Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prevent bypassing sign up restrictions implemented in the UI #4453

Closed
matthewelwell opened this issue Aug 6, 2024 · 1 comment
Closed

Prevent bypassing sign up restrictions implemented in the UI #4453

matthewelwell opened this issue Aug 6, 2024 · 1 comment
Assignees
@matthewelwell
Labels
api Issue related to the REST API

Comments

@matthewelwell
Copy link
Contributor

Currently, it is possible to bypass the restrictions implemented by e.g. PREVENT_SIGNUP by modifying the response from the config/project-overrides endpoint in the UI, or by using the API directly.

We should implement a restriction in the API to ensure that these limits cannot be bypassed.
@matthewelwell matthewelwell self-assigned this Aug 6, 2024
@matthewelwell matthewelwell added the api Issue related to the REST API label Aug 6, 2024
@matthewelwell
Copy link
Contributor Author

matthewelwell commented Aug 6, 2024
edited
Loading

On further investigation, the key issue here is that it is possible to manipulate the register request to bypass the ALLOW_REGISTRATION_WITHOUT_INVITE setting.

I have created a PR for the API here to prevent this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@matthewelwell matthewelwell

Labels
api Issue related to the REST API
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@matthewelwell