FIX: Allow signup when auth provider supplies no email

FIX: Allow signup when auth provider supplies no email

diff --git a/app/services/user_authenticator.rb b/app/services/user_authenticator.rb
index d5fdb91..5db04fa 100644
--- a/app/services/user_authenticator.rb
+++ b/app/services/user_authenticator.rb
@@ -40,7 +40,7 @@ class UserAuthenticator
 
   def authenticated?
     return false if !@auth_result
-    return false if @auth_result.email.downcase != @user.email.downcase
+    return false if @auth_result&.email&.downcase != @user.email.downcase
     return false if @auth_result.email_valid != true # strong check for truth, in case we have another object type
     true
   end
diff --git a/spec/requests/users_controller_spec.rb b/spec/requests/users_controller_spec.rb
index e1e2e50..94765e9 100644
--- a/spec/requests/users_controller_spec.rb
+++ b/spec/requests/users_controller_spec.rb
@@ -1056,6 +1056,43 @@ describe UsersController do
         end
 
       end
+
+      context "with no email in the auth payload" do
+        before do
+          OmniAuth.config.test_mode = true
+          OmniAuth.config.mock_auth[:twitter] = OmniAuth::AuthHash.new(
+            provider: 'twitter',
+            uid: '123545',
+            info: OmniAuth::AuthHash::InfoHash.new(
+              nickname: "testosama",
+              name: "Osama Test"
+            )
+          )
+          Rails.application.env_config["omniauth.auth"] = OmniAuth.config.mock_auth[:twitter]
+          SiteSetting.enable_twitter_logins = true
+          get "/auth/twitter/callback.json"
+        end
+
+        after do
+          Rails.application.env_config["omniauth.auth"] = OmniAuth.config.mock_auth[:twitter] = nil
+          OmniAuth.config.test_mode = false
+        end
+
+        it "will create the user successfully" do
+          Rails.application.env_config["omniauth.auth"].info.email = nil
+
+          post "/u.json", params: {
+            name: "Test Osama",
+            username: "testosama",
+            password: "strongpassword",
+            email: "osama@mail.com"
+          }
+
+          expect(response.status).to eq(200)
+          json = response.parsed_body
+          expect(json['success']).to eq(true)
+        end
+      end
     end
 
     it "creates user successfully but doesn't activate the account" do

GitHub sha: fbf29443

1 Like

This commit has been mentioned on Discourse Meta. There might be relevant details there:

https://meta.discourse.org/t/new-signups-via-steam-login-are-broken/157364/5