Merge remote-tracking branch 'upstream/main'

.editorconfig

@@ -15,6 +15,9 @@ indent_size = 4
 [*.py]
 indent_size = 4
 
+[*.html]
+indent_size = 4
+
 [Makefile]
 indent_style = tab
 indent_size = 8

.github/pull_request_template.md

@@ -15,5 +15,5 @@
 
 - [ ] Make sure unit tests are available.
 - [ ] Add an entry of your provider in `test_settings.py::INSTALLED_APPS` and `docs/installation.rst::INSTALLED_APPS`.
-- [ ] Add documentation to `docs/providers.rst`.
+- [ ] Add documentation to `docs/providers/<provider name>.rst` and `docs/providers/index.rst` Provider Specifics toctree.
 - [ ] Add an entry to the list of supported providers over at `docs/overview.rst`.

ChangeLog.rst

@@ -11,11 +11,20 @@ Note worthy changes
 
 - Officially support Django 4.2.
 
-- New provider: Miro.
+- New providers: Miro, Questrade
 
 - It is now possible to manage OpenID Connect providers via the Django
   admin. Simply add a `SocialApp` for each OpenID Connect provider.
 
+- There is now a new flow for changing the email address. When enabled
+  (``ACCOUNT_CHANGE_EMAIL``), users are limited to having exactly one email
+  address that they can change by adding a temporary second email address that,
+  when verified, replaces the current email address.
+
+- Changed spelling from "e-mail" to "email". Both are correct, however, the
+  trend over the years has been towards the simpler and more streamlined form
+  "email".
+
 
 Security notice
 ---------------
@@ -607,7 +616,7 @@ Note worthy changes
 -------------------
 
 - Improved AJAX support: the account management views (change/set password,
-  manage e-mail addresses and social connections) now support AJAX GET requests.
+  manage email addresses and social connections) now support AJAX GET requests.
   These views hand over all the required data for you to build your frontend
   application upon.
 
@@ -758,7 +767,7 @@ Note worthy changes
 Backwards incompatible changes
 ------------------------------
 
-- When ``ACCOUNT_SIGNUP_EMAIL_ENTER_TWICE`` was turned on, the e-mail field key
+- When ``ACCOUNT_SIGNUP_EMAIL_ENTER_TWICE`` was turned on, the email field key
   changed from ``email`` to ``email1``, which could introduce subtle bugs. This
   has now been changed: there always is an ``email`` field, and optionally an
   ``email2`` field.
@@ -1144,7 +1153,7 @@ Note worthy changes
 - ``joke2k`` contributed an Italian translation, thanks!
 
 - socialaccount: All providers now support the ``VERIFIED_EMAIL``
-  property have e-mail addresses forced to be interpreted as
+  property have email addresses forced to be interpreted as
   verified.
 
 
@@ -1185,7 +1194,7 @@ Note worthy changes
 - Facebook reauthentication now uses an ``auth_nonce``.
 
 - Added a new option ``ACCOUNT_LOGIN_ON_EMAIL_CONFIRMATION``, to
-  indicate whether or not e-mail confirmation is to automatically
+  indicate whether or not email confirmation is to automatically
   log in.
 
 - socialaccount: Added Bitbucket provider.
@@ -1225,13 +1234,13 @@ Note worthy changes
 
 - facebook: Added a new setting: VERIFIED_EMAIL.
 
-- socialaccount: a collision on e-mail address when you sign up
+- socialaccount: a collision on email address when you sign up
   using a third party social account is now more clearly explained:
-  "An account already exists with this e-mail address.  Please sign
+  "An account already exists with this email address.  Please sign
   in to that account first, then connect your Google account".
 
 - account: You are now automatically logged in after confirming
-  your e-mail address during sign up.
+  your email address during sign up.
 
 - account: The ``/accounts/login/`` view now supports AJAX requests.
 
@@ -1243,7 +1252,7 @@ Note worthy changes
 - socialaccount: Dropped django-avatar support.
 
 - openid: First, last and full name are now also queried together
-  with the e-mail address. Thanks, @andrvb.
+  with the email address. Thanks, @andrvb.
 
 - openid: Compatibility fix for Django 1.6 (JSON serializer).
 
@@ -1259,8 +1268,8 @@ Backwards incompatible changes
   ``/accounts/confirm-email/``.
 
