django-allauth, how can I only allow signup/login through social?

Question

I only want to allow people to sign up or log in with their social account. I have the social sign up and log in working, but I cant figure out how to disable the local sign up.

I've read the docs and this sounds close to what I want

ACCOUNT_FORMS (={})
    Used to override forms, for example: {‘login’: ‘myapp.forms.LoginForm’}

It seems like I can make a new sign up form and only include the social log in link, but I was hoping there is any easier way that I'm overlooking. I'm still new to this all so I tend to miss the obvious a lot still.

I also tried changing the code below to False, but that disabled social sign up as well.

allauth.account.adapter.py

def is_open_for_signup(self, request):
    """
    Checks whether or not the site is open for signups.

    Next to simply returning True/False you can also intervene the
    regular flow by raising an ImmediateHttpResponse
    """
    return True

Answer 1

Change templates and urlpatterns

You would have to change both the templates ( login , signup , etc.) and urlpatterns provided by allauth by default, which relate to the classic signup/login flow using email.

• Changing/reducing the available routes via the urlpatterns ensures that only the routes are available that should be there. HTTP error 404 is then shown for any attempt to hack into existing allauth default functionality (related to email) if you do it right.
• Changing the templates can ensure that the user interface does not provide what is related to email-based authentication.

No easy option available

Unfortunately, as of today there is no easy switch or setting to simply disable email-based signup and authentication with django-allauth. More details may be on GitHub in future, see:

• Issue #1227 ("Social only: disable all local account handling by means of a simple setting")
• Issue #345 ("How to disable form login/signup?")

Sample: urls.py

An urls.py like this will work with the current django-allauth (v0.30.0) on Django 1.10:

from django.conf.urls import include, url

from allauth.account.views import confirm_email, login, logout
from allauth.compat import importlib
from allauth.socialaccount import providers

providers_urlpatterns = []

for provider in providers.registry.get_list():
    prov_mod = importlib.import_module(provider.get_package() + '.urls')
    providers_urlpatterns += getattr(prov_mod, 'urlpatterns', [])

urlpatterns = [
    url(r'^auth/', include(providers_urlpatterns)),
    url(r'^confirm-email/(?P<key>[-:\w]+)/$', confirm_email, name='account_confirm_email'),
    url(r'^login/$', login, name='account_login'),
    url(r'^logout/$', logout, name='account_logout'),
    url(r'^signup/$', login, name='account_signup'),  # disable email signup
]

Answer 2

The solution wasn't what I originally thought. The much easier way to do this, instead of changing the forms, was to change the template and just remove any other options in that template.

My page now correctly only shows social auth and I am happy.

If anyone has a better or more secure answer I'd be open to it. Being new still, I don't know if this is the best solution, but for now it seems great and will mark as answered.

Answer 3

Ok, here is the thing. If you are not using any social account to link to your users, then it's very simple to finish the task you described by simply only include urls you need. However, if you need to use social account to link your users, then you have to include all urls because most third party application will not certify the request from your app. they only accept request from allauth.

from django.urls import path, re_path
from allauth.account import views as accountviews

urlpatterns = [
                path('admin/', admin.site.urls),
                # remember to comment out the following line since it will
                # include all urls from allauth lib
                # path('accounts/', include('allauth.urls'))
]

# assume you only want singup page and login page from allauth
urlpatterns += [path("acc/signup/", accountviews.signup, name="account_signup"),
                path("acc/login/", accountviews.login, name="account_login")
]