Ensure info[:email] is always verified, and include unverified_email (#363)

davidtaylorhq · zquestz · commit 8b4d6dafea1e · 2019-06-03T11:03:48.000-07:00
This is a 'safe by default' replacement for efe0e90 Add changelog and bump version Keep email_verified boolean available for 0.6.1 users
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,6 +1,20 @@
 # Changelog
 All notable changes to this project will be documented in this file.
 
+## 0.7.0 - 2019-06-03
+
+### Added
+- Ensure `info[:email]` is always verified, and include `unverified_email`
+
+### Deprecated
+- Nothing.
+
+### Removed
+- Nothing.
+
+### Fixed
+- Nothing.
+
 ## 0.6.1 - 2019-03-07
 
 ### Added
diff --git a/lib/omniauth/google_oauth2/version.rb b/lib/omniauth/google_oauth2/version.rb
@@ -2,6 +2,6 @@
 
 module OmniAuth
   module GoogleOauth2
-    VERSION = '0.6.1'
+    VERSION = '0.7.0'
   end
 end
diff --git a/lib/omniauth/strategies/google_oauth2.rb b/lib/omniauth/strategies/google_oauth2.rb
@@ -46,7 +46,8 @@ def authorize_params
       info do
         prune!(
           name: raw_info['name'],
-          email: raw_info['email'],
+          email: verified_email,
+          unverified_email: raw_info['email'],
           email_verified: raw_info['email_verified'],
           first_name: raw_info['given_name'],
           last_name: raw_info['family_name'],
@@ -137,6 +138,10 @@ def get_scope(params)
         scope_list.join(' ')
       end
 
+      def verified_email
+        raw_info['email_verified'] ? raw_info['email'] : nil
+      end
+
       def get_token_options(redirect_uri)
         { redirect_uri: redirect_uri }.merge(token_params.to_hash(symbolize_keys: true))
       end
diff --git a/spec/omniauth/strategies/google_oauth2_spec.rb b/spec/omniauth/strategies/google_oauth2_spec.rb
@@ -300,6 +300,41 @@
     end
   end
 
+  describe '#info' do
+    let(:client) do
+      OAuth2::Client.new('abc', 'def') do |builder|
+        builder.request :url_encoded
+        builder.adapter :test do |stub|
+          stub.get('/oauth2/v3/userinfo') { [200, { 'content-type' => 'application/json' }, response_hash.to_json] }
+        end
+      end
+    end
+    let(:access_token) { OAuth2::AccessToken.from_hash(client, {}) }
+    before { allow(subject).to receive(:access_token).and_return(access_token) }
+
+    context 'with verified email' do
+      let(:response_hash) do
+        { email: 'something@domain.invalid', email_verified: true }
+      end
+
+      it 'should return equal email and unverified_email' do
+        expect(subject.info[:email]).to eq('something@domain.invalid')
+        expect(subject.info[:unverified_email]).to eq('something@domain.invalid')
+      end
+    end
+
+    context 'with unverified email' do
+      let(:response_hash) do
+        { email: 'something@domain.invalid', email_verified: false }
+      end
+
+      it 'should return nil email, and correct unverified email' do
+        expect(subject.info[:email]).to eq(nil)
+        expect(subject.info[:unverified_email]).to eq('something@domain.invalid')
+      end
+    end
+  end
+
   describe '#extra' do
     let(:client) do
       OAuth2::Client.new('abc', 'def') do |builder|
