search

PedroBern / django-graphql-auth

Django registration and authentication with GraphQL.
https://django-graphql-auth.readthedocs.io/en/latest/
MIT License
333 stars 105 forks source link

ALLOW_LOGIN_NOT_VERIFIED does not support graphql_auth.mutations.SendPasswordResetEmail #52

Open mcabrams opened 4 years ago

mcabrams commented 4 years ago

Description

Setting ALLOW_LOGIN_NOT_VERFIED to True seems like it would eliminate the UserNotVerifiedError upon executing the SendPasswordResetEmail (in the case where user is unverified), however, it still raises this error.

Expected behavior

I would expect ALLOW_LOGIN_NOT_VERFIED would remove the check for the user needing to be verified upon sending the password reset email - or I would expect there to be a new setting called ALLOW_PASSWORD_RESET_NOT_VERIFIED that would more granularly control this.

Requirements

django-graphql-jwt==0.3.0
graphene-django==2.9.1
django-graphql-auth==0.3.10
PedroBern commented 4 years ago

The default behavior must be raising this error because it's common to let users login when not verified, but they should first verify the account in order to reset password. However, a new setting ALLOW_PASSWORD_RESET_NOT_VERIFIED would be nice.

Another option would be verifying the account along with the password reset, in case the user asks for a password reset without being verified. I think this would be even better than the new setting.

Can you make a PR for one of those alternatives?