madhums/node-express-mongoose-demo

Github auth will fail if user has email set to private

anthonygore opened this issue · 0 comments

config/passport/github.js has this on line 31:

email: profile.emails[0].value

This will give TypeError: Cannot read property '0' of undefined is the user doesn't have a public email address.

If you add scope: [ 'user:email' ] into your GithubStrategy constructor's options it works.

The other issue is that by default you get the first of the user's email addresses, which may not be their primary one. If you're only get one email, should probably be the primary. Here's how I rejigged the code a bit:

'use strict';

/**
 * Module dependencies.
 */

const mongoose = require('mongoose');
const GithubStrategy = require('passport-github').Strategy;
const config = require('../');
const User = mongoose.model('User');

/**
 * Expose
 */

module.exports = new GithubStrategy({
    clientID: config.github.clientID,
    clientSecret: config.github.clientSecret,
    callbackURL: config.github.callbackURL,
    scope: [ 'user:email' ]
  },
  function (accessToken, refreshToken, profile, done) {
    const options = {
      criteria: { 'github.id': profile.id }
    };
    User.load(options, function (err, user) {
      if (err) return done(err);
      if (!user) {
        let email;
        if (profile.emails) {
          email = profile.emails.find((email) => { return email.primary; });
          if (!email) email = profile.emails[0];
        }
        user = new User({
          name: profile.displayName,
          email: email.value,
          username: profile.username,
          provider: 'github',
          github: profile._json
        });
        user.save(function (err) {
          if (err) console.log(err);
          return done(err, user);
        });
      } else {
        return done(err, user);
      }
    });
  }
);