[Security Improvement]: Emails are not being verified during sign up.

[RishabhJain0721]

Description 📝

There is a vulnerability in the authentication system of the project. The issue allows any random email, whether it exists or not, to be used to sign up and subsequently log in.

Link 🔗

https://retlab-dev.firebaseapp.com/signup

Steps to Reproduce 🔄

1. Go to the sign up page.
2. Try signing up with a non-existent email account.

Screenshots 📸

Expected Behavior 🤔

The expected flow of control in my perspective should be like this :

1. A user fills the sign up form.
2. User clicks the sign up button.
3. An email is sent to that user's email with a verification link in it.
4. As soon as the user clicks on the verification link sent to their email, the user should get verified and redirected to the home page.

Actual Behavior 😱

1. A user fills the sign up form.
2. User clicks the sign up button.
3. Account is created and user can now login.

Environment 🌍

• OS: Windows
• Browser: Brave

Additional Information ℹ️

This vulnerability could allow unauthorized users to gain access to user accounts, potentially leading to unauthorized actions, and other security incidents. Implementing email verification, would be a great mitigation step.

[RishabhJain0721]

Hey @jvJUCA I would like to work on this issue by setting up an email verification using firebase authentication to verify new users. Please assign me this issue.

[KarinePistili]

Hello @RishabhJain0721, I removed the bug tag as this is not a bug, but an improvement to the code.

For the present moment we are not interested on implementing this specific feature. We will leave this issue opened for future work.

Thank you for the suggestions.

[RishabhJain0721]

@KarinePistili Alright thanks for the correction.

[solvibrain]

Could I work on this Issue?

[KarinePistili]

hello @solvibrain, this issue is currently marked as future work and won't be done by now. Feel free to find another issue if you there is something you find interesting ;)