pennersr
Verification email is sent for admin users
The Problem
When I have this in my settings:
ACCOUNT_EMAIL_REQUIRED = True
ACCOUNT_EMAIL_VERIFICATION = "mandatory"
verification emails are sent to superusers. I would expect superusers to not have to verify their emails, since by definition, a superuser:
has all permissions
The Solution
change this: https://github.com/pennersr/django-allauth/blob/52978e2e5c7e1755f8b904aea65b3cf305d2c92c/allauth/account/utils.py#L167-L176
to this:
if not user.is_superuser:
# only send verification emails to non-superusers
if email_verification == EmailVerificationMethod.NONE:
pass
elif email_verification == EmailVerificationMethod.OPTIONAL:
# In case of OPTIONAL verification: send on signup.
if not _has_verified_for_login(user, email) and signup:
send_email_confirmation(request, user, signup=signup, email=email)
elif email_verification == EmailVerificationMethod.MANDATORY:
if not _has_verified_for_login(user, email):
send_email_confirmation(request, user, signup=signup, email=email)
return adapter.respond_email_verification_sent(request, user)
I can create a PR for this—I haven't yet because I'm not sure about the details. e.g., do we want to create a setting for this (like ACCOUNT_EMAIL_VERIFICATION_SUPERUSER)?
If anyone stumbles here, this part of the code was moved to the pre_login() method inside the Adapter class, which can be customized to check if the user is a superuser and skip verification check
For security considerations it's best to keep things simple and not introduce any exceptions. I see no harm in everybody, including super users, to have verified emails if you configure it so.
