fix(proxy): remove dead email fallback and add fetch timeout in token identity resolver

GitHub's GET /user only returns email if the user has explicitly made it
public — effectively never. Remove the if (identity.email) branch and
the email field from ScmUserInfo to avoid the misleading implication
that an email fallback exists.

Add AbortSignal.timeout(5000) to the GitHub API fetch to prevent the
push chain from hanging if the API is slow or unreachable.

Author: coopernetes

src/proxy/processors/push-action/resolveUserFromToken.ts

@@ -88,9 +88,7 @@ async function exec(req: Request, action: Action): Promise<Action> {
       return action;
     }
 
-    step.log(
-      `${provider.name}: resolved SCM identity from token: ${identity.login} (${identity.email ?? 'no public email'})`,
-    );
+    step.log(`${provider.name}: resolved SCM identity from token: ${identity.login}`);
 
     const user = await findUserByGitAccount(identity.login);
     if (user) {
@@ -107,9 +105,6 @@ async function exec(req: Request, action: Action): Promise<Action> {
           `Users can associate their account via PUT /api/v1/user/:username/git-account`,
       );
       action.user = identity.login;
-      if (identity.email) {
-        action.userEmail = identity.email;
-      }
     }
   } catch (error: unknown) {
     const msg = getErrorMessage(error);

src/proxy/processors/push-action/tokenIdentity.ts

@@ -18,7 +18,6 @@ import crypto from 'crypto';
 
 export type ScmUserInfo = {
   login: string;
-  email?: string;
 };
 
 type CacheEntry = { username: string; provider: string; cachedAt: number };
@@ -68,8 +67,6 @@ export interface TokenIdentityProvider {
 
 type GitHubUserResponse = {
   login: string;
-  id: number;
-  email: string | null;
 };
 
 export class GitHubTokenIdentityProvider implements TokenIdentityProvider {
@@ -86,6 +83,7 @@ export class GitHubTokenIdentityProvider implements TokenIdentityProvider {
           Authorization: `token ${token}`,
           Accept: 'application/vnd.github+json',
         },
+        signal: AbortSignal.timeout(5000),
       });
 
       if (!response.ok) {
@@ -98,7 +96,6 @@ export class GitHubTokenIdentityProvider implements TokenIdentityProvider {
       const user: GitHubUserResponse = await response.json();
       return {
         login: user.login,
-        email: user.email ?? undefined,
       };
     } catch (e) {
       console.warn(`Failed to fetch GitHub identity: ${e}`);

test/processors/resolveUserFromToken.test.ts

@@ -69,34 +69,24 @@ describe('GitHubTokenIdentityProvider', () => {
   });
 
   describe('fetchScmIdentity', () => {
-    it('should return login and email on success', async () => {
+    it('should return login on success', async () => {
       fetchSpy.mockResolvedValueOnce({
         ok: true,
-        json: async () => ({ login: 'octocat', id: 1, email: 'octocat@github.com' }),
+        json: async () => ({ login: 'octocat' }),
       } as Response);
 
       const result = await provider.fetchScmIdentity('ghp_token123');
 
-      expect(result).toEqual({ login: 'octocat', email: 'octocat@github.com' });
+      expect(result).toEqual({ login: 'octocat' });
       expect(fetchSpy).toHaveBeenCalledWith('https://api.github.com/user', {
         headers: {
           Authorization: 'token ghp_token123',
           Accept: 'application/vnd.github+json',
         },
+        signal: expect.any(AbortSignal),
       });
     });
 
-    it('should return login with undefined email when GitHub returns null email', async () => {
-      fetchSpy.mockResolvedValueOnce({
-        ok: true,
-        json: async () => ({ login: 'private-user', id: 2, email: null }),
-      } as Response);
-
-      const result = await provider.fetchScmIdentity('ghp_token456');
-
-      expect(result).toEqual({ login: 'private-user', email: undefined });
-    });
-
     it('should return null on non-OK response', async () => {
       fetchSpy.mockResolvedValueOnce({
         ok: false,
@@ -214,7 +204,7 @@ describe('resolveUserFromToken', () => {
   it('should resolve GitHub identity from token and fall back to SCM identity when no DB user', async () => {
     fetchSpy.mockResolvedValueOnce({
       ok: true,
-      json: async () => ({ login: 'octocat', id: 1, email: 'octocat@github.com' }),
+      json: async () => ({ login: 'octocat' }),
     } as Response);
 
     const req = makeRequest();
@@ -223,12 +213,13 @@ describe('resolveUserFromToken', () => {
     const result = await exec(req, action);
 
     expect(result.user).toBe('octocat');
-    expect(result.userEmail).toBe('octocat@github.com');
+    expect(result.userEmail).toBeUndefined();
     expect(fetchSpy).toHaveBeenCalledWith('https://api.github.com/user', {
       headers: {
         Authorization: 'token ghp_testtoken123',
         Accept: 'application/vnd.github+json',
       },
+      signal: expect.any(AbortSignal),
     });
   });
 
@@ -247,7 +238,7 @@ describe('resolveUserFromToken', () => {
 
     fetchSpy.mockResolvedValueOnce({
       ok: true,
-      json: async () => ({ login: 'octocat', id: 1, email: 'octocat@github.com' }),
+      json: async () => ({ login: 'octocat' }),
     } as Response);
 
     const req = makeRequest();
@@ -259,10 +250,10 @@ describe('resolveUserFromToken', () => {
     expect(result.userEmail).toBe('thomas.cooper@example.com');
   });
 
-  it('should handle GitHub identity with null email gracefully', async () => {
+  it('should leave userEmail from parsePush untouched when no gitAccount match', async () => {
     fetchSpy.mockResolvedValueOnce({
       ok: true,
-      json: async () => ({ login: 'octocat', id: 1, email: null }),
+      json: async () => ({ login: 'octocat' }),
     } as Response);
 
     const req = makeRequest();