[Mailman-Developers] Postorius and verified email addresses
Aurelien Bompard
aurelien at bompard.org
Wed Apr 6 12:08:04 EDT 2016
Hey people,
Mailman has the notion of "verified" email addresses. When a user is
created / registered in Postorius, a Mailman user can be created. It's off
by default but it seems like a logical thing to do.
This user will be created when the client visits the user profile or
preferences pages anyway, because it needs it in Mailman at that point.
However, the address that the user is created with is not verified. It's a
good thing because Django, by itself, does not verify email addresses. The
social auth providers that we use do validate them, but not Django, and
when internal auth is involved then it's only Django.
In that case, how should this address be validated? Should Postorius
consider that the login system always validates addresses and set them as
verified in Mailman? Should it ask mailman to verify the email addresses
when it encounters a user's un-verified address? This does not seem
possible in REST at the moment (unless I missed it), and should be
protected against multiple checks.
Ideas?
Aurélien
More information about the Mailman-Developers
mailing list