Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Request] Password Rest Log Enhancement, allow deletion and checking if it was/wasn't you. #4362

Open
MiM-MiM opened this issue Dec 2, 2024 · 0 comments
Open

[Request] Password Rest Log Enhancement, allow deletion and checking if it was/wasn't you. #4362

MiM-MiM opened this issue Dec 2, 2024 · 0 comments
Labels
Request

Comments

@MiM-MiM
Copy link
Contributor

MiM-MiM commented Dec 2, 2024
edited by polar-sh bot
Loading

The current log can be abused and saves data that should not be stored for normal users. If you mistype a password, well now the site forever has your IP, which should not be the case. This can be fixed while keeping the data that is needed and make the log more useful for staff reviewing it.

  • Add a nullable boolean column, verified login, store null for unchecked, 0 for not that user, and 1 for was that user.
  • The user has a week before it auto ticks the not me option.
  • PM and email sent links them to a review screen that queries the failed login table and they can review there
  • Allow deletions of ones they say is them, however, this could be abused by the hijacker, so we must require the active 2fa to have been enabled from before that failed attempt.
  • Backups should be changed to only store the "wasn't me" rows, ensuring that even the backup does not log the IP needlessly.
  • Staff page should default to unchecked and not me only, can allow admin to view all not deleted, mod does not need this ability.

The requirement of 2fa being active before is important, otherwise a hijacker could login and delete the evidence. With 2fa being required before, the only way they could hijack and delete evidence is if they have access to either a recovery code or the 2fa device itself, of which is an entirely different issue. If they enabled it after hijacking the account here they could only mask it, but the investigation of the compromised account could still pull up that data.

A rogue staff with password reset abilities could easily abuse the current feature and effectively enable logging even on sites that follow UNIT3D's desire for not logging such information. Users have reported this happening on some sites too and vanilla UNIT3D needs to protect this from happening the best they can.

Upvote & Fund

  • We're using Polar.sh so you can upvote and help fund this issue.
  • We receive the funding once the issue is completed & confirmed.
  • Thank you in advance for helping prioritize & fund our backlog.
Fund with Polar
@MiM-MiM MiM-MiM added Fund https://polar.sh Request labels Dec 2, 2024
@HDVinnie HDVinnie removed the Fund https://polar.sh label Dec 24, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@HDVinnie @MiM-MiM