From cce737df5e309ec27b0f2ec743f7a3fe0fd295dd Mon Sep 17 00:00:00 2001
From: Luismi Cavalle <luismi@lmcavalle.com>
Date: Fri, 2 Nov 2012 20:14:09 +0000
Subject: [PATCH] Only the user scope allows access to emails

---
 lib/omniauth/strategies/github.rb       |  2 +-
 spec/omniauth/strategies/github_spec.rb | 18 +++++++++---------
 2 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/lib/omniauth/strategies/github.rb b/lib/omniauth/strategies/github.rb
index 74ffa9f..69f87f9 100644
--- a/lib/omniauth/strategies/github.rb
+++ b/lib/omniauth/strategies/github.rb
@@ -47,7 +47,7 @@ def emails
       end
 
       def email_access_allowed?
-        options['scope'] && !(options['scope'] == 'public')
+        options['scope'] =~ /user/
       end
 
     end
diff --git a/spec/omniauth/strategies/github_spec.rb b/spec/omniauth/strategies/github_spec.rb
index 6474d70..5a27573 100644
--- a/spec/omniauth/strategies/github_spec.rb
+++ b/spec/omniauth/strategies/github_spec.rb
@@ -25,24 +25,24 @@
       subject.should_not be_email_access_allowed
     end
 
-    it "should not allow email if scope is 'public'" do
-      subject.options['scope'] = 'public'
-      subject.should_not be_email_access_allowed
-    end
-
     it "should allow email if scope is user" do
       subject.options['scope'] = 'user'
       subject.should be_email_access_allowed
     end
 
-    it "should allow email if scope is scope is a bunch of stuff" do
-      subject.options['scope'] = 'user,public_repo,repo,delete_repo,gist'
+    it "should allow email if scope is a bunch of stuff including user" do
+      subject.options['scope'] = 'public_repo,user,repo,delete_repo,gist'
       subject.should be_email_access_allowed
     end
 
-    it "should assume email access allowed if scope is scope is something currently not documented " do
+    it "should not allow email if scope is other than user" do
+      subject.options['scope'] = 'repo'
+      subject.should_not be_email_access_allowed
+    end
+
+    it "should assume email access not allowed if scope is something currently not documented " do
       subject.options['scope'] = 'currently_not_documented'
-      subject.should be_email_access_allowed
+      subject.should_not be_email_access_allowed
     end
   end