Design notes

The thoughts behind various aspects of the design of django-openid.

Confirmation e-mails

  • Not all sites wish to implement a confirm-via-email loop (which can discourage people from signing up) so it should not be a compulsory feature.

  • People sometimes lose confirmation e-mails to spam filters and so forth - they need to be able to request that an e-mail is re-sent.

  • It’s important to be able to distinguish between users who have not yet confirmed their account and users who have been banned. This means the is_active field on the User model is not enough information - a banned user could bypass it by re-requesting their confirmation e-mail.
    • Solution: the “Unconfirmed users” group is used to mark accounts which have not yet been confirmed. Only accounts in that group are allowed to re-request confirmation e-mails.