Skip to content

Commit

Permalink
Use only verified email address to prevent fake email address
Browse files Browse the repository at this point in the history
Co-authored-by: David Taylor <david@taylorhq.com>
  • Loading branch information
nhosoya and davidtaylorhq committed Dec 2, 2020
1 parent 45cf13d commit b37d540
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 1 deletion.
2 changes: 1 addition & 1 deletion lib/omniauth/strategies/apple.rb
Original file line number Diff line number Diff line change
Expand Up @@ -104,7 +104,7 @@ def user_info
end

def email
user_info['email'] || id_info['email']
id_info['email']
end

def first_name
Expand Down
15 changes: 15 additions & 0 deletions spec/omniauth/strategies/apple_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -252,6 +252,21 @@
end
end

context 'with a spoofed email in the user payload' do
before do
request.params['user'] = {
name: {
firstName: 'first',
lastName: 'last'
},
email: "spoofed@example.com"
}.to_json
end

it 'should return the true email' do
expect(subject.info[:email]).to eq('something@privatrerelay.appleid.com')
end
end
end

describe '#extra' do
Expand Down

0 comments on commit b37d540

Please # to comment.