Commit 3bedb86d authored by BAIRE Anthony's avatar BAIRE Anthony
Browse files

do not allow updating User.email directly

(and use the /accounts/email/ page (provided by allauth) instead)

'User.email' should never be updated directly

The rationale is that we rely on allauth for verifying e-mail addresses.
Allauth manages user's email addresses independently (one to many), and
updates User.email when one of these addresses is promoted to the
'primary' status. We will have less friction if we embrace the allauth
way of managing e-mails.

The good point is that allauth will never mark as primary an email
addresse that has not been verified.
parent 4e2e61d1
......@@ -32,11 +32,10 @@ class UserForm(forms.ModelForm):
label_suffix='',
required=False,
)
email = forms.CharField(label='Email', label_suffix='', required=False)
class Meta:
model = User
fields = ('first_name', 'last_name', 'email')
fields = ('first_name', 'last_name')
class SSHForm(forms.ModelForm):
......
{% extends "base.html" %}
{% load i18n %}
{% block title %}{% trans "Manage e-mail addresses" %}{% endblock %}
{% block breadcrumb %}
<li class="breadcrumb-item active"><a href="{% url 'main:user_detail' %}">My profile</a></li>
<li class="breadcrumb-item active" aria-current="page">e-mail</li>
{% endblock %}
{% block content %}
<div class="container">
<div class="allgo-page">
<div class="border-bottom pb-3 mb-3">
<h2>{% trans "E-mail Addresses" %}</h2>
{% if user.emailaddress_set.all %}
<p>{% trans 'The following e-mail addresses are associated with your account:' %}</p>
<form action="{% url 'account_email' %}" class="email_list" method="post">
{% csrf_token %}
<table class="table col-md-3" style="width:1px; white-space: nowrap;">
<tbody>
{% for emailaddress in user.emailaddress_set.all %}
<tr>
<td>
<label for="email_radio_{{forloop.counter}}" class="{% if emailaddress.primary %}primary_email{%endif%}">
<input id="email_radio_{{forloop.counter}}" type="radio" name="email" {% if emailaddress.primary or user.emailaddress_set.count == 1 %}checked="checked"{%endif %} value="{{emailaddress.email}}"/>
{{ emailaddress.email }}
</label>
</td>
<td>
{% if emailaddress.primary %}<span class="primary">{% trans "Primary" %}</span>{% endif %}
</td>
<td>
{% if emailaddress.verified %}
<span class="text-success">{% trans "Verified" %}</span>
{% else %}
<span class="text-danger">{% trans "Unverified" %}</span>
{% endif %}
</td>
</tr>
{% endfor %}
</tbody>
</table>
<div class="buttonHolder">
<button class="btn btn-primary secondaryAction" type="submit" name="action_primary" >{% trans 'Make Primary' %}</button>
<button class="btn btn-primary secondaryAction" type="submit" name="action_send" >{% trans 'Re-send Verification' %}</button>
<button class="btn btn-primary primaryAction" type="submit" name="action_remove" >{% trans 'Remove' %}</button>
</div>
</form>
{% else %}
<p><strong>{% trans 'Warning:'%}</strong> {% trans "You currently do not have any e-mail address set up. You should really add an e-mail address so you can receive notifications, reset your password, etc." %}</p>
{% endif %}
</div>
<div class="border-bottom pb-3 mb-3">
<h4>{% trans "Add E-mail Address" %}</h4>
<form method="post" action="{% url 'account_email' %}" class="add_email">
{% csrf_token %}
{{ form.as_p }}
<button class="btn btn-primary" name="action_add" type="submit">{% trans "Add E-mail" %}</button>
</form>
</div>
</div>
</div>
{% endblock %}
{% block extra_body %}
<script type="text/javascript">
(function() {
var message = "{% trans 'Do you really want to remove the selected e-mail address?' %}";
var actions = document.getElementsByName('action_remove');
if (actions.length) {
actions[0].addEventListener("click", function(e) {
if (! confirm(message)) {
e.preventDefault();
}
});
}
})();
</script>
{% endblock %}
......@@ -27,19 +27,26 @@
</div>
</div>
<div class="form-row">
<div class="form-group col-md-6">
{{ form.email.label_tag }}
{{ form.email | attr:"placeholder:Enter your email" | add_class:"form-control" }}
</div>
</div>
<button type="submit" class="btn btn-primary float-right">
<i class="far fa-user"></i> Update profile
</button>
</form>
</div>
<div class="clearfix border-bottom pb-3 mb-3">
<h5>E-mail</h5>
<ul>
{% for addr in user.email_addresses %}
<li class="{% if addr.primary %}font-weight-bold{% endif %}">{{addr.email}}{% if addr.primary %}{% endif %} </li>
{% endfor %}
</ul>
<div class="float-right">
<a class="btn btn-primary" href="{% url 'account_email' %}" role="button">
<i class="fas fa-envelope"></i> Manage addresses
</a>
</div>
</div>
<div class="clearfix border-bottom pb-3 mb-3">
{% if user.has_usable_password %}
<h5>Password</h5>
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment