fix 4056 Enable username-or-email login via allauth configuration and template updates #5329

armanraymagit · 2025-12-17T11:41:02Z

Fixes #4056

Summary by CodeRabbit

New Features
- Users can log in with username or email; login label updated and non-field errors display as clear alert.
Tests
- Added comprehensive tests for username/email login, case/whitespace handling, redirects, unverified emails, and error UI.
Chores
- Added a management command to deduplicate email records.
- Environment variables are loaded at startup.
Config
- Email uniqueness enforced; note: existing duplicate emails should be resolved before enabling.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

github-actions · 2025-12-17T11:41:12Z

👋 Hi @armanraymagit!

This pull request needs a peer review before it can be merged. Please request a review from a team member who is not:

The PR author
DonnieBLT
coderabbitai
copilot

Once a valid peer review is submitted, this check will pass automatically. Thank you!

coderabbitai · 2025-12-17T11:41:16Z

Walkthrough

Adds Allauth settings for username-or-email login and unique emails, loads environment variables in a new manage.py main(), updates login template to show non-field errors and relabel the login field, adds extensive login tests, and introduces a management command to deduplicate EmailAddress records.

Changes

Cohort / File(s)	Summary
Configuration `blt/settings.py`	Added Allauth constants: `ACCOUNT_LOGIN_METHODS = {"username", "email"}`, `ACCOUNT_UNIQUE_EMAIL = True`, and `ACCOUNT_FORMS = {"signup": "website.forms.SignupFormWithCaptcha"}` with cautionary comments about deduplicating emails.
Startup / Env `manage.py`	Added `main()` which calls `load_dotenv()` before setting `DJANGO_SETTINGS_MODULE` and executing management commands; `if __name__ == "__main__"` now calls `main()`.
Login template `website/templates/account/login.html`	Split template tag loads into `{% load account %}` and `{% load socialaccount %}`, render `form.non_field_errors` in an alert block, and change the username label to "Username or Email".
Login tests `website/tests/test_login.py`	New `LoginTestCase` with many tests covering invalid credentials, username/email login success, case-insensitive email, whitespace trimming, unverified email behavior, `next` redirect handling, empty-field cases, page rendering, and error alert styling.
Email deduplication command `website/management/commands/deduplicate_emails.py`	New management command that finds case-insensitive duplicate EmailAddress records, selects a canonical record (preferring verified/primary), merges flags, prevents unsafe deletions (multiple users or leaving a user without addresses), and deletes duplicates inside transactions with masked logging.
Package markers `website/management/__init__.py`, `website/management/commands/__init__.py`	Added package init files with explanatory comments to mark directories as Python packages.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~30 minutes

Inspect merging strategy, user propagation, and flag promotion/demotion in website/management/commands/deduplicate_emails.py (transaction boundaries, integrity checks, and logging/masking).
Verify interplay of ACCOUNT_LOGIN_METHODS, ACCOUNT_UNIQUE_EMAIL, and ACCOUNT_FORMS with existing authentication backends and any database constraints or required data migrations.
Review website/tests/test_login.py for setup assumptions around EmailAddress creation/verification and ensure tests correctly reflect production behavior.
Confirm load_dotenv() placement in manage.py does not conflict with deployment environment expectations or other startup code.

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 15.00% which is insufficient. The required threshold is 80.00%.	You can run `@coderabbitai generate docstrings` to improve docstring coverage.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title clearly identifies the main change: enabling username-or-email login via allauth configuration and template updates, which directly addresses issue #4056.
Linked Issues check	✅ Passed	All coding requirements from issue #4056 are met: username-or-email login enabled via ACCOUNT_AUTHENTICATION_METHOD setting, error messages displayed on incorrect credentials via template updates, and allauth configuration properly adjusted.
Out of Scope Changes check	✅ Passed	All changes align with issue #4056 requirements. Changes include: settings configuration for allauth, template updates for error display and label, environment loading via dotenv in manage.py for local development, and comprehensive test coverage for login scenarios.

✨ Finishing touches

📝 Generate docstrings

🧪 Generate unit tests (beta)

Create PR with unit tests
Post copyable unit tests in a comment

📜 Recent review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Knowledge base: Disabled due to Reviews -> Disable Knowledge Base setting

📥 Commits

Reviewing files that changed from the base of the PR and between 581f41d and 2938f37.

📒 Files selected for processing (4)

blt/settings.py (2 hunks)
website/management/__init__.py (1 hunks)
website/management/commands/__init__.py (1 hunks)
website/management/commands/deduplicate_emails.py (1 hunks)

✅ Files skipped from review due to trivial changes (2)

website/management/init.py
website/management/commands/init.py

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

GitHub Check: Run Tests
GitHub Check: docker-test

🔇 Additional comments (5)

blt/settings.py (1)

365-380: LGTM! Modern allauth API and prudent pre-deployment guidance.

The changes correctly use ACCOUNT_LOGIN_METHODS = {"username", "email"} (the current django-allauth 65.13.1+ API) and provide clear documentation about running the deduplication command before enabling ACCOUNT_UNIQUE_EMAIL. This approach ensures a smooth deployment without constraint violations.

website/management/commands/deduplicate_emails.py (4)

1-24: LGTM! Proper PII protection.

The mask_email helper correctly prevents exposure of sensitive email addresses in logs and command output, addressing privacy and compliance concerns (GDPR/CCPA).

35-50: LGTM! Case-insensitive duplicate detection.

The use of Lower("email") ensures that case variants (e.g., "[email protected]" and "[email protected]") are correctly identified as duplicates, addressing the case-sensitivity mismatch concern from previous reviews.

52-69: LGTM! Proper ordering prioritizes records with users.

The user_present annotation ensures that EmailAddress records linked to a user are preferred as the keeper over orphaned records (user=None), addressing the concern about corrupt orphaned data being selected.

162-179: LGTM! Proper last-email protection and deletion.

The check at line 164 correctly prevents deleting a user's last email address by comparing total count to delete count. The deletion logic is straightforward and safe.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

github-actions · 2025-12-17T11:41:32Z

📊 Monthly Leaderboard

Hi @armanraymagit! Here's how you rank for December 2025:

Rank	User	PRs	Reviews	Comments	Total
#10	@Ankit-singh-dot	6	0	3	66
#11	@armanraymagit ✨	5	0	0	50
#12	@dRaniwal	1	3	14	50

Leaderboard based on contributions in December 2025. Keep up the great work! 🚀

coderabbitai

Actionable comments posted: 2

🧹 Nitpick comments (1)

manage.py (1)
6-15: Consider moving the dotenv import to top-level.

The import of load_dotenv is inside the main() function. Per PEP 8, imports should typically be at the top of the file unless there's a specific reason (e.g., avoiding circular imports or optional dependencies).

Apply this diff to move the import to the top:
 #!/usr/bin/env python
 import os
 import sys
+from dotenv import load_dotenv

 
 def main():
-    from dotenv import load_dotenv
-
     load_dotenv()
 
     os.environ.setdefault("DJANGO_SETTINGS_MODULE", "blt.settings")

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Knowledge base: Disabled due to Reviews -> Disable Knowledge Base setting

📥 Commits

Reviewing files that changed from the base of the PR and between cd7312d and 75a65f8.

📒 Files selected for processing (3)

blt/settings.py (1 hunks)
manage.py (1 hunks)
website/templates/account/login.html (3 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

GitHub Check: Run Tests
GitHub Check: docker-test

🔇 Additional comments (4)

manage.py (1)

18-19: LGTM!

The refactoring to call main() within the if __name__ == "__main__": guard is clean and follows Python best practices.

blt/settings.py (1)

365-372: LGTM!

The django-allauth configuration is well-structured:

Requires both username and email during signup

Enforces email uniqueness

Requires mandatory email verification

This configuration aligns with the PR objectives and provides a secure authentication setup.

website/templates/account/login.html (2)

5-6: LGTM!

Splitting the load tags into separate lines is fine and may improve readability, though functionally equivalent to the single-line version.

71-71: LGTM!

The label change to "Username or Email" correctly reflects the ACCOUNT_AUTHENTICATION_METHOD = "username_email" configuration in settings.py and improves user clarity.

blt/settings.py

github-actions · 2025-12-17T11:52:05Z

❌ Pre-commit checks failed

The pre-commit hooks found issues that need to be fixed. Please run the following commands locally to fix them:

# Install pre-commit if you haven't already
pip install pre-commit

# Run pre-commit on all files
pre-commit run --all-files

# Or run pre-commit on staged files only
pre-commit run

After running these commands, the pre-commit hooks will automatically fix most issues.
Please review the changes, commit them, and push to your branch.

💡 Tip: You can set up pre-commit to run automatically on every commit by running:

pre-commit install

Pre-commit output

[INFO] Initializing environment for https://github.com/pre-commit/pre-commit-hooks.
[WARNING] repo `https://github.com/pre-commit/pre-commit-hooks` uses deprecated stage names (commit, push) which will be removed in a future version.  Hint: often `pre-commit autoupdate --repo https://github.com/pre-commit/pre-commit-hooks` will fix this.  if it does not -- consider reporting an issue to that repo.
[INFO] Initializing environment for https://github.com/pycqa/isort.
[WARNING] repo `https://github.com/pycqa/isort` uses deprecated stage names (commit, merge-commit, push) which will be removed in a future version.  Hint: often `pre-commit autoupdate --repo https://github.com/pycqa/isort` will fix this.  if it does not -- consider reporting an issue to that repo.
[INFO] Initializing environment for https://github.com/astral-sh/ruff-pre-commit.
[INFO] Initializing environment for https://github.com/djlint/djLint.
[INFO] Initializing environment for local.
[INFO] Installing environment for https://github.com/pre-commit/pre-commit-hooks.
[INFO] Once installed this environment will be reused.
[INFO] This may take a few minutes...
[INFO] Installing environment for https://github.com/pycqa/isort.
[INFO] Once installed this environment will be reused.
[INFO] This may take a few minutes...
[INFO] Installing environment for https://github.com/astral-sh/ruff-pre-commit.
[INFO] Once installed this environment will be reused.
[INFO] This may take a few minutes...
[INFO] Installing environment for https://github.com/djlint/djLint.
[INFO] Once installed this environment will be reused.
[INFO] This may take a few minutes...
[INFO] Installing environment for local.
[INFO] Once installed this environment will be reused.
[INFO] This may take a few minutes...
check python ast.........................................................Passed
check builtin type constructor use.......................................Passed
check yaml...............................................................Passed
fix python encoding pragma...............................................Passed
mixed line ending........................................................Passed
isort....................................................................Passed
ruff.....................................................................Passed
ruff-format..............................................................Passed
djLint linting...........................................................Failed
- hook id: djlint
- exit code: 1
- files were modified by this hook

Reformatting and Linting 0/66 files ┈┈┈┈┈┈┈┈┈┈ 00:00    
Reformatting and Linting 1/66 files ┈┈┈┈┈┈┈┈┈┈ 00:00    
Reformatting and Linting 2/66 files ┈┈┈┈┈┈┈┈┈┈ 00:00    
Reformatting and Linting 4/66 files ┈┈┈┈┈┈┈┈┈┈ 00:01    
Reformatting and Linting 5/66 files ┈┈┈┈┈┈┈┈┈┈ 00:01    
Reformatting and Linting 6/66 files ┈┈┈┈┈┈┈┈┈┈ 00:01    
Reformatting and Linting 7/66 files ━┈┈┈┈┈┈┈┈┈ 00:02    
Reformatting and Linting 8/66 files ━┈┈┈┈┈┈┈┈┈ 00:02    
Reformatting and Linting 10/66 files ━┈┈┈┈┈┈┈┈┈ 00:02    
Reformatting and Linting 11/66 files ━┈┈┈┈┈┈┈┈┈ 00:03    
Reformatting and Linting 12/66 files ━┈┈┈┈┈┈┈┈┈ 00:03    
Reformatting and Linting 13/66 files ━┈┈┈┈┈┈┈┈┈ 00:05    
Reformatting and Linting 15/66 files ━━┈┈┈┈┈┈┈┈ 00:05    
Reformatting and Linting 17/66 files ━━┈┈┈┈┈┈┈┈ 00:05    
Reformatting and Linting 19/66 files ━━┈┈┈┈┈┈┈┈ 00:05    
Reformatting and Linting 20/66 files ━━━┈┈┈┈┈┈┈ 00:05    
Reformatting and Linting 22/66 files ━━━┈┈┈┈┈┈┈ 00:05    
Reformatting and Linting 23/66 files ━━━┈┈┈┈┈┈┈ 00:05    
Reformatting and Linting 25/66 files ━━━┈┈┈┈┈┈┈ 00:06    
Reformatting and Linting 26/66 files ━━━┈┈┈┈┈┈┈ 00:06    
Reformatting and Linting 27/66 files ━━━━┈┈┈┈┈┈ 00:06    
Reformatting and Linting 29/66 files ━━━━┈┈┈┈┈┈ 00:07    
Reformatting and Linting 31/66 files ━━━━┈┈┈┈┈┈ 00:07    
Reformatting and Linting 33/66 files ━━━━━┈┈┈┈┈ 00:07    
Reformatting and Linting 35/66 files ━━━━━┈┈┈┈┈ 00:07    
Reformatting and Linting 37/66 files ━━━━━┈┈┈┈┈ 00:08    
Reformatting and Linting 38/66 files ━━━━━┈┈┈┈┈ 00:08    
Reformatting and Linting 40/66 files ━━━━━━┈┈┈┈ 00:09    
Reformatting and Linting 41/66 files ━━━━━━┈┈┈┈ 00:09    
Reformatting and Linting 43/66 files ━━━━━━┈┈┈┈ 00:09    
Reformatting and Linting 44/66 files ━━━━━━┈┈┈┈ 00:10    
Reformatting and Linting 46/66 files ━━━━━━┈┈┈┈ 00:10    
Reformatting and Linting 48/66 files ━━━━━━━┈┈┈ 00:10    
Reformatting and Linting 50/66 files ━━━━━━━┈┈┈ 00:10    
Reformatting and Linting 52/66 files ━━━━━━━┈┈┈ 00:10    
Reformatting and Linting 55/66 files ━━━━━━━━┈┈ 00:11    
Reformatting and Linting 57/66 files ━━━━━━━━┈┈ 00:11    
Reformatting and Linting 59/66 files ━━━━━━━━┈┈ 00:11    
Reformatting and Linting 61/66 files ━━━━━━━━━┈ 00:12    
Reformatting and Linting 62/66 files ━━━━━━━━━┈ 00:12    
Reformatting and Linting 63/66 files ━━━━━━━━━┈ 00:12    
Reformatting and Linting 65/66 files ━━━━━━━━━┈ 00:15    
Reformatting and Linting 66/66 files ━━━━━━━━━━ 00:18    
                                                         

