usermanagement with django allauth.

usermanagement with django allauth: It is common for bots to register with a website. Often enough there are users instances in the user base that have registered at some point but did not verify their email-address.

Fortunately enough, for users of django and the excellent django-allauth, there are easy ways to manage these users.

First, the django ORM comes with an easy way to identify these users that did not verify their primary email:

>>> from django.contrib.auth.models import User
>>> unverified_users = User.objects.filter(emailaddress__verified=False, emailaddress__primary=True)
Bot User Management with django allauth
Mobile Phone User – Munich

The ORM allows simple filtering for unverified email addresses through a “relationship lookup”, that is emailaddress__verified=False in the above snippet. Of course, you may want to limit users for which the primary email address is unverified. That is the 2nd keyword argument to .filter() here: emailaddress__primary=True. The filter operator ANDs together these two conditions.

To identify users that not only have unverified, primary email addresses, but also appear to be idle, you may limit users that didn’t login through .exclude():

>> import datetime
>> old_unverified_users = unverified_users.exclude(last_login__gt=datetime.date(2020, 1, 1))

Will only give you users that have logged in after Jan 1st, 2020. Of course, the argument to last_login can be modified to match your requirements.

Finally, you may chose to either email these users and re-ask to verify their email. That would be a separate task, though. In our case, we simply delete these, since they are obviously not interessted in using our site:

old_unverified_users.delete()