There must be a setting to specify weather the verification link should expire on single use or it it will be valid during its entire lifetime
The email verification link does not expire after use. However here's my workaround & related discussion. Issue : https://github.com/pennersr/django-allauth/issues/638 & https://github.com/pennersr/django-allauth/pull/644
Nice i like your approach of simply deleting the verification link row in database. However here is what im doing in my code.
override the confirm_email from adapter.py
def confirm_email(self, request, email_address):
"""
Marks the email address as confirmed on the db
"""
email_address.verified = True
email_address.set_as_primary(conditional=True)
email_address.save()
## this code expires a verification link by decreasing the sent date by EMAIL_CONFIRMATION_EXPIRE_DAYS
from allauth.account.models import EmailConfirmation
from datetime import date, timedelta
confirm_obj = EmailConfirmation.objects.all_valid().get(email_address=email_address)
confirm_obj.sent = confirm_obj.sent - timedelta(days=app_settings.EMAIL_CONFIRMATION_EXPIRE_DAYS)
confirm_obj.save()
but its a very basic functionality to have a setting to optionally expire the verification link after a single use.
EmailConfirmationManager already has a function to delete expired links but it's not being used. You can leverage that too.
EmailConfirmataion.objects.delete_expired_confirmations()
Wondering: why must there be a setting? You can already hook into the email_confirmed signal and handle things as you wish (including deletion of the confirmation et al).
yes we can do that, but still it will be good have a directly built in option. just saying :)
Most helpful comment
yes we can do that, but still it will be good have a directly built in option. just saying :)