Open Loschcode opened 3 years ago
Loschcode
commented
3 years ago Being pretty new to the Python world, I've made a workaround by adding this logic after the user creation
user = CustomUser.objects.get(id=user_id)
user.status.verified = True
user.status.save()Not a perfect solution honestly, but it works for now.
Telewa
commented
3 years ago Thanks @Loschcode. Additionally, if you are doing this in a migration, you will need this dependency.
dependencies = [
...,
('graphql_auth', '0001_initial'),
...
]Otherwise, as expected, your CustomUser will not have the status field.
panosangelopoulos
commented
3 years ago Hi @Loschcode, verification is an important part of the authentication process, not only in this library, generally speaking.
Of course, you can choose and do whatever you want in your project but I'm not sure that a bypass of verification will add value to the library.
Feel free to fork the project and skip the verification part.
cc: @PedroBern
ulgens
commented
3 years ago @panosangelopoulos Hello fellow collaborator 🙂 I, myself, too find the verification this library provides a bit weird. UserStatus model is a new, kinda magic thing that you can achieve almost same thing (for the most of use cases) with single is_verified field on your user model. I'd use if there is a setting to switch current verification method off, i'd use it now.
panosangelopoulos
commented
3 years ago @ulgens thanks for your message, this topic is getting buzz!
I completely understand the weird part of verification but do you think that the solution will be the option to switch it on or off? I would rather expect a way of resolving the weird part and make it more readable/understandable for the rest of the community instead of switch it off.
Of course, that's my opinion and I'm open to discussing it further.
Generally speaking, the Verification (not-only for a user) is part of the The OAuth 2.0 Authorization Framework (https://tools.ietf.org/html/rfc6749#section-4.1) but we can of course argue about it.
Why do I think that switching it off isn't the way to go? Most of them are mentioned => https://ux.stackexchange.com/a/111023.
ulgens
commented
3 years ago I agree with its benefits but I don't think "It's the best way (we/everyone say so), so you have to do it." is the best way to go as a maintainer. Not everyone really need that benefit and in some cases, it does more harm than good. I can give two very simple examples here:
panosangelopoulos
commented
3 years ago @ulgens I got your points and especially the first one, for testing, I think you can skip this verification process in a central point quite easily.
Shall we discuss the best approach to bypassing/switching the verification in this thread?
ulgens
commented
3 years ago I think we should discuss the verification in general but i'm more willing to spend my time on graphql-jwt package's issues for now.
panosangelopoulos
commented
3 years ago That's absolutely fine @ulgens.
Then let's discuss it and bring ideas to the table.
cc: @PedroBern
haris1998-web
commented
2 years ago Is there an option to skip the verification part after a year?
cc: @PedroBern
ALASHI1
commented
1 year ago I'm not sure about skipping the whole verification part but you avoid sending the activation mail to the user on sign-up and still let them log in
in your settings.py file
paste that
GRAPHQL_AUTH = { "SEND_ACTIVATION_EMAIL": False, }
then use the inbuilt "resend activation mail" mutation to verify them when needed
I'm looking for a solution to skip the verify account part because I don't wish to actually send an activation email therefore have accounts automatically confirmed. When I'm sending an updateAccount mutation I get this kind of response:
I see this option is nowhere to be seen in the settings in the documentation despite being able to deactivate the email dispatch; I either don't understand fully how to deactivate this part or you have very odds ways to setup settings flows...
I'm looking into this for a while thus my issue. Thanks