[Security Issue]: Users can assign themselves the admin role during signup #322
Description
Description
During signup, users can manually include a role field in the request body to assign themselves admin privileges. This is a serious security flaw.
Expected Behavior:
All users should be assigned the default role ("user") by the backend. Role should not be settable via the signup API.
Actual Behavior:
If a user sends:
{ "username": "test", "email": "test@example.com", "password": "123456", "role": "admin" }
They get registered as an admin.
Impact:
- Complete loss of access control.
- Any user can gain admin privileges and perform sensitive actions.
- Critical risk to data integrity, privacy, and application functionality.
Suggested Fix:
- Remove the
rolefield from the accepted signup payload on the backend. - Enforce role assignment in the backend logic, setting the default to
"user". - Add validation and whitelist allowed fields during account creation.
- Consider logging and alerting on suspicious signup attempts with unexpected fields.
Screenshots:
Checklist
- I have checked the existing issues
- I have read the Contributing Guidelines
- I want to work on this issue. (optional)