Possible Security Vulnerability

[god-s-perfect-idiot]

In O-auth login route, I could see that the Mongo DB was checked against a user name existing in the DB as returned from Google Servers. Does this not allow any user to create an email ID with the same name as an existing user and gain access into their accounts? Would email be a better parameter to check against?

[dan-online]

Hey @god-s-perfect-idiot, this project is not being updated any further at the moment sadly. I myself am working on a replacement in typescript and graphql with a lot more security but I won't be looking into fixing this issue. If you would like you could make a pull request which I would be happy to look over :)

[amadeus-torwell]

Is the new project / replacement already checked in somewhere so that others can contribute to it?