security bug #5
Description
When logging in with Google, any user can create an account using email, password and profilePicture via postman, even if that email does not belong to him/her. There is no control mechanism. It can even reach other people's accounts by just trying random emails. Is there a way to prevent this?
For example, if I send the following request to localhost:3000/api/auth/google in this link
{
"email":"random_email@gmail.com",
}
will approve my entry even if it is not mine.
Is there a point I missed?