Description
The signup flow currently allows users to create an account without any form of email validation (e.g., verification email or format checking).
This means accounts can be created using invalid or non-existent email addresses.
Steps to Reproduce
- Go to the signup page
- Enter an invalid or fake email address (e.g.,
test@invalid)
- Complete the signup process
Expected Behavior
The system should verify the email address, for example by:
- Sending a confirmation email with a verification link, or
- At minimum validating the email format before allowing signup
Actual Behavior
The account is created successfully without any email verification.
Impact
- Allows fake or unreachable accounts
- Increases risk of spam and abuse
- Prevents reliable communication with users
- Can cause issues with password recovery and notifications
Suggested Improvement
Implement email validation during signup, such as:
- Sending a verification email before activating the account
- Blocking login or access until the email is confirmed
Description
The signup flow currently allows users to create an account without any form of email validation (e.g., verification email or format checking).
This means accounts can be created using invalid or non-existent email addresses.
Steps to Reproduce
test@invalid)Expected Behavior
The system should verify the email address, for example by:
Actual Behavior
The account is created successfully without any email verification.
Impact
Suggested Improvement
Implement email validation during signup, such as: