Skip to content

Google auth implemented #13

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Surfskills wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Google auth implemented #13

Surfskills wants to merge 2 commits into from

Conversation

@Surfskills
Copy link
Collaborator

@Surfskills Surfskills commented Jun 5, 2024
edited
Loading

tested2

Title: Implement Google Social Authentication

Description:

This pull request adds support for Google social authentication to our application. The following changes have been made:

  1. Installed Required Packages:

    • Added google-auth and google-auth-oauthlib to the project dependencies.

  2. Configured Google Client ID:

    • Added a new environment variable GOOGLE_CLIENT_ID to store the Google OAuth client ID.
    • Loaded the GOOGLE_CLIENT_ID in settings.py.

  3. Created Google Authentication Utility:

    • Added a utility function validate_google_token to validate Google OAuth tokens using google.auth.transport.requests and google.oauth2.id_token.

  4. Updated User Model and Manager:

    • Ensured the auth_provider field has a default value for new users.

  5. Added Google Social Auth View:

    • Created GoogleSocialAuthView in the google_auth app to handle the authentication process.
    • The view validates the token, extracts user information, and handles user registration or authentication.

  6. Updated URLs:

    • Added a new endpoint for Google social authentication in urls.py.

  7. Debugging and Error Handling:

    • Added appropriate error handling for token validation and user authentication.
    • Included print statements for debugging (to be removed or replaced with proper logging in the future).

Testing:

  • Tested the Google social authentication flow locally using Postman and verified that users can log in with their Google accounts.
  • Checked the creation of new user accounts with Google login and verified authentication for existing users.

github-advanced-security[bot]
github-advanced-security bot found potential problems Jun 5, 2024
View reviewed changes
google_auth/google.py Outdated
try:
# Allow a small clock skew of 2 seconds
idinfo = id_token.verify_oauth2_token(auth_token, requests.Request(), clock_skew_in_seconds=5)
if 'accounts.google.com' in idinfo['iss']:

Check failure

Code scanning / CodeQL

Incomplete URL substring sanitization

The string [accounts.google.com](1) may be at an arbitrary position in the sanitized URL.
Copy link
Collaborator

@Samsonroyal Samsonroyal Jun 7, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Surfskills please address this; It's flagged as a high security risk; ensure sanitized URLs throughout the code.

@bright2kwame
Copy link
Member

bright2kwame commented Jun 6, 2024

@Surfskills can we get this resolved quickly ??

@Surfskills
Copy link
Collaborator Author

Surfskills commented Jun 6, 2024

@bright2kwame resolved

bright2kwame
bright2kwame approved these changes Jun 6, 2024
View reviewed changes
google_auth/register.py
filtered_user_by_email = User.objects.filter(email=email)

if filtered_user_by_email.exists():
print(f"User with email {email} exists.")
Copy link
Member

@bright2kwame bright2kwame Jun 5, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's ensure we remove prints in production but aside that I think we are good

google_auth/views.py
POST with "auth_token"
Send an idtoken as from google to get user information
"""
print('Request data:', request.data)
Copy link
Member

@bright2kwame bright2kwame Jun 5, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also let take this out as well for production

@Samsonroyal Samsonroyal mentioned this pull request Jun 7, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Samsonroyal Samsonroyal Samsonroyal left review comments

@bright2kwame bright2kwame bright2kwame approved these changes

@ikeecode ikeecode ikeecode approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@Surfskills @bright2kwame @Samsonroyal @ikeecode