-
Notifications
You must be signed in to change notification settings - Fork 11
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SECURITY issue #21
Comments
Hello, how exactly is this a security issue ? Neither the security of the gallery or the Google account of the user is compromised at any moment. The only "problem" is that the administrator is not sure the provided email corresponds to the linked account. And in my opinion this is a good thing, the user must be able to authenticate with an external provider but do not give you his main email, he can choose what personnal information he gives to you * You will also notice that in the the standard Piwigo authentication the email is not mandatory and is not verified. * This is in accordance to the GDPR and any data protection laws. |
I must precise that the email is not used in the authentication process. |
But then I don't get the idea of permissions and groups, how can I add user to a group if I can't ensure the identity of that user? Which is usually given by the email address with either a activation link or via an external provider. |
That's exactly my point. I'm okay if you say the external provider should not give the email, but then you should not allow the user to specify any email address he wants, just disable that input field then. But currently the email address is passed by the provider because the input field is prefilled with my address, but I can change it. |
I just installed the plugin and setup the google OAuth.
Then I tried as a user to login via google and I was redirected to a page on piwigo where I can choose my user name but also the email address. So I'm able to register for any mail addres I want, the admin has no chance to verify if the user used his real address or not (except by sending an email the address). Instead the mail address should be derived from the OAuth response and should not be able to be overwritten by the user manually.
This is a really serious security issues, please fix this as soon as possible.
The text was updated successfully, but these errors were encountered: