Google OAuth: missing email array validation

[Nixxx19]

p5.js version

No response

What is your operating system?

None

Web browser and version

No response

Actual Behavior

Google strategy accesses profile._json.emails[0] without checking that emails exists and has length. If Google does not return emails, this throws TypeError: Cannot read property '0' of undefined and crashes the OAuth flow.

Location: server/config/passport.js Google Strategy, lines 244, 261, 265

Expected Behavior

Before using profile._json.emails[0], code should verify profile._json?.emails exists and has at least one element. If not, call done(null, false, { msg: '...' }) instead of throwing.

Steps to reproduce

1. Use (or mock) a Google OAuth profile that has no emails or empty emails array.
2. Complete Google sign-in so the strategy callback runs.
3. Observe unhandled TypeError and OAuth failure instead of a user-friendly message.

Snippet:

// passport.js - Google strategy
const existingUser = await User.findOne({
  google: profile._json.emails[0].value  // crashes if emails undefined
}).exec();
// ...
const primaryEmail = profile._json.emails[0].value;
// ...
req.user.google = profile._json.emails[0].value;

[Nixxx19]

Hi @raclim!
I'd love to work on this issue and submit the fix for it. I'll add a guard for profile._json.emails (exists and length > 0) and call done(null, false, { msg }) when email is missing so the OAuth flow fails gracefully.