In that case, how should this address be validated? Should Postorius consider that the login system always validates addresses and set them as verified in Mailman? Should it ask mailman to verify the email addresses when it encounters a user's un-verified address? This does not seem possible in REST at the moment (unless I missed it), and should be protected against multiple checks.
Ideas? I started a thread about this a couple of months back. I was asking about what authentication system to switch to, since persona is being dropped. I found a couple of solutions and have my personal favorite: django-allauth
I have a merge request pending that adds basic functionality for it in postorius. I think that it's better than python-social-auth that hyperkitty is currently using. Short version: it supports both external (social) and internal (django) auth systems and offers options to combine/switch between them . Allauth provides Signals that I used to verify the addresses in Mailman.
The link to my merge request: https://gitlab.com/mailman/postorius/merge_requests/130
The link to my previous post:
https://mail.python.org/pipermail/mailman-developers/2016-January/025338.htm...
-- Sent from my Android device with K-9 Mail. Please excuse my brevity.