Allauth supports multiple email addresses per user. While this is not intended in allgo, it is still possible to configure multiple addresses using the /accounts/email/ endpoint.
Problem: even with ACCOUNT_EMAIL_VERIFICATION="mandatory", allauth does not ensure that all addresses are verified. It only ensure that any address is verified.
--> even if the user is validted by all auth, we still need to ensure that the relevant address is verified before granting access
Regarding the webapp import feature, a (non-admin) user can import a webapp only if the two conditions are met:
- the user is allowed to create webapps (verified by IsProviderMixin)
- the user has a verified email address that matches the owner address of the imported webapp