Reformatting and Linting 66/66 files ━━━━━━━━━━ 00:18    
Reformatting and Linting 66/66 files ━━━━━━━━━━ 00:18    


0 files were updated.
Linted 66 files, found 0 errors.



Reformatting and Linting 0/66 files ┈┈┈┈┈┈┈┈┈┈ 00:00    
Reformatting and Linting 1/66 files ┈┈┈┈┈┈┈┈┈┈ 00:00    
Reformatting and Linting 2/66 files ┈┈┈┈┈┈┈┈┈┈ 00:00    
Reformatting and Linting 3/66 files ┈┈┈┈┈┈┈┈┈┈ 00:01    
Reformatting and Linting 4/66 files ┈┈┈┈┈┈┈┈┈┈ 00:01    
Reformatting and Linting 5/66 files ┈┈┈┈┈┈┈┈┈┈ 00:01    
Reformatting and Linting 6/66 files ┈┈┈┈┈┈┈┈┈┈ 00:01    
Reformatting and Linting 7/66 files ━┈┈┈┈┈┈┈┈┈ 00:02    
Reformatting and Linting 8/66 files ━┈┈┈┈┈┈┈┈┈ 00:02    
Reformatting and Linting 9/66 files ━┈┈┈┈┈┈┈┈┈ 00:03    
Reformatting and Linting 11/66 files ━┈┈┈┈┈┈┈┈┈ 00:04    
Reformatting and Linting 13/66 files ━┈┈┈┈┈┈┈┈┈ 00:04    
Reformatting and Linting 14/66 files ━━┈┈┈┈┈┈┈┈ 00:04    
Reformatting and Linting 17/66 files ━━┈┈┈┈┈┈┈┈ 00:04    
Reformatting and Linting 18/66 files ━━┈┈┈┈┈┈┈┈ 00:06    
Reformatting and Linting 19/66 files ━━┈┈┈┈┈┈┈┈ 00:06    
Reformatting and Linting 21/66 files ━━━┈┈┈┈┈┈┈ 00:07    
Reformatting and Linting 22/66 files ━━━┈┈┈┈┈┈┈ 00:07    
Reformatting and Linting 23/66 files ━━━┈┈┈┈┈┈┈ 00:08    
Reformatting and Linting 24/66 files ━━━┈┈┈┈┈┈┈ 00:08    
Reformatting and Linting 26/66 files ━━━┈┈┈┈┈┈┈ 00:09    
Reformatting and Linting 27/66 files ━━━━┈┈┈┈┈┈ 00:10    
Reformatting and Linting 28/66 files ━━━━┈┈┈┈┈┈ 00:10    
Reformatting and Linting 29/66 files ━━━━┈┈┈┈┈┈ 00:10    
Reformatting and Linting 30/66 files ━━━━┈┈┈┈┈┈ 00:10    
Reformatting and Linting 31/66 files ━━━━┈┈┈┈┈┈ 00:11    
Reformatting and Linting 33/66 files ━━━━━┈┈┈┈┈ 00:11    
Reformatting and Linting 34/66 files ━━━━━┈┈┈┈┈ 00:12    
Reformatting and Linting 36/66 files ━━━━━┈┈┈┈┈ 00:12    
Reformatting and Linting 37/66 files ━━━━━┈┈┈┈┈ 00:13    
Reformatting and Linting 38/66 files ━━━━━┈┈┈┈┈ 00:13    
Reformatting and Linting 39/66 files ━━━━━┈┈┈┈┈ 00:13    
Reformatting and Linting 41/66 files ━━━━━━┈┈┈┈ 00:13    
Reformatting and Linting 42/66 files ━━━━━━┈┈┈┈ 00:14    
Reformatting and Linting 44/66 files ━━━━━━┈┈┈┈ 00:14    
Reformatting and Linting 45/66 files ━━━━━━┈┈┈┈ 00:14    
Reformatting and Linting 48/66 files ━━━━━━━┈┈┈ 00:14    
Reformatting and Linting 50/66 files ━━━━━━━┈┈┈ 00:14    
Reformatting and Linting 52/66 files ━━━━━━━┈┈┈ 00:14    
Reformatting and Linting 54/66 files ━━━━━━━━┈┈ 00:14    
Reformatting and Linting 56/66 files ━━━━━━━━┈┈ 00:15    
Reformatting and Linting 58/66 files ━━━━━━━━┈┈ 00:15    
Reformatting and Linting 60/66 files ━━━━━━━━━┈ 00:15    
Reformatting and Linting 64/66 files ━━━━━━━━━┈ 00:15    
Reformatting and Linting 66/66 files ━━━━━━━━━━ 00:16    
                                                         

Reformatting and Linting 66/66 files ━━━━━━━━━━ 00:16    
Reformatting and Linting 66/66 files ━━━━━━━━━━ 00:16    


0 files were updated.
Linted 66 files, found 0 errors.



