EmailAddress model in Django allauth?

Question

I just started using Django allauth, and I noticed that it created a new accounts_emailaddresses table. I understand this is useful for email confirmation, but if feels like this is a source of denormalization in our database.

Our current User model already has an email field. It seems like now I have to maintain the state of both User and allauth.EmailAddress models now.

For example, when a user changes emails, I need to change the User model and also mark the new email as primary in EmailAddress

This seems really annoying...what is the best practice in this case? Should I remove email field from User? I'm wondering how most people handle this.

Answer 1

I wouldn't delete your normal user email adress.

Allauth contains an email adress for the social account, and that isn't necessarily the same as the one you have stored in your application account.

There is a bit of discussion about the security implications of treating the two emails as the same. (I don't think some social acconts verify that the email adress belongs to the user, so you could create for example a facebook account with a fake email address and log into your application using that despite not owning the email address).

I have a feeling that removing the user email adress would stop allauth working as it is checking when a new social account is added.