Thanks to visit codestin.com
Credit goes to github.com

Skip to content

fix 4056 Enable username-or-email login via allauth configuration and template updates #5329

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
armanraymagit wants to merge 24 commits into
base: main
Choose a base branch
from
Open

fix 4056 Enable username-or-email login via allauth configuration and template updates #5329

armanraymagit wants to merge 24 commits into from
+342 −3

Conversation

@armanraymagit
Copy link

@armanraymagit armanraymagit commented Dec 17, 2025
edited by coderabbitai bot
Loading

Fixes #4056

Summary by CodeRabbit

  • New Features

    • Users can log in with username or email; login label updated and non-field errors display as clear alert.

  • Tests

    • Added comprehensive tests for username/email login, case/whitespace handling, redirects, unverified emails, and error UI.

  • Chores

    • Added a management command to deduplicate email records.
    • Environment variables are loaded at startup.

  • Config

    • Email uniqueness enforced; note: existing duplicate emails should be resolved before enabling.

✏️ Tip: You can customize this high-level summary in your review settings.

@github-actions github-actions bot added the files-changed: 3 PR changes 3 files label Dec 17, 2025
@github-actions
Copy link
Contributor

github-actions bot commented Dec 17, 2025

👋 Hi @armanraymagit!

This pull request needs a peer review before it can be merged. Please request a review from a team member who is not:

  • The PR author
  • DonnieBLT
  • coderabbitai
  • copilot

Once a valid peer review is submitted, this check will pass automatically. Thank you!

@github-actions github-actions bot added the needs-peer-review PR needs peer review label Dec 17, 2025
@coderabbitai
Copy link
Contributor

coderabbitai bot commented Dec 17, 2025
edited
Loading

Walkthrough

Adds Allauth settings for username-or-email login and unique emails, loads environment variables in a new manage.py main(), updates login template to show non-field errors and relabel the login field, adds extensive login tests, and introduces a management command to deduplicate EmailAddress records.

Changes

Cohort / File(s) Summary
Configuration
blt/settings.py		 Added Allauth constants: ACCOUNT_LOGIN_METHODS = {"username", "email"}, ACCOUNT_UNIQUE_EMAIL = True, and ACCOUNT_FORMS = {"signup": "website.forms.SignupFormWithCaptcha"} with cautionary comments about deduplicating emails.
Startup / Env
manage.py		 Added main() which calls load_dotenv() before setting DJANGO_SETTINGS_MODULE and executing management commands; if __name__ == "__main__" now calls main().
Login template
website/templates/account/login.html		 Split template tag loads into {% load account %} and {% load socialaccount %}, render form.non_field_errors in an alert block, and change the username label to "Username or Email".
Login tests
website/tests/test_login.py		 New LoginTestCase with many tests covering invalid credentials, username/email login success, case-insensitive email, whitespace trimming, unverified email behavior, next redirect handling, empty-field cases, page rendering, and error alert styling.
Email deduplication command
website/management/commands/deduplicate_emails.py		 New management command that finds case-insensitive duplicate EmailAddress records, selects a canonical record (preferring verified/primary), merges flags, prevents unsafe deletions (multiple users or leaving a user without addresses), and deletes duplicates inside transactions with masked logging.
Package markers
website/management/__init__.py, website/management/commands/__init__.py		 Added package init files with explanatory comments to mark directories as Python packages.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~30 minutes

  • Inspect merging strategy, user propagation, and flag promotion/demotion in website/management/commands/deduplicate_emails.py (transaction boundaries, integrity checks, and logging/masking).
  • Verify interplay of ACCOUNT_LOGIN_METHODS, ACCOUNT_UNIQUE_EMAIL, and ACCOUNT_FORMS with existing authentication backends and any database constraints or required data migrations.
  • Review website/tests/test_login.py for setup assumptions around EmailAddress creation/verification and ensure tests correctly reflect production behavior.
  • Confirm load_dotenv() placement in manage.py does not conflict with deployment environment expectations or other startup code.

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)
Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 15.00% which is insufficient. The required threshold is 80.00%. You can run @coderabbitai generate docstrings to improve docstring coverage.
✅ Passed checks (4 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The PR title clearly identifies the main change: enabling username-or-email login via allauth configuration and template updates, which directly addresses issue #4056.
Linked Issues check ✅ Passed All coding requirements from issue #4056 are met: username-or-email login enabled via ACCOUNT_AUTHENTICATION_METHOD setting, error messages displayed on incorrect credentials via template updates, and allauth configuration properly adjusted.
Out of Scope Changes check ✅ Passed All changes align with issue #4056 requirements. Changes include: settings configuration for allauth, template updates for error display and label, environment loading via dotenv in manage.py for local development, and comprehensive test coverage for login scenarios.
✨ Finishing touches
  • 📝 Generate docstrings
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
📜 Recent review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Knowledge base: Disabled due to Reviews -> Disable Knowledge Base setting

📥 Commits

Reviewing files that changed from the base of the PR and between 581f41d and 2938f37.

📒 Files selected for processing (4)
  • blt/settings.py (2 hunks)
  • website/management/__init__.py (1 hunks)
  • website/management/commands/__init__.py (1 hunks)
  • website/management/commands/deduplicate_emails.py (1 hunks)
✅ Files skipped from review due to trivial changes (2)
  • website/management/init.py
  • website/management/commands/init.py
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)
  • GitHub Check: Run Tests
  • GitHub Check: docker-test
🔇 Additional comments (5)
blt/settings.py (1)

365-380: LGTM! Modern allauth API and prudent pre-deployment guidance.

The changes correctly use ACCOUNT_LOGIN_METHODS = {"username", "email"} (the current django-allauth 65.13.1+ API) and provide clear documentation about running the deduplication command before enabling ACCOUNT_UNIQUE_EMAIL. This approach ensures a smooth deployment without constraint violations.

website/management/commands/deduplicate_emails.py (4)

1-24: LGTM! Proper PII protection.

