sec: make timings consistent when user enumerations would be possible through timing attacks #62
Description
As stated in #60 :
To make the application secure, we need to avoid user enumeration, this PR starts the effort, we need:
- Consistent return when user/email exists and don't exist in sign up (implemented in this PR)
- Consistent timings for the above routes
- Clear user communication (sending forgot password email when user exists and doing the appropriate logic: https://cheatsheetseries.owasp.org/cheatsheets/Forgot_Password_Cheat_Sheet.html)
- Forgot password functionality
- Rate limiting in these endpoints sec: add rate limiting to public endpoints and more vulnerable endpoints #61
- Captcha feat: add captcha #20
This issue should implement the consistent timings when user exists and when they don't.