Reformatting and Linting 0/66 files ┈┈┈┈┈┈┈┈┈┈ 00:00    
Reformatting and Linting 1/66 files ┈┈┈┈┈┈┈┈┈┈ 00:01    
Reformatting and Linting 2/66 files ┈┈┈┈┈┈┈┈┈┈ 00:01    
Reformatting and Linting 4/66 files ┈┈┈┈┈┈┈┈┈┈ 00:01    
Reformatting and Linting 6/66 files ┈┈┈┈┈┈┈┈┈┈ 00:01    
Reformatting and Linting 9/66 files ━┈┈┈┈┈┈┈┈┈ 00:02    
Reformatting and Linting 12/66 files ━┈┈┈┈┈┈┈┈┈ 00:03    
Reformatting and Linting 14/66 files ━━┈┈┈┈┈┈┈┈ 00:03    
Reformatting and Linting 16/66 files ━━┈┈┈┈┈┈┈┈ 00:03    
Reformatting and Linting 17/66 files ━━┈┈┈┈┈┈┈┈ 00:04    
Reformatting and Linting 19/66 files ━━┈┈┈┈┈┈┈┈ 00:04    
Reformatting and Linting 21/66 files ━━━┈┈┈┈┈┈┈ 00:04    
Reformatting and Linting 22/66 files ━━━┈┈┈┈┈┈┈ 00:04    
Reformatting and Linting 23/66 files ━━━┈┈┈┈┈┈┈ 00:04    
Reformatting and Linting 24/66 files ━━━┈┈┈┈┈┈┈ 00:04    
Reformatting and Linting 25/66 files ━━━┈┈┈┈┈┈┈ 00:05    
Reformatting and Linting 26/66 files ━━━┈┈┈┈┈┈┈ 00:05    
Reformatting and Linting 27/66 files ━━━━┈┈┈┈┈┈ 00:05    
Reformatting and Linting 28/66 files ━━━━┈┈┈┈┈┈ 00:06    
Reformatting and Linting 29/66 files ━━━━┈┈┈┈┈┈ 00:06    
Reformatting and Linting 30/66 files ━━━━┈┈┈┈┈┈ 00:07    
Reformatting and Linting 31/66 files ━━━━┈┈┈┈┈┈ 00:07    
Reformatting and Linting 32/66 files ━━━━┈┈┈┈┈┈ 00:07    
Reformatting and Linting 33/66 files ━━━━━┈┈┈┈┈ 00:07    
Reformatting and Linting 34/66 files ━━━━━┈┈┈┈┈ 00:07    
Reformatting and Linting 35/66 files ━━━━━┈┈┈┈┈ 00:08    
Reformatting and Linting 36/66 files ━━━━━┈┈┈┈┈ 00:08    
Reformatting and Linting 37/66 files ━━━━━┈┈┈┈┈ 00:09    
Reformatting and Linting 38/66 files ━━━━━┈┈┈┈┈ 00:10    
Reformatting and Linting 40/66 files ━━━━━━┈┈┈┈ 00:10    
Reformatting and Linting 42/66 files ━━━━━━┈┈┈┈ 00:10    
Reformatting and Linting 44/66 files ━━━━━━┈┈┈┈ 00:10    
Reformatting and Linting 45/66 files ━━━━━━┈┈┈┈ 00:10    
Reformatting and Linting 48/66 files ━━━━━━━┈┈┈ 00:11    
Reformatting and Linting 50/66 files ━━━━━━━┈┈┈ 00:11    
Reformatting and Linting 51/66 files ━━━━━━━┈┈┈ 00:11    
Reformatting and Linting 52/66 files ━━━━━━━┈┈┈ 00:12    
Reformatting and Linting 53/66 files ━━━━━━━━┈┈ 00:12    
Reformatting and Linting 54/66 files ━━━━━━━━┈┈ 00:12    
Reformatting and Linting 55/66 files ━━━━━━━━┈┈ 00:12    
Reformatting and Linting 56/66 files ━━━━━━━━┈┈ 00:13    
Reformatting and Linting 58/66 files ━━━━━━━━┈┈ 00:13    
Reformatting and Linting 59/66 files ━━━━━━━━┈┈ 00:13    
Reformatting and Linting 60/66 files ━━━━━━━━━┈ 00:13    
Reformatting and Linting 61/66 files ━━━━━━━━━┈ 00:14    
Reformatting and Linting 62/66 files ━━━━━━━━━┈ 00:14    
Reformatting and Linting 63/66 files ━━━━━━━━━┈ 00:14    
Reformatting and Linting 64/66 files ━━━━━━━━━┈ 00:14    
Reformatting and Linting 66/66 files ━━━━━━━━━━ 00:16    
                                                         

Reformatting and Linting 66/66 files ━━━━━━━━━━ 00:16    
Reformatting and Linting 66/66 files ━━━━━━━━━━ 00:16    


website/templates/account/login.html
───────────────────────────────────────────────────────────────────────────────
@@ -57,9 +57,7 @@

                         <div class="bg-red-100 border-l-4 border-red-500 text-red-700 p-4 rounded"
                              role="alert">
                             <strong class="font-bold">Error:</strong>
-                    
-+           <span class="block sm:inline mt-1">{{ form.non_field_errors|striptags }}</span>
-        
+                            +           <span class="block sm:inline mt-1">{{ form.non_field_errors|striptags }}</span>
                         </div>
                     {% endif %}
                     {% if redirect_field_value %}

1 file was updated.
Linted 66 files, found 0 errors.



Reformatting and Linting 0/63 files ┈┈┈┈┈┈┈┈┈┈ 00:00    
Reformatting and Linting 1/63 files ┈┈┈┈┈┈┈┈┈┈ 00:00    
Reformatting and Linting 2/63 files ┈┈┈┈┈┈┈┈┈┈ 00:01    
Reformatting and Linting 3/63 files ┈┈┈┈┈┈┈┈┈┈ 00:01    
Reformatting and Linting 5/63 files ┈┈┈┈┈┈┈┈┈┈ 00:01    
Reformatting and Linting 6/63 files ┈┈┈┈┈┈┈┈┈┈ 00:02    
Reformatting and Linting 7/63 files ━┈┈┈┈┈┈┈┈┈ 00:02    
Reformatting and Linting 8/63 files ━┈┈┈┈┈┈┈┈┈ 00:03    
Reformatting and Linting 9/63 files ━┈┈┈┈┈┈┈┈┈ 00:03    
Reformatting and Linting 11/63 files ━┈┈┈┈┈┈┈┈┈ 00:03    
Reformatting and Linting 13/63 files ━━┈┈┈┈┈┈┈┈ 00:04    
Reformatting and Linting 15/63 files ━━┈┈┈┈┈┈┈┈ 00:04    
Reformatting and Linting 16/63 files ━━┈┈┈┈┈┈┈┈ 00:04    
Reformatting and Linting 18/63 files ━━┈┈┈┈┈┈┈┈ 00:04    
Reformatting and Linting 19/63 files ━━━┈┈┈┈┈┈┈ 00:05    
Reformatting and Linting 21/63 files ━━━┈┈┈┈┈┈┈ 00:05    
Reformatting and Linting 24/63 files ━━━┈┈┈┈┈┈┈ 00:05    
Reformatting and Linting 25/63 files ━━━┈┈┈┈┈┈┈ 00:05    
Reformatting and Linting 26/63 files ━━━━┈┈┈┈┈┈ 00:06    
Reformatting and Linting 28/63 files ━━━━┈┈┈┈┈┈ 00:06    
Reformatting and Linting 30/63 files ━━━━┈┈┈┈┈┈ 00:06    
Reformatting and Linting 31/63 files ━━━━┈┈┈┈┈┈ 00:06    
Reformatting and Linting 32/63 files ━━━━━┈┈┈┈┈ 00:07    
Reformatting and Linting 35/63 files ━━━━━┈┈┈┈┈ 00:07    
Reformatting and Linting 36/63 files ━━━━━┈┈┈┈┈ 00:07    
Reformatting and Linting 37/63 files ━━━━━┈┈┈┈┈ 00:07    
Reformatting and Linting 38/63 files ━━━━━━┈┈┈┈ 00:08    
Reformatting and Linting 40/63 files ━━━━━━┈┈┈┈ 00:08    
Reformatting and Linting 41/63 files ━━━━━━┈┈┈┈ 00:08    
Reformatting and Linting 42/63 files ━━━━━━┈┈┈┈ 00:09    
Reformatting and Linting 43/63 files ━━━━━━┈┈┈┈ 00:09    
Reformatting and Linting 45/63 files ━━━━━━━┈┈┈ 00:09    
Reformatting and Linting 46/63 files ━━━━━━━┈┈┈ 00:09    
Reformatting and Linting 49/63 files ━━━━━━━┈┈┈ 00:10    
Reformatting and Linting 51/63 files ━━━━━━━━┈┈ 00:10    
Reformatting and Linting 52/63 files ━━━━━━━━┈┈ 00:11    
Reformatting and Linting 53/63 files ━━━━━━━━┈┈ 00:11    
Reformatting and Linting 55/63 files ━━━━━━━━┈┈ 00:12    
Reformatting and Linting 56/63 files ━━━━━━━━┈┈ 00:12    
Reformatting and Linting 57/63 files ━━━━━━━━━┈ 00:12    
Reformatting and Linting 59/63 files ━━━━━━━━━┈ 00:13    
Reformatting and Linting 60/63 files ━━━━━━━━━┈ 00:13    
Reformatting and Linting 61/63 files ━━━━━━━━━┈ 00:14    
Reformatting and Linting 63/63 files ━━━━━━━━━━ 00:19    
                                                         

