feat(auth): Implemented google and rds based authentication for todo-app [skip tests] (#81)

* feat(auth): Integrated RDS Auth

* feat(auth): Integrated RDS Auth

* fix: env.example

* refactor: changes based on ai pr review

* feat(auth): Implemented google authentication for todo-app

* resolved pr comments

* resolved pr comments

* resolved bot comments

* removed exceptions from views file

* refactored auth views

* refactored unused field

* resolved review comments and added status code to api responses

* resolved pr comments

* resolved pr comments

Author: VaibhavSingh8

.env.example

@@ -2,4 +2,10 @@ ENV='DEVELOPMENT'
 SECRET_KEY='unique-secret'
 ALLOWED_HOSTS='localhost,127.0.0.1'
 MONGODB_URI='mongodb://localhost:27017'
-DB_NAME='todo-app'
+DB_NAME='db-name'
+RDS_BACKEND_BASE_URL='http://localhost:3000'
+RDS_PUBLIC_KEY="public-key-here"
+GOOGLE_OAUTH_CLIENT_ID="google-client-id"
+GOOGLE_OAUTH_CLIENT_SECRET="client-secret"
+GOOGLE_OAUTH_REDIRECT_URI="environment-url/auth/google/callback"
+GOOGLE_JWT_SECRET_KEY=generate-secret-key

.github/workflows/test.yml

@@ -7,6 +7,7 @@ on:
 jobs:
   build:
     runs-on: ubuntu-latest
+    if: ${{ !contains(github.event.pull_request.title, '[skip tests]') }}
 
     steps:
       - name: Checkout code
@@ -15,7 +16,7 @@ jobs:
       - name: Set up Python
         uses: actions/setup-python@v5
         with:
-          python-version: '3.11.*'
+          python-version: "3.11.*"
 
       - name: Install dependencies
         run: |

pyproject.toml

@@ -46,6 +46,9 @@ ignore = []
 fixable = ["ALL"]
 unfixable = []
 
+[tool.ruff.lint.per-file-ignores]
+"todo_project/settings/*.py" = ["F403", "F405"]
+
 [tool.ruff.format]
 # Like Black, use double quotes for strings.
 quote-style = "double"

requirements.txt

@@ -20,4 +20,9 @@ ruff==0.7.1
 sqlparse==0.5.1
 typing_extensions==4.12.2
 virtualenv==20.27.0
+django-cors-headers==4.7.0
+cryptography==45.0.3
+PyJWT==2.10.1
+requests==2.32.3
+email-validator==2.2.0
 testcontainers[mongodb]==4.10.0

todo/constants/messages.py

@@ -1,12 +1,18 @@
 # Application Messages
 class AppMessages:
     TASK_CREATED = "Task created successfully"
+    GOOGLE_LOGIN_SUCCESS = "Successfully logged in with Google"
+    GOOGLE_LOGOUT_SUCCESS = "Successfully logged out"
+    TOKEN_REFRESHED = "Access token refreshed successfully"
 
 
 # Repository error messages
 class RepositoryErrors:
     TASK_CREATION_FAILED = "Failed to create task: {0}"
     DB_INIT_FAILED = "Failed to initialize database: {0}"
+    USER_NOT_FOUND = "User not found: {0}"
+    USER_OPERATION_FAILED = "User operation failed"
+    USER_CREATE_UPDATE_FAILED = "User create/update failed: {0}"
 
 
 # API error messages
@@ -23,6 +29,17 @@ class ApiErrors:
     TASK_NOT_FOUND = "Task with ID {0} not found."
     TASK_NOT_FOUND_GENERIC = "Task not found."
     RESOURCE_NOT_FOUND_TITLE = "Resource Not Found"
+    GOOGLE_AUTH_FAILED = "Google authentication failed"
+    GOOGLE_API_ERROR = "Google API error"
+    INVALID_AUTH_CODE = "Invalid authorization code"
+    TOKEN_EXCHANGE_FAILED = "Failed to exchange authorization code"
+    MISSING_USER_INFO_FIELDS = "Missing user info fields: {0}"
+    USER_INFO_FETCH_FAILED = "Failed to get user info: {0}"
+    OAUTH_INITIALIZATION_FAILED = "OAuth initialization failed: {0}"
+    AUTHENTICATION_FAILED = "Authentication failed: {0}"
+    INVALID_STATE_PARAMETER = "Invalid state parameter"
+    TOKEN_REFRESH_FAILED = "Token refresh failed: {0}"
+    LOGOUT_FAILED = "Logout failed: {0}"
 
