Mentions légales du service

Skip to content

Fix allauth email validation

BAIRE Anthony requested to merge fix-allauth-email-validation into django

Allauth supports multiple email addresses per user. While this is not intended in allgo, it is still possible to configure multiple addresses using the /accounts/email/ endpoint.

Problem: even with ACCOUNT_EMAIL_VERIFICATION="mandatory", allauth does not ensure that all addresses are verified. It only ensure that any address is verified.

--> even if the user is validted by all auth, we still need to ensure that the relevant address is verified before granting access

Regarding the webapp import feature, a (non-admin) user can import a webapp only if the two conditions are met:

  • the user is allowed to create webapps (verified by IsProviderMixin)
  • the user has a verified email address that matches the owner address of the imported webapp

Merge request reports