Produits Entr'ouvert » Authentic 2

I wonder what's the point of moving things in a default/ subdirectory; it made sense in django-registration as it wanted to be a generic application catering for many different usecases but I don't see that reason applying to Authentic.

The idea is to add, later, another registration backend, let's say "ldap", putting its views and stuff under "ldap" directory.
It could be activated then by changing the A2_REGISTRATION_BACKEND to "ldap".

This is only my opinion but I'd rather not have abstractions created before proven necessary.

Anyway, this patch does two very different things: 1) remove the dependency on django-registration, 2) move things around to create some kind of abstraction (broken in my opinion); this shouldn't be done in a single commit (in my opinion).

Just to add my opinion to Fred's. I was thinking that we could start from a clean page instead of copying django-registration in authentic.

• not create models before activation (maybe using signed URLs¹).
• login user at activation
• finish login workflow if account creation was initiated in the middle of something going on (see #2803)

[1]: https://docs.djangoproject.com/en/dev/topics/signing/

Another requirement could be to check for email unicity at registration and activation.

As I closed #5263 as a duplicate; here are some additional notes that were written over there:

At least, considering certivox, it would need an additional hook at the "user signs up" step, to validate that the request is ok.

Another requirement for a rewrite of this is that the "next" parameter of the login page should be conserved through the whole registration process so that the registration workflow at the IdP can be integrated into the login workflow of any service provider.

In a discussion about Vincennes, it was noted they would like the possibility to have an email sent to the site admins whenever a new user registers.

This does not seem good:

                    'user': form.cleaned_data,

On activation page there should be a link to the homepage, the link URL will be replaced by next_url in #2803. #2803 should be simpler to implement now that we send the full registration informations to the user.

I think that passing the form data to the template is ok, just don't call it user, maybe you could just do ctx_dict.update(cleaned_data).

Also Authentic2 do not use the django.contrib.sites application anymore, we just pass the the site hostname instead.

On pourrait avoir la série de patch complète rebasée ?

Another requirement for the new registration backend, some SMTP server are a bit too restrictive on what email they accept (see https://sentry.entrouvert.org/montpellier/compte-agglo-montpellier-prod/group/831/) we need to handle the exceptions that send_mail() can raise, log a warning and show a humanly understandable error message in this case.