Revert "allow users to log in with secondary emails"

This reverts commit 2f52f66.

lib/mozilla_iam/authenticator.rb

@@ -30,6 +30,9 @@ def after_authenticate(auth_token)
         result.email = email = payload['email']
         result.email_valid = email_valid = payload['email_verified']
         result.user = user = User.find_by_email(email) if email_valid
+        if Array(user&.secondary_emails).include? email
+          raise "user #{user.id} attempted to log in with secondary email #{email}"
+        end
         result.name = payload['name']
         uid = payload['sub']
         result.extra_data = { uid: uid }

plugin.rb

@@ -1,6 +1,6 @@
 # name: mozilla-iam
 # about: A plugin to integrate Discourse with Mozilla's Identity and Access Management (IAM) system
-# version: 1.0.0
+# version: 1.0.1
 # authors: Leo McArdle
 # url: https://github.com/mozilla/discourse-mozilla-iam
 

spec/components/mozilla_iam/authenticator_spec.rb

@@ -119,14 +119,12 @@
       expect(result.user).to eq(nil)
     end
 
-    it "will log in a user if they log in with their secondary email" do
+    it "won't log in a user if they log in with their secondary email" do
       user = Fabricate(:user)
       id_token = create_id_token(user, { email: user.secondary_emails.first })
-      MozillaIAM::Profile.stubs(:refresh_methods).returns([])
       result = authenticate_with_id_token(id_token)
 
-      expect(result.failed).to eq false
-      expect(result.user.id).to eq(user.id)
+      expect(result.failed).to eq true
     end
 
     context "when the AAL" do