Ignoring a bunch of settings and checks when users sign up

[kasbah]

In the gitea auth there are these checks, IsComplexEnough IsPwned etc.

gitea/routers/web/user/auth.go

Lines 1174 to 1204 in 351aea3

	if !form.IsEmailDomainAllowed() {
	ctx.RenderWithErr(ctx.Tr("auth.email_domain_blacklisted"), tplSignUp, &form)
	return
	}
	if form.Password != form.Retype {
	ctx.Data["Err_Password"] = true
	ctx.RenderWithErr(ctx.Tr("form.password_not_match"), tplSignUp, &form)
	return
	}
	if len(form.Password) < setting.MinPasswordLength {
	ctx.Data["Err_Password"] = true
	ctx.RenderWithErr(ctx.Tr("auth.password_too_short", setting.MinPasswordLength), tplSignUp, &form)
	return
	}
	if !password.IsComplexEnough(form.Password) {
	ctx.Data["Err_Password"] = true
	ctx.RenderWithErr(password.BuildComplexityError(ctx), tplSignUp, &form)
	return
	}
	pwned, err := password.IsPwned(ctx, form.Password)
	if pwned {
	errMsg := ctx.Tr("auth.password_pwned")
	if err != nil {
	log.Error(err.Error())
	errMsg = ctx.Tr("auth.password_pwned_err")
	}
	ctx.Data["Err_Password"] = true
	ctx.RenderWithErr(errMsg, tplSignUp, &form)
	return
	}

We don't do any of that in our auth endpoint. We should.