I've developed a web service that is currently in Beta. Some of my users complain about having to verify the email from the social account (which has already been verified by the provider).
So I tried to break in the process and mark the email as verified before the email with the verification link is sent. This is done among complete_signup and perform_login methods. There is no other entry point but the signal that is sent (user_signed_up). However, using a signal to modify the execution is not acceptable so I sketched some alternatives:
1) Use "none" as default with social account signup instead of EMAIL_VERIFICATION from settings (it is just changing complete_social_signup method in sociallaccount/helpers.py).
2) Add a new configuration parameter that allows the user to verify email in regular registration process and skip it in social account signup (again using it in helpers.py).
3) Add a method to the adapter that lets the developer mark the EmailAddress instance as verified when it comes from the socialaccount signup.
I would love this too.
I post the solution I came to, in case anyone wants the same functionality. I archieved that using signals (although I believe it is not the best option)
@receiver(user_signed_up)
def user_signed_up_(request, user, sociallogin=None, **kwargs):
if sociallogin:
from allauth.account.models import EmailAddress
emails = EmailAddress.objects.filter(user=user, verified=False)
for email in emails:
email.verified=True
email.save()
I'd really like to see this functionality too. Ideally this would be in the overarching setting.py. I can understand why that this could potentially open the door to email accounts that aren't validated through these other 3rd party platforms but that should be a _warning_ and left for our consideration. While I'm not sure if facebook validates emails I know they validate the account via phone confirmation and they restrict valid email accounts to not include such addresses as @sharklasers.com
I'd love to see this as a setting if possible.
I am not sure I fully understand your requirements. If you don't want to verify the email address for social accounts, why is setting SOCIALACCOUNT_EMAIL_VERIFICATION to "none" not sufficient?
Well, that is part of the problem. Although I though I've thoroughly check the list of configuration params, I didn't spot into that one.
The other part of the problem is setting emails as verified. I checked, that even setting SOCIALACCOUNT_EMAIL_VERIFICATION to "none", when using linkedin (which is my case) doesn't mark the email as verified. I've seen that with facebook provider there is a solution involving additional configuration. I tried the same with but didn't work:
SOCIALACCOUNT_PROVIDERS = {'linkedin_oauth2':
{'SCOPE': LINKEDIN_SCOPE,
'PROFILE_FIELDS': LINKEDIN_EXTRA_FIELD_SELECTORS,
'VERIFIED_EMAIL': True }}
So I still need to use the signal to verify the email
Really need this done Miguel has explained it perfectly. Basically we trust major social media sites to verify the emails therefore we want to just have the email initially set to verified
I am +1 for making VERIFIED_EMAIL generic instead of Facebook specific. As for "need this done" -- I am not making any promises here.
Great! Thanks for considering this.
Any news on this one? Is there any way we could help you develop this? :)
Any news on this one? Is there any way we could help you develop this? :)
It seems like it's supported, but undocumented. https://github.com/pennersr/django-allauth/commit/3ac2ea0176664f01a413ca410e6eef841ca63c5b
Most helpful comment
I post the solution I came to, in case anyone wants the same functionality. I archieved that using signals (although I believe it is not the best option)