Skip to content

Commit

Permalink
feat:Control for Changing Registered Email Address For An Account (#843)
Browse files Browse the repository at this point in the history
  • Loading branch information
@philCryoport
philCryoport authored Jan 9, 2024
1 parent cbd9477 commit 1178e34
Show file tree
Hide file tree
Showing 13 changed files with 359 additions and 25 deletions.
Binary file added assets/images/controls/Changing_Registered_Email_Address_In_A_System_Flowchart.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
143 changes: 143 additions & 0 deletions assets/images/controls/src/plantuml/Changing_Registered_Email_Address_For_An_Account.puml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,143 @@
'Written using PlantUML.com Activity Diagram syntax
@startuml
group Starting the Request
start
:User Requests to\nChange Registered\nEmail Address;

if (Auth Cookie / Token Valid?) then (yes)
:User Provides\n"Proposed New"\nEmail Address;
else (no)
:Display\nLogin\nPage;
end
endif

if (User\nhas\nMFA?) then (yes)
:User Provides\nValid MFA\nResponse;
else (no)
:User Provides\nCurrently-Registered\nPassword;
endif

partition "Nonce Generation" {
:Create unique time-limited nonce to\n\n"Report the Change Request was Unexpected";
:Create unique time-limited nonce to\n\n"Confirm the Change from 'Proposed New' Email Account";

if (User\nhas\nMFA?) then (yes)
else (no)
:Create unique time-limited nonce to\n\n"Confirm the Change from Currently-Registered Email Account";
note right
Extra security for
password-only Users
in case of:

(a) easily-guessed password
or
(b) stolen repeated password
end note
endif
}
partition "Send Emails" {
:Email **Proposed New** email address
**Confirmation-Required** message

Include two links:
* Confirm the Change From This Account
* Report the Change Request was Unexpected;

if (User\nhas\nMFA?) then (yes)
:Email **Currently-Registered** email address
**Notification-Only** message

Include one link:
* Report the Change Request was Unexpected;
else (no)
:Email **Currently-Registered** email address
**Confirmation-Required** message

Include two links:
* Confirm the Change From This Account as Well
* Report the Change Request was Unexpected;

note right
See above note
Why non-MFA account
Needs extra confirmation
end note
endif
}
stop
end group

group "Processing Clicked Links"
start
:System receives
Clicked link
With nonce;
if (Nonce is known\nAND\nStill within\ntime-limit?) then (yes)
switch (Type\nof\nNonce?)
case ( Report Unexpected\nChange Request )
:Notify
SysOp / SysAdmin;
end
case ( Confirm\n**Proposed New**\nEmail Address )
if (User\nhas\nMFA?) then (yes)
label sp_lab5
label sp_lab4
label sp_lab3
label sp_lab2
label sp_lab1
label sp_lab0
'real label
label complete_change
:Change registered
Email address to
**Proposed New** address;
:Delete nonces
For this
Change request;
:Tell User
Change is complete;
:Force User
To login with
New Email Address;
end
else (no)
if (User has clicked\nConfirmation Link\nfrom **Currently-Registered** Email?) then (yes)
label sp_lab10
label sp_lab11
label sp_lab12
label sp_lab13
goto sp_lab0
else (no)
:Tell User
Need to click
Confirm link in
**Currently-Registered** email;
end
endif
endif
case ( Confirm Change from Currently-Registered Email Address )
if (User has clicked\nConfirmation Link\nfrom **Proposed New** Email?) then (yes)
label sp_lab20
label sp_lab21
label sp_lab22
label sp_lab23
label sp_lab24
label sp_lab25
label sp_lab26
goto sp_lab0
else (no)
:Tell User
Need to click
Confirm link in
**Proposed New** email;
end
endif
endswitch
else (no)
:If nonce is known,
Delete nonces for
this change request;
end
endif
end group
@enduml
7 changes: 7 additions & 0 deletions assets/images/controls/src/plantuml/README.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
# Source Code for Rendering UML for Diagrams

This directory is intended to contain the source code to generate the UML for diagrams such as flowcharts etc.

There's a Hitchhiker's Guide to PlantUML located at [https://crashedmind.github.io/PlantUMLHitchhikersGuide/](https://crashedmind.github.io/PlantUMLHitchhikersGuide/).

Please refer to the [PlantUML 'Beta' Activity Diagram syntax](https://plantuml.com/activity-diagram-beta) for the latest Activity Diagram syntax -- which was the syntax of the [Changing_Registered_Email_Address_For_An_Account.puml](/assets/images/controls/src/plantuml/Changing_Registered_Email_Address_For_An_Account.puml) file that was then rendered into [Changing_Registered_Email_Address_In_A_System_Flowchart.png](/assets/images/controls/Changing_Registered_Email_Address_In_A_System_Flowchart.png) for the [Changing Registered Email Address For An Account](/pages/controls/Changing_Registered_Email_Address_For_An_Account.html) page in the [Controls](/controls) section.
2 changes: 1 addition & 1 deletion pages/attacks/index.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,6 @@ Attacks are the techniques that attackers use to exploit the vulnerabilities in
<ul>
{% assign attackpages = site.pages | where_exp: "item", "item.tags contains 'attack'" %}
{% for page in attackpages %}
<li><a href='/www-community{{ page.url }}'>{{ page.title }}</a>{% if page.author %} by {{ page.author }}{% endif %}</li>
<li><a href='{{ site.baseurl }}{{ page.url }}'>{{ page.title }}</a>{% if page.author %} by {{ page.author }}{% endif %}</li>
{% endfor %}
</ul>
7 changes: 3 additions & 4 deletions pages/attacks/info.md
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
### Important Community Links

* [Community](/www-community)
* [Community]({{ site.baseurl }}/)
* Attacks (You are here)
* [Vulnerabilities](/www-community/vulnerabilities)
* [Controls](/www-community/controls)
* [Vulnerabilities]({{ site.baseurl }}/vulnerabilities)
* [Controls]({{ site.baseurl }}/controls)
Loading

0 comments on commit 1178e34

Please sign in to comment.