Merge pull request #7 from pratapaprasanna/feature/addtoken

[Feature] add token and expiration capabilities

Author: pratapaprasanna

README.md

@@ -1,5 +1,5 @@
 ## UseCase
-- Any idea or application a developer wants to develop. He has to put-in efforts to develop an authenticator using which a user signs up to the app. 
+- Any idea or application a developer wants to develop. He has to put-in efforts to develop an authenticator using which a user signs up to the app.
 - Authenticator is just that component which adds user to a db and validates if any request is coming from a person belonging to the application.
 
 In signup you have multiple ways of doing it
@@ -24,28 +24,43 @@ Some other day we want to work on some idea we should be able to use this authen
  - python
  - Kubernetes (Soon once the working prototype is ready)
 
-### ENV setup 
+### ENV setup
  - docker-compose up
 
 Post this start making changes to the code they should be reflected and you should be able to see them running.
 
-### Current-state: 
+### Local Setup
+
+##### Run
+
+ - ```pip install poetry```
+ - ```poetry install```
+ - ```poetry run python authenticator/app.py```
+
+### Current-state:
 In the repo you see signup with google until now. Moving forward we should add the ability to signup with facebook/twitter
 
 ## User Journey
 ### Google login
  - When user wishes to sign-up
 
-![WhatsApp Image 2021-07-28 at 6 44 16 PM](https://user-images.githubusercontent.com/15846947/127329000-12621164-ba6d-4775-bd40-8c9f4395ed59.jpeg)
+![1](https://user-images.githubusercontent.com/15846947/130355612-d9974e00-f6c2-4418-916d-907d9064b9b4.png)
+
 
 - Authorize with gmail/google login
-![2](https://user-images.githubusercontent.com/15846947/127329338-7e20218f-cccb-4059-817a-c27fdce6510d.jpeg)
+![3](https://user-images.githubusercontent.com/15846947/130355624-3777ce21-7ba2-41b4-9c8c-ef922a4a89ef.png)
+
+
+- auth-token generated
+![4](https://user-images.githubusercontent.com/15846947/130355640-57690aa0-199d-4525-90ae-b7ed345dc228.png)
+
+- How auth-requests verification is done
+
+<img width="1407" alt="Screenshot 2021-08-22 at 6 15 28 PM" src="https://user-images.githubusercontent.com/15846947/130355747-96bf023e-cc02-4510-8fd5-129fb97e7aa6.png">
 
-- Acknowledgment that the details are stored
-![3](https://user-images.githubusercontent.com/15846947/127329361-2b7d2e96-4a13-4245-b0db-1c6ead685195.jpeg)
 
 - Behaviour post logging out from google/gmail or from the session
- cannot show logging out from gmail for personal reasons obviously :D
- 
--![logout](https://user-images.githubusercontent.com/15846947/128707098-0c98a932-0bb9-4a51-ab6d-9d372677dc67.png)
--![5](https://user-images.githubusercontent.com/15846947/127329414-3f56d681-28b2-47a4-9277-eba437d419d5.jpeg)
+
+
+![6](https://user-images.githubusercontent.com/15846947/130355653-12c2a454-dd82-499f-90a9-18f0297ff8e1.png)
+![7](https://user-images.githubusercontent.com/15846947/130355661-36264201-8e34-4979-9e72-932feeb77b0c.png)

authenticator/adapters/db/api.py

@@ -1,11 +1,13 @@
-from flask_pymongo import PyMongo
+from pymongo import MongoClient
 from flask import jsonify
 
+from authenticator.utils import utils
+
 
 class MongoAdapters(object):
-    def __init__(self, app):
-        self.client = PyMongo(app)
-        self.db = self.client.db["authenticator"]
+    def __init__(self, host, port):
+        self.client = MongoClient(host, int(port))
+        self.db = self.client["authenticator"]
 
     def get_all_users(self):
         collection = self.client.db["users"]
@@ -14,6 +16,15 @@ def get_all_users(self):
             output.append({"name": user["name"], "email": user["email"]})
         return jsonify({"result": output})
 
