I am using Django allauth for my website's auth needs.
When a user signs up to my site with a social account - Google mostly (I've got only twitter, facebook and google set up, mostly the users seem to prefer google) - the user's email is always auto-verified, that is despite these settings from the allauth documentation (http://django-allauth.readthedocs.org/en/latest/#configuration) being set :
ACCOUNT_EMAIL_REQUIRED = True SOCIALACCOUNT_EMAIL_REQUIRED = True ACCOUNT_EMAIL_VERIFICATION = "mandatory" SOCIALACCOUNT_EMAIL_VERIFICATION = "mandatory"
No verification email is ever sent for an account that signs up via Social and the email is always listed as "verified" despite that.
I've got an important security hook set up to intercept on a verification signal. I need the social users to get the email and click the email verification link.
Users who sign up manually all work fine (email, verification link, etc).
What is or could be wrong?
Python 3.3, Django 1.6.2, django-allauth 0.15.0 (via pip)
Update: Even if I set
SOCIALACCOUNT_AUTO_SIGNUP = False
and force the user to fill in the form, it still auto-verifies social users.</div