Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Django allauth does not log user in on email confirm

I'm using django-allauth in my django project and I understand that ACCOUNT_LOGIN_ON_EMAIL_CONFIRMATION is set to True by default. Unfortunately the user was not being logged in automatically on confirm so I explicitly set this setting to True. Unfortunately the user still does not get logged on when they confirm their email. My allauth settings:

ACCOUNT_AUTHENTICATION_METHOD = 'email'
ACCOUNT_EMAIL_REQUIRED = True
ACCOUNT_EMAIL_VERIFICATION = 'mandatory'
ACCOUNT_EMAIL_SUBJECT_PREFIX = 'MyApp | '
ACCOUNT_PASSWORD_MIN_LENGTH = 6
ACCOUNT_UNIQUE_EMAIL = True
ACCOUNT_USERNAME_REQUIRED = False 
ACCOUNT_LOGIN_ON_EMAIL_CONFIRMATION = True
ACCOUNT_EMAIL_CONFIRMATION_AUTHENTICATED_REDIRECT_URL = 'app:createStudent'
ACCOUNT_EMAIL_CONFIRMATION_ANONYMOUS_REDIRECT_URL = 'app:createStudent'

LOGIN_REDIRECT_URL = 'app:index'
ACCOUNT_LOGOUT_REDIRECT_URL = 'app:index'

ACCOUNT_LOGOUT_ON_GET = True

The email confirmation redirects also do not fire properly and the user is routed to the index. This may indicate that the user has been in in fact logged in but I have conditionals checking that:

{% if request.user.is_authenticated %}
    <a href="{% url 'account_logout' %}">Sign Out</a>
{% else %}
    <a href="{% url 'account_login' %}" class="login-popup">Login</a>   <a href="{% url 'account_signup' %}" class="login-popup">Register</a> 
{% endif %}

And they indicate that the user is not authenticated.

All help is appreciated thank you.

EDIT: I've tried changing the login redirect to determine if it was in fact logging the user in and sending them to the index however it is not. Even when I've changed the login redirect to a different page confirm still sends them to the index.

like image 219
apardes Avatar asked Jun 10 '14 22:06

apardes


1 Answers

The ACCOUNT_LOGIN_ON_EMAIL_CONFIRMATION = True settings works only when the user performs a sign-up action and verifies the email in the same browser session.

See this code fragment

def send_email_confirmation(request, user, signup=False):
    ...
    if signup:
        request.session['account_user'] = user.pk 

The session stores account_user variable which is later used to verify if the user should be logged in automatically. If the session is lost, it won't work.

This is where the check is performed:

def login_on_confirm(self, confirmation):
    ...
    user_pk = self.request.session.pop('account_user', None)
    ...
    if user_pk == user.pk and self.request.user.is_anonymous():
        return perform_login(self.request,
                             user,
                             app_settings.EmailVerificationMethod.NONE)

Does it work for you right after signup? If yes, this is your issue. Else you'll have to dig deeper.

like image 69
user Avatar answered Oct 31 '22 01:10

user