From d30b64133913181f185d72589e3b9494f7488381 Mon Sep 17 00:00:00 2001
From: Raymond Penners <raymond.penners@intenct.nl>
Date: Fri, 23 Aug 2024 20:12:57 +0200
Subject: [PATCH] tests(headless): Verify email of other user while signed in

---
 .../account/tests/test_email_verification.py  | 23 ++++++++++++++++++-
 1 file changed, 22 insertions(+), 1 deletion(-)

diff --git a/allauth/headless/account/tests/test_email_verification.py b/allauth/headless/account/tests/test_email_verification.py
index 0b4ca3da69..78a5bbb237 100644
--- a/allauth/headless/account/tests/test_email_verification.py
+++ b/allauth/headless/account/tests/test_email_verification.py
@@ -1,7 +1,28 @@
-from allauth.account.models import EmailAddress, get_emailconfirmation_model
+from allauth.account.models import (
+    EmailAddress,
+    EmailConfirmationHMAC,
+    get_emailconfirmation_model,
+)
 from allauth.headless.constants import Flow
 
 
+def test_verify_email_other_user(auth_client, user, user_factory, headless_reverse):
+    other_user = user_factory(email_verified=False)
+    email_address = EmailAddress.objects.get(user=other_user, verified=False)
+    assert not email_address.verified
+    key = EmailConfirmationHMAC(email_address).key
+    resp = auth_client.post(
+        headless_reverse("headless:account:verify_email"),
+        data={"key": key},
+        content_type="application/json",
+    )
+    assert resp.status_code == 200
+    data = resp.json()
+    # We're still authenticated as the user originally logged in, not the
+    # other_user.
+    assert data["data"]["user"]["id"] == user.pk
+
+
 def test_auth_unverified_email(
     client, user_factory, password_factory, settings, headless_reverse
 ):