data.gov icon indicating copy to clipboard operation
data.gov copied to clipboard
verified publisher icon GSA

Prevent login.gov user from using personal email address to log in

Open FuhuXia opened this issue 2 years ago • 4 comments

Login.gov allows users to add multiple email addresses to their accounts. User can switch email addresses and use their personal email addresses in our CKAN applications.

How to reproduce

  1. add personal email address in login.gov account
  2. open an incognito window and log into login.gov
  3. go to inventory.data.gov and click login, switch email when prompted, and use personal email address to log in.

Expected behavior

login ok with .gov email but rejected with personal email address.

Actual behavior

image

login succeed with personal email address. In the CKAN user profile, the email address and display name are changed. If the user was assigned as a sysadmin user, the user becomes a regular user.

Sketch

  1. We only allow .gov/.mil address in our CKAN. User must have a .gov/.mil address in their login.gov account.
  2. Add email address validation code and reject all non .gov/.mil address to login. This requires user know how to switch email address if their account is using personal email address as default; Or
  3. Use all_emails fields and find the first .gov/.mil email address to use to login. If none is found, reject the login; Or
  4. Add a config to disallow user to switch emails. If the original email address is not found in the all_emails, reject the login.

FuhuXia avatar May 03 '23 15:05 FuhuXia

We started to get questions from puzzled user when they logged in with personal emails.

FuhuXia avatar Jul 25 '23 18:07 FuhuXia

@FuhuXia, should this remain in the sprint backlog or go back to the product backlog? I can't recall what drove this item back from In Progress to the Sprint backlog.

gujral-rei avatar Jun 03 '24 15:06 gujral-rei

There have been no cases reported in the last few months, so we can revisit this at a later date. Let's move it back to the backlog for now.

FuhuXia avatar Jun 03 '24 16:06 FuhuXia

Just to clarify, there are two effects becasue of this issue:

  1. New User Login: First-time users cannot log in if their personal email doesn't match the government email (.gov) used during account creation. This has been partially addressed by a recent improvement (commit https://github.com/GSA/ckanext-saml2auth/commit/387cfc1c6a7619f670bf387384f2634516de5844) that displays the associated email address during a SAML login failure.

  2. Existing User Email Update: When an existing user changes their email address from a government email (.gov) to a personal email, there is no audit trail to track when or how this change occurred. This results in the user's account showing the personal email, leaving site admins without information on how it entered the system.

FuhuXia avatar Jun 14 '24 16:06 FuhuXia