User should be logged in automatically after clicking email confirmation link

Please add ability to auto login after email confirmation if user is not authenticated and email was confirmed well...

@brosner , what do you think about this feature?.. Is any pitfalls there?...

[avelis]

👍

[mattions]

+1 here as well. Got a bunch of user requesting why they have to log in twice

I did not tested it yet but this is my custom code:

def confirm_email_view(request, key):

    queryset = EmailConfirmation.objects.all()
    queryset = queryset.select_related("email_address__user")
    try:
        confirmation = queryset.get(key=key.lower())
    except EmailConfirmation.DoesNotExist:
        raise Http404()
    if not confirmation.key_expired() and not confirmation.email_address.verified:
        email_address = confirmation.email_address
        email_address.verified = True
        email_address.set_as_primary(conditional=True)
        email_address.save()
        signals.email_confirmed.send(sender=confirmation.__class__, email_address=email_address)
        user = email_address.user
        user.is_active = True
        user.save()
        if request.user.is_authenticated():
            redirect_url = reverse('user', args=[str(request.user.username)])
        else:
            user.backend = 'django.contrib.auth.backends.ModelBackend'
            login(request, user)
            redirect_url = reverse("post-register")
        messages.add_message(
            request,
            messages.SUCCESS,
            "Ты успешно подтвердил(-а) {email}.".format(**{"email": confirmation.email_address.email})
        )
    else:
        redirect_url = "/"
    return redirect(redirect_url)

[jtauber]

👍 from me on the idea. @lorddaedra's code seems more complex than what is necessary.

[paltman]

+1

[k4ml]

There should be a flag on this, since some people probably want to force user to login after verifying the email. Similar to django-allauth settings - ACCOUNT_LOGIN_ON_EMAIL_CONFIRMATION.

Pasting the notes from django-allauth here, just in case it also applied:-

ACCOUNT_LOGIN_ON_EMAIL_CONFIRMATION (=False)
The default behaviour is not log users in and to redirect them to ACCOUNT_EMAIL_CONFIRMATION_ANONYMOUS_REDIRECT_URL.

By changing this setting to True, users will automatically be logged in once they confirm their email address. Note however that this only works when confirming the email address immediately after signing up, assuming users didn’t close their browser or used some sort of private browsing mode.

http://django-allauth.readthedocs.org/en/latest/configuration.html