Email Enumeration on Registration Endpoint

iMerica / dj-rest-auth

Authentication for Django Rest Framework

https://dj-rest-auth.readthedocs.io/en/latest/index.html

MIT License

1.62k stars 302 forks source link

Email Enumeration on Registration Endpoint #563

Open panupong-puttarathamrongkul opened 8 months ago

panupong-puttarathamrongkul commented 8 months ago

Hi, thanks for creating this library. I'm using dj-rest-auth with allauth for registration.

When email is mandatory, registering with an existing email gives the message, A user is already registered with this e-mail address.

Is there a way to make it always show success instead of revealing if an email already exists? I noticed Allauth has the PREVENT_ENUMERATION config variable set to True by default.

mahiuddin-dev commented 8 months ago

from allauth.account.views import RegisterView
from rest_framework.response import Response
from rest_framework import status

class RegisterView(RegisterView):
    def create(self, request, *args, **kwargs):
        response = super().create(request, *args, **kwargs)

        # Always return a success response,
        return Response({'detail': 'Registration successful'}, status=status.HTTP_201_CREATED)