ALLOW_LOGIN_NOT_VERIFIED does not support graphql_auth.mutations.SendPasswordResetEmail
mcabrams opened this issue · comments
Description
Setting ALLOW_LOGIN_NOT_VERFIED
to True
seems like it would eliminate the UserNotVerifiedError
upon executing the SendPasswordResetEmail
(in the case where user is unverified), however, it still raises this error.
Expected behavior
I would expect ALLOW_LOGIN_NOT_VERFIED
would remove the check for the user needing to be verified upon sending the password reset email - or I would expect there to be a new setting called ALLOW_PASSWORD_RESET_NOT_VERIFIED
that would more granularly control this.
Requirements
django-graphql-jwt==0.3.0
graphene-django==2.9.1
django-graphql-auth==0.3.10
The default behavior must be raising this error because it's common to let users login when not verified, but they should first verify the account in order to reset password. However, a new setting ALLOW_PASSWORD_RESET_NOT_VERIFIED
would be nice.
Another option would be verifying the account along with the password reset, in case the user asks for a password reset without being verified. I think this would be even better than the new setting.
Can you make a PR for one of those alternatives?