- 🇮🇳India prashant.c Dharamshala
Do you have any plans to port this to the latest version of the module?
- 🇺🇸United States greggles Denver, Colorado, USA
There is no longer an 8.x branch so moving to 2.x.
This seems like a nice feature for the security to protect accounts in ways related to the cyber. This feature is enabled by ✨ Add device detection/ID provided by modules: fingerprintjs2 Downport .
There are potentially a lot of scenarios. I'm going to tackle just one of them for now.
Account is created for the user - don't send an email b/c the only information we have is about the admins account, not the user.
On a first login for account:
- old device id is blank (cookie is not set)
- new device id is detected/set, no prior data for this uid in login_history
-so- don't send an email
subsequent login on a device, with device id cookie, browser has been updated:
- old device id is set and authentic
- new device id does not match - send new device id
-so- don't send an email
subsequent login on a device, cookies were cleared:
- old device id is not set/valid
- new device id matches a prior login based on querying login_history for this device_id and uid
-so- don't send an email
subsequent login, cookies are cleared or invalid:
- old device id is not set/valid
- new device id is not found in login_history for this uid but there are prior logins for this uid
-so- do send an email!
The final scenario could also happen because the person is logging in from a legitimately new device OR because an attacker has stolen their credentials. it's particularly this last scenario that we want to protect against, but we want to do that while sending as few emails as possible.
Downport
2.0
Code
Not all content is available!
It's likely this issue predates Contrib.social: some issue and comment data are missing.
Do you have any plans to port this to the latest version of the module?
There is no longer an 8.x branch so moving to 2.x.