Views ===== Login ----- *URL name*: ``account_login`` Users login via the ``allauth.account.views.LoginView`` view over at ``/accounts/login/`` (URL name ``account_login``). When users attempt to login while their account is inactive (``user.is_active``) they are presented with the ``account/account_inactive.html`` template. Signup ------ *URL name*: ``account_signup`` Users sign up via the ``allauth.account.views.SignupView`` view over at ``/accounts/signup/`` (URL name ``account_signup``). Logout ------ *URL name*: ``account_logout`` The logout view (``allauth.account.views.LogoutView``) over at ``/accounts/logout/`` (URL name ``account_logout``) requests for confirmation before logging out. The user is logged out only when the confirmation is received by means of a POST request. If you are wondering why, consider what happens when a malicious user embeds the following image in a post:: For this and more background information on the subject, see: - https://code.djangoproject.com/ticket/15619 - http://stackoverflow.com/questions/3521290/logout-get-or-post If you insist on having logout on GET, then please consider adding a bit of Javascript to automatically turn a click on a logout link into a POST. As a last resort, you can set ``ACCOUNT_LOGOUT_ON_GET`` to ``True``. Password Management ------------------- Authenticated users can manage their password account using the ``allauth.account.views.PasswordSetView`` and ``allauth.account.views.PasswordChangeView`` views, over at ``/accounts/password/set/`` respectively ``/accounts/password/change/`` (URL names ``account_set_password`` and ``account_change_password`` respectively). Users are redirected between these views, according to whether or not they have setup a password (``user.has_usable_password()``). Typically, when users signup via a social provider they will not have a password set. Password Reset -------------- *URL name*: ``account_reset_password`` Users can request a password reset using the ``allauth.account.views.PasswordResetView`` view over at ``/accounts/password/reset/`` (URL name ``account_reset_password``). An email will be sent containing a reset link pointing to ``PasswordResetFromKeyView`` view. Emails Management ----------------- *URL name*: ``account_email`` Users manage the email addresses tied to their account using the ``allauth.account.views.EmailView`` view over at ``/accounts/email/`` (URL name ``account_email``). Here, users can add (and verify) email addresses, remove email addresses, and choose a new primary email address. Email Verification ------------------- Depending on the setting ``ACCOUNT_EMAIL_VERIFICATION``, a verification email is sent pointing to the ``allauth.account.views.ConfirmEmailView`` view. The setting ``ACCOUNT_CONFIRM_EMAIL_ON_GET`` determines whether users have to manually confirm the address by submitting a confirmation form, or whether the address is automatically confirmed by a mere GET request.