Mentions légales du service

Skip to content

Refactor user email management

BAIRE Anthony requested to merge refactor-user-email-management into django

Several changes in this branch:

  • fix User.email updates (and use the allauth /accounts/email/ instead)

    'User.email' should never be updated directly.

    The rationale is that we rely on allauth for verifying e-mail addresses. Allauth manages user's email addresses independently (one to many), and updates User.email when one of these addresses is promoted to the 'primary' status. We will have less friction if we embrace the allauth way of managing e-mails.

    The good point is that allauth will never mark as primary an email addresse that has not been verified.

  • add an intermediate 'user_need_validation' page for email validation

    There are multiple reasons:

    • the user may already have received the message
    • we should do the same validation on the API too (but API should not send any email but just display the error message)
    • this page will also be useful for validating the 'Terms of Use'
  • refactor the permission mixins

    remove the IsProviderMixin (and avoid using LoginRequiredMixin directly) and introduce 3 new mixins:

    • UserAccessMixin -> must be a registered user
    • ProviderAccessMixin -> user must be a provider
    • AllAccessMixin -> may or may not be a registered user

    All these 3 mixins will also ensure that the user email is validated.

    The purpose of the AllAccessMixin is to force the validation of the email when the user is registered, thus the validation will be requested when landing on the webapp_detail page rather than when submitting the first job (which would be discarded)

  • remove the django auth backend (because it is not used at all)

  • replace User.provider_addresses with User.email_addresses (which allows more generic queries)

Merge request reports