From c0ecd6c06a4da3ed5135e25b97aa115098d4f860 Mon Sep 17 00:00:00 2001
From: Carlos Alexandro Becker <caarlos0@gmail.com>
Date: Tue, 29 May 2018 18:00:24 -0300
Subject: [PATCH] github: check if email is verified

I believe its more important that the email is
verified than that it is the primary email.

I can have several emails with different domains,
and I could want to login in different oauth2_proxy
instances using different domains as filters.
---
 providers/github.go      | 6 +++---
 providers/github_test.go | 6 +++---
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/providers/github.go b/providers/github.go
index 26526ce76..09c899753 100644
--- a/providers/github.go
+++ b/providers/github.go
@@ -197,8 +197,8 @@ func (p *GitHubProvider) hasOrgAndTeam(accessToken string) (bool, error) {
 func (p *GitHubProvider) GetEmailAddress(s *SessionState) (string, error) {
 
 	var emails []struct {
-		Email   string `json:"email"`
-		Primary bool   `json:"primary"`
+		Email    string `json:"email"`
+		Verified bool   `json:"verified"`
 	}
 
 	// if we require an Org or Team, check that first
@@ -243,7 +243,7 @@ func (p *GitHubProvider) GetEmailAddress(s *SessionState) (string, error) {
 	}
 
 	for _, email := range emails {
-		if email.Primary {
+		if email.Verified {
 			return email.Email, nil
 		}
 	}
diff --git a/providers/github_test.go b/providers/github_test.go
index 481018258..a59af5246 100644
--- a/providers/github_test.go
+++ b/providers/github_test.go
@@ -98,7 +98,7 @@ func TestGitHubProviderOverrides(t *testing.T) {
 }
 
 func TestGitHubProviderGetEmailAddress(t *testing.T) {
-	b := testGitHubBackend([]string{`[ {"email": "michael.bland@gsa.gov", "primary": true} ]`})
+	b := testGitHubBackend([]string{`[ {"email": "michael.bland@gsa.gov", "verified": true} ]`})
 	defer b.Close()
 
 	bURL, _ := url.Parse(b.URL)
@@ -112,8 +112,8 @@ func TestGitHubProviderGetEmailAddress(t *testing.T) {
 
 func TestGitHubProviderGetEmailAddressWithOrg(t *testing.T) {
 	b := testGitHubBackend([]string{
-		`[ {"email": "michael.bland@gsa.gov", "primary": true, "login":"testorg"} ]`,
-		`[ {"email": "michael.bland1@gsa.gov", "primary": true, "login":"testorg1"} ]`,
+		`[ {"email": "michael.bland@gsa.gov", "verified": true, "login":"testorg"} ]`,
+		`[ {"email": "michael.bland1@gsa.gov", "verified": true, "login":"testorg1"} ]`,
 		`[ ]`,
 	})
 	defer b.Close()