what restrictions (like 'required' fields that are essential for your membership page) are set. It will create a new user with a randomized name and no reference whatsoever about where the social login was initiated from, leaving you with a group of users that are completely unidentifiable and gained access to your membership page without even validating their emails. I am surprised that hasnt come up before but a solution is probably simple. e.g. an unregistered social login could be redirected to the registration form for example.
In short, for security reasons I can not allow a new user signing up with a Social Login. Can your plugin be adapted accordingly?