The mask_email helper correctly prevents exposure of sensitive email addresses in logs and command output, addressing privacy and compliance concerns (GDPR/CCPA).

35-50: LGTM! Case-insensitive duplicate detection.

The use of Lower("email") ensures that case variants (e.g., "[email protected]" and "[email protected]") are correctly identified as duplicates, addressing the case-sensitivity mismatch concern from previous reviews.

52-69: LGTM! Proper ordering prioritizes records with users.

The user_present annotation ensures that EmailAddress records linked to a user are preferred as the keeper over orphaned records (user=None), addressing the concern about corrupt orphaned data being selected.

162-179: LGTM! Proper last-email protection and deletion.

The check at line 164 correctly prevents deleting a user's last email address by comparing total count to delete count. The deletion logic is straightforward and safe.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@github-actions
Copy link
Contributor

github-actions bot commented Dec 17, 2025

📊 Monthly Leaderboard

Hi @armanraymagit! Here's how you rank for December 2025:

Rank User PRs Reviews Comments Total
#10 @Ankit-singh-dot 6 0 3 66
#11 @armanraymagit 5 0 0 50
#12 @dRaniwal 1 3 14 50

Leaderboard based on contributions in December 2025. Keep up the great work! 🚀

@github-actions github-actions bot added the pre-commit: passed Pre-commit checks passed label Dec 17, 2025
coderabbitai[bot]
coderabbitai bot requested changes Dec 17, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🧹 Nitpick comments (1)
manage.py (1)

6-15: Consider moving the dotenv import to top-level.

The import of load_dotenv is inside the main() function. Per PEP 8, imports should typically be at the top of the file unless there's a specific reason (e.g., avoiding circular imports or optional dependencies).

Apply this diff to move the import to the top:

 #!/usr/bin/env python
 import os
 import sys
+from dotenv import load_dotenv

 
 def main():
-    from dotenv import load_dotenv
-
     load_dotenv()
 
     os.environ.setdefault("DJANGO_SETTINGS_MODULE", "blt.settings")
📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Knowledge base: Disabled due to Reviews -> Disable Knowledge Base setting

📥 Commits

Reviewing files that changed from the base of the PR and between cd7312d and 75a65f8.

📒 Files selected for processing (3)
  • blt/settings.py (1 hunks)
  • manage.py (1 hunks)
  • website/templates/account/login.html (3 hunks)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)
  • GitHub Check: Run Tests
  • GitHub Check: docker-test
🔇 Additional comments (4)
manage.py (1)

18-19: LGTM!

The refactoring to call main() within the if __name__ == "__main__": guard is clean and follows Python best practices.

blt/settings.py (1)

365-372: LGTM!

The django-allauth configuration is well-structured:

  • Requires both username and email during signup
  • Enforces email uniqueness
  • Requires mandatory email verification

This configuration aligns with the PR objectives and provides a secure authentication setup.

website/templates/account/login.html (2)

5-6: LGTM!

Splitting the load tags into separate lines is fine and may improve readability, though functionally equivalent to the single-line version.

71-71: LGTM!

The label change to "Username or Email" correctly reflects the ACCOUNT_AUTHENTICATION_METHOD = "username_email" configuration in settings.py and improves user clarity.

@github-project-automation github-project-automation bot moved this from Backlog to Ready in 📌 OWASP BLT Project Board Dec 17, 2025
@github-actions github-actions bot added the tests: passed Django tests passed label Dec 17, 2025
@github-actions github-actions bot added the changes-requested PR has requested changes from a reviewer label Dec 17, 2025
@github-actions
Copy link
Contributor

github-actions bot commented Dec 17, 2025

❌ Pre-commit checks failed

The pre-commit hooks found issues that need to be fixed. Please run the following commands locally to fix them:

# Install pre-commit if you haven't already
pip install pre-commit

# Run pre-commit on all files
pre-commit run --all-files

# Or run pre-commit on staged files only
pre-commit run

After running these commands, the pre-commit hooks will automatically fix most issues.
Please review the changes, commit them, and push to your branch.

💡 Tip: You can set up pre-commit to run automatically on every commit by running:

pre-commit install
Pre-commit output 
[INFO] Initializing environment for https://github.com/pre-commit/pre-commit-hooks.
[WARNING] repo `https://github.com/pre-commit/pre-commit-hooks` uses deprecated stage names (commit, push) which will be removed in a future version.  Hint: often `pre-commit autoupdate --repo https://github.com/pre-commit/pre-commit-hooks` will fix this.  if it does not -- consider reporting an issue to that repo.
[INFO] Initializing environment for https://github.com/pycqa/isort.
[WARNING] repo `https://github.com/pycqa/isort` uses deprecated stage names (commit, merge-commit, push) which will be removed in a future version.  Hint: often `pre-commit autoupdate --repo https://github.com/pycqa/isort` will fix this.  if it does not -- consider reporting an issue to that repo.
[INFO] Initializing environment for https://github.com/astral-sh/ruff-pre-commit.
[INFO] Initializing environment for https://github.com/djlint/djLint.
[INFO] Initializing environment for local.
[INFO] Installing environment for https://github.com/pre-commit/pre-commit-hooks.
[INFO] Once installed this environment will be reused.
[INFO] This may take a few minutes...
[INFO] Installing environment for https://github.com/pycqa/isort.
[INFO] Once installed this environment will be reused.
[INFO] This may take a few minutes...
[INFO] Installing environment for https://github.com/astral-sh/ruff-pre-commit.
[INFO] Once installed this environment will be reused.
[INFO] This may take a few minutes...
[INFO] Installing environment for https://github.com/djlint/djLint.
[INFO] Once installed this environment will be reused.
[INFO] This may take a few minutes...
[INFO] Installing environment for local.
[INFO] Once installed this environment will be reused.
[INFO] This may take a few minutes...
check python ast.........................................................Passed
check builtin type constructor use.......................................Passed
check yaml...............................................................Passed
fix python encoding pragma...............................................Passed
mixed line ending........................................................Passed
isort....................................................................Passed
ruff.....................................................................Passed
ruff-format..............................................................Passed
djLint linting...........................................................Failed
- hook id: djlint
- exit code: 1
- files were modified by this hook

