auth: Remove @users.noreply.github.com from the email selection list.

Apparently GitHub changed the email address for these; we need to update our code accordingly. One cannot receive emails on the username@users.noreply.github.com, so if someone tries creating an account with this email address, that person would not be able to verify the account.
2025-11-04 05:53:43 +00:00 · 2019-08-05 15:15:56 +02:00
parent 0db9afe605
commit d4ccd73ae3
2 changed files with 9 additions and 8 deletions
--- a/zerver/tests/test_auth_backends.py
+++ b/zerver/tests/test_auth_backends.py
@@ -1113,7 +1113,7 @@ class GitHubAuthBackendTest(SocialAuthBase):
        # As emails ending with `noreply.github.com` are excluded from
        # verified_emails, choosing it as an email should raise a `email
        # not associated` warning.
-        account_data_dict = dict(email="hamlet@noreply.github.com", name=self.name)
+        account_data_dict = dict(email="hamlet@users.noreply.github.com", name=self.name)
        email_data = [
            dict(email="notprimary@zulip.com",
                 verified=True),
--- a/zproject/backends.py
+++ b/zproject/backends.py
@@ -887,15 +887,16 @@ class GitHubAuthBackend(SocialAuthMixin, GithubOAuth2):
        return verified_emails

    def filter_usable_emails(self, emails: List[Dict[str, Any]]) -> List[Dict[str, Any]]:
-        # We only let users login using email addresses that are verified
-        # by GitHub, because the whole point is for the user to
-        # demonstrate that they control the target email address.  We also
-        # disallow the @noreply.github.com email addresses, because
-        # structurally, we only want to allow email addresses that can
-        # receive emails, and those cannot.
+        # We only let users login using email addresses that are
+        # verified by GitHub, because the whole point is for the user
+        # to demonstrate that they control the target email address.
+        # We also disallow the
+        # @noreply.github.com/@users.noreply.github.com email
+        # addresses, because structurally, we only want to allow email
+        # addresses that can receive emails, and those cannot.
        return [
            email for email in emails
-            if email.get('verified') and not email["email"].endswith("@noreply.github.com")
+            if email.get('verified') and not email["email"].endswith("noreply.github.com")
        ]

    def user_data(self, access_token: str, *args: Any, **kwargs: Any) -> Dict[str, str]: