Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Issues: Unauthenticated Reporting and Email Validation #4891

Open
jsamiksha1 opened this issue Mar 27, 2024 · 0 comments
Open

Issues: Unauthenticated Reporting and Email Validation #4891

jsamiksha1 opened this issue Mar 27, 2024 · 0 comments

Comments

@jsamiksha1
Copy link

Potential Bug 1: Unauthenticated Users Can Post Reports

Description
Users can post reports without logging in or signing up when accessing the application through mobile/web services.

To Reproduce
Steps to reproduce the behavior:

  1. Go to Ushahidi deployed site.
  2. Click on the "Add a new post" button.
  3. Fill out the post form.
  4. Submit the form without logging in or signing up.
  5. Report gets posted successfully without any authentication.

Expected behavior
Users should be required to log in or sign up before being able to post reports.

Solution
Implement authentication requirements for posting reports. This can be achieved by:

  • Requiring users to log in or sign up before accessing the report submission form.
  • Adding a check to the report submission process to ensure that the user is authenticated before allowing the submission to proceed.

Preferred Resolution Method
Implementing authentication requirements for posting reports is the preferred resolution method as it ensures that only authenticated users can submit reports, thereby enhancing security and accountability.

Screenshots
Screenshot

Potential Bug 2: Lack of Email Validation and Verification During Signup

Description
There is a lack of validation and verification mechanisms for email IDs during the signup process.

To Reproduce
Steps to reproduce the behavior:

  1. Go to Ushahidi's deployed site.
  2. Fill out the signup form with a gibberish email ID.
  3. Submit the form.
  4. Signup process completes without validating or verifying the email ID.

Expected behavior
During signup, email IDs should undergo validation and verification processes to ensure they are legitimate.

Solution
Implement email validation and verification mechanisms during the signup process. This can be achieved by:

  • Validating email format to ensure it follows standard conventions.
  • Sending a verification link or code to the provided email address and requiring users to confirm their email before completing the signup process.
  • Implementing CAPTCHA or similar human verification mechanisms to prevent bots from registering with fake email IDs.

Preferred Resolution Method
Implementing email validation and verification mechanisms during the signup process is the preferred resolution method as it enhances the authenticity of user accounts and reduces the risk of spam or misuse of the platform.

Screenshots
Screenshot1
Screenshot2
Screenshot3

@Angamanga @dukedanny
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jsamiksha1