Reformatting and Linting 0/66 files ┈┈┈┈┈┈┈┈┈┈ 00:00    
Reformatting and Linting 1/66 files ┈┈┈┈┈┈┈┈┈┈ 00:00    
Reformatting and Linting 2/66 files ┈┈┈┈┈┈┈┈┈┈ 00:00    
Reformatting and Linting 4/66 files ┈┈┈┈┈┈┈┈┈┈ 00:01    
Reformatting and Linting 5/66 files ┈┈┈┈┈┈┈┈┈┈ 00:01    
Reformatting and Linting 6/66 files ┈┈┈┈┈┈┈┈┈┈ 00:01    
Reformatting and Linting 7/66 files ━┈┈┈┈┈┈┈┈┈ 00:02    
Reformatting and Linting 8/66 files ━┈┈┈┈┈┈┈┈┈ 00:02    
Reformatting and Linting 10/66 files ━┈┈┈┈┈┈┈┈┈ 00:02    
Reformatting and Linting 11/66 files ━┈┈┈┈┈┈┈┈┈ 00:03    
Reformatting and Linting 12/66 files ━┈┈┈┈┈┈┈┈┈ 00:03    
Reformatting and Linting 13/66 files ━┈┈┈┈┈┈┈┈┈ 00:05    
Reformatting and Linting 15/66 files ━━┈┈┈┈┈┈┈┈ 00:05    
Reformatting and Linting 17/66 files ━━┈┈┈┈┈┈┈┈ 00:05    
Reformatting and Linting 19/66 files ━━┈┈┈┈┈┈┈┈ 00:05    
Reformatting and Linting 20/66 files ━━━┈┈┈┈┈┈┈ 00:05    
Reformatting and Linting 22/66 files ━━━┈┈┈┈┈┈┈ 00:05    
Reformatting and Linting 23/66 files ━━━┈┈┈┈┈┈┈ 00:05    
Reformatting and Linting 25/66 files ━━━┈┈┈┈┈┈┈ 00:06    
Reformatting and Linting 26/66 files ━━━┈┈┈┈┈┈┈ 00:06    
Reformatting and Linting 27/66 files ━━━━┈┈┈┈┈┈ 00:06    
Reformatting and Linting 29/66 files ━━━━┈┈┈┈┈┈ 00:07    
Reformatting and Linting 31/66 files ━━━━┈┈┈┈┈┈ 00:07    
Reformatting and Linting 33/66 files ━━━━━┈┈┈┈┈ 00:07    
Reformatting and Linting 35/66 files ━━━━━┈┈┈┈┈ 00:07    
Reformatting and Linting 37/66 files ━━━━━┈┈┈┈┈ 00:08    
Reformatting and Linting 38/66 files ━━━━━┈┈┈┈┈ 00:08    
Reformatting and Linting 40/66 files ━━━━━━┈┈┈┈ 00:09    
Reformatting and Linting 41/66 files ━━━━━━┈┈┈┈ 00:09    
Reformatting and Linting 43/66 files ━━━━━━┈┈┈┈ 00:09    
Reformatting and Linting 44/66 files ━━━━━━┈┈┈┈ 00:10    
Reformatting and Linting 46/66 files ━━━━━━┈┈┈┈ 00:10    
Reformatting and Linting 48/66 files ━━━━━━━┈┈┈ 00:10    
Reformatting and Linting 50/66 files ━━━━━━━┈┈┈ 00:10    
Reformatting and Linting 52/66 files ━━━━━━━┈┈┈ 00:10    
Reformatting and Linting 55/66 files ━━━━━━━━┈┈ 00:11    
Reformatting and Linting 57/66 files ━━━━━━━━┈┈ 00:11    
Reformatting and Linting 59/66 files ━━━━━━━━┈┈ 00:11    
Reformatting and Linting 61/66 files ━━━━━━━━━┈ 00:12    
Reformatting and Linting 62/66 files ━━━━━━━━━┈ 00:12    
Reformatting and Linting 63/66 files ━━━━━━━━━┈ 00:12    
Reformatting and Linting 65/66 files ━━━━━━━━━┈ 00:15    
Reformatting and Linting 66/66 files ━━━━━━━━━━ 00:18    
                                                         

Reformatting and Linting 66/66 files ━━━━━━━━━━ 00:18    
Reformatting and Linting 66/66 files ━━━━━━━━━━ 00:18    


0 files were updated.
Linted 66 files, found 0 errors.



