Add the EMAIL_USE_VERIFICATION configuration setting. Fixes #232

CHANGELOG.md

@@ -1,6 +1,12 @@
 # Changelog
 All notable changes to this project will be documented in this file.
 
+## Unreleased
+
+### Improvements
+- Add the EMAIL_USE_VERIFICATION configuration setting (#232)
+
+
 ## 1.6.0 - 2019-04-01
 
 ### Improvements

README.md

@@ -106,6 +106,7 @@ Configurations settings loaded from environment variables:
 | EMAIL_HOST_USER | `""` *(empty string)*
 | EMAIL_HOST_PASSWORD | `""` *(empty string)*
 | EMAIL_USE_TLS | `"True"`
+| EMAIL_USE_VERIFICATION | `"True"`
 | SITE_ROOT | `"http://localhost:8000"`
 | SITE_NAME | `"Mychecks"`
 | MASTER_BADGE_LABEL | `"Mychecks"`
@@ -158,6 +159,11 @@ can send pings).
 If you close new user registration, you can still selectively invite users
 to your team account.
 
+`EMAIL_USE_VERIFICATION` enables/disables the sending of a verification
+link when an email address is added to the list of notification methods.
+Set it to `False` if you are setting up a private healthchecks instance where
+you trust your users and want to avoid the extra verification step.
+
 
 ## Database Configuration
 

hc/front/tests/test_add_email.py

@@ -1,8 +1,11 @@
+from django.core import mail
+from django.test.utils import override_settings
+
 from hc.api.models import Channel
 from hc.test import BaseTestCase
 
 
-class AddPdTestCase(BaseTestCase):
+class AddEmailTestCase(BaseTestCase):
     url = "/integrations/add_email/"
 
     def test_instructions_work(self):
@@ -23,6 +26,12 @@ class AddPdTestCase(BaseTestCase):
         self.assertFalse(c.email_verified)
         self.assertEqual(c.project, self.project)
 
+        # Email should have been sent
+        self.assertEqual(len(mail.outbox), 1)
+
+        email = mail.outbox[0]
+        self.assertTrue(email.subject.startswith("Verify email address on"))
+
     def test_team_access_works(self):
         form = {"value": "bob@example.org"}
 
@@ -48,3 +57,19 @@ class AddPdTestCase(BaseTestCase):
 
         c = Channel.objects.get()
         self.assertEqual(c.value, "alice@example.org")
+
+    @override_settings(EMAIL_USE_VERIFICATION=False)
+    def test_it_auto_verifies_email(self):
+        form = {"value": "alice@example.org"}
+
+        self.client.login(username="alice@example.org", password="password")
+        r = self.client.post(self.url, form)
+        self.assertRedirects(r, "/integrations/")
+
+        c = Channel.objects.get()
+        self.assertEqual(c.kind, "email")
+        self.assertEqual(c.value, "alice@example.org")
+        self.assertTrue(c.email_verified)
+
+        # Email should *not* have been sent
+        self.assertEqual(len(mail.outbox), 0)

hc/front/views.py

@@ -646,7 +646,15 @@ def add_email(request):
             channel.save()
 
             channel.assign_all_checks()
-            channel.send_verify_link()
+
+            if settings.EMAIL_USE_VERIFICATION:
+                channel.send_verify_link()
+            else:
+                # In self-hosted setting, administator has the option to
+                # disable the email verification step.
+                channel.email_verified = True
+                channel.save()
+
             return redirect("hc-channels")
     else:
         form = AddEmailForm()

hc/settings.py

@@ -166,6 +166,7 @@ EMAIL_PORT = envint("EMAIL_PORT", "587")
 EMAIL_HOST_USER = os.getenv("EMAIL_HOST_USER", "")
 EMAIL_HOST_PASSWORD = os.getenv("EMAIL_HOST_PASSWORD", "")
 EMAIL_USE_TLS = envbool("EMAIL_USE_TLS", "True")
+EMAIL_USE_VERIFICATION = envbool("EMAIL_USE_VERIFICATION", "True")
 
 # Slack integration
 SLACK_CLIENT_ID = os.getenv("SLACK_CLIENT_ID")