From 55832983224b3ebdef40c8d271cfaeecb9c8dc56 Mon Sep 17 00:00:00 2001
From: Raphael Michel <michel@pretix.eu>
Date: Fri, 14 Nov 2025 09:55:18 +0100
Subject: [PATCH] Auto-verify user email addresses on accepting invites (#5609)

* Auto-verify user email addresses on accepting invites

* Update src/pretix/control/views/auth.py

Co-authored-by: Richard Schreiber <schreiber@rami.io>

---------

Co-authored-by: Richard Schreiber <schreiber@rami.io>
---
 src/pretix/control/views/auth.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/pretix/control/views/auth.py b/src/pretix/control/views/auth.py
index b1b52985e2..a1514de730 100644
--- a/src/pretix/control/views/auth.py
+++ b/src/pretix/control/views/auth.py
@@ -254,6 +254,9 @@ def invite(request, token):
             return redirect('control:index')
         else:
             with transaction.atomic():
+                if request.user.email.lower() == inv.email.lower():
+                    request.user.is_verified = True
+                    request.user.save(update_fields=['is_verified'])
                 inv.team.members.add(request.user)
                 inv.team.log_action(
                     'pretix.team.member.joined', data={
@@ -274,7 +277,8 @@ def invite(request, token):
                 user = User.objects.create_user(
                     form.cleaned_data['email'], form.cleaned_data['password'],
                     locale=request.LANGUAGE_CODE,
-                    timezone=request.timezone if hasattr(request, 'timezone') else settings.TIME_ZONE
+                    timezone=request.timezone if hasattr(request, 'timezone') else settings.TIME_ZONE,
+                    is_verified=form.cleaned_data['email'].lower() == inv.email.lower()
                 )
                 user = authenticate(request=request, email=user.email, password=form.cleaned_data['password'])
                 user.log_action('pretix.control.auth.user.created', user=user)