Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: email validation to remove unnecessary verification check #680

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

fix: email validation to remove unnecessary verification check #680

wants to merge 3 commits into from

Conversation

Mohmmde1
Copy link

@Mohmmde1 Mohmmde1 commented Feb 23, 2025
edited
Loading

Pull Request Description

Issue Summary

The current behavior of dj-rest-auth raises a database-level unique constraint error when a user tries to register using an email that already exists but is not verified, especially when EMAIL_VERIFICATION is set to MANDATORY.

Why does this happen?
  1. The RegisterSerializer checks for email uniqueness but does not properly handle unverified emails.
  2. If an email exists but is not verified, it still passes validation.
  3. When user.save() is called, Django raises an IntegrityError due to the unique constraint on the email field in the User model.

Error Example

If a user attempts to register with an existing, unverified email, the system throws this error:

IntegrityError: UNIQUE constraint failed: auth_user.email

This results in unexpected registration failures instead of properly informing the user about the issue.

Proposed Solution

Instead of allowing the process to reach user.save() and fail due to the IntegrityError, we handle it earlier in validate_email().

  • If the email is verified, registration is blocked with a clear error message.
  • If the email exists but is unverified and EMAIL_VERIFICATION is MANDATORY, we prevent registration with an appropriate message.
  • If EMAIL_VERIFICATION is not mandatory, we allow registration to proceed.

Updated Code Implementation

from allauth.account.adapter import get_adapter
from allauth.account import app_settings as allauth_account_settings
from allauth.account.models import EmailAddress
from dj_rest_auth.registration.serializers import RegisterSerializer
from rest_framework import serializers

class CustomRegisterSerializer(RegisterSerializer):
    def validate_email(self, email):
        """Custom email validation to prevent unique constraint errors on unverified emails."""
        email = get_adapter().clean_email(email)
        if allauth_account_settings.UNIQUE_EMAIL:
            existing_email = EmailAddress.objects.filter(email=email).first()
            if existing_email:
                if not existing_email.verified and allauth_account_settings.EMAIL_VERIFICATION == \
                    allauth_account_settings.EmailVerificationMethod.MANDATORY:
                    raise serializers.ValidationError(
                        "This email is already in use but has not been verified."
                    )
                else:
                    raise serializers.ValidationError(
                        "A user is already registered with this email address."
                    )
        return email

Why This Fix Works?

  • Prevents the unique constraint error by handling the issue before user.save().
  • Provides clearer error messages to the user, improving user experience.
  • Respects the EMAIL_VERIFICATION setting, ensuring correct behavior based on project requirements.
  • Maintains email uniqueness while properly handling unverified email addresses.

This update ensures that users understand why they cannot register with a certain email and avoids unexpected system errors.

@Mohmmde1
fix: email validation to remove unnecessary verification check
554d7b6
@Mohmmde1
fix: allow registration with unverified email when verification is no…
812b89e 
…t mandatory

Previously, the registration process incorrectly blocked users from registering with an existing but unverified email, even when email verification was not mandatory. This caused a unique constraint error when saving the user.

This fix updates the `validate_email` method in `CustomRegisterSerializer` to:
- Allow registration if the email exists but is unverified, **only if verification is not mandatory**.
- Prevent duplicate registrations if the email is already verified.
- Improve error messages for better clarity.

This ensures smoother registration flows while maintaining email uniqueness where required.
@Mohmmde1
fix: prevent unique constraint error by handling unverified emails
be05ee3
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@Mohmmde1