 - The ``account/verification_sent.html`` template no longer receives the
-  e-mail address in the context (``email``). Note that a message
-  containing that e-mail address is still emitted using the messages
+  email address in the context (``email``). Note that a message
+  containing that email address is still emitted using the messages
   framework.
 
 - The ``/accounts/confirm_email/key/`` view has been
@@ -1464,7 +1473,7 @@ Note worthy changes
 
 - Messages (as in ``django.contrib.messages``) are now configurable
   through templates.
-- Added support for differentiating e-mail handling (verification,
+- Added support for differentiating email handling (verification,
   required) between local and social accounts:
   ``SOCIALACCOUNT_EMAIL_REQUIRED`` and
   ``SOCIALACCOUNT_EMAIL_VERIFICATION``.
@@ -1515,8 +1524,8 @@ Note worthy changes
 - Dropped dependency on (unmaintained?) oauth2 package, in favor
   of requests-oauthlib.
 
-- account: E-mail confirmation mails generated at signup can now
-  be differentiated from regular e-mail confirmation mails by
+- account: Email confirmation mails generated at signup can now
+  be differentiated from regular email confirmation mails by
   placing e.g. a welcome message into the
   ``account/email/email_confirmation_signup*`` templates. Thanks to
   Sam Solomon for the patch.
@@ -1529,7 +1538,7 @@ Note worthy changes
 
 - socialaccount: Added support for Weibo.
 
-- account: Added support for sending HTML e-mail. Add
+- account: Added support for sending HTML email. Add
   ``*_message.html`` templates and they will be automatically picked
   up.
 
@@ -1619,7 +1628,7 @@ Note worthy changes
   intervention in social logins.
 
 - google: support for Google's ``verified_email`` flag to determine
-  whether or not to send confirmation e-mails.
+  whether or not to send confirmation emails.
 
 - Fábio Santos contributed a Portuguese translation, thanks!
 
@@ -1628,7 +1637,7 @@ Note worthy changes
 - socialaccount: Added ``get_social_accounts`` template tag.
 
 - account: Default URL to redirect to after login can now be
-  overridden via the adapter, both for login and e-mail confirmation
+  overridden via the adapter, both for login and email confirmation
   redirects.
 
 
@@ -1656,11 +1665,11 @@ Note worthy changes
   (Facebook cannot).
 
 - account: Added adapter class for increased pluggability. Added
-  hook for 3rd party invitation system to by pass e-mail
+  hook for 3rd party invitation system to by pass email
   verification (``stash_email_verified``). Moved sending of mail to
   adapter.
 
-- account: Added option to completely disable e-mail verification
+- account: Added option to completely disable email verification
   during signup.
 
 
@@ -1692,7 +1701,7 @@ Note worthy changes
 
 - LinkedIn: Added support for passing along the OAuth scope.
 
-- account: Improved e-mail confirmation error handling, no more
+- account: Improved email confirmation error handling, no more
   confusing 404s.
 
 - account: Aldiantoro Nugroho contributed support for a new
@@ -1756,13 +1765,13 @@ Note worthy changes
 
 - SoundCloud: Rabi Alam contributed a SoundCloud provider, thanks!
 
-- account: Sam Solomon cleaned up the e-mail management view:
+- account: Sam Solomon cleaned up the email management view:
   added proper redirect after POSTs, prevent deletion of primary
-  e-mail. Thanks.
+  email. Thanks.
 
 - account: When signing up, instead of generating a completely
   random username a more sensible username is automatically derived
-  from first/last name or e-mail.
+  from first/last name or email.
 
 
 Backwards incompatible changes
@@ -1780,7 +1789,7 @@ Backwards incompatible changes
   - The ``emailconfirmation`` setting ``EMAIL_CONFIRMATION_DAYS`` has been
     replaced by ``ACCOUNT_EMAIL_CONFIRMATION_EXPIRE_DAYS``.
 
-  - Instead of directly confirming the e-mail address upon the GET
+  - Instead of directly confirming the email address upon the GET
     request the confirmation is now processed as part of an explicit
     POST. Therefore, a new template ``account/email_confirm.html`` must
     be setup.
@@ -1848,7 +1857,7 @@ Note worthy changes
   providers.
 
 - account: Added ACCOUNT_AUTHENTICATION_METHOD setting, supporting
-  login by username, e-mail or both.
+  login by username, email or both.
 
 
 Backwards incompatible changes
@@ -1894,8 +1903,8 @@ Note worthy changes
   there is more refactoring to be done -- this first step only
   focuses on the database models.
 