Reformatting and Linting 63/63 files ━━━━━━━━━━ 00:19    
Reformatting and Linting 63/63 files ━━━━━━━━━━ 00:19    


0 files were updated.
Linted 63 files, found 0 errors.

For more information, see the pre-commit documentation.

blt/settings.py

            "NAME": ":memory:",
        }

+ACCOUNT_AUTHENTICATION_METHOD = "username_email"


arnavkirti · 2025-12-17T12:02:32Z

@coderabbitai please run a full, end‑to‑end review of this PR for completeness.

Focus on:

Verifying that the login flow now correctly supports both username and email, including error display on invalid credentials.
Checking that the new django‑allauth settings (authentication/login methods, unique email) are consistent with the current allauth API and do not break existing flows.
Confirming that moving dotenv loading into manage.py startup is safe for all environments and commands.
Looking for any missing tests or edge cases around login errors and messaging.

coderabbitai · 2025-12-17T12:08:06Z

Tip

For best results, initiate chat on the files or code changes.

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash

# Find and display requirements files to check django-allauth version
echo "=== Django-allauth version in requirements ==="
fd -e txt -e in requirements | xargs -I {} bash -c 'echo "File: {}" && cat {}'

echo -e "\n=== Check for poetry/pipenv files ==="
fd -e toml -e lock pyproject Pipfile | xargs -I {} bash -c 'echo "File: {}" && cat {}'

Length of output: 180

🏁 Script executed:

#!/bin/bash

# Examine the actual changes in the files mentioned
echo "=== Full content of manage.py ==="
cat manage.py

echo -e "\n=== Full content of website/templates/account/login.html ==="
cat website/templates/account/login.html

echo -e "\n=== Allauth-related settings in blt/settings.py ==="
cat blt/settings.py | grep -A 5 -B 5 "ACCOUNT_"

Length of output: 15833

🏁 Script executed:

#!/bin/bash

# Find existing login/authentication tests
echo "=== Finding authentication/login tests ==="
fd -e py test | xargs rg -l "login|authentication|allauth" -i

echo -e "\n=== Checking for existing login test implementations ==="
fd -e py test | xargs rg -n -B 2 -A 10 "def test.*login" -i

Length of output: 3964

🏁 Script executed:

#!/bin/bash

# Check for existing dotenv usage and environment variable patterns
echo "=== Checking dotenv usage in the codebase ==="
rg -n "load_dotenv|python-dotenv" --type py

echo -e "\n=== Checking wsgi.py and asgi.py for environment setup ==="
fd -e py "wsgi|asgi" | xargs -I {} bash -c 'echo "File: {}" && cat {}'

Length of output: 1446

🏁 Script executed:

#!/bin/bash

# Check Docker/deployment files for environment variable handling
echo "=== Docker and deployment files ==="
fd -e yml -e yaml "docker-compose|docker" | xargs -I {} bash -c 'echo "File: {}" && cat {}'

echo -e "\n=== Check Dockerfile ==="
fd Dockerfile | xargs -I {} bash -c 'echo "File: {}" && cat {}'

echo -e "\n=== Check for deployment scripts ==="
fd deploy | xargs cat

Length of output: 5160

🏁 Script executed:

#!/bin/bash

# Check for other authentication backends and middleware
echo "=== Authentication backends in settings.py ==="
rg -n "AUTHENTICATION_BACKENDS" blt/settings.py -A 10

echo -e "\n=== Check for custom authentication views ==="
fd -e py views | xargs rg -n "LoginView|login" -A 5 -B 2

echo -e "\n=== Check urls.py for authentication patterns ==="
fd urls.py | xargs rg -n "account|login" -B 2 -A 2

Length of output: 8613

🏁 Script executed:

#!/bin/bash

# Check for existing error handling in forms
echo "=== Check for custom authentication forms ==="
fd -e py forms | xargs rg -n "LoginForm|AuthenticationForm" -A 10 -B 2

echo -e "\n=== Check for any custom allauth adapters ==="
rg -n "DefaultAccountAdapter|DefaultSocialAccountAdapter" --type py -A 5 -B 2

Length of output: 1184

🏁 Script executed:

#!/bin/bash

# Check pyproject.toml for django-allauth version
echo "=== pyproject.toml content ==="
cat pyproject.toml

Length of output: 3024

🏁 Script executed:

#!/bin/bash

# Check for .env.example and environment variable documentation
echo "=== .env.example file ==="
if [ -f .env.example ]; then
    cat .env.example
else
    echo "No .env.example found"
fi

echo -e "\n=== Check README for environment setup instructions ==="
cat README.md | grep -A 10 -B 2 -i "environment\|.env\|setup"

Length of output: 2269

🏁 Script executed:

#!/bin/bash

# Check if there are any existing users with duplicate emails
echo "=== Check for potential email uniqueness conflicts in models ==="
rg -n "email.*unique" --type py -B 2 -A 2

echo -e "\n=== Check User model and custom user models ==="
fd -e py models | xargs rg -n "class.*User" -A 15 | head -100

Length of output: 7220

🏁 Script executed:

#!/bin/bash

# Check the entrypoint script to see how environment variables are loaded in production
echo "=== Entrypoint script content ==="
cat scripts/entrypoint.sh

Length of output: 1247

🏁 Script executed:

#!/bin/bash

# Look for any existing login error handling tests
echo "=== Check for login error/validation tests ==="
fd -e py test | xargs rg -n "non_field_errors|invalid.*login|login.*error|authentication.*fail" -i -B 2 -A 5

Length of output: 46

🏁 Script executed:

