Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

​Self-hosted: Invite email link can be re-used, potential DoS #6889

Open
1 task done
dennorske opened this issue May 11, 2024 · 1 comment
Open
1 task done

​Self-hosted: Invite email link can be re-used, potential DoS #6889

dennorske opened this issue May 11, 2024 · 1 comment
Assignees
@darkskygit

Comments

@dennorske
Copy link

What happened?

When a user is invited to the platform, the user who receives the invite can re-use the invite link multiple times. Every time the user uses that link, a new email is sent out to the person who invited him, to inform that the invite was accepted.

Steps to reproduce

  1. Invite a new user
  2. New user rapidly spam-clicks the invite link (opens multiple tabs).
  3. The equivalent amount of emails are sent to the inviter, to inform the user has accepted the invitation.

See the attached screenshot for a sample:

image

Distribution version

Linux

What browsers are you seeing the problem on if you're using web version?

No response

Are you self-hosting?

  • Yes

Relevant log output

No response

Anything else?

No response
@affine-issue-bot
Copy link

affine-issue-bot bot commented May 11, 2024
edited

Issue Status: 💡 Open

💡 Open

We want to implement the fix or feature in the near future. We can’t promise it will appear in the next public release, but it’s on our short list.

This is an automatic reply by the bot.

@darkskygit darkskygit assigned darkskygit and unassigned forehalo May 13, 2024
@darkskygit darkskygit mentioned this issue May 13, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@darkskygit darkskygit

Labels
None yet
Projects
AFFiNE Project
Status: 💡 Open
Milestone
No milestone
Development

No branches or pull requests
3 participants
@dennorske @forehalo @darkskygit