This section covers how to handle the User records that are created as part of the upload process from the first-time data import and through syncing with GitHub.
The code for this page lives in the users/ app.
- We use Django Allauth to handle user accounts
- We do some overriding of their logic for the profile page
- We override the password reset logic as part of allowing users to claim their unclaimed accounts
- When libraries are created and updated from GitHub, we receive information on Library Maintainers and Authors.
- Those authors and maintainers are added as Users and then linked to the Library or LibraryVersion record they belong to.
- When they are created, the User accounts have their
claimedfield marked as False. This field defaults toTrue, and will only beFalsefor users who were created by an automated process. - We use the email address and name in the
libraries.jsonfile for that library to create the User record
- If a user tries to register with the same email address as an existing user (a user with
claimedset toFalse), we interrupt the Django Allauth registration error that happens in this case to check whether the user has been claimed - If the user has
claimedset toFalse, we send the user a custom message and send them a password reset email - On the backend, we interrupt the Django Allauth password reset process to mark users as claimed once their password has been successfully reset
To guard against bad actors uploading offensive photos as profile photos, we have the ability to restrict a user's ability to update their profile photo.
- Log into the Django admin at
/admin/ - Navigate to the Users menu
- Find the user whose profile photo you want to restrict. You can search by name or email address.
- Scroll to the bottom of that user's record and uncheck the box that says, "Can update image."
- Click "Save."
The user can no longer update their own profile photo. Instead, they will see a message that they must contact an administrator to update their profile photo.