FIX: don't show users logging in with secondary email sign up form

mozilla · Aug 29, 2018 · 2d0840d · 2d0840d
1 parent 211e171
commit 2d0840d
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 5 deletions.
diff --git a/lib/mozilla_iam/authenticator.rb b/lib/mozilla_iam/authenticator.rb
@@ -26,8 +26,10 @@ def after_authenticate(auth_token)
 
         result.email = email = payload['email']
         result.email_valid = email_valid = payload['email_verified']
-        user = UserEmail.where(email: email, primary: true).first&.user if email_valid
-        result.user = user
+        result.user = user = User.find_by_email(email) if email_valid
+        if Array(user&.secondary_emails).include? email
+          raise "user #{user.id} attempted to log in with secondary email #{email}"
+        end
         result.name = payload['name']
         uid = payload['sub']
         result.extra_data = { uid: uid }

diff --git a/plugin.rb b/plugin.rb
@@ -1,6 +1,6 @@
 # name: mozilla-iam
 # about: A plugin to integrate Discourse with Mozilla's Identity and Access Management (IAM) system
-# version: 0.2.2
+# version: 0.2.3
 # authors: Leo McArdle
 # url: https://github.com/mozilla/discourse-mozilla-iam
 

diff --git a/spec/components/mozilla_iam/authenticator_spec.rb b/spec/components/mozilla_iam/authenticator_spec.rb
@@ -110,7 +110,7 @@
       expect(result.failed).to eq(true)
     end
 
-    it 'will not log in with an id_token with an unverified email' do
+    it 'will verify email in sign up form with an id_token with an unverified email' do
       user = Fabricate(:user)
       id_token = create_id_token(user, { email_verified: false })
       result = authenticate_with_id_token(id_token)
@@ -123,7 +123,7 @@
       id_token = create_id_token(user, { email: user.secondary_emails.first })
       result = authenticate_with_id_token(id_token)
 
-      expect(result.user).to eq(nil)
+      expect(result.failed).to eq true
     end
   end