Issue:

Fixes #3907

The Google OAuth strategy was accessing profile._json.emails[0].value without validating that the emails array exists or has any elements. This caused a TypeError: Cannot read property '0' of undefined crash when Google OAuth profiles didn't include email addresses, breaking the authentication flow.

Changes:

Added email validation helper function:

• Created getGooglePrimaryEmail() helper function that safely extracts the primary email from Google OAuth profile
• Validates that emails array exists, is an array, and has at least one element
• Uses optional chaining for safe property access
• Trims whitespace from email addresses
• Returns null for missing or invalid emails

Updated Google OAuth strategy callback:

• Added validation at the start of the callback to check for email availability
• Returns user-friendly error message when emails are missing: "Unable to retrieve email from Google account. Please ensure your Google account has an email address and try again."
• Replaced all 6 unsafe profile._json.emails[0].value accesses with the validated primaryEmail variable
• Prevents crashes and provides graceful error handling

Files changed:

• server/config/passport.js: Added email validation helper and updated Google strategy

I have verified that this pull request:

• has no linting errors (npm run lint)
• has no test errors (npm run test)
• has no typecheck errors (npm run typecheck)
• is from a uniquely-named feature branch and is up to date with the develop branch.
• is descriptively named and links to an issue number, i.e. Fixes #3907
• meets the standards outlined in the accessibility guidelines