This allows each account to have more than one email address, of which
one is primary. Adding more addresses will trigger an email with a
verification link (of course). The field previously known as "email" is
now changed to be "primary email".
Change the profile form to allow freely changing between the added
addresses which one is the primary. Remove the functionality to directly
change the primary email -- instead one has to add a new address first
and then change to that one, which simplifies several things in the
handling.
This adds a new model for CommunityAuthOrg representing the organisation
that runs the system that's being authenticated (e.g. PostgreSQL Europe
or PostgreSQL US). For this we just keep a name and a "is consent required" flag.
In the case where consent is required, we keep track on a per-user basis
of if they have given consent to sharing their data with this
organistion. If they haven't, we ask for it before completing the
redirect and actually sharing the data.
1. ForeignKey with unique -> OneToOneField
2. IPAddressField -> GenericIPAddressField
3. Fix fields with default=datetime.now() which gives server start time,
not the insert time (clearly this default was never used, and the
field was always explicitly set, but it should still not be incorrectly
defined)
This lets us configure some sites that require accounts to have been
in the system for longer than a certain time before they are allowed
to log in to that site. In particular, the wiki is easy to spam, so
we want those users to be in the system for a while before they can
try something like that.
Requires manual sql to be run on all installations:
ALTER TABLE account_communityauthsite ADD COLUMN cooloff_hours int NOT NULL DEFAULT 0;
When changing an email, we generate a random token and send it to the
new email (the old email is verified by the fact that the user is
already logged in). Once the link in the email is clicked, we update
the actual email.
This system relies on http redirects and signing in to the main website
instead of using cross-internet pgsql connections and signing in individually
to each website.