#!/bin/bash

# Check if there's documentation about the issue being fixed
echo "=== Search for issue #4056 references ==="
rg -n "4056" --type md

echo -e "\n=== Check for any related comments in code ==="
rg -n "4056" --type py

Length of output: 89

🏁 Script executed:

#!/bin/bash

# Check if there are any duplicate emails in the database schema/migrations
echo "=== Check for email field constraints in auth.User ==="
python -c "
from django.contrib.auth.models import User
print('Django User model email field unique:', User._meta.get_field('email').unique)
print('Django User model email field blank:', User._meta.get_field('email').blank)
"

echo -e "\n=== Check for any migrations that might handle email uniqueness ==="
fd -e py . website/migrations | xargs rg -l "email.*unique" | head -10

Length of output: 243

🏁 Script executed:

#!/bin/bash

# Verify the allauth settings are properly configured
echo "=== Check all ACCOUNT_* settings in settings.py ==="
rg -n "^ACCOUNT_" blt/settings.py

echo -e "\n=== Check SOCIALACCOUNT_* settings ==="
rg -n "^SOCIALACCOUNT_" blt/settings.py

Length of output: 1026

🏁 Script executed:

#!/bin/bash

# Check if there are any custom login/authentication backends
echo "=== Check for custom authentication code ==="
rg -n "authenticate|login" website/views.py -B 2 -A 5 | head -50

echo -e "\n=== Check if there's a custom login view ==="
fd -e py . website/views | xargs rg -l "LoginView|login_view"

Length of output: 169

🏁 Script executed:

#!/bin/bash

# Check the exact formatting issue in login.html
echo "=== Check the non_field_errors section in login.html ==="
cat website/templates/account/login.html | grep -n -A 5 "non_field_errors"

Length of output: 691

🏁 Script executed:

#!/bin/bash

# Check if allauth has any custom configuration for error messages
echo "=== Check for allauth error message customization ==="
rg -n "ACCOUNT_.*ERROR|ACCOUNT_.*MESSAGE" blt/settings.py

echo -e "\n=== Check for custom error messages in templates ==="
fd login.html website/templates | xargs cat | grep -i "error\|invalid" | head -20

Length of output: 553

🏁 Script executed:

#!/bin/bash

# Check core.py for custom login views
echo "=== Check core.py for login views ==="
cat website/views/core.py | grep -n -B 5 -A 15 "login\|Login" | head -80

Length of output: 3576

🏁 Script executed:

#!/bin/bash

# Double-check the Django User model email field default configuration
echo "=== Check Django's default User model configuration ==="
rg -n "class User" --type py -A 20 | grep -B 5 -A 15 "email" | head -40

echo -e "\n=== Verify if BLT has any custom User model ==="
rg -n "AUTH_USER_MODEL" blt/settings.py

Length of output: 3261

🏁 Script executed:

#!/bin/bash

# Check if there are any data migrations or scripts that handle email uniqueness
echo "=== Check for email-related data migrations ==="
fd -e py . website/migrations | xargs rg -n "email" | grep -i "unique\|duplicate" | head -20

echo -e "\n=== Check for management commands related to email cleanup ==="
fd -e py . website/management/commands | xargs rg -l "email.*unique\|duplicate.*email" -i

Length of output: 111

🏁 Script executed:

#!/bin/bash

# Get the PR diff to see the exact changes
echo "=== Check what the actual change looks like in login.html (around the + character) ==="
cat website/templates/account/login.html | sed -n '55,65p'

Length of output: 728

@arnavkirti, I've completed a comprehensive end-to-end review of this PR. Here's my detailed analysis:

✅ Login Flow & Error Display

The login flow changes are correctly implemented:

ACCOUNT_AUTHENTICATION_METHOD = "username_email" enables login with either username or email
The template correctly displays non-field errors in a styled alert box
The label change from "Username" to "Username or Email" accurately reflects the functionality

🐛 Critical Issue Found - Template Formatting Error:

Line 60 in login.html contains a stray + character that will be rendered in the UI:

<strong class="font-bold">Error:</strong>
+           <span class="block sm:inline mt-1">{{ form.non_field_errors|striptags }}</span>

Fix required:

-                            +           <span class="block sm:inline mt-1">{{ form.non_field_errors|striptags }}</span>
+                            <span class="block sm:inline mt-1">{{ form.non_field_errors|striptags }}</span>

✅ Django-allauth Settings Compatibility

The allauth configuration is fully compatible with version 65.13.1:

✓ ACCOUNT_AUTHENTICATION_METHOD = "username_email" - Standard allauth setting
✓ ACCOUNT_UNIQUE_EMAIL = True - Enforces email uniqueness at the application layer
✓ Compatible with existing AUTHENTICATION_BACKENDS
✓ Works alongside existing account settings

⚠️ Important Note on Email Uniqueness:

ACCOUNT_UNIQUE_EMAIL = True enforces uniqueness at the allauth level, not as a database constraint. This means:

New signups will be rejected if email already exists
Profile updates will validate email uniqueness
Existing duplicate emails (if any) won't cause errors but should be cleaned up

Recommendation: Before deploying, run a query to check for duplicate emails:

from django.contrib.auth.models import User
from django.db.models import Count
duplicates = User.objects.values('email').annotate(count=Count('email')).filter(count__gt=1, email__isnull=False).exclude(email='')

✅ Dotenv Loading Architecture - Safe for All Environments

The dotenv loading in manage.py is correctly implemented and safe:

Development (local):

manage.py loads .env via load_dotenv() ✓
CLI commands work correctly ✓

Production/Docker:

docker-compose.yml uses env_file: .env to inject environment variables into containers ✓
wsgi.py and asgi.py correctly don't load dotenv - they rely on externally provided environment variables ✓
Gunicorn/uvicorn servers receive env vars from the container environment ✓

Why this is correct:

In production, environment variables should be provided by the deployment platform (Docker, Kubernetes, cloud providers)
WSGI/ASGI servers don't need dotenv - they inherit env vars from the parent process
manage.py commands executed in Docker use the container's environment (from env_file)

This follows the 12-factor app methodology correctly.

⚠️ Missing Tests - Critical Gap

While existing login tests exist, there's no test coverage for the new error display feature.

