feat(api,admin-ui): add optional signup email-enumeration protection by markwylde · Pull Request #119 · puzed/darkauth

markwylde · 2026-03-01T23:23:37Z

Summary

add a users.prevent_email_enumeration_on_registration setting (default false)
add duplicate-signup anti-enumeration behavior gated by:
- setting enabled
- email verification enabled
- SMTP available
add new template signup_existing_account_notice and wire it through API + admin UI email template editor
fall back to explicit A user with this email address already exists conflict when gating conditions are not met or notice-email sending fails
add API model tests for duplicate-registration behavior across toggle/gating combinations

this keeps the default behavior explicit (duplicate email conflict) unless admins intentionally opt into anti-enumeration mode.

markwylde added 4 commits March 1, 2026 23:23

feat(api,admin-ui): add registration email-enumeration toggle

d9d68b5

test(api): cover duplicate registration enumeration toggle

5f3f39d

fix(test-suite): set demo self-registration via admin settings api

a116058

Prevent email enumeration in user login errors

d49f5a9

markwylde merged commit 2b46b76 into main Mar 2, 2026
17 checks passed

markwylde deleted the feat/registration-email-enumeration-toggle branch March 2, 2026 20:14