 
 # Validation error messages
@@ -37,3 +54,22 @@ class ValidationErrors:
     INVALID_TASK_ID_FORMAT = "Please enter a valid Task ID format."
     FUTURE_STARTED_AT = "The start date cannot be set in the future."
     INVALID_LABELS_STRUCTURE = "Labels must be provided as a list or tuple of ObjectId strings."
+    MISSING_GOOGLE_ID = "Google ID is required"
+    MISSING_EMAIL = "Email is required"
+    MISSING_NAME = "Name is required"
+
+
+# Auth messages
+class AuthErrorMessages:
+    TOKEN_MISSING = "Authentication token is required"
+    TOKEN_EXPIRED = "Authentication token has expired"
+    TOKEN_INVALID = "Invalid authentication token"
+    AUTHENTICATION_REQUIRED = "Authentication required"
+    TOKEN_EXPIRED_TITLE = "Token Expired"
+    INVALID_TOKEN_TITLE = "Invalid Token"
+    GOOGLE_TOKEN_EXPIRED = "Google access token has expired"
+    GOOGLE_REFRESH_TOKEN_EXPIRED = "Google refresh token has expired, please login again"
+    GOOGLE_TOKEN_INVALID = "Invalid Google token"
+    MISSING_REQUIRED_PARAMETER = "Missing required parameter: {0}"
+    NO_ACCESS_TOKEN = "No access token"
+    NO_REFRESH_TOKEN = "No refresh token found"

todo/dto/responses/error_response.py

@@ -20,3 +20,4 @@ class ApiErrorResponse(BaseModel):
     statusCode: int
     message: str
     errors: List[ApiErrorDetail]
+    authenticated: bool | None = None

todo/exceptions/auth_exceptions.py

@@ -0,0 +1,19 @@
+from todo.constants.messages import AuthErrorMessages
+
+
+class TokenMissingError(Exception):
+    def __init__(self, message: str = AuthErrorMessages.TOKEN_MISSING):
+        self.message = message
+        super().__init__(self.message)
+
+
+class TokenExpiredError(Exception):
+    def __init__(self, message: str = AuthErrorMessages.TOKEN_EXPIRED):
+        self.message = message
+        super().__init__(self.message)
+
+
+class TokenInvalidError(Exception):
+    def __init__(self, message: str = AuthErrorMessages.TOKEN_INVALID):
+        self.message = message
+        super().__init__(self.message)

todo/exceptions/exception_handler.py

@@ -8,8 +8,18 @@
 from bson.errors import InvalidId as BsonInvalidId
 
 from todo.dto.responses.error_response import ApiErrorDetail, ApiErrorResponse, ApiErrorSource
-from todo.constants.messages import ApiErrors, ValidationErrors
+from todo.constants.messages import ApiErrors, ValidationErrors, AuthErrorMessages
 from todo.exceptions.task_exceptions import TaskNotFoundException
+from .auth_exceptions import TokenExpiredError, TokenMissingError, TokenInvalidError
+from .google_auth_exceptions import (
+    GoogleAuthException,
+    GoogleTokenExpiredError,
+    GoogleTokenInvalidError,
+    GoogleRefreshTokenExpiredError,
+    GoogleAPIException,
+    GoogleUserNotFoundException,
+    GoogleTokenMissingError
+)
 
 
 def format_validation_errors(errors) -> List[ApiErrorDetail]:
@@ -37,22 +47,144 @@ def handle_exception(exc, context):
 
     error_list = []
     status_code = status.HTTP_500_INTERNAL_SERVER_ERROR
-    determined_message = ApiErrors.UNEXPECTED_ERROR_OCCURRED
 
