You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If using django rest auth with a django based (server side) interface and the django-allauth authentication class it's possible to get in a situation where the user changes their email, authenticates via the api, and gets a 500 error allauth.account.models.DoesNotExist.
This is because changing the user's email (assuming default User model) does not change or add a row to the emailaddress_set. There are situations where we might want users to verify their sign up email, but allow them to change the email without validating it.
I would propose one of the following solutions:
email_address = user.emailaddress_set.filter(user=user, verified=True).exists() this would allow users to sign in with an invalidated changed email - matching django allauth default behavior. The user would still need at least one verified email.
Or
catching the DoesNotExist exception and raising a ValidationError(_('E-mail is not verified.')).
For now it's possible to just extend the LoginSerializer and modify the validate method.
The text was updated successfully, but these errors were encountered:
See https://github.com/Tivix/django-rest-auth/blob/master/rest_auth/serializers.py#L105
If using django rest auth with a django based (server side) interface and the django-allauth authentication class it's possible to get in a situation where the user changes their email, authenticates via the api, and gets a 500 error allauth.account.models.DoesNotExist.
This is because changing the user's email (assuming default User model) does not change or add a row to the emailaddress_set. There are situations where we might want users to verify their sign up email, but allow them to change the email without validating it.
I would propose one of the following solutions:
email_address = user.emailaddress_set.filter(user=user, verified=True).exists()this would allow users to sign in with an invalidated changed email - matching django allauth default behavior. The user would still need at least one verified email.Or
catching the DoesNotExist exception and raising a ValidationError(_('E-mail is not verified.')).
For now it's possible to just extend the LoginSerializer and modify the validate method.
The text was updated successfully, but these errors were encountered: