Merge pull request #96 from caarlos0/verified
fix: github should check if email is verified
This commit is contained in:
commit
d3b8232876
@ -2,6 +2,7 @@
|
|||||||
|
|
||||||
## Changes since v3.1.0
|
## Changes since v3.1.0
|
||||||
|
|
||||||
|
- [#96](https://github.com/bitly/oauth2_proxy/pull/96) Check if email is verified on GitHub (@caarlos0)
|
||||||
- [#110](https://github.com/pusher/oauth2_proxy/pull/110) Added GCP healthcheck option (@timothy-spencer)
|
- [#110](https://github.com/pusher/oauth2_proxy/pull/110) Added GCP healthcheck option (@timothy-spencer)
|
||||||
- [#112](https://github.com/pusher/oauth2_proxy/pull/112) Improve websocket support (@gyson)
|
- [#112](https://github.com/pusher/oauth2_proxy/pull/112) Improve websocket support (@gyson)
|
||||||
- [#63](https://github.com/pusher/oauth2_proxy/pull/63) Use encoding/json for SessionState serialization (@yaegashi)
|
- [#63](https://github.com/pusher/oauth2_proxy/pull/63) Use encoding/json for SessionState serialization (@yaegashi)
|
||||||
|
@ -204,6 +204,7 @@ func (p *GitHubProvider) GetEmailAddress(s *SessionState) (string, error) {
|
|||||||
var emails []struct {
|
var emails []struct {
|
||||||
Email string `json:"email"`
|
Email string `json:"email"`
|
||||||
Primary bool `json:"primary"`
|
Primary bool `json:"primary"`
|
||||||
|
Verified bool `json:"verified"`
|
||||||
}
|
}
|
||||||
|
|
||||||
// if we require an Org or Team, check that first
|
// if we require an Org or Team, check that first
|
||||||
@ -248,7 +249,7 @@ func (p *GitHubProvider) GetEmailAddress(s *SessionState) (string, error) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
for _, email := range emails {
|
for _, email := range emails {
|
||||||
if email.Primary {
|
if email.Primary && email.Verified {
|
||||||
return email.Email, nil
|
return email.Email, nil
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -97,7 +97,7 @@ func TestGitHubProviderOverrides(t *testing.T) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func TestGitHubProviderGetEmailAddress(t *testing.T) {
|
func TestGitHubProviderGetEmailAddress(t *testing.T) {
|
||||||
b := testGitHubBackend([]string{`[ {"email": "michael.bland@gsa.gov", "primary": true} ]`})
|
b := testGitHubBackend([]string{`[ {"email": "michael.bland@gsa.gov", "verified": true, "primary": true} ]`})
|
||||||
defer b.Close()
|
defer b.Close()
|
||||||
|
|
||||||
bURL, _ := url.Parse(b.URL)
|
bURL, _ := url.Parse(b.URL)
|
||||||
@ -109,10 +109,23 @@ func TestGitHubProviderGetEmailAddress(t *testing.T) {
|
|||||||
assert.Equal(t, "michael.bland@gsa.gov", email)
|
assert.Equal(t, "michael.bland@gsa.gov", email)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestGitHubProviderGetEmailAddressNotVerified(t *testing.T) {
|
||||||
|
b := testGitHubBackend([]string{`[ {"email": "michael.bland@gsa.gov", "verified": false, "primary": true} ]`})
|
||||||
|
defer b.Close()
|
||||||
|
|
||||||
|
bURL, _ := url.Parse(b.URL)
|
||||||
|
p := testGitHubProvider(bURL.Host)
|
||||||
|
|
||||||
|
session := &SessionState{AccessToken: "imaginary_access_token"}
|
||||||
|
email, err := p.GetEmailAddress(session)
|
||||||
|
assert.Equal(t, nil, err)
|
||||||
|
assert.Empty(t, "", email)
|
||||||
|
}
|
||||||
|
|
||||||
func TestGitHubProviderGetEmailAddressWithOrg(t *testing.T) {
|
func TestGitHubProviderGetEmailAddressWithOrg(t *testing.T) {
|
||||||
b := testGitHubBackend([]string{
|
b := testGitHubBackend([]string{
|
||||||
`[ {"email": "michael.bland@gsa.gov", "primary": true, "login":"testorg"} ]`,
|
`[ {"email": "michael.bland@gsa.gov", "primary": true, "verified": true, "login":"testorg"} ]`,
|
||||||
`[ {"email": "michael.bland1@gsa.gov", "primary": true, "login":"testorg1"} ]`,
|
`[ {"email": "michael.bland1@gsa.gov", "primary": true, "verified": true, "login":"testorg1"} ]`,
|
||||||
`[ ]`,
|
`[ ]`,
|
||||||
})
|
})
|
||||||
defer b.Close()
|
defer b.Close()
|
||||||
|
Loading…
Reference in New Issue
Block a user