-
Notifications
You must be signed in to change notification settings - Fork 5.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
E-mail validation for newly registered users #1672
E-mail validation for newly registered users #1672
Conversation
…tion' into feature/registered_user_confirmation
Codecov Report
@@ Coverage Diff @@
## master #1672 +/- ##
==========================================
+ Coverage 83.16% 83.22% +0.06%
==========================================
Files 141 143 +2
Lines 6119 6147 +28
Branches 665 666 +1
==========================================
+ Hits 5089 5116 +27
- Misses 859 860 +1
Partials 171 171
Continue to review full report at Codecov.
|
I removed changes to the docs as they are no longer mergable after the docs re-structuring. If this pull request is accepted I'll make another pull request adding the setting to the new docs structure. |
Thanks for your contribution @primal100! We're currently working on a PR that adds HTML email templates (#1673), which also introduces a new tool to generate the templates (mjml). We'll provide kind of base template for emails, so once we merge our PR, this one could be updated to provide the HTML template as well. @mad-anne Will you take a look at this PR and review it, when you have time? |
@elwoodxblues, yes, I just added some comments. Although we must still wait with this PR until MJML e-mails will be merged and then consider further changes. @primal100 there are few things to improve I wrote about in comments. Also, please use single quotes in Python code and keep max 79 characters in each line. |
@primal100, could you please fix issues given by codeclimate? |
Regarding the current way of re-sending the e-mail after a failed login or failed activation, I can change that to a link to re-send if you think it's better. I just want to agree on the best way to do it. I'm thinking an additional view called resend_activation_email with: GET: Returns a version of the login template with an additional link added. When the link is clicked a post request is made to the same view. When activation fails, or login fails due to e-mail not verified yet, the response redirects to the resend_activation_email view. If you have a preferred way of implementing it let me know. Cheers. |
@primal100, I was busy with other tasks and I just found time to look at your PR. We had an internal discussion about how the activation process could work. Here are our thoughts:
Your work on this PR has been great so far. Let me know if you have time and are willing to make those changes. Otherwise, someone from our team will do this. We can take the last point on (even in a separate PR) and you could do the changes mentioned in the first two points, what do you think? |
Thanks, I like your suggestions. I can work on the first two points for now anyway. Not sure about the third one but will have to look at the code some point. Regarding this point: "We could allow accessing the account if the email hasn't been confirmed yet" Django allauth has three options for email confirmation - optional, mandatory or none. Are you suggesting something similar? I wasn't sure of the use case for optional but I can add it. So if optional is selected, there should be no limitations for a logged in user who has not activated their e-mail address?. Thanks! |
I think the main limitations for unconfirmed accounts is that we don't want to assign previous orders until you confirm email ownership as otherwise you could sign up as any other customer and immediately gain access to their full name and home address. |
@primal100 You could make it configurable just like in |
Hey, @elwoodxblues , regarding your three points:
Note that, the token generator used (same as password reset) encodes the last_login time, so if the user logs in again, any previous tokens are now invalid. |
Are you planning on continuing this PR? If not, let me know, so I retake your work. The important thing with activation links is that it helps preventing hard bounces (which is also why the "Resend" button shouldn't resend a mail so easily). |
Hi, You can retake it for now. Thanks |
I'm closing this PR since due to inactivity. If anyone wants to retakes it and update, feel free. This is still a valid issue that we should tackle. |
I want to merge this change because...
Enables a common feature of registration systems where a newly registered user's e-mail can be validated before being allowed to login. Solution for #1527
This is how it works:
I am using ugettext for some translations to keep things consistent with other strings in the same module.
Pull Request Checklist
(Please keep this section. It will make maintainer's life easier.)
pycodestyle
,pydocstyle
,pylint
.eslint
.