-- account: E-mail confirmation mails are now automatically resent
-  whenever a user attempts to login with an unverified e-mail
+- account: Email confirmation mails are now automatically resent
+  whenever a user attempts to login with an unverified email
   address (if ACCOUNT_EMAIL_VERIFICATION=True).
 
 
@@ -1929,7 +1938,7 @@ Note worthy changes
   used for additional questions to ask during signup.
 
 - account: ``is_active`` is no longer used to keep users with an
-  unverified e-mail address from logging in.
+  unverified email address from logging in.
 
 - Dropping uniform dependency. Moved uniform templates into
   example project.
@@ -1947,8 +1956,8 @@ None
 Note worthy changes
 -------------------
 
-- The e-mail authentication backend now attempts to use the
-  'username' parameter as an e-mail address. This is needed to
+- The email authentication backend now attempts to use the
+  'username' parameter as an email address. This is needed to
   properly integrate with other apps invoking authenticate.
 
 - SmileyChris contributed support for automatically generating a

README.rst

@@ -56,10 +56,10 @@ flows that are locally generated.
 
 This approach creates a development gap between local and social
 authentication flows. It has remained an issue in spite of numerous common
-scenarios that both require. For example, an e-mail address passed along by an
+scenarios that both require. For example, an email address passed along by an
 OpenID provider may not be verified. Therefore, prior to hooking up
-an OpenID account to a local account the e-mail address must be
-verified. This essentially is one of many use cases that mandate e-mail
+an OpenID account to a local account the email address must be
+verified. This essentially is one of many use cases that mandate email
 verification to be present in both worlds.
 
 Integrating both is a humongous and tedious process. It is not as
@@ -78,7 +78,7 @@ Features
 
 **🔑 Comprehensive account functionality**
     Supports multiple authentication
-    schemes (e.g. login by user name, or by e-mail), as well as multiple
+    schemes (e.g. login by user name, or by email), as well as multiple
     strategies for account verification (ranging from none to mandatory email
     verification).
 

allauth/account/adapter.py

@@ -51,7 +51,7 @@ class DefaultAccountAdapter(object):
         "too_many_login_attempts": _(
             "Too many failed login attempts. Try again later."
         ),
-        "email_taken": _("A user is already registered with this e-mail address."),
+        "email_taken": _("A user is already registered with this email address."),
     }
 
     def __init__(self, request=None):
@@ -99,8 +99,8 @@ def get_from_email(self):
 
     def render_mail(self, template_prefix, email, context, headers=None):
         """
-        Renders an e-mail to `email`.  `template_prefix` identifies the
-        e-mail that is to be sent, e.g. "account/email/email_confirmation"
+        Renders an email to `email`.  `template_prefix` identifies the
+        email that is to be sent, e.g. "account/email/email_confirmation"
         """
         to = [email] if isinstance(email, str) else email
         subject = render_to_string("{0}_subject.txt".format(template_prefix), context)
@@ -170,7 +170,7 @@ def get_logout_redirect_url(self, request):
 
     def get_email_confirmation_redirect_url(self, request):
         """
-        The URL to return to after successful e-mail confirmation.
+        The URL to return to after successful email confirmation.
         """
         if request.user.is_authenticated:
             if app_settings.EMAIL_CONFIRMATION_AUTHENTICATED_REDIRECT_URL:
@@ -474,10 +474,29 @@ def confirm_email(self, request, email_address):
         """
         Marks the email address as confirmed on the db
         """
+        from allauth.account.models import EmailAddress
+
+        from_email_address = (
+            EmailAddress.objects.filter(user_id=email_address.user_id)
+            .exclude(pk=email_address.pk)
+            .first()
+        )
         if not email_address.set_verified(commit=False):
             return False
-        email_address.set_as_primary(conditional=True)
+        email_address.set_as_primary(conditional=(not app_settings.CHANGE_EMAIL))
         email_address.save(update_fields=["verified", "primary"])
+        if app_settings.CHANGE_EMAIL:
+            for instance in EmailAddress.objects.filter(
+                user_id=email_address.user_id
+            ).exclude(pk=email_address.pk):
+                instance.remove()
+            signals.email_changed.send(
+                sender=get_user_model(),
+                request=request,
+                user=email_address.user,
+                from_email_address=from_email_address,
+                to_email_address=email_address,
+            )
         return True
 
     def set_password(self, user, password):