added google auth and its tests

Author: byt3quester

config/custom-environment-variables.js

@@ -37,6 +37,11 @@ module.exports = {
     clientSecret: "GITHUB_CLIENT_SECRET",
   },
 
+  googleOauth: {
+    clientId: "GOOGLE_CLIENT_ID",
+    clientSecret: "GOOGLE_CLIENT_SECRET",
+  },
+
   githubAccessToken: "GITHUB_PERSONAL_ACCESS_TOKEN",
 
   firestore: "FIRESTORE_CONFIG",

config/default.js

@@ -32,6 +32,11 @@ module.exports = {
     clientSecret: "<clientSecret>",
   },
 
+  googleOauth: {
+    clientId: "<clientId>",
+    clientSecret: "<clientSecret>",
+  },
+
   emailServiceConfig: {
     email: "<RDS_EMAIL>",
     password: "<EMAIL PASSWORD GENERATED AFTER 2FA>",

controllers/auth.js

@@ -9,6 +9,83 @@ const {
   USER_DOES_NOT_EXIST_ERROR,
 } = require("../constants/errorMessages");
 
+const googleAuthLogin = (req, res, next) => {
+  const { redirectURL } = req.query;
+  return passport.authenticate("google", {
+    scope: ["email"],
+    state: redirectURL,
+  })(req, res, next);
+};
+
+const googleAuthCallback = (req, res, next) => {
+  const rdsUiUrl = new URL(config.get("services.rdsUi.baseUrl"));
+  let authRedirectionUrl = rdsUiUrl;
+
+  if ("state" in req.query) {
+    try {
+      const redirectUrl = new URL(req.query.state);
+
+      if (`.${redirectUrl.hostname}`.endsWith(`.${rdsUiUrl.hostname}`)) {
+        // Matching *.realdevsquad.com
+        authRedirectionUrl = redirectUrl;
+        // console.log("redirect url is", authRedirectionUrl);
+        // devMode = Boolean(redirectUrl.searchParams.get("dev"));
+      } else {
+        logger.error(`Malicious redirect URL provided URL: ${redirectUrl}, Will redirect to RDS`);
+      }
+    } catch (error) {
+      logger.error("Invalid redirect URL provided", error);
+    }
+  }
+  try {
+    return passport.authenticate("google", { session: false }, async (err, accessToken, user) => {
+      if (err) {
+        logger.error(err);
+        return res.boom.unauthorized("User cannot be authenticated");
+      }
+      // console.log("user", user);
+      const userData = {
+        email: user.emails[0].value,
+        created_at: Date.now(),
+        updated_at: null,
+      };
+      // console.log("userData", userData);
+
+      const userDataFromDB = await users.fetchUser({ email: userData.email });
+      // console.log("userDataFromDB", userDataFromDB);
+
+      if (userDataFromDB.userExists) {
+        if (userDataFromDB.user.roles.developer === true) {
+          // console.log("hi");
+          return res.boom.unauthorized("User is not allowed to login via Google");
+        }
+      }
+
+      const { userId, incompleteUserDetails } = await users.addOrUpdate(userData);
+      // console.log(role);
+
+      const token = authService.generateAuthToken({ userId });
+
+      const cookieOptions = {
+        domain: rdsUiUrl.hostname,
+        expires: new Date(Date.now() + config.get("userToken.ttl") * 1000),
+        httpOnly: true,
+        secure: true,
+        sameSite: "lax",
+      };
+
+      res.cookie(config.get("userToken.cookieName"), token, cookieOptions);
+
+      if (incompleteUserDetails) authRedirectionUrl = "https://my.realdevsquad.com/new-signup";
+
+      return res.redirect(authRedirectionUrl);
+    })(req, res, next);
+  } catch (err) {
+    logger.error(err);
+    return res.boom.unauthorized("User cannot be authenticated");
+  }
+};
+
 /**
  * Makes authentication call to GitHub statergy
  *
@@ -56,7 +133,6 @@ const githubAuthCallback = (req, res, next) => {
       }
 
       if (redirectUrl.searchParams.get("v2") === "true") isV2FlagPresent = true;
-
       if (`.${redirectUrl.hostname}`.endsWith(`.${rdsUiUrl.hostname}`)) {
         // Matching *.realdevsquad.com
         authRedirectionUrl = redirectUrl;
@@ -74,14 +150,38 @@ const githubAuthCallback = (req, res, next) => {
         logger.error(err);
         return res.boom.unauthorized("User cannot be authenticated");
       }
+      // console.log(accessToken);
+      // console.log("user", user);
       userData = {
         github_id: user.username,
         github_display_name: user.displayName,
+        email: user._json.email,
         github_created_at: Number(new Date(user._json.created_at).getTime()),
         github_user_id: user.id,
         created_at: Date.now(),
         updated_at: null,
       };
+      // console.log(userData);
+
+      if (userData.email === null) {
+        const res = await fetch("https://api.github.com/user/emails", {
+          headers: {
+            Authorization: `token ${accessToken}`,
+          },
+        });
+        const emails = await res.json();
+        // console.log("emails", emails);
+        const primaryEmails = emails.filter((item) => item.primary);
+        // console.log("primaryEmails", primaryEmails);
+
+        // Get the first primary email, if it exists
+        if (primaryEmails.length > 0) {
+          userData.email = primaryEmails[0].email;
+        } else {
+          userData.email = null;
+          // console.log("userData.email", userData.email);
+        }
+      }
 
       const { userId, incompleteUserDetails, role } = await users.addOrUpdate(userData);
 
@@ -232,6 +332,8 @@ const fetchDeviceDetails = async (req, res) => {
 module.exports = {
   githubAuthLogin,
   githubAuthCallback,
+  googleAuthLogin,
+  googleAuthCallback,
   signout,
   storeUserDeviceInfo,
   updateAuthStatus,

middlewares/passport.js

@@ -1,5 +1,6 @@
 const passport = require("passport");
 const GitHubStrategy = require("passport-github2").Strategy;
+const GoogleStrategy = require("passport-google-oauth20").Strategy;
 
 try {
   passport.use(
@@ -14,6 +15,18 @@ try {
       }
     )
   );
+  passport.use(
+    new GoogleStrategy(
+      {
+        clientID: config.get("googleOauth.clientId"),
+        clientSecret: config.get("googleOauth.clientSecret"),
+        callbackURL: `${config.get("services.rdsApi.baseUrl")}/auth/google/callback`,
+      },
+      (accessToken, refreshToken, profile, done) => {
+        return done(null, accessToken, profile);
+      }
+    )
+  );
 } catch (err) {
   logger.error("Error initialising passport:", err);
 }

models/users.js

@@ -37,6 +37,8 @@ const { addLog } = require("../services/logService");
 const addOrUpdate = async (userData, userId = null) => {
   try {
     // userId exists Update user
+    // console.log("userData entry", userData, userId);
+    // console.log("0");
     if (userId !== null) {
       const user = await userModel.doc(userId).get();
       const isNewUser = !user.data();
@@ -63,13 +65,40 @@ const addOrUpdate = async (userData, userId = null) => {
     }
 
     // userId is null, Add or Update user
-    let user;
+    let user = null;
+
     if (userData.github_user_id) {
       user = await userModel.where("github_user_id", "==", userData.github_user_id).limit(1).get();
+      // console.log("github_user_id query result:", user.size); // Log the result size
     }
-    if (!user || (user && user.empty)) {
+
+    if (userData.github_id && (!user || (user && user.empty))) {
       user = await userModel.where("github_id", "==", userData.github_id).limit(1).get();
+      // console.log("github_id query result:", user.size); // Log the result size
     }
+
+    if ((!user || (user && user.empty)) && userData.email) {
+      // console.log("Checking email of the users, please check email for the user");
+      user = await userModel.where("email", "==", userData.email).limit(1).get();
+      // console.log("email query result:", user.size, user.empty); // Log the result size
+    }
+
+    // if (userData.github_user_id) {
+    //   user = await userModel.where("github_user_id", "==", userData.github_user_id).limit(1).get();
+    // }
+    // if (!user && userData.github_id) {
+    //   user = await userModel.where("github_id", "==", userData.github_id).limit(1).get();
+    // }
+
+    // if (!user && userData.email) {
+    //   console.log("checkingemail of the users please check email for the user");
+    //   user = await userModel.where("email", "==", userData.email).limit(1).get();
+    // }
+
+    // if (user && user.empty) {
+    //   user = null;
+    // }
+    // console.log("2");
     if (user && !user.empty && user.docs !== null) {
       await userModel.doc(user.docs[0].id).set({ ...userData, updated_at: Date.now() }, { merge: true });
 
