Facebook emails are verified
authorIlya Zverev <zverik@textual.ru>
Mon, 30 Nov 2015 07:42:07 +0000 (02:42 -0500)
committerTom Hughes <tom@compton.nu>
Mon, 7 Dec 2015 14:23:23 +0000 (14:23 +0000)
Per https://developers.facebook.com/docs/graph-api/reference/user the
offical description of the email field is:

> The person's primary email address listed on their profile. This
> field will not be returned if no valid email address is available

Therefore we can treat the fact that the email is returned as proof
that it has been verified.

app/controllers/user_controller.rb

index fca0e3be7250f9290aa2f5c69136b1ddf152f4ff..6390ff19ed914c731a8f12b1394b397696203822 100644 (file)
@@ -497,7 +497,7 @@ class UserController < ApplicationController
     when "openid"
       email_verified = uid.match(%r{https://www.google.com/accounts/o8/id?(.*)}) ||
                        uid.match(%r{https://me.yahoo.com/(.*)})
-    when "google"
+    when "google", "facebook"
       email_verified = true
     else
       email_verified = false