Reformatting and Linting 0/66 files ┈┈┈┈┈┈┈┈┈┈ 00:00    
Reformatting and Linting 1/66 files ┈┈┈┈┈┈┈┈┈┈ 00:00    
Reformatting and Linting 2/66 files ┈┈┈┈┈┈┈┈┈┈ 00:00    
Reformatting and Linting 3/66 files ┈┈┈┈┈┈┈┈┈┈ 00:01    
Reformatting and Linting 4/66 files ┈┈┈┈┈┈┈┈┈┈ 00:01    
Reformatting and Linting 5/66 files ┈┈┈┈┈┈┈┈┈┈ 00:01    
Reformatting and Linting 6/66 files ┈┈┈┈┈┈┈┈┈┈ 00:01    
Reformatting and Linting 7/66 files ━┈┈┈┈┈┈┈┈┈ 00:02    
Reformatting and Linting 8/66 files ━┈┈┈┈┈┈┈┈┈ 00:02    
Reformatting and Linting 9/66 files ━┈┈┈┈┈┈┈┈┈ 00:03    
Reformatting and Linting 11/66 files ━┈┈┈┈┈┈┈┈┈ 00:04    
Reformatting and Linting 13/66 files ━┈┈┈┈┈┈┈┈┈ 00:04    
Reformatting and Linting 14/66 files ━━┈┈┈┈┈┈┈┈ 00:04    
Reformatting and Linting 17/66 files ━━┈┈┈┈┈┈┈┈ 00:04    
Reformatting and Linting 18/66 files ━━┈┈┈┈┈┈┈┈ 00:06    
Reformatting and Linting 19/66 files ━━┈┈┈┈┈┈┈┈ 00:06    
Reformatting and Linting 21/66 files ━━━┈┈┈┈┈┈┈ 00:07    
Reformatting and Linting 22/66 files ━━━┈┈┈┈┈┈┈ 00:07    
Reformatting and Linting 23/66 files ━━━┈┈┈┈┈┈┈ 00:08    
Reformatting and Linting 24/66 files ━━━┈┈┈┈┈┈┈ 00:08    
Reformatting and Linting 26/66 files ━━━┈┈┈┈┈┈┈ 00:09    
Reformatting and Linting 27/66 files ━━━━┈┈┈┈┈┈ 00:10    
Reformatting and Linting 28/66 files ━━━━┈┈┈┈┈┈ 00:10    
Reformatting and Linting 29/66 files ━━━━┈┈┈┈┈┈ 00:10    
Reformatting and Linting 30/66 files ━━━━┈┈┈┈┈┈ 00:10    
Reformatting and Linting 31/66 files ━━━━┈┈┈┈┈┈ 00:11    
Reformatting and Linting 33/66 files ━━━━━┈┈┈┈┈ 00:11    
Reformatting and Linting 34/66 files ━━━━━┈┈┈┈┈ 00:12    
Reformatting and Linting 36/66 files ━━━━━┈┈┈┈┈ 00:12    
Reformatting and Linting 37/66 files ━━━━━┈┈┈┈┈ 00:13    
Reformatting and Linting 38/66 files ━━━━━┈┈┈┈┈ 00:13    
Reformatting and Linting 39/66 files ━━━━━┈┈┈┈┈ 00:13    
Reformatting and Linting 41/66 files ━━━━━━┈┈┈┈ 00:13    
Reformatting and Linting 42/66 files ━━━━━━┈┈┈┈ 00:14    
Reformatting and Linting 44/66 files ━━━━━━┈┈┈┈ 00:14    
Reformatting and Linting 45/66 files ━━━━━━┈┈┈┈ 00:14    
Reformatting and Linting 48/66 files ━━━━━━━┈┈┈ 00:14    
Reformatting and Linting 50/66 files ━━━━━━━┈┈┈ 00:14    
Reformatting and Linting 52/66 files ━━━━━━━┈┈┈ 00:14    
Reformatting and Linting 54/66 files ━━━━━━━━┈┈ 00:14    
Reformatting and Linting 56/66 files ━━━━━━━━┈┈ 00:15    
Reformatting and Linting 58/66 files ━━━━━━━━┈┈ 00:15    
Reformatting and Linting 60/66 files ━━━━━━━━━┈ 00:15    
Reformatting and Linting 64/66 files ━━━━━━━━━┈ 00:15    
Reformatting and Linting 66/66 files ━━━━━━━━━━ 00:16    
                                                         

Reformatting and Linting 66/66 files ━━━━━━━━━━ 00:16    
Reformatting and Linting 66/66 files ━━━━━━━━━━ 00:16    


0 files were updated.
Linted 66 files, found 0 errors.



Reformatting and Linting 0/66 files ┈┈┈┈┈┈┈┈┈┈ 00:00    
Reformatting and Linting 1/66 files ┈┈┈┈┈┈┈┈┈┈ 00:01    
Reformatting and Linting 2/66 files ┈┈┈┈┈┈┈┈┈┈ 00:01    
Reformatting and Linting 4/66 files ┈┈┈┈┈┈┈┈┈┈ 00:01    
Reformatting and Linting 6/66 files ┈┈┈┈┈┈┈┈┈┈ 00:01    
Reformatting and Linting 9/66 files ━┈┈┈┈┈┈┈┈┈ 00:02    
Reformatting and Linting 12/66 files ━┈┈┈┈┈┈┈┈┈ 00:03    
Reformatting and Linting 14/66 files ━━┈┈┈┈┈┈┈┈ 00:03    
Reformatting and Linting 16/66 files ━━┈┈┈┈┈┈┈┈ 00:03    
Reformatting and Linting 17/66 files ━━┈┈┈┈┈┈┈┈ 00:04    
Reformatting and Linting 19/66 files ━━┈┈┈┈┈┈┈┈ 00:04    
Reformatting and Linting 21/66 files ━━━┈┈┈┈┈┈┈ 00:04    
Reformatting and Linting 22/66 files ━━━┈┈┈┈┈┈┈ 00:04    
Reformatting and Linting 23/66 files ━━━┈┈┈┈┈┈┈ 00:04    
Reformatting and Linting 24/66 files ━━━┈┈┈┈┈┈┈ 00:04    
Reformatting and Linting 25/66 files ━━━┈┈┈┈┈┈┈ 00:05    
Reformatting and Linting 26/66 files ━━━┈┈┈┈┈┈┈ 00:05    
Reformatting and Linting 27/66 files ━━━━┈┈┈┈┈┈ 00:05    
Reformatting and Linting 28/66 files ━━━━┈┈┈┈┈┈ 00:06    
Reformatting and Linting 29/66 files ━━━━┈┈┈┈┈┈ 00:06    
Reformatting and Linting 30/66 files ━━━━┈┈┈┈┈┈ 00:07    
Reformatting and Linting 31/66 files ━━━━┈┈┈┈┈┈ 00:07    
Reformatting and Linting 32/66 files ━━━━┈┈┈┈┈┈ 00:07    
Reformatting and Linting 33/66 files ━━━━━┈┈┈┈┈ 00:07    
Reformatting and Linting 34/66 files ━━━━━┈┈┈┈┈ 00:07    
Reformatting and Linting 35/66 files ━━━━━┈┈┈┈┈ 00:08    
Reformatting and Linting 36/66 files ━━━━━┈┈┈┈┈ 00:08    
Reformatting and Linting 37/66 files ━━━━━┈┈┈┈┈ 00:09    
Reformatting and Linting 38/66 files ━━━━━┈┈┈┈┈ 00:10    
Reformatting and Linting 40/66 files ━━━━━━┈┈┈┈ 00:10    
Reformatting and Linting 42/66 files ━━━━━━┈┈┈┈ 00:10    
Reformatting and Linting 44/66 files ━━━━━━┈┈┈┈ 00:10    
Reformatting and Linting 45/66 files ━━━━━━┈┈┈┈ 00:10    
Reformatting and Linting 48/66 files ━━━━━━━┈┈┈ 00:11    
Reformatting and Linting 50/66 files ━━━━━━━┈┈┈ 00:11    
Reformatting and Linting 51/66 files ━━━━━━━┈┈┈ 00:11    
Reformatting and Linting 52/66 files ━━━━━━━┈┈┈ 00:12    
Reformatting and Linting 53/66 files ━━━━━━━━┈┈ 00:12    
Reformatting and Linting 54/66 files ━━━━━━━━┈┈ 00:12    
Reformatting and Linting 55/66 files ━━━━━━━━┈┈ 00:12    
Reformatting and Linting 56/66 files ━━━━━━━━┈┈ 00:13    
Reformatting and Linting 58/66 files ━━━━━━━━┈┈ 00:13    
Reformatting and Linting 59/66 files ━━━━━━━━┈┈ 00:13    
Reformatting and Linting 60/66 files ━━━━━━━━━┈ 00:13    
Reformatting and Linting 61/66 files ━━━━━━━━━┈ 00:14    
Reformatting and Linting 62/66 files ━━━━━━━━━┈ 00:14    
Reformatting and Linting 63/66 files ━━━━━━━━━┈ 00:14    
Reformatting and Linting 64/66 files ━━━━━━━━━┈ 00:14    
Reformatting and Linting 66/66 files ━━━━━━━━━━ 00:16    
                                                         