@@ -87,9 +116,10 @@ const addOrUpdate = async (userData, userId = null) => {
         incompleteUserDetails: user.docs[0].data().incompleteUserDetails,
         updated_at: Date.now(),
         role: Object.values(AUTHORITIES).find((role) => data.roles[role]) || AUTHORITIES.USER,
+        roles: data.roles,
       };
     }
-
+    // console.log("3");
     // Add new user
     /*
        Adding default archived role enables us to query for only
@@ -98,7 +128,9 @@ const addOrUpdate = async (userData, userId = null) => {
      */
     userData.roles = { archived: false, in_discord: false };
     userData.incompleteUserDetails = true;
+    // console.log("userData last mein", userData);
     const userInfo = await userModel.add(userData);
+    // console.log("4");
     return {
       isNewUser: true,
       role: AUTHORITIES.USER,
@@ -309,7 +341,7 @@ const fetchUsers = async (usernames = []) => {
  * @param { Object }: Object with username and userId, any of the two can be used
  * @return {Promise<{userExists: boolean, user: <userModel>}|{userExists: boolean, user: <userModel>}>}
  */
-const fetchUser = async ({ userId = null, username = null, githubUsername = null, discordId = null }) => {
+const fetchUser = async ({ userId = null, username = null, githubUsername = null, discordId = null, email = null }) => {
   try {
     let userData, id;
     if (username) {
@@ -334,6 +366,13 @@ const fetchUser = async ({ userId = null, username = null, githubUsername = null
         id = doc.id;
         userData = doc.data();
       });
+    } else if (email) {
+      const user = await userModel.where("email", "==", email).limit(1).get();
+      // console.log("hihiijfoiafoieuiofeuofueoiurioeajoeifeoiuroie");
+      user.forEach((doc) => {
+        id = doc.id;
+        userData = doc.data();
+      });
     }
 
     if (userData && userData.disabled_roles !== undefined) {

package.json

@@ -40,6 +40,7 @@
     "nodemailer-mock": "^2.0.6",
     "passport": "0.7.0",
     "passport-github2": "0.1.12",
+    "passport-google-oauth20": "^2.0.0",
     "rate-limiter-flexible": "5.0.3",
     "winston": "3.13.0"
   },

routes/auth.ts

@@ -9,6 +9,10 @@ router.get("/github/login", auth.githubAuthLogin);
 
 router.get("/github/callback", auth.githubAuthCallback);
 
+router.get("/google/login", auth.googleAuthLogin);
+
+router.get("/google/callback", auth.googleAuthCallback);
+
 router.get("/signout", auth.signout);
 
 router.get("/qr-code-auth", userDeviceInfoValidator.validateFetchingUserDocument, auth.fetchUserDeviceInfo);

test/config/test.js

@@ -30,6 +30,10 @@ module.exports = {
     identity_store_id: "test-identity-store-id",
   },
 
+  googleOauth: {
+    clientId: "cliendId",
+    clientSecret: "clientSecret",
+  },
   firestore: `{
     "type": "service_account",
     "project_id": "test-project-id-for-emulator",

test/fixtures/auth/githubUserInfo.js

@@ -43,7 +43,7 @@ module.exports = () => {
         company: null,
         blog: "",
         location: null,
-        email: null,
+        email: "[email protected]",
         hireable: null,
         bio: null,
         twitter_username: null,

test/fixtures/auth/googleUserInfo.js

@@ -0,0 +1,43 @@
+/**
+ * User info for Google auth response
+ * Multiple responses can be added to the array if required
+ *
+ * @return {Object}
+ */
+module.exports = () => {
+  return [
+    {
+      id: "1234567890",
+      displayName: "Google User",
+      emails: [{ value: "[email protected]", verified: true }],
+      photos: [
+        {
+          value: "https://lh3.googleusercontent.com/a-/test",
+        },
+      ],
+      provider: "google",
+      _raw: `{
+          '"sub": "1234567890",\n' +
+          '"picture": "https://lh3.googleusercontent.com/a-/test",\n' +
+          '"email": "[email protected]",\n' +
+          '"email_verified": true\n' +
+        }`,
+      _json: {
+        sub: "1234567890",
+        picture: "https://lh3.googleusercontent.com/a-/test",
+        email: "[email protected]",
+        email_verified: true,
+      },
+    },
+    {
+      email: "[email protected]",
+      roles: {
+        in_discord: true,
+        archived: false,
+      },
+      incompleteUserDetails: false,
+      updated_at: Date.now(),
+      created_at: Date.now(),
+    },
+  ];
+};