New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add an optional ACCOUNT_EMAIL_CONFIRMATION_URL configuration #1213
Conversation
Is the URL itself configurable here? |
Well, it was already generating a url using
This just overrides that url with a custom one you define in settings.py |
Got it. I thought
meant you'd be using Also, I agree that this would be very helpful, having the same issue! |
I think it's just a documentation issue at this point, what i meant to explain is that the URL string needs to have a {} somewhere, which will get replaced by the key. |
If the issue is that allauth is directing the user to |
Please correct me if I'm wrong... Using a Client + REST API, email verification link works like this: Email Client ---GET link with confirmation key---> App Client As it's I'm using django-rest-auth, which uses @ezegolub What about: ACCOUNT_EMAIL_CONFIRMATION_URL (=None) |
I am not sure what you mean by "App Client". Are we talking about single page apps, mobile apps? Given that emails can be opened on any device, mobile or desktop, I would expect that the link inside the email is at any time a regular link to a normal web page, and not some (mobile) app link (if that is what you are referring to by "App Client"). So, following this logic that web page is either a server-side generated page, or some Angular/React/whatever client side SPA generated page, right? In case of the latter, you can still hook up your SPA router to the Common practice in Django when you do not agree with the URL patterns of a reusable app is to provide your own |
I meant with an SPA. Is it possible to do this by just overriding |
Suppose your SPA is running on |
The email that gets sent out needs to have a SPA URL in it for allauth to be used as a REST API. That's the only place this matters, as it'll go to an SPA. I don't understand why the urls.py needs significant work (perhaps this is already done in django-rest-auth). @ezegolub how have you solved this previously? Does this issue appear for any other allauth functionality? |
If you simply include allauth urls as is, people will be able to view non-SPA urls for login, signup and whatever else allauth has to offer. So users will be able to visit an SPA based login, and the original non-SPA based login. For now, I am closing this for reasons mentioned above... |
Sorry for commenting a closed issue, but I'm trying to override the confirmation email as mentionned here but I don't really know how to do that.
Exactly as suggested here: https://github.com/pennersr/django-allauth/pull/1213/files?diff=split&short_path=eead337&unchanged=expanded Is it possible to override only this method in my project without affecting the allauth class. Maybe it's more a django question than allauth. I'm sorry if it's the case (as said in other issues, I'm new in Django :-) ). |
You need to make sure that some URLs, including the email verification one, end up in your SPA. For that, you could simply alter your project urls.py in such a way that a url for /verify-email/ gets routed to say a |
That souds a lot more complex than sending out a link to the SPA in the email though |
I am probably not seeing the complete picture here. But, I keep hitting the same point as I mentioned in the first few comments... namely that you cannot do all of this properly without altering the url routing anyway. If you use the allauth default routing as is, then you are giving your users access to two confirm email views: the allauth one over at /accounts/confirm-email/ and your project specific SPA one over at /verify-email. That is not the way things should be. You should have just one of those, so you have to tweak the url routing anyway. Now, we could indeed alter allauth so that you can plugin a custom email confirmation link, but that does not take away the complexity of having to revisit urls.py. |
Wondering: what API/XHR endpoint is the SPA confirm-email route hooked up to? allauth does not offer this yet, so that could be an improvement point indeed. |
The backend will only have one confirmation url as it is the case now. The frontend url is only a frontend view (in my case this is an Angular component), which call the backend confirmation url via a service. The frontend url is not concerned by the django url routing. I'm not sure if I understand your point of view (and I'm not sure if my point of view is well explained). |
Hey, sorry, IRL stuff prevented me from answering before. I'm on the same situation as @BenDevelopment. My setup was: |
For that matter, we can say that there are two access for each backend url because for each backend url there is a frontend service calling it. So you have the backend url (django) and the frontend "url" (which is the service call). |
So, you have a django backend, hosted at be.project.com and an NG frontend, hosted at fe.project.com. Or, perhaps they are both hosted at simply one www.project.com, but then you need to make sure that some URLs are routed to the frontend, and some to the backend. Either way, if you install vanilla allauth, you likely have the following URLs:
My point is, that 2. should not be in there, neither should any of the regular allauth frontend views. |
FWIW, I would really like to cater for an SPA use case, so please all provide your input even while this ticket is closed. I closed it because I do not think making the email confirmation link in the mail pluggable is the solution, at least, not as long as the above has not been cleared up. |
Ok that is more clear now.
The 3. is routed (in my NG app) to a service which calls 2., so you are right, 1. is not used here. |
But, unless you tweaked your urls.py you have this one as well right?: 4 . http://backend.com/accounts/confirm-email/123/ (the allauth view) |
Yes you're right. But I don't use it because there is the rest-auth one. |
This methode |
While you are not using it, it is exposed to the outside world, which should not be the case. This was my original point. You will need to adjust your urls.py no matter what. |
I'm agree with you @pennersr but I think this problem doesn't concerns the fact that we can allow to customize the url sent in the registration email. |
My understanding of the situation:
Is that the correct, ideal flow? If so, the problem: |
Yes @stantond that's the correct workflow.
and to override the rest-auth url (because when you use allauth with rest-auth, the
This workflow works well, but the problem is that the activation url in your email is a backend url. |
I understand, but I want to avoid putting multiple local tweaks into allauth in order to cater for the SPA use case, without taking the complete picture into perspective. Points:
|
Yes, that's exactly what I need. But I don't know how. Can you give me a short sample? |
|
Still, I would like to stress that the above is not sufficient, your urls.py needs attention as well to stop allauth views from being accessable by your end users. |
So the idea would be to disable allauth urls if rest-auth is installed ? |
Hi, i've been using django-allauth for a rest api, it works very good but i found that this use case has a problem: the email being sent contains an url to the api itself instead of the front end.
This was solvable via subclassing, of course, but i thought it would be nice to have it supported inside the module.