Reformatting and Linting 66/66 files ━━━━━━━━━━ 00:16    
Reformatting and Linting 66/66 files ━━━━━━━━━━ 00:16    


website/templates/account/login.html
───────────────────────────────────────────────────────────────────────────────
@@ -57,9 +57,7 @@

                         <div class="bg-red-100 border-l-4 border-red-500 text-red-700 p-4 rounded"
                              role="alert">
                             <strong class="font-bold">Error:</strong>
-                    
-+           <span class="block sm:inline mt-1">{{ form.non_field_errors|striptags }}</span>
-        
+                            +           <span class="block sm:inline mt-1">{{ form.non_field_errors|striptags }}</span>
                         </div>
                     {% endif %}
                     {% if redirect_field_value %}

1 file was updated.
Linted 66 files, found 0 errors.



Reformatting and Linting 0/63 files ┈┈┈┈┈┈┈┈┈┈ 00:00    
Reformatting and Linting 1/63 files ┈┈┈┈┈┈┈┈┈┈ 00:00    
Reformatting and Linting 2/63 files ┈┈┈┈┈┈┈┈┈┈ 00:01    
Reformatting and Linting 3/63 files ┈┈┈┈┈┈┈┈┈┈ 00:01    
Reformatting and Linting 5/63 files ┈┈┈┈┈┈┈┈┈┈ 00:01    
Reformatting and Linting 6/63 files ┈┈┈┈┈┈┈┈┈┈ 00:02    
Reformatting and Linting 7/63 files ━┈┈┈┈┈┈┈┈┈ 00:02    
Reformatting and Linting 8/63 files ━┈┈┈┈┈┈┈┈┈ 00:03    
Reformatting and Linting 9/63 files ━┈┈┈┈┈┈┈┈┈ 00:03    
Reformatting and Linting 11/63 files ━┈┈┈┈┈┈┈┈┈ 00:03    
Reformatting and Linting 13/63 files ━━┈┈┈┈┈┈┈┈ 00:04    
Reformatting and Linting 15/63 files ━━┈┈┈┈┈┈┈┈ 00:04    
Reformatting and Linting 16/63 files ━━┈┈┈┈┈┈┈┈ 00:04    
Reformatting and Linting 18/63 files ━━┈┈┈┈┈┈┈┈ 00:04    
Reformatting and Linting 19/63 files ━━━┈┈┈┈┈┈┈ 00:05    
Reformatting and Linting 21/63 files ━━━┈┈┈┈┈┈┈ 00:05    
Reformatting and Linting 24/63 files ━━━┈┈┈┈┈┈┈ 00:05    
Reformatting and Linting 25/63 files ━━━┈┈┈┈┈┈┈ 00:05    
Reformatting and Linting 26/63 files ━━━━┈┈┈┈┈┈ 00:06    
Reformatting and Linting 28/63 files ━━━━┈┈┈┈┈┈ 00:06    
Reformatting and Linting 30/63 files ━━━━┈┈┈┈┈┈ 00:06    
Reformatting and Linting 31/63 files ━━━━┈┈┈┈┈┈ 00:06    
Reformatting and Linting 32/63 files ━━━━━┈┈┈┈┈ 00:07    
Reformatting and Linting 35/63 files ━━━━━┈┈┈┈┈ 00:07    
Reformatting and Linting 36/63 files ━━━━━┈┈┈┈┈ 00:07    
Reformatting and Linting 37/63 files ━━━━━┈┈┈┈┈ 00:07    
Reformatting and Linting 38/63 files ━━━━━━┈┈┈┈ 00:08    
Reformatting and Linting 40/63 files ━━━━━━┈┈┈┈ 00:08    
Reformatting and Linting 41/63 files ━━━━━━┈┈┈┈ 00:08    
Reformatting and Linting 42/63 files ━━━━━━┈┈┈┈ 00:09    
Reformatting and Linting 43/63 files ━━━━━━┈┈┈┈ 00:09    
Reformatting and Linting 45/63 files ━━━━━━━┈┈┈ 00:09    
Reformatting and Linting 46/63 files ━━━━━━━┈┈┈ 00:09    
Reformatting and Linting 49/63 files ━━━━━━━┈┈┈ 00:10    
Reformatting and Linting 51/63 files ━━━━━━━━┈┈ 00:10    
Reformatting and Linting 52/63 files ━━━━━━━━┈┈ 00:11    
Reformatting and Linting 53/63 files ━━━━━━━━┈┈ 00:11    
Reformatting and Linting 55/63 files ━━━━━━━━┈┈ 00:12    
Reformatting and Linting 56/63 files ━━━━━━━━┈┈ 00:12    
Reformatting and Linting 57/63 files ━━━━━━━━━┈ 00:12    
Reformatting and Linting 59/63 files ━━━━━━━━━┈ 00:13    
Reformatting and Linting 60/63 files ━━━━━━━━━┈ 00:13    
Reformatting and Linting 61/63 files ━━━━━━━━━┈ 00:14    
Reformatting and Linting 63/63 files ━━━━━━━━━━ 00:19    
                                                         