-    if isinstance(exc, TaskNotFoundException):
+    if isinstance(exc, TokenExpiredError):
+        status_code = status.HTTP_401_UNAUTHORIZED
+        error_list.append(
+            ApiErrorDetail(
+                source={ApiErrorSource.HEADER: "Authorization"},
+                title=AuthErrorMessages.TOKEN_EXPIRED_TITLE,
+                detail=str(exc),
+            )
+        )
+    elif isinstance(exc, TokenMissingError):
+        status_code = status.HTTP_401_UNAUTHORIZED
+        error_list.append(
+            ApiErrorDetail(
+                source={ApiErrorSource.HEADER: "Authorization"},
+                title=AuthErrorMessages.AUTHENTICATION_REQUIRED,
+                detail=str(exc),
+            )
+        )
+        final_response_data = ApiErrorResponse(
+            statusCode=status_code,
+            message=str(exc) if not error_list else error_list[0].detail,
+            errors=error_list,
+            authenticated=False,
+        )
+        return Response(data=final_response_data.model_dump(mode="json", exclude_none=True), status=status_code)
+    elif isinstance(exc, TokenInvalidError):
+        status_code = status.HTTP_401_UNAUTHORIZED
+        error_list.append(
+            ApiErrorDetail(
+                source={ApiErrorSource.HEADER: "Authorization"},
+                title=AuthErrorMessages.INVALID_TOKEN_TITLE,
+                detail=str(exc),
+            )
+        )
+        final_response_data = ApiErrorResponse(
+            statusCode=status_code,
+            message=str(exc) if not error_list else error_list[0].detail,
+            errors=error_list,
+            authenticated=False,
+        )
+        return Response(data=final_response_data.model_dump(mode="json", exclude_none=True), status=status_code)
+    
+    elif isinstance(exc, GoogleTokenMissingError):
+        status_code = status.HTTP_401_UNAUTHORIZED
+        error_list.append(
+            ApiErrorDetail(
+                source={ApiErrorSource.HEADER: "Authorization"},
+                title=AuthErrorMessages.AUTHENTICATION_REQUIRED,
+                detail=str(exc),
+            )
+        )
+        final_response_data = ApiErrorResponse(
+            statusCode=status_code,
+            message=str(exc) if not error_list else error_list[0].detail,
+            errors=error_list,
+            authenticated=False,
+        )
+        return Response(data=final_response_data.model_dump(mode="json", exclude_none=True), status=status_code)
+    elif isinstance(exc, GoogleTokenExpiredError):
+        status_code = status.HTTP_401_UNAUTHORIZED
+        error_list.append(
+            ApiErrorDetail(
+                source={ApiErrorSource.HEADER: "Authorization"},
+                title=AuthErrorMessages.TOKEN_EXPIRED_TITLE,
+                detail=str(exc),
+            )
+        )
+        final_response_data = ApiErrorResponse(
+            statusCode=status_code,
+            message=str(exc) if not error_list else error_list[0].detail,
+            errors=error_list,
+            authenticated=False,
+        )
+        return Response(data=final_response_data.model_dump(mode="json", exclude_none=True), status=status_code)
+    elif isinstance(exc, GoogleTokenInvalidError):
+        status_code = status.HTTP_401_UNAUTHORIZED
+        error_list.append(
+            ApiErrorDetail(
+                source={ApiErrorSource.HEADER: "Authorization"},
+                title=AuthErrorMessages.INVALID_TOKEN_TITLE,
+                detail=str(exc),
+            )
+        )
+        final_response_data = ApiErrorResponse(
+            statusCode=status_code,
+            message=str(exc) if not error_list else error_list[0].detail,
+            errors=error_list,
+            authenticated=False,
+        )
+        return Response(data=final_response_data.model_dump(mode="json", exclude_none=True), status=status_code)
+    elif isinstance(exc, GoogleRefreshTokenExpiredError):
+        status_code = status.HTTP_403_FORBIDDEN
+        error_list.append(
+            ApiErrorDetail(
+                source={ApiErrorSource.HEADER: "Authorization"},
+                title=AuthErrorMessages.TOKEN_EXPIRED_TITLE,
+                detail=str(exc),
+            )
+        )
+    elif isinstance(exc, GoogleAuthException):
+        status_code = status.HTTP_400_BAD_REQUEST
+        error_list.append(
+            ApiErrorDetail(
+                source={ApiErrorSource.PARAMETER: "google_auth"},
+                title=ApiErrors.GOOGLE_AUTH_FAILED,
