From da435f973ecfc27daf210d90fc2ac86b4d5d1a52 Mon Sep 17 00:00:00 2001
From: Matthew Breeden <matt@integrallis.com>
Date: Fri, 20 Feb 2015 12:17:17 -0700
Subject: [PATCH] Only return verified email addresses

---
 lib/omniauth/strategies/github.rb       | 8 ++++----
 spec/omniauth/strategies/github_spec.rb | 8 ++++----
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/lib/omniauth/strategies/github.rb b/lib/omniauth/strategies/github.rb
index a7eff86..be08d26 100644
--- a/lib/omniauth/strategies/github.rb
+++ b/lib/omniauth/strategies/github.rb
@@ -28,7 +28,7 @@ def authorize_params
       info do
         {
           'nickname' => raw_info['login'],
-          'email' => email,
+          'email' => primary_email,
           'name' => raw_info['name'],
           'image' => raw_info['avatar_url'],
           'urls' => {
@@ -39,7 +39,7 @@ def authorize_params
       end
 
       extra do
-        {:raw_info => raw_info}
+        {:raw_info => raw_info, :all_emails => emails}
       end
 
       def raw_info
@@ -52,8 +52,8 @@ def email
       end
 
       def primary_email
-        primary = emails.find{|i| i['primary'] }
-        primary && primary['email'] || emails.first && emails.first['email']
+        primary = emails.find{ |i| i['primary'] && i['verified'] }
+        primary && primary['email'] || nil
       end
 
       # The new /user/emails API - http://developer.github.com/v3/users/emails/#future-response
diff --git a/spec/omniauth/strategies/github_spec.rb b/spec/omniauth/strategies/github_spec.rb
index 7a2766e..27c680b 100644
--- a/spec/omniauth/strategies/github_spec.rb
+++ b/spec/omniauth/strategies/github_spec.rb
@@ -94,7 +94,7 @@
       subject.email.should be_nil
     end
 
-    it "should return the primary email if there is no raw_info and email access is allowed" do
+    it "should not return the primary email if there is no raw_info and email access is allowed" do
       emails = [
         { 'email' => 'secondary@example.com', 'primary' => false },
         { 'email' => 'primary@example.com',   'primary' => true }
@@ -102,10 +102,10 @@
       subject.stub!(:raw_info).and_return({})
       subject.options['scope'] = 'user'
       subject.stub!(:emails).and_return(emails)
-      subject.email.should eq('primary@example.com')
+      subject.email.should eq(nil)
     end
 
-    it "should return the first email if there is no raw_info and email access is allowed" do
+    it "should not return the first email if there is no raw_info and email access is allowed" do
       emails = [
         { 'email' => 'first@example.com',   'primary' => false },
         { 'email' => 'second@example.com',  'primary' => false }
@@ -113,7 +113,7 @@
       subject.stub!(:raw_info).and_return({})
       subject.options['scope'] = 'user'
       subject.stub!(:emails).and_return(emails)
-      subject.email.should eq('first@example.com')
+      subject.email.should eq(nil)
     end
   end