This is a general question, but it’s preferable if the answer is tied to the allauth library. I’ve already opened a ticket in its github page but they aren’t replying, so excuse me if this doesn’t belong here. The question is whether there’s a built-in way to prevent email squatting when adding secondary mails. Sure enough, when you set that the email must be verified for acct creation, no one can use your email to login and leave you without the possibility to sign up with your own mail. However, it’s the case that when secondary mails are added, this requirement isn’t fulfilled, that is, there is no check that the email must belong to the one initiating the action for it to be added to his account. This, in turn, can lead to email squatting. Of course, one could add the check to send a login code to the email that the user is attempting to link before the linking is done and so forth, but isn’t there already a mechanism that deals with this (maybe reclaiming unverified emails etc)? Thanks in advance
Related topics
| Topic | Replies | Views | Activity | |
|---|---|---|---|---|
| Stop unverified users from accessing third party app urls - 2FA | 2 | 850 | March 31, 2022 | |
| Duplicate Email Address in Django AllAuth | 5 | 2772 | February 23, 2023 | |
| New Django package that integrates with allauth to help make email verification easier | 0 | 861 | December 9, 2022 | |
| django-allauth 0.62.0 released: "Magic Code Login" | 6 | 866 | October 22, 2024 | |
| Auth without user | 4 | 2590 | February 6, 2021 |