Recommended tests to add:

# In website/tests/test_main.py or a new test file

def test_login_with_invalid_username_shows_error(self):
    """Test that invalid username displays non-field error"""
    response = self.client.post('/accounts/login/', {
        'login': 'nonexistent_user',
        'password': 'wrongpassword'
    })
    self.assertContains(response, 'non_field_errors')
    # Verify error message is displayed

def test_login_with_invalid_email_shows_error(self):
    """Test that invalid email displays non-field error"""
    response = self.client.post('/accounts/login/', {
        'login': '[email protected]',
        'password': 'wrongpassword'
    })
    self.assertContains(response, 'non_field_errors')

def test_login_with_email_success(self):
    """Test successful login using email instead of username"""
    user = User.objects.create_user('testuser', '[email protected]', 'password123')
    EmailAddress.objects.create(user=user, email='[email protected]', verified=True, primary=True)
    
    response = self.client.post('/accounts/login/', {
        'login': '[email protected]',
        'password': 'password123'
    })
    self.assertEqual(response.status_code, 302)  # Redirect on success

def test_login_with_username_success(self):
    """Test successful login using username (existing functionality)"""
    # Ensure username login still works
    user = User.objects.create_user('testuser', '[email protected]', 'password123')
    EmailAddress.objects.create(user=user, email='[email protected]', verified=True, primary=True)
    
    response = self.client.post('/accounts/login/', {
        'login': 'testuser',
        'password': 'password123'
    })
    self.assertEqual(response.status_code, 302)

📋 Summary

Aspect	Status	Notes
Login flow (username/email)	✅ Correct	Properly configured
Allauth settings compatibility	✅ Compatible	Version 65.13.1
Error display UI	⚠️ Has Bug	Remove `+` character on line 60
Dotenv architecture	✅ Safe	Correct for all environments
Test coverage	❌ Missing	Add error display tests
Email uniqueness	⚠️ Verify	Check for existing duplicates

🎯 Action Items

Fix the template formatting - Remove the + character from line 60
Add test coverage for error message display and email-based login
Verify no duplicate emails exist in the database before deployment
Consider adding a data migration or management command to clean up duplicates if found

The overall approach is sound and the architecture choices are correct. Once the formatting issue is fixed and tests are added, this will be ready to merge! 🚀

arnavkirti

Please address the issues pointed out by coderabbitai.

blt/settings.py

coderabbitai

Actionable comments posted: 2

🧹 Nitpick comments (1)

website/tests/test_deduplicate_emails.py (1)
53-53: QuerySet evaluated multiple times — cache to reduce DB round-trips.

delete_email_addresses is iterated three times (lines 61, 86, 99) and then deleted (line 120), causing 4 separate DB queries per duplicate email. Convert to a list once:
🔎 Suggested fix:
-                delete_email_addresses = email_addresses.exclude(pk=keep_email_address.pk)
+                delete_email_addresses = list(email_addresses.exclude(pk=keep_email_address.pk))
Then update line 120 to delete by PKs:
-                deleted_count, _ = delete_email_addresses.delete()
+                delete_pks = [ea.pk for ea in delete_email_addresses]
+                deleted_count, _ = EmailAddress.objects.filter(pk__in=delete_pks).delete()

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Knowledge base: Disabled due to Reviews -> Disable Knowledge Base setting

📥 Commits

Reviewing files that changed from the base of the PR and between 2fff952 and 5d11dd0.

📒 Files selected for processing (1)

website/tests/test_deduplicate_emails.py (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

GitHub Check: Run Tests
GitHub Check: Analyze (actions)
GitHub Check: docker-test

🔇 Additional comments (1)

website/tests/test_deduplicate_emails.py (1)

17-128: Core deduplication logic is sound.

The ordering strategy (verified → primary → oldest pk), merging of verified/primary flags, and atomic transaction wrapper are well-designed. The edge case handling for orphaned emails (no user) and primary demotion is thorough.

One minor consistency note: lines 107 and 115 use keep_email_address.user while earlier code (line 72) assigns user_id. This works but incurs an extra DB fetch; consider using user_id=keep_email_address.user_id in the filter for consistency.

website/management/commands/deduplicate_emails.py

coderabbitai

Actionable comments posted: 2

♻️ Duplicate comments (1)

website/management/commands/deduplicate_emails.py (1)

34-36: Email addresses logged directly — potential PII compliance concern.

Raw email addresses are output throughout this command (lines 36, 46, 68, 77, 89, 102, 123). If stdout is captured to logs in production, this may violate GDPR/CCPA. Consider masking emails or logging only record IDs.

🧹 Nitpick comments (2)

website/management/commands/deduplicate_emails.py (2)
1-9: Remove unused logger or use it consistently.

The logger is instantiated but never used; all output goes through self.stdout.write. Either remove the unused import and variable, or use the logger for structured logging alongside stdout messages.
🔎 Remove unused logger:
-import logging
-
 from allauth.account.models import EmailAddress
 from django.contrib.auth import get_user_model
 from django.core.management.base import BaseCommand
 from django.db import models, transaction

-logger = logging.getLogger(__name__)
 User = get_user_model()
34-34: Consider per-email atomic blocks for partial progress.

The current design wraps all processing in a single transaction. If an error occurs on the last email, all prior work is rolled back. For large datasets, consider per-email atomic blocks to allow partial progress and more accurate success/failure reporting.
🔎 Per-email atomic blocks:
-with transaction.atomic():
-    for email in duplicate_emails:
+for email in duplicate_emails:
+    try:
+        with transaction.atomic():
             # ... existing processing logic ...
+    except Exception as e:
+        self.stdout.write(
+            self.style.ERROR(f'Failed to process "{email}": {e}')
+        )
+        continue

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Knowledge base: Disabled due to Reviews -> Disable Knowledge Base setting

📥 Commits

Reviewing files that changed from the base of the PR and between 5d11dd0 and ceea139.

📒 Files selected for processing (1)

website/management/commands/deduplicate_emails.py (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

GitHub Check: Run Tests
GitHub Check: docker-test

🔇 Additional comments (3)

website/management/commands/deduplicate_emails.py (3)

38-53: LGTM — sensible selection criteria.

The ordering by (-verified, -primary, pk) correctly prioritizes verified and primary addresses, falling back to the oldest record. This is a reasonable strategy for choosing the canonical email.

55-82: Good defensive handling for orphaned email records.

The fallback logic to find a user from duplicates and the skip-on-failure path prevents data corruption when encountering EmailAddress records without associated users.

84-117: Verified/primary merging logic is sound.

The flag propagation correctly preserves verification status from any duplicate and properly demotes other primary addresses for the same user before promotion.

website/management/commands/deduplicate_emails.py

coderabbitai

Actionable comments posted: 3

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Knowledge base: Disabled due to Reviews -> Disable Knowledge Base setting

📥 Commits

Reviewing files that changed from the base of the PR and between ceea139 and 581f41d.

📒 Files selected for processing (1)

website/management/commands/deduplicate_emails.py (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

GitHub Check: Run Tests
GitHub Check: docker-test

🔇 Additional comments (4)

website/management/commands/deduplicate_emails.py (4)

13-24: LGTM — PII masking implementation is solid.

The mask_email helper correctly addresses the PII logging concern from previous reviews. Edge cases (empty string, missing @, single-character local parts) are handled appropriately.

37-44: LGTM — Duplicate detection correctly handles case-insensitive emails.

The query properly uses Lower("email") to normalize case before grouping, ensuring "[email protected]" and "[email protected]" are detected as duplicates. This addresses the case-sensitivity concern from previous reviews.

52-52: Transaction wraps entire command, not individual emails.

The transaction.atomic() at line 52 ensures the entire command's changes are atomic — either all emails are deduplicated successfully or none are (on unhandled exceptions). However, continue statements (lines 101, 152, 162) don't rollback; modifications made before skipping (e.g., user assignment at line 92) remain in the transaction and commit if the command completes.

