do not allow updating User.email directly
(and use the /accounts/email/ page (provided by allauth) instead) 'User.email' should never be updated directly The rationale is that we rely on allauth for verifying e-mail addresses. Allauth manages user's email addresses independently (one to many), and updates User.email when one of these addresses is promoted to the 'primary' status. We will have less friction if we embrace the allauth way of managing e-mails. The good point is that allauth will never mark as primary an email addresse that has not been verified.
Showing with 108 additions and 9 deletions