FEATURE: forgot_password_strict setting also prevents reporting that an email address is taken during signup

app/controllers/users_controller.rb

@@ -372,6 +372,19 @@ class UsersController < ApplicationController
         message: activation.message,
         user_id: user.id
       }
+    elsif SiteSetting.forgot_password_strict && user.errors[:primary_email]&.include?(I18n.t('errors.messages.taken'))
+      session["user_created_message"] = activation.success_message
+
+      if existing_user = User.find_by_email(user.primary_email&.email)
+        Jobs.enqueue(:critical_user_email, type: :account_exists, user_id: existing_user.id)
+      end
+
+      render json: {
+        success: true,
+        active: user.active?,
+        message: activation.success_message,
+        user_id: user.id
+      }
     else
       errors = user.errors.to_hash
       errors[:email] = errors.delete(:primary_email) if errors[:primary_email]