Account: organize allauth settings #9865
Conversation
- make email verification mandatory: users without a verified email will be asked to verify their address before being able to login - rename `ACTIVATION_DAYS` since it was a setting from a Django app we don't use anymore. It's called EMAIL_CONFIRMATION_EXPIRE_DAYS in Django Allauth. This PR requires other PRs in -ops to work as intended.
|
I wish there was a way to set this at the DB level or with a feature flag. I'm sure we could find a way to hack it, but I just assume that when we deploy this we'll have some subset of users get locked out of their accounts. Something to be on the lookout for, but I do agree it's a good default worth trying to enable. Also asking @agjohnson to 👍 this before it goes live. |
|
I'm not merging this just yet because we talked about adding an on-site notification to all those users that don't have any email address validated and give them some weeks before deploying this change. Next step: create a simple script to add the notification to all of them 😄 |
Add `--usernames` argument to be able to filter by usernames when sending contacting users. This can be used as: ``` django-admin contact_owners --notification notification.md --sticky --usernames usernames.txt ``` ``` humitos santos anthony ``` ``` Read the Docs is going to force email verification to be able to login accounts in the following weeks. We've noticed **your account doesn't have any email verified**. Please, go to [your email settings](/accounts/email/) and verify your email now. ``` In this case, it will send a sticky notification with that content to these 3 users. Required by #9865
|
I believe we have a couple scripts that already does this: https://github.com/readthedocs/readthedocs.org/blob/main/readthedocs/core/management/commands/contact_owners.py -- if it can easily be modified. |
|
Ah, I just saw the attached PR 🙃 |
* Command `contact_owners`: add support to filter by usernames Add `--usernames` argument to be able to filter by usernames when sending contacting users. This can be used as: ``` django-admin contact_owners --notification notification.md --sticky --usernames usernames.txt ``` ``` humitos santos anthony ``` ``` Read the Docs is going to force email verification to be able to login accounts in the following weeks. We've noticed **your account doesn't have any email verified**. Please, go to [your email settings](/accounts/email/) and verify your email now. ``` In this case, it will send a sticky notification with that content to these 3 users. Required by #9865 * Lint * Add note about how to expand use cases for this command * Update readthedocs/core/management/commands/contact_owners.py Co-authored-by: Santos Gallegos <[email protected]> * Lint Co-authored-by: Santos Gallegos <[email protected]>
|
We sent the on-site notification to our users and we waited 3 weeks. We are deploying these changes and making the email verification mandatory for login next week. |
mandatory: users without a verified email will be asked to verify their address before being able to loginACCOUNT_ACTIVATION_DAYSsince it was a setting from a Django app we don't use anymore. It's calledACCOUNT_EMAIL_CONFIRMATION_EXPIRE_DAYSin Django Allauth.This PR requires other PRs to work as intended:
Context: https://github.com/readthedocs/meta/discussions/103
Closes: https://github.com/readthedocs/meta/issues/104