Refactor user email management
Several changes in this branch:
-
fix
User.email
updates (and use the allauth /accounts/email/ instead)'User.email' should never be updated directly.
The rationale is that we rely on allauth for verifying e-mail addresses. Allauth manages user's email addresses independently (one to many), and updates User.email when one of these addresses is promoted to the 'primary' status. We will have less friction if we embrace the allauth way of managing e-mails.
The good point is that allauth will never mark as primary an email addresse that has not been verified.
-
add an intermediate 'user_need_validation' page for email validation
There are multiple reasons:
- the user may already have received the message
- we should do the same validation on the API too (but API should not send any email but just display the error message)
- this page will also be useful for validating the 'Terms of Use'
-
refactor the permission mixins
remove the IsProviderMixin (and avoid using LoginRequiredMixin directly) and introduce 3 new mixins:
- UserAccessMixin -> must be a registered user
- ProviderAccessMixin -> user must be a provider
- AllAccessMixin -> may or may not be a registered user
All these 3 mixins will also ensure that the user email is validated.
The purpose of the AllAccessMixin is to force the validation of the email when the user is registered, thus the validation will be requested when landing on the webapp_detail page rather than when submitting the first job (which would be discarded)
-
remove the django auth backend (because it is not used at all)
-
replace User.provider_addresses with User.email_addresses (which allows more generic queries)