dj-rest-auth icon indicating copy to clipboard operation
dj-rest-auth copied to clipboard

Published 20 hours ago verified publisher icon iMerica

Email Enumeration on Registration Endpoint

Open panupong-puttarathamrongkul opened this issue 1 year ago • 1 comments

Hi, thanks for creating this library. I'm using dj-rest-auth with allauth for registration.

When email is mandatory, registering with an existing email gives the message, A user is already registered with this e-mail address.

Is there a way to make it always show success instead of revealing if an email already exists? I noticed Allauth has the PREVENT_ENUMERATION config variable set to True by default.

panupong-puttarathamrongkul avatar Nov 02 '23 02:11 panupong-puttarathamrongkul 

from allauth.account.views import RegisterView
from rest_framework.response import Response
from rest_framework import status

class RegisterView(RegisterView):
    def create(self, request, *args, **kwargs):
        response = super().create(request, *args, **kwargs)

        # Always return a success response,
        return Response({'detail': 'Registration successful'}, status=status.HTTP_201_CREATED)

mahiuddin-dev avatar Nov 10 '23 06:11 mahiuddin-dev