Reformatting and Linting 63/63 files ━━━━━━━━━━ 00:19    
Reformatting and Linting 63/63 files ━━━━━━━━━━ 00:19    


0 files were updated.
Linted 63 files, found 0 errors.

For more information, see the pre-commit documentation.

@github-actions github-actions bot added pre-commit: failed Pre-commit checks failed and removed pre-commit: passed Pre-commit checks passed labels Dec 17, 2025
sentry[bot]
sentry bot reviewed Dec 17, 2025
View reviewed changes
blt/settings.py Outdated
"NAME": ":memory:",
}

ACCOUNT_AUTHENTICATION_METHOD = "username_email"

This comment was marked as outdated.

Sign in to view

@github-actions github-actions bot added pre-commit: passed Pre-commit checks passed and removed pre-commit: failed Pre-commit checks failed labels Dec 17, 2025
@arnavkirti
Copy link
Contributor

arnavkirti commented Dec 17, 2025

@coderabbitai please run a full, end‑to‑end review of this PR for completeness.

Focus on:

  • Verifying that the login flow now correctly supports both username and email, including error display on invalid credentials.​

  • Checking that the new django‑allauth settings (authentication/login methods, unique email) are consistent with the current allauth API and do not break existing flows.​

  • Confirming that moving dotenv loading into manage.py startup is safe for all environments and commands.​

  • Looking for any missing tests or edge cases around login errors and messaging.

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Dec 17, 2025

Tip

For best results, initiate chat on the files or code changes.

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash

# Find and display requirements files to check django-allauth version
echo "=== Django-allauth version in requirements ==="
fd -e txt -e in requirements | xargs -I {} bash -c 'echo "File: {}" && cat {}'

echo -e "\n=== Check for poetry/pipenv files ==="
fd -e toml -e lock pyproject Pipfile | xargs -I {} bash -c 'echo "File: {}" && cat {}'

Length of output: 180

🏁 Script executed:

#!/bin/bash

# Examine the actual changes in the files mentioned
echo "=== Full content of manage.py ==="
cat manage.py

echo -e "\n=== Full content of website/templates/account/login.html ==="
cat website/templates/account/login.html

echo -e "\n=== Allauth-related settings in blt/settings.py ==="
cat blt/settings.py | grep -A 5 -B 5 "ACCOUNT_"

Length of output: 15833

🏁 Script executed:

#!/bin/bash

# Find existing login/authentication tests
echo "=== Finding authentication/login tests ==="
fd -e py test | xargs rg -l "login|authentication|allauth" -i

echo -e "\n=== Checking for existing login test implementations ==="
fd -e py test | xargs rg -n -B 2 -A 10 "def test.*login" -i

Length of output: 3964

🏁 Script executed:

#!/bin/bash

# Check for existing dotenv usage and environment variable patterns
echo "=== Checking dotenv usage in the codebase ==="
rg -n "load_dotenv|python-dotenv" --type py

echo -e "\n=== Checking wsgi.py and asgi.py for environment setup ==="
fd -e py "wsgi|asgi" | xargs -I {} bash -c 'echo "File: {}" && cat {}'

Length of output: 1446

🏁 Script executed:

#!/bin/bash

# Check Docker/deployment files for environment variable handling
echo "=== Docker and deployment files ==="
fd -e yml -e yaml "docker-compose|docker" | xargs -I {} bash -c 'echo "File: {}" && cat {}'

echo -e "\n=== Check Dockerfile ==="
fd Dockerfile | xargs -I {} bash -c 'echo "File: {}" && cat {}'

echo -e "\n=== Check for deployment scripts ==="
fd deploy | xargs cat

Length of output: 5160

🏁 Script executed:

#!/bin/bash

# Check for other authentication backends and middleware
echo "=== Authentication backends in settings.py ==="
rg -n "AUTHENTICATION_BACKENDS" blt/settings.py -A 10

echo -e "\n=== Check for custom authentication views ==="
fd -e py views | xargs rg -n "LoginView|login" -A 5 -B 2

echo -e "\n=== Check urls.py for authentication patterns ==="
fd urls.py | xargs rg -n "account|login" -B 2 -A 2

Length of output: 8613

🏁 Script executed:

#!/bin/bash

# Check for existing error handling in forms
echo "=== Check for custom authentication forms ==="
fd -e py forms | xargs rg -n "LoginForm|AuthenticationForm" -A 10 -B 2

echo -e "\n=== Check for any custom allauth adapters ==="
rg -n "DefaultAccountAdapter|DefaultSocialAccountAdapter" --type py -A 5 -B 2

Length of output: 1184

🏁 Script executed:

#!/bin/bash

# Check pyproject.toml for django-allauth version
echo "=== pyproject.toml content ==="
cat pyproject.toml

Length of output: 3024

🏁 Script executed:

