fix: use email in oauth whitelist check

2025-10-28 04:35:40 +00:00 · 2025-05-02 15:16:57 +03:00
parent dd5a9e2216
commit 2db7795eb7
4 changed files with 6 additions and 3 deletions
--- a/internal/hooks/hooks.go
+++ b/internal/hooks/hooks.go
@@ -110,8 +110,8 @@ func (hooks *Hooks) UseUserContext(c *gin.Context) types.UserContext {
 		log.Debug().Msg("Provider exists")

 		// Check if the oauth email is whitelisted
-		if !hooks.Auth.EmailWhitelisted(cookie.Username) {
-			log.Error().Str("email", cookie.Username).Msg("Email is not whitelisted")
+		if !hooks.Auth.EmailWhitelisted(cookie.Email) {
+			log.Error().Str("email", cookie.Email).Msg("Email is not whitelisted")

 			// It isn't so we delete the cookie and return an empty context
 			hooks.Auth.DeleteSessionCookie(c)
--- a/internal/providers/github.go
+++ b/internal/providers/github.go
@@ -103,6 +103,7 @@ func GetGithubUser(client *http.Client) (constants.Claims, error) {
 	for _, email := range emails {
 		if email.Primary {
 			// Set the email then exit
+			log.Debug().Str("email", email.Email).Msg("Found primary email")
 			user.Email = email.Email
 			break
 		}
@@ -115,6 +116,7 @@ func GetGithubUser(client *http.Client) (constants.Claims, error) {

 	// Set the email if it is not set picking the first one
 	if user.Email == "" {
+		log.Warn().Str("email", emails[0].Email).Msg("No primary email found, using first email")
 		user.Email = emails[0].Email
 	}