Make requirement for verified email optional

[hughns]

Currently all users are required to have a verified email address. This should be configurable in future.

[sandhose]

It turns out, it only really was an issue because I forgot to mark the imported email as the primary email when doing an upstream oauth registration. This is fixed as part of #1660, which also introduces a new claim import parameter for the email, set_email_verification:

• never: do not set the imported email as verified
• always: always set the imported email as verified
• import: mark the email as verified if the OAuth upstream set the email_verified claim to true (<- this is the default behaviour)

[dklimpel]

How can I register a local user without verify the email?

• register via REST
• verfify via CLI

I am not able to automate this. Either CLI or REST, but both is not possible.

set_email_verification seems only to work for an upstream provider.

[sandhose]

There are a few ways to work around this:

• when registering the user through the CLI (mas-cli manage register-user), adding an email with the -e/--email flag should make it verified
• if the email was added but not verified, it can be verified through the CLI: mas-cli manage verify-email <USERNAME> <EMAIL>
• the new Admin API doesn't yet support managing user emails, so that should be added and tracked in a new issue (or at least in New REST-like admin API #3057)
• the old GraphQL API has mutations to add emails and verify them, if you want to dig there

[matrixbot]

For your information, this issue has been copied over to the Element fork of matrix-authentication-service: element-hq/matrix-authentication-service#1505