From a927f7e19b048734dfd2b26d02f8c7de0e5b09e7 Mon Sep 17 00:00:00 2001
From: Alexandre Bodin <bodin.alex@gmail.com>
Date: Tue, 5 May 2020 14:41:30 +0200
Subject: [PATCH] Only allow registeration with specific fields

Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com>
Co-authored-by: diogotcorreia
---
 .../controllers/Auth.js                             | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/packages/strapi-plugin-users-permissions/controllers/Auth.js b/packages/strapi-plugin-users-permissions/controllers/Auth.js
index e85fe5084d..7b0f34f4c1 100644
--- a/packages/strapi-plugin-users-permissions/controllers/Auth.js
+++ b/packages/strapi-plugin-users-permissions/controllers/Auth.js
@@ -394,9 +394,10 @@ module.exports = {
       );
     }
 
-    const params = _.assign(ctx.request.body, {
+    const params = {
+      ..._.pick(ctx.request.body, ['username', 'email', 'password']),
       provider: 'local',
-    });
+    };
 
     // Password is required.
     if (!params.password) {
@@ -580,14 +581,14 @@ module.exports = {
       { confirmed: true }
     );
 
-    if(returnUser) {
+    if (returnUser) {
       ctx.send({
         jwt: strapi.plugins['users-permissions'].services.jwt.issue({
-          id: user.id
+          id: user.id,
         }),
         user: sanitizeEntity(user.toJSON ? user.toJSON() : user, {
-          model: strapi.query('user', 'users-permissions').model
-        })
+          model: strapi.query('user', 'users-permissions').model,
+        }),
       });
     } else {
       const settings = await strapi