This is appropriate for maintaining consistency across the full deduplication run, but it means the ordering of checks is critical to avoid partial modifications when skipping problematic emails.

164-171: LGTM — Deletion and logging are clean.

The deletion logic correctly uses the delete_email_addresses queryset (excludes keeper), captures the deletion count, and logs a clear success message with masked email for PII protection.

website/management/commands/deduplicate_emails.py

coderabbitai · 2025-12-18T14:18:32Z

✅ Actions performed

Initiated docstring generation; will generate only if new commits exist.

coderabbitai · 2025-12-18T14:18:34Z

Note

Docstrings generation - SUCCESS
Generated docstrings for this pull request at #5343

@armanraymagit

Docstrings generation was requested by @armanraymagit. * #5329 (comment) The following files were modified: * `manage.py` * `website/management/commands/deduplicate_emails.py` * `website/tests/test_login.py`

armanraymagit added 5 commits December 16, 2025 16:47

Fixed PostgreSQL ValueError by loading env variables in manage.py

017cdb8

Merge branch 'main' into fix/manage-py-postgres-valueerror

33ff25b

message

c1f079d

commit message

d991515

Fix OWASP-BLT#4056 : improve login error handling and allauth config

75a65f8

github-project-automation bot added this to 📌 OWASP BLT Project Board Dec 17, 2025

github-project-automation bot moved this to Backlog in 📌 OWASP BLT Project Board Dec 17, 2025

github-actions bot added the files-changed: 3 PR changes 3 files label Dec 17, 2025

github-actions bot added the needs-peer-review PR needs peer review label Dec 17, 2025

github-actions bot added the pre-commit: passed Pre-commit checks passed label Dec 17, 2025

coderabbitai bot added the quality: medium label Dec 17, 2025

coderabbitai bot requested changes Dec 17, 2025

View reviewed changes

blt/settings.py Outdated Show resolved Hide resolved

github-project-automation bot moved this from Backlog to Ready in 📌 OWASP BLT Project Board Dec 17, 2025

github-actions bot added the tests: passed Django tests passed label Dec 17, 2025

Fix OWASP-BLT#4056 : improve login error handling and allauth config

5409fbc

github-actions bot added the changes-requested PR has requested changes from a reviewer label Dec 17, 2025

github-actions bot added pre-commit: failed Pre-commit checks failed and removed pre-commit: passed Pre-commit checks passed labels Dec 17, 2025

sentry bot reviewed Dec 17, 2025

View reviewed changes

blt/settings.py Outdated

"NAME": ":memory:",

}

ACCOUNT_AUTHENTICATION_METHOD = "username_email"

This comment was marked as outdated.

Sign in to view

Fix OWASP-BLT#4056 : improve login error handling and allauth config

d73ef16

github-actions bot added pre-commit: passed Pre-commit checks passed and removed pre-commit: failed Pre-commit checks failed labels Dec 17, 2025

arnavkirti suggested changes Dec 17, 2025

View reviewed changes

Fix OWASP-BLT#4056 : improve login error handling and allauth config

2f4d296

github-actions bot added tests: failed Django tests failed and removed tests: passed Django tests passed labels Dec 18, 2025

Account-authentication-change

5d11dd0

github-actions bot added changes-requested PR has requested changes from a reviewer files-changed: 5 PR changes 5 files and removed files-changed: 4 PR changes 4 files labels Dec 18, 2025

sentry bot reviewed Dec 18, 2025

View reviewed changes

blt/settings.py Show resolved Hide resolved

coderabbitai bot requested changes Dec 18, 2025

View reviewed changes

website/management/commands/deduplicate_emails.py Show resolved Hide resolved

website/management/commands/deduplicate_emails.py Outdated Show resolved Hide resolved

Account-authentication-change

ceea139

coderabbitai bot requested changes Dec 18, 2025

View reviewed changes

website/management/commands/deduplicate_emails.py Outdated Show resolved Hide resolved

website/management/commands/deduplicate_emails.py Show resolved Hide resolved

github-actions bot added tests: passed Django tests passed and removed tests: failed Django tests failed labels Dec 18, 2025

Account-authentication-change

581f41d

coderabbitai bot requested changes Dec 18, 2025

View reviewed changes

website/management/commands/deduplicate_emails.py Outdated Show resolved Hide resolved

website/management/commands/deduplicate_emails.py Show resolved Hide resolved

website/management/commands/deduplicate_emails.py Show resolved Hide resolved

Account-authentication-change

ac9259d

coderabbitai bot mentioned this pull request Dec 18, 2025

📝 Add docstrings to fix-4056-allauth-login #5343

Open

Account-authentication-change

2938f37

github-actions bot added files-changed: 7 PR changes 7 files and removed files-changed: 5 PR changes 5 files labels Dec 18, 2025

coderabbitai bot approved these changes Dec 18, 2025

View reviewed changes

github-actions bot added the last-active: 0d PR last updated 0 days ago label Dec 19, 2025

armanraymagit closed this Dec 19, 2025

github-project-automation bot moved this from Ready to Done in 📌 OWASP BLT Project Board Dec 19, 2025

armanraymagit reopened this Dec 19, 2025

github-project-automation bot moved this from Done to Ready in 📌 OWASP BLT Project Board Dec 19, 2025

github-actions bot removed last-active: 0d PR last updated 0 days ago changes-requested PR has requested changes from a reviewer labels Dec 19, 2025

Uh oh!

fix 4056 Enable username-or-email login via allauth configuration and template updates #5329

Are you sure you want to change the base?

fix 4056 Enable username-or-email login via allauth configuration and template updates #5329

Uh oh!

Conversation

armanraymagit commented Dec 17, 2025 • edited by coderabbitai bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Summary by CodeRabbit

Uh oh!

github-actions bot commented Dec 17, 2025

Uh oh!

coderabbitai bot commented Dec 17, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Walkthrough

Changes

Estimated code review effort

Pre-merge checks and finishing touches

Uh oh!

github-actions bot commented Dec 17, 2025

📊 Monthly Leaderboard

Uh oh!

coderabbitai bot left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

github-actions bot commented Dec 17, 2025

❌ Pre-commit checks failed

Uh oh!

This comment was marked as outdated.

Uh oh!

arnavkirti commented Dec 17, 2025

Uh oh!

coderabbitai bot commented Dec 17, 2025

✅ Login Flow & Error Display

✅ Django-allauth Settings Compatibility

✅ Dotenv Loading Architecture - Safe for All Environments

⚠️ Missing Tests - Critical Gap

📋 Summary

🎯 Action Items

Uh oh!

arnavkirti left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

coderabbitai bot left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

coderabbitai bot left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

coderabbitai bot left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

coderabbitai bot commented Dec 18, 2025

Uh oh!

coderabbitai bot commented Dec 18, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

armanraymagit commented Dec 17, 2025 •

edited by coderabbitai bot

Loading

coderabbitai bot commented Dec 17, 2025 •

edited

Loading

coderabbitai bot commented Dec 18, 2025 •

edited

Loading