django allauth - ACCOUNT_UNIQUE_EMAIL doesn't prevent duplicate emails on signup
I'm making a basic website where users sign up with an email, a username, and a psssword.
I'm using dj_rest_auth, which wraps allauth to provide a REST API interface. Here's an example registration call:
POST: http://127.0.0.1:8000/api/auth/registration/
Body:
{
"username": "new_user3",
"password1": "testtest@123",
"password2": "testtest@123",
"email": "[email protected]"
}
These are the flags I've set in settings.py:
ACCOUNT_EMAIL_VERIFICATION = 'none'
ACCOUNT_EMAIL_REQUIRED = True
ACCOUNT_USERNAME_REQUIRED = True
ACCOUNT_UNIQUE_EMAIL = True
Yet, when I send the registration request twice, and only change the username (not email), it goes through just fine:
What's the easiest way to have this fail if the email is a duplicate? Ideally I'm looking for something the library itself provides, and not a custom class.
The documentation of the allauth settings [allauth-docs] says:
ACCOUNT_UNIQUE_EMAIL(default:True)Enforce uniqueness of email addresses. On the database level, this implies that only one user account can have an email address marked as verified. Forms prevent a user from registering with or adding an additional email address if that email address is in use by another account.
The source code [GitHub] also seems to indicate this:
class Migration(migrations.Migration): # … operations = ( [ migrations.AlterUniqueTogether( name="emailaddress", unique_together={("user", "email")}, ), migrations.AddConstraint( model_name="emailaddress", constraint=models.UniqueConstraint( condition=models.Q(("verified", True)), fields=["email"], name="unique_verified_email", ), ), ] if getattr(settings, "ACCOUNT_UNIQUE_EMAIL", True) else [] )
So the conditon=Q(verified=True) part says that the email is required to be unique, only for rows with verified=True.
Note furthermore that it does not even check if the email is unique in a caseinsensitive way, so [email protected] and [email protected] are seen as different email addresses.
- Generating new SQLite database django
- TemplateDoesNotExist at /users/register/ bootstrap5/uni_form.html
- django DEBUG=False still runs in debug mode
- Running Django custom manage.py task on Heroku - Importing Issues
- No module named pkg_resources
- Issue with Django CheckConstraint
- Set-cookie isn't working with React and Django
- How do I create Stripe-like DB ID's for Django models?
- CORS error while consuming calling REST API with React
- How to implement thumbnail images into Wagtail’s ModelViewSet?
- Django: How to migrate to class-based indexes
- How to get dictionary of RequestContext imported from django.template
- How do I clone a Django model instance object and save it to the database?
- Django self-referential foreign key
- Get current user log in signal in Django
- How to get Category from Product? Django
- For the django admin, how do I add a field to the User model and have it editable in the admin?
- Do transaction in Django make things faster
- No File was submitted while trying to make a POST. Django Rest Framework
- Django percentage field
- Django - how to specify a database for a model?
- I am getting a error: everse for 'genre' with arguments '('',)' not found. 1 pattern(s) tried: ['genres/(?P<genre_id>[0-9]+)\\Z']
- Remove user endpoints in Django rest auth
- Why is run called twice in the Django dev server?
- After switching to postgresql - connection reset by peer
- Prevent multiple form submissions in Django
- django.db.utils.DataError: division by zero
- django allauth - ACCOUNT_UNIQUE_EMAIL doesn't prevent duplicate emails on signup
- InlineModelAdmin not showing up on admin page
- Pagination in Django ListView when using get_context_data