#!/bin/bash

# Check for .env.example and environment variable documentation
echo "=== .env.example file ==="
if [ -f .env.example ]; then
    cat .env.example
else
    echo "No .env.example found"
fi

echo -e "\n=== Check README for environment setup instructions ==="
cat README.md | grep -A 10 -B 2 -i "environment\|.env\|setup"

Length of output: 2269

🏁 Script executed:

#!/bin/bash

# Check if there are any existing users with duplicate emails
echo "=== Check for potential email uniqueness conflicts in models ==="
rg -n "email.*unique" --type py -B 2 -A 2

echo -e "\n=== Check User model and custom user models ==="
fd -e py models | xargs rg -n "class.*User" -A 15 | head -100

Length of output: 7220

🏁 Script executed:

#!/bin/bash

# Check the entrypoint script to see how environment variables are loaded in production
echo "=== Entrypoint script content ==="
cat scripts/entrypoint.sh

Length of output: 1247

🏁 Script executed:

#!/bin/bash

# Look for any existing login error handling tests
echo "=== Check for login error/validation tests ==="
fd -e py test | xargs rg -n "non_field_errors|invalid.*login|login.*error|authentication.*fail" -i -B 2 -A 5

Length of output: 46

🏁 Script executed:

#!/bin/bash

# Check if there's documentation about the issue being fixed
echo "=== Search for issue #4056 references ==="
rg -n "4056" --type md

echo -e "\n=== Check for any related comments in code ==="
rg -n "4056" --type py

Length of output: 89

🏁 Script executed:

#!/bin/bash

# Check if there are any duplicate emails in the database schema/migrations
echo "=== Check for email field constraints in auth.User ==="
python -c "
from django.contrib.auth.models import User
print('Django User model email field unique:', User._meta.get_field('email').unique)
print('Django User model email field blank:', User._meta.get_field('email').blank)
"

echo -e "\n=== Check for any migrations that might handle email uniqueness ==="
fd -e py . website/migrations | xargs rg -l "email.*unique" | head -10

Length of output: 243

🏁 Script executed:

#!/bin/bash

# Verify the allauth settings are properly configured
echo "=== Check all ACCOUNT_* settings in settings.py ==="
rg -n "^ACCOUNT_" blt/settings.py

echo -e "\n=== Check SOCIALACCOUNT_* settings ==="
rg -n "^SOCIALACCOUNT_" blt/settings.py

Length of output: 1026

🏁 Script executed:

#!/bin/bash

# Check if there are any custom login/authentication backends
echo "=== Check for custom authentication code ==="
rg -n "authenticate|login" website/views.py -B 2 -A 5 | head -50

echo -e "\n=== Check if there's a custom login view ==="
fd -e py . website/views | xargs rg -l "LoginView|login_view"

Length of output: 169

🏁 Script executed:

#!/bin/bash

# Check the exact formatting issue in login.html
echo "=== Check the non_field_errors section in login.html ==="
cat website/templates/account/login.html | grep -n -A 5 "non_field_errors"

Length of output: 691

🏁 Script executed:

#!/bin/bash

# Check if allauth has any custom configuration for error messages
echo "=== Check for allauth error message customization ==="
rg -n "ACCOUNT_.*ERROR|ACCOUNT_.*MESSAGE" blt/settings.py

echo -e "\n=== Check for custom error messages in templates ==="
fd login.html website/templates | xargs cat | grep -i "error\|invalid" | head -20

Length of output: 553

🏁 Script executed:

#!/bin/bash

# Check core.py for custom login views
echo "=== Check core.py for login views ==="
cat website/views/core.py | grep -n -B 5 -A 15 "login\|Login" | head -80

Length of output: 3576

🏁 Script executed:

#!/bin/bash

# Double-check the Django User model email field default configuration
echo "=== Check Django's default User model configuration ==="
rg -n "class User" --type py -A 20 | grep -B 5 -A 15 "email" | head -40

echo -e "\n=== Verify if BLT has any custom User model ==="
rg -n "AUTH_USER_MODEL" blt/settings.py

Length of output: 3261

🏁 Script executed:

#!/bin/bash

# Check if there are any data migrations or scripts that handle email uniqueness
echo "=== Check for email-related data migrations ==="
fd -e py . website/migrations | xargs rg -n "email" | grep -i "unique\|duplicate" | head -20

echo -e "\n=== Check for management commands related to email cleanup ==="
fd -e py . website/management/commands | xargs rg -l "email.*unique\|duplicate.*email" -i

Length of output: 111

🏁 Script executed:

#!/bin/bash

# Get the PR diff to see the exact changes
echo "=== Check what the actual change looks like in login.html (around the + character) ==="
cat website/templates/account/login.html | sed -n '55,65p'

Length of output: 728

@arnavkirti, I've completed a comprehensive end-to-end review of this PR. Here's my detailed analysis:

Login Flow & Error Display

The login flow changes are correctly implemented:

  • ACCOUNT_AUTHENTICATION_METHOD = "username_email" enables login with either username or email
  • The template correctly displays non-field errors in a styled alert box
  • The label change from "Username" to "Username or Email" accurately reflects the functionality

🐛 Critical Issue Found - Template Formatting Error:

Line 60 in login.html contains a stray + character that will be rendered in the UI:

<strong class="font-bold">Error:</strong>
+           <span class="block sm:inline mt-1">{{ form.non_field_errors|striptags }}</span>

Fix required:

-                            +           <span class="block sm:inline mt-1">{{ form.non_field_errors|striptags }}</span>
+                            <span class="block sm:inline mt-1">{{ form.non_field_errors|striptags }}</span>

Django-allauth Settings Compatibility

The allauth configuration is fully compatible with version 65.13.1:

  • ACCOUNT_AUTHENTICATION_METHOD = "username_email" - Standard allauth setting
  • ACCOUNT_UNIQUE_EMAIL = True - Enforces email uniqueness at the application layer
  • ✓ Compatible with existing AUTHENTICATION_BACKENDS
  • ✓ Works alongside existing account settings