+                detail=str(exc),
+            )
+        )
+    elif isinstance(exc, GoogleAPIException):
+        status_code = status.HTTP_500_INTERNAL_SERVER_ERROR
+        error_list.append(
+            ApiErrorDetail(
+                source={ApiErrorSource.PARAMETER: "google_api"},
+                title=ApiErrors.GOOGLE_API_ERROR,
+                detail=str(exc),
+            )
+        )
+    elif isinstance(exc, GoogleUserNotFoundException):
+        status_code = status.HTTP_404_NOT_FOUND
+        error_list.append(
+            ApiErrorDetail(
+                source={ApiErrorSource.PARAMETER: "user_id"},
+                title=ApiErrors.RESOURCE_NOT_FOUND_TITLE,
+                detail=str(exc),
+            )
+        )
+    elif isinstance(exc, TaskNotFoundException):
         status_code = status.HTTP_404_NOT_FOUND
-        detail_message_str = str(exc)
-        determined_message = detail_message_str
         error_list.append(
             ApiErrorDetail(
                 source={ApiErrorSource.PATH: "task_id"} if task_id else None,
                 title=ApiErrors.RESOURCE_NOT_FOUND_TITLE,
-                detail=detail_message_str,
+                detail=str(exc),
             )
         )
     elif isinstance(exc, BsonInvalidId):
         status_code = status.HTTP_400_BAD_REQUEST
-        determined_message = ValidationErrors.INVALID_TASK_ID_FORMAT
         error_list.append(
             ApiErrorDetail(
                 source={ApiErrorSource.PATH: "task_id"} if task_id else None,
@@ -67,7 +199,6 @@ def handle_exception(exc, context):
         and (exc.args[0] == ValidationErrors.INVALID_TASK_ID_FORMAT or exc.args[0] == "Invalid ObjectId format")
     ):
         status_code = status.HTTP_400_BAD_REQUEST
-        determined_message = ValidationErrors.INVALID_TASK_ID_FORMAT
         error_list.append(
             ApiErrorDetail(
                 source={ApiErrorSource.PATH: "task_id"} if task_id else None,
@@ -84,7 +215,6 @@ def handle_exception(exc, context):
         )
     elif isinstance(exc, DRFValidationError):
         status_code = status.HTTP_400_BAD_REQUEST
-        determined_message = "Invalid request"
         error_list = format_validation_errors(exc.detail)
         if not error_list and exc.detail:
             error_list.append(ApiErrorDetail(detail=str(exc.detail), title=ApiErrors.VALIDATION_ERROR))
@@ -94,35 +224,32 @@ def handle_exception(exc, context):
             status_code = response.status_code
             if isinstance(response.data, dict) and "detail" in response.data:
                 detail_str = str(response.data["detail"])
-                determined_message = detail_str
                 error_list.append(ApiErrorDetail(detail=detail_str, title=detail_str))
             elif isinstance(response.data, list):
                 for item_error in response.data:
-                    error_list.append(ApiErrorDetail(detail=str(item_error), title=determined_message))
+                    error_list.append(ApiErrorDetail(detail=str(item_error), title=str(exc)))
             else:
                 error_list.append(
                     ApiErrorDetail(
                         detail=str(response.data) if settings.DEBUG else ApiErrors.INTERNAL_SERVER_ERROR,
-                        title=determined_message,
+                        title=str(exc),
                     )
                 )
         else:
             error_list.append(
-                ApiErrorDetail(
-                    detail=str(exc) if settings.DEBUG else ApiErrors.INTERNAL_SERVER_ERROR, title=determined_message
-                )
+                ApiErrorDetail(detail=str(exc) if settings.DEBUG else ApiErrors.INTERNAL_SERVER_ERROR, title=str(exc))
             )
 
     if not error_list and not (
         isinstance(exc, ValueError) and hasattr(exc, "args") and exc.args and isinstance(exc.args[0], ApiErrorResponse)
     ):
         default_detail_str = str(exc) if settings.DEBUG else ApiErrors.INTERNAL_SERVER_ERROR
 
-        error_list.append(ApiErrorDetail(detail=default_detail_str, title=determined_message))
+        error_list.append(ApiErrorDetail(detail=default_detail_str, title=str(exc)))
 
     final_response_data = ApiErrorResponse(
         statusCode=status_code,
-        message=determined_message,
+        message=str(exc) if not error_list else error_list[0].detail,
         errors=error_list,
     )
     return Response(data=final_response_data.model_dump(mode="json", exclude_none=True), status=status_code)