DEV: Flip primary_email_verified? default to false (#19703)

This commit changes the default return value of `Auth::ManagedAuthenticator#primary_email_verified?` to false. We're changing the default to force developers to think about email verification when building a new authentication method. All existing authenticators (in core and official plugins) have been updated to explicitly define the `primary_email_verified?` method in their subclass of `Auth::ManagedAuthenticator` (example commit 65f57a4d05). Internal topic: t/82084.
2025-05-22 22:43:33 +08:00 · 2023-01-04 10:51:10 +03:00
parent 42cf32169d
commit bbcdf74c58
2 changed files with 15 additions and 5 deletions
--- a/lib/auth/managed_authenticator.rb
+++ b/lib/auth/managed_authenticator.rb
@ -32,7 +32,7 @@ class Auth::ManagedAuthenticator < Auth::Authenticator
  def primary_email_verified?(auth_token)
    # Omniauth providers should only provide verified emails in the :info hash.
    # This method allows additional checks to be added
-    true
+    false
  end

  def can_revoke?