+    def is_valid_user(self, token):
+        if self.db["users"].count_documents({"auth_token": token}) == 1:
+            data = self.db["users"].find_one({"auth_token": token})
+            if utils.check_user_longevity(data["expiration_time"]):
+                response = {"name": data["name"], "email": data["email"]}
+                return response
+        else:
+            return False
+
     def add_users(
         self,
         name,
@@ -23,21 +34,22 @@ def add_users(
         provider=None,
         provider_id=None,
     ):
-        try:
-            collection = self.client.db["users"]
-            count = collection.count_documents({"email": email})
-            if count == 0:
-                collection_id = collection.insert(
-                    {
-                        "name": name,
-                        "email": email,
-                        "provider": provider,
-                        "provider_id": provider_id,
-                        "creation_time": creation_time,
-                        "user_type": user_type,
-                    }
-                )
-                return jsonify({"result": str(collection_id)})
-            return jsonify({"token": "User already signed up"})
-        except Exception:
-            print("ISSUE")
+        collection = self.db["users"]
+        auth_token = utils.generate_auth_token()
+        count = collection.count_documents({"email": email})
+        if count == 0:
+            collection_id = collection.insert(
+                {
+                    "name": name,
+                    "email": email,
+                    "provider": provider,
+                    "provider_id": provider_id,
+                    "creation_time": creation_time,
+                    "user_type": user_type,
+                    "expiration_time": utils.get_expiration_time(creation_time),
+                    "auth_token": auth_token,
+                }
+            )
+            return jsonify({"result": str(auth_token)})
+        else:
+            return jsonify({"result": "User already signed up"})

authenticator/adapters/login/google_adapter.py

@@ -14,7 +14,7 @@ def __init__(self):
         self.flow = Flow.from_client_secrets_file(
             client_secrets_file=self.google_obj["secrets_file"],
             scopes=self.google_obj["scopes"],
-            redirect_uri="http://127.0.0.1:5000/callback",
+            redirect_uri=self.google_obj["redirect_uri"],
         )
 
     def get_basic_info(self, request, session):

authenticator/app.py

@@ -1,25 +1,25 @@
 import os
-import requests
+import oauthlib
 
 from flask import Flask, session, url_for, abort, redirect, request
 
 from authenticator.adapters.db import api as db_api
 from authenticator.adapters.login import google_adapter
 from authenticator.utils import utils
 
-database = os.environ.get("db", "authenticator")
+
+app = Flask(__name__)
+
 host = os.environ.get("db_host", "mongo")
 port = os.environ.get("db_port", "27017")
 
-app = Flask(__name__)
-app.config["MONGO_URI"] = f"mongodb://{host}:{port}/{database}"
 app.config["SECRET_KEY"] = "b9dd1b2f"
 os.environ["OAUTHLIB_INSECURE_TRANSPORT"] = "1"
 app.config["GOOGLE_CLIENT_ID"] = os.environ.get("GOOGLE_CLIENT_ID", None)
 app.config["GOOGLE_CLIENT_SECRET"] = os.environ.get("GOOGLE_CLIENT_SECRET", None)
 
 
-db_obj = db_api.MongoAdapters(app)
+db_obj = db_api.MongoAdapters(host, port)
 google_adapter_obj = google_adapter.GoogleLoginAdapter()
 
 
@@ -33,11 +33,6 @@ def wrapper(*args, **kwargs):
     return wrapper
 
 
-@app.route("/users", methods=["GET"])
-def get_users():
-    return db_obj.get_all_users()
-
-
 @app.route("/")
 def index():
     return "Hello World <a href='/googlelogin'><button>Sign Up with google</button></a>"
@@ -46,10 +41,20 @@ def index():
 def add_users(name, email, provider=None, provider_id=None):
     if email == "[email protected]":
         return db_obj.add_users(
-            name, email, utils.get_current_time(), "admin", provider, provider_id
+            name,
+            email,
+            utils.get_current_time(),
+            "admin",
+            provider,
+            provider_id,
         )
     return db_obj.add_users(
-        name, email, utils.get_current_time(), "user", provider=None, provider_id=None
+        name,
+        email,
+        utils.get_current_time(),
+        "user",
+        provider,
+        provider_id,
     )
 
 
@@ -60,20 +65,34 @@ def login():
     return redirect(authorization_url)
 
