codingjoe
diff --git a/‎docs/customizing.rst‎
Lines changed: 2 additions & 0 deletions b/‎docs/customizing.rst‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎mailauth/contrib/user/migrations/0005_emailuser_email_hash_alter_emailuser_email.py‎
Lines changed: 42 additions & 0 deletions b/‎mailauth/contrib/user/migrations/0005_emailuser_email_hash_alter_emailuser_email.py‎
Lines changed: 42 additions & 0 deletions
diff --git a/‎mailauth/contrib/user/models.py‎
Lines changed: 29 additions & 1 deletion b/‎mailauth/contrib/user/models.py‎
Lines changed: 29 additions & 1 deletion
diff --git a/‎mailauth/forms.py‎
Lines changed: 6 additions & 0 deletions b/‎mailauth/forms.py‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎tests/test_forms.py‎
Lines changed: 5 additions & 0 deletions b/‎tests/test_forms.py‎
Lines changed: 5 additions & 0 deletions
@@ -119,6 +119,8 @@ API documentation
 
  .. autoattribute:: mailauth.contrib.user.models.AbstractEmailUser.email
  :noindex:
+ .. autoattribute:: mailauth.contrib.user.models.AbstractEmailUser.email_hash
+ :noindex:
  .. autoattribute:: mailauth.contrib.user.models.AbstractEmailUser.session_salt
  :noindex:
 
 
@@ -0,0 +1,42 @@
+from django.db import migrations, models
+
+try:
+ from django.contrib.postgres.fields import CIEmailField
+except ImportError:
+ CIEmailField = models.EmailField
+
+
+class Migration(migrations.Migration):
+
+ dependencies = [
+ ("mailauth_user", "0004_auto_20200812_0722"),
+ ]
+
+ operations = [
+ migrations.AddField(
+ model_name="emailuser",
+ name="email_hash",
+ field=models.TextField(db_index=True, null=True),
+ ),
+ migrations.AlterField(
+ model_name="emailuser",
+ name="email",
+ field=CIEmailField(
+ blank=True,
+ db_index=True,
+ max_length=254,
+ null=True,
+ unique=True,
+ verbose_name="email address",
+ ),
+ ),
+ migrations.RunSQL(
+ "UPDATE mailauth_user_emailuser SET email_hash = md5(email)",
+ "UPDATE mailauth_user_emailuser SET email_hash = NULL",
+ ),
+ migrations.AlterField(
+ model_name="emailuser",
+ name="email_hash",
+ field=models.TextField(db_index=True, default=0, max_length=16),
+ ),
+ ]
@@ -1,3 +1,5 @@
+import hashlib
+
 from django.conf import settings
 from django.contrib.auth.base_user import BaseUserManager
 from django.contrib.auth.models import AbstractUser
@@ -18,6 +20,7 @@ def _create_user(self, email, **extra_fields):
  """Create and save a user with the given email."""
  email = self.normalize_email(email)
  user = self.model(email=email, **extra_fields)
+ user.email_hash = hashlib.md5(email.lower().encode()).hexdigest()
  user.save(using=self._db)
  return user
 
@@ -50,9 +53,24 @@ class AbstractEmailUser(AbstractUser):
  username = None
  password = None
 
- email = CIEmailField(_("email address"), unique=True, db_index=True)
+ email = CIEmailField(
+ _("email address"), blank=True, null=True, unique=True, db_index=True
+ )
  """Unique and case insensitive to serve as a better username."""
 
+ email_hash = models.TextField(db_index=True, editable=False)
+ """
+ A hash of the email address, to erase the email address without loosing the user.
+
+ GDPR may require us to erase the email address, yet we still want to be able to
+ retain non-personal information for statistical or other legal purposes. We may
+ also want to be able to authenticate users without ever storing the email address.
+
+ A hash, being non-reversible in nature, means that the personal information is
+ not stored and you may only processes personal information during runtime for
+ the explicit purpose of authenticating the user.
+ """
+
  session_salt = models.CharField(
  max_length=12,
  editable=False,
@@ -68,6 +86,16 @@ def has_usable_password(self):
  class Meta(AbstractUser.Meta):
  abstract = True
 
+ def __init__(self, *args, **kwargs):
+ super().__init__(*args, **kwargs)
+ self._email = self.email
+
+ def save(self, *args, **kwargs):
+ if self.email and self._email != self.email:
+ self.email_hash = hashlib.md5(self.email.lower().encode()).digest()
+ kwargs["update_fields"] = {*kwargs.pop("update_fields", {}), "email_hash"}
+ super().save(*args, **kwargs)
+
  def _legacy_get_session_auth_hash(self):
  # RemovedInDjango40Warning: pre-Django 3.1 hashes will be invalid.
  key_salt = "mailauth.contrib.user.models.EmailUserManager.get_session_auth_hash"
 
@@ -1,3 +1,4 @@
+import hashlib
 import urllib
 
 from django import forms
@@ -9,6 +10,7 @@
 from django.urls import reverse
 
 from mailauth.backends import MailAuthBackend
+from mailauth.contrib.user.models import AbstractEmailUser
 
 
 class BaseLoginForm(forms.Form):
@@ -104,6 +106,10 @@ def __init__(self, request, *args, **kwargs):
  self.fields[self.field_name] = field
 
  def get_users(self, email=None):
+ if self.field_name == "email" and hasattr(get_user_model(), "email_hash"):
+ email_hash = hashlib.md5(email.lower().encode()).hexdigest()
+ return get_user_model().objects.filter(email_hash=email_hash).iterator()
+
  if connection.vendor == "postgresql":
  query = {self.field_name: email}
  else:
 
@@ -38,3 +38,8 @@ def test_get_users(self, db, user):
  assert list(EmailLoginForm(request=None).get_users("spiderman@avengers.com"))
  assert list(EmailLoginForm(request=None).get_users("SpiderMan@Avengers.com"))
  assert not list(EmailLoginForm(request=None).get_users("SpiderMan@dc.com"))
+
+ def test_get_users__no_hash(self, db, user):
+ form = EmailLoginForm(request=None)
+ form.field_name = "pk"
+ assert list(form.get_users(user.pk))