GitHub Provider - Fallback to secondary verified email (#372)

* Fallback to secondary verified email * Add change to changelog
2020-02-15 07:36:28 -06:00 · 2020-02-15 07:36:28 -06:00 · 3a843f815d
commit 3a843f815d
parent 10adb5c516
2 changed files with 8 additions and 3 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -9,6 +9,7 @@

 ## Changes since v5.0.0

+- [#372](https://github.com/pusher/oauth2_proxy/pull/372) Allow fallback to secondary verified email address in GitHub provider (@dmnemec)
 - [#335](https://github.com/pusher/oauth2_proxy/pull/335) OIDC Provider support for empty id_tokens in the access token refresh response (@howzat)
 - [#363](https://github.com/pusher/oauth2_proxy/pull/363) Extension of Redis Session Store to Support Redis Cluster (@yan-dblinf)
 - [#353](https://github.com/pusher/oauth2_proxy/pull/353) Fix login page fragment handling after soft reload on Firefox (@ffdybuster)
--- a/providers/github.go
+++ b/providers/github.go
@ -305,13 +305,17 @@ func (p *GitHubProvider) GetEmailAddress(s *sessions.SessionState) (string, erro
 		return "", fmt.Errorf("%s unmarshaling %s", err, body)
 	}

+	returnEmail := ""
 	for _, email := range emails {
-		if email.Primary && email.Verified {
-			return email.Email, nil
+		if email.Verified {
+			returnEmail = email.Email
+			if email.Primary {
+				return returnEmail, nil
+			}
 		}
 	}

-	return "", nil
+	return returnEmail, nil
 }

 // GetUserName returns the Account user name