 
-@app.route("/callback")
-def callback():
-    id_info = google_adapter_obj.get_basic_info(request, session)
+@app.route("/googlecallback")
+def googlecallback():
+    try:
+        id_info = google_adapter_obj.get_basic_info(request, session)
+    except oauthlib.oauth2.rfc6749.errors.InvalidGrantError:
+        return redirect("/")
+
     if not session["state"] == request.args["state"]:
         abort(500)  # State does not match!
 
     name = id_info.get("name")
     email = id_info.get("email")
     google_id = id_info.get("sub")
+
     session["google_id"] = google_id
     session["name"] = name
     session["email"] = email
-    add_users(name, email, "google", google_id)
-    return redirect("/protected_area")
+    return add_users(name, email, "google", google_id)
+
+
+@app.route("/fetch", methods=["GET"])
+def validate_users():
+    token = request.args.get("token")
+    result = db_obj.is_valid_user(token)
+    if isinstance(result, dict):
+        return result
+    else:
+        abort(401, "unauthorized")
 
 
 @app.route("/logout")

authenticator/utils/utils.py

@@ -1,12 +1,31 @@
 import json
 import time
+import uuid
 
 
 def get_current_time():
     return int(time.time()) * 1000
 
 
+def generate_auth_token():
+    return str(uuid.uuid4()).split("-")[0]
+
+
 def read_config():
     with open("config.json") as fp:
         data = json.load(fp)
     return data
+
+
+def get_expiration_time(creation_time):
+    with open("config.json") as fp:
+        data = json.load(fp)
+    expiration_time = int(data["default"]["expiration_time"])
+    return creation_time + expiration_time
+
+
+def check_user_longevity(expiration_time):
+    if expiration_time <= int(time.time()) * 1000:
+        return False
+    else:
+        return True

client_secret.json

@@ -1 +1 @@
-{"web":{"client_id":"1034883885605-gvj78f1cg3urngprb0jjfr3p0olqh8tr.apps.googleusercontent.com","project_id":"horizontal-cab-234208","auth_uri":"https://accounts.google.com/o/oauth2/auth","token_uri":"https://oauth2.googleapis.com/token","auth_provider_x509_cert_url":"https://www.googleapis.com/oauth2/v1/certs","client_secret":"jPbO8Hxm20DkefDqmD4EyhCs","redirect_uris":["http://127.0.0.1:5000/login/google/authorize","http://127.0.0.1:7000/token", "http://127.0.0.1:5000/callback"],"javascript_origins":["http://127.0.0.1:5000","http://127.0.0.1:7000"]}}
+{"web":{"client_id":"1034883885605-gvj78f1cg3urngprb0jjfr3p0olqh8tr.apps.googleusercontent.com","project_id":"horizontal-cab-234208","auth_uri":"https://accounts.google.com/o/oauth2/auth","token_uri":"https://oauth2.googleapis.com/token","auth_provider_x509_cert_url":"https://www.googleapis.com/oauth2/v1/certs","client_secret":"jPbO8Hxm20DkefDqmD4EyhCs","redirect_uris":["http://127.0.0.1:5000/login/google/authorize","http://127.0.0.1:7000/token","http://127.0.0.1:5000/googlecallback"],"javascript_origins":["http://127.0.0.1:5000","http://127.0.0.1:7000"]}}

config.json

@@ -6,13 +6,16 @@
             "api_base_url":"https://www.googleapis.com/oauth2/v1/",
             "userinfo_endpoint":"https://openidconnect.googleapis.com/v1/userinfo",
             "secrets_file": "client_secret.json",
-            "redirect_uri": "http://127.0.0.1:5000/callback",
+            "redirect_uri": "http://127.0.0.1:5000/googlecallback",
             "google_client_id": "1034883885605-gvj78f1cg3urngprb0jjfr3p0olqh8tr.apps.googleusercontent.com",
             "scopes": [
                 "https://www.googleapis.com/auth/userinfo.profile",
                 "https://www.googleapis.com/auth/userinfo.email",
                 "openid"
             ]
         }
+    },
+    "default":{
+        "expiration_time":"15768000000"
     }
 }

docker-compose.yml

@@ -3,6 +3,7 @@ version: "3.7"
 services:
   authenticator:
     image: authenticator_service_dev
+    restart: always
     volumes:
       - ./:/app
     build: .