github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-22 02:41:13 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

SECURITY: GitHub authenticator returning unverified emails

Browse Source
This commit is contained in:
Sam
2014-09-03 12:53:22 +10:00
parent 551e8616f5
commit fdc89b1735
3 changed files with 8 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
lib/auth/github_authenticator.rb
View File

@ -20,10 +20,11 @@ class Auth::GithubAuthenticator < Auth::Authenticator
}
user_info = GithubUserInfo.find_by(github_user_id: github_user_id)
result.email_valid = !!data["email_verified"]
if user_info
user = user_info.user
elsif user = User.find_by_email(email)
elsif result.email_valid && (user = User.find_by_email(email))
user_info = GithubUserInfo.create(
user_id: user.id,
screen_name: screen_name,
@ -32,7 +33,6 @@ class Auth::GithubAuthenticator < Auth::Authenticator
end
result.user = user
result.email_valid = false
result
end