⚠️ Important Note on Email Uniqueness:

ACCOUNT_UNIQUE_EMAIL = True enforces uniqueness at the allauth level, not as a database constraint. This means:

  • New signups will be rejected if email already exists
  • Profile updates will validate email uniqueness
  • Existing duplicate emails (if any) won't cause errors but should be cleaned up

Recommendation: Before deploying, run a query to check for duplicate emails:

from django.contrib.auth.models import User
from django.db.models import Count
duplicates = User.objects.values('email').annotate(count=Count('email')).filter(count__gt=1, email__isnull=False).exclude(email='')

Dotenv Loading Architecture - Safe for All Environments

The dotenv loading in manage.py is correctly implemented and safe:

Development (local):

  • manage.py loads .env via load_dotenv()
  • CLI commands work correctly ✓

Production/Docker:

  • docker-compose.yml uses env_file: .env to inject environment variables into containers ✓
  • wsgi.py and asgi.py correctly don't load dotenv - they rely on externally provided environment variables ✓
  • Gunicorn/uvicorn servers receive env vars from the container environment ✓

Why this is correct:

  1. In production, environment variables should be provided by the deployment platform (Docker, Kubernetes, cloud providers)
  2. WSGI/ASGI servers don't need dotenv - they inherit env vars from the parent process
  3. manage.py commands executed in Docker use the container's environment (from env_file)

This follows the 12-factor app methodology correctly.

⚠️ Missing Tests - Critical Gap

While existing login tests exist, there's no test coverage for the new error display feature.

Recommended tests to add:

# In website/tests/test_main.py or a new test file

def test_login_with_invalid_username_shows_error(self):
    """Test that invalid username displays non-field error"""
    response = self.client.post('/accounts/login/', {
        'login': 'nonexistent_user',
        'password': 'wrongpassword'
    })
    self.assertContains(response, 'non_field_errors')
    # Verify error message is displayed

def test_login_with_invalid_email_shows_error(self):
    """Test that invalid email displays non-field error"""
    response = self.client.post('/accounts/login/', {
        'login': '[email protected]',
        'password': 'wrongpassword'
    })
    self.assertContains(response, 'non_field_errors')

def test_login_with_email_success(self):
    """Test successful login using email instead of username"""
    user = User.objects.create_user('testuser', '[email protected]', 'password123')
    EmailAddress.objects.create(user=user, email='[email protected]', verified=True, primary=True)
    
    response = self.client.post('/accounts/login/', {
        'login': '[email protected]',
        'password': 'password123'
    })
    self.assertEqual(response.status_code, 302)  # Redirect on success

def test_login_with_username_success(self):
    """Test successful login using username (existing functionality)"""
    # Ensure username login still works
    user = User.objects.create_user('testuser', '[email protected]', 'password123')
    EmailAddress.objects.create(user=user, email='[email protected]', verified=True, primary=True)
    
    response = self.client.post('/accounts/login/', {
        'login': 'testuser',
        'password': 'password123'
    })
    self.assertEqual(response.status_code, 302)

📋 Summary

Aspect Status Notes
Login flow (username/email) Correct Properly configured
Allauth settings compatibility Compatible Version 65.13.1
Error display UI ⚠️ Has Bug Remove + character on line 60
Dotenv architecture Safe Correct for all environments
Test coverage Missing Add error display tests
Email uniqueness ⚠️ Verify Check for existing duplicates

🎯 Action Items

  1. Fix the template formatting - Remove the + character from line 60
  2. Add test coverage for error message display and email-based login
  3. Verify no duplicate emails exist in the database before deployment
  4. Consider adding a data migration or management command to clean up duplicates if found

The overall approach is sound and the architecture choices are correct. Once the formatting issue is fixed and tests are added, this will be ready to merge! 🚀

arnavkirti
arnavkirti suggested changes Dec 17, 2025
View reviewed changes
Copy link
Contributor

@arnavkirti arnavkirti left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please address the issues pointed out by coderabbitai.

coderabbitai bot added a commit that referenced this pull request Dec 18, 2025
@coderabbitai
📝 Add docstrings to fix-4056-allauth-login
72e9e37 
Docstrings generation was requested by @armanraymagit.

* #5329 (comment)

The following files were modified:

* `manage.py`
* `website/management/commands/deduplicate_emails.py`
* `website/tests/test_login.py`
@coderabbitai coderabbitai bot mentioned this pull request Dec 18, 2025
Open
@github-actions github-actions bot added files-changed: 7 PR changes 7 files and removed files-changed: 5 PR changes 5 files labels Dec 18, 2025
@github-actions github-actions bot added the last-active: 0d PR last updated 0 days ago label Dec 19, 2025
@armanraymagit armanraymagit reopened this Dec 19, 2025
@github-actions github-actions bot added last-active: 0d PR last updated 0 days ago last-active: 1d PR last updated 1 day ago and removed last-active: 0d PR last updated 0 days ago changes-requested PR has requested changes from a reviewer last-active: 1d PR last updated 1 day ago labels Dec 19, 2025
@github-actions github-actions bot added last-active: 1d PR last updated 1 day ago last-active: 2d PR last updated 2 days ago last-active: 0d PR last updated 0 days ago and removed last-active: 0d PR last updated 0 days ago last-active: 1d PR last updated 1 day ago last-active: 2d PR last updated 2 days ago labels Dec 27, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] approved these changes

+2 more reviewers

@sentry sentry[bot] sentry[bot] left review comments

@arnavkirti arnavkirti arnavkirti approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

files-changed: 7 PR changes 7 files has-peer-review PR has received peer review last-active: 2d PR last updated 2 days ago pre-commit: passed Pre-commit checks passed quality: high quality: medium tests: passed Django tests passed

Projects

📌 OWASP BLT Project Board
Status: Ready

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Show an error message on incorrect login credentials and fix verify email page UI.

3 participants

@armanraymagit @arnavkirti @mdkaifansari04