Google oauth (#603)

* add google oauth option to sign up

* add the kube host to docker compose file

* removed the under score

* fix the syntax in the google oauth logic

* use config to access the environment variable  for google oauth

* add the  status code

* chore: add variables to staging.yml

Author: CHRISTOPHERKADOGO

.github/workflows/staging.yml

@@ -124,6 +124,9 @@ jobs:
           --set environment.KUBE_SERVICE_PORT="${{ secrets.STAGING_KUBE_SERVICE_PORT }}" \
           --set environment.LOGGER_APP_URL="${{ secrets.MICROSERVICE_LOGGER_APP_URL }}" \
           --set environment.MLOPS_API_URL="${{ secrets.MICROSERVICE_MLOPS_API_URL }}" \
+          --set environment.GOOGLE_CLIENT_ID="${{ secrets.STAGING_GOOGLE_CLIENT_ID }}" \
+          --set environment.GOOGLE_CLIENT_SECRET="${{ secrets.STAGING_GOOGLE_CLIENT_SECRET }}" \
+          --set environment.GOOGLE_REDIRECT_URI="${{ secrets.STAGING_GOOGLE_REDIRECT_URI }}" \
           --timeout=300s
 
       - name: Monitor Rollout

api_docs.yml

@@ -497,6 +497,34 @@ paths:
         401:
           description: "failed to authenticate user"
 
+  "/users/oauth/google":
+      get:
+        tags:
+          - auth
+        consumes:
+          - application/json
+        description: "Login with google oauth"
+        parameters:
+          - in: body
+            name: google code
+            schema:
+              type: object
+              required:
+                - code
+              properties:
+                code:
+                  type: string
+        produces:
+          - application/json
+        responses:
+          200:
+            description: "success"
+          400:
+            description: "bad request"
+          401:
+            description: "failed to authenticate user"
+
+
   "/users/inactive_users":
     get:
       tags:

app/controllers/__init__.py

@@ -4,7 +4,7 @@
 from .users import (
     UsersView, UserLoginView, UserEmailVerificationView, UserFollowersView, UserFollowView,
     EmailVerificationRequest, ForgotPasswordView, ResetPasswordView, UserDisableView, UserEnableView,
-    UserDetailView, AdminLoginView, OAuthView, UserDataSummaryView, UserAdminUpdateView, InActiveUsersView, SendInactiveUserMailReminder)
+    UserDetailView, AdminLoginView, OAuthView, UserDataSummaryView, UserAdminUpdateView, InActiveUsersView, SendInactiveUserMailReminder,GoogleOAuthView,)
 from .deployments import DeploymentsView
 from .clusters import (
     ClustersView, ClusterDetailView, ClusterNamespacesView,

app/controllers/users.py

@@ -1464,5 +1464,137 @@ def post(self):
             status='success',
             message=f'Successfully sent {emails_sent} reminder emails',
             total_users_processed=len(inactive_users),
-            errors=errors if errors else None
-        ), 201
+            errors=errors if errors else None),201
+
+
+class GoogleOAuthView(Resource):
+    def get(self):
+        token_schema = UserSchema(partial=("password"),)
+
+        code = request.args.get('code')
+        if not code:
+            return dict(
+                    status='fail',
+                    message='No code received in query parameters'
+                ), 400
+
+
+        token_data = {
+            'client_id': current_app.config.get('GOOGLE_CLIENT_ID'),
+            'client_secret': current_app.config.get('GOOGLE_CLIENT_SECRET'),
+            'code': code,
+            'grant_type': 'authorization_code',
+            'redirect_uri': current_app.config.get('GOOGLE_REDIRECT_URI') ,
+        }
+          
+        try:
+            token_response = requests.post(
+                url='https://oauth2.googleapis.com/token',
+                data=token_data,
+                headers={'Content-Type': 'application/x-www-form-urlencoded'},
+                timeout=10  
+            )
+            
+        except requests.RequestException as e:
+            return dict(status='fail', message="Failed to connect to Google OAuth"), 500
+      
+        if token_response.status_code != 200:
+            try:
+                error_data = token_response.json()
+                error_msg = error_data.get('error_description', error_data.get('error', 'Unknown error'))
+            except:
+                error_msg = f"HTTP {token_response.status_code}: {token_response.text}"
+            
+            return dict(
+                status='fail', 
+                message=f"Token exchange failed: {error_msg}"
+            ), 401
+        
+        try:
+            token_json = token_response.json()
+        except ValueError:
+            return dict(status='fail', message="Invalid JSON response from Google"), 500
+        
+        if token_json.get('error'):
+            return dict(
+                status='fail',
+                message=f"Token error: {token_json.get('error_description', token_json['error'])}"
+            ), 401
+        
+        access_token = token_json.get('access_token')
+        if not access_token:
+            return dict(status='fail', message="No access token received"), 401
+  
+        try:
+            user_response = requests.get(
+                url='https://www.googleapis.com/oauth2/v2/userinfo',
+                headers={'Authorization': f'Bearer {access_token}'},
+                timeout=10
+            )
+            
+        except requests.RequestException as e:
+            return dict(status='fail', message="Failed to fetch user info"), 500
+        
+        if user_response.status_code != 200:
+            return dict(status='fail', message="Failed to fetch user info"), 401
+        
+        try:
+            user_data = user_response.json()
+        except ValueError:
+            return dict(status='fail', message="Invalid user data from Google"), 500
+ 
+        email = user_data.get('email')
+        name = user_data.get('name')
+        verified_email = user_data.get('verified_email', False)
+        
+        if not email:
+            return dict(status='fail', message="Email not provided by Google"), 400
+
+        try:
+            user = User.find_first(email=email)
+            
+            if not user:
+                user = User(
+                    email=email,
+                    name=name,
+                    password=''.join((secrets.choice(string.ascii_letters) 
+                                     for i in range(24))),
+                )
+                user.verified = verified_email
+                
+                saved_user = user.save()
+                
+                if not saved_user:
+                    return dict(status='fail', message='Failed to create user'), 500
+       
+            user.name = name
+            user.verified = verified_email
+            updated_user = user.save()
+            
+            if not updated_user:
+                return dict(status='fail', message='Failed to update user'), 500
+         
+            user_dict, errors = token_schema.dump(user)
+            
+            if errors:
+                return dict(status='fail', message='User serialization error'), 500
+            
+            access_token = user.generate_token(user_dict)
+            
+            if not access_token:
+                return dict(status='fail', message="Failed to generate access token"), 500
+            
+            return dict(
+                status='success',
+                data=dict(
+                    access_token=access_token,
+                    email=user.email,
+                    name=user.name,
+                    verified=user.verified,
+                    id=str(user.id),
+                )
+            ), 200
+            
+        except Exception as e:
+            return dict(status='fail', message='Database error'), 500
+

app/routes/__init__.py

@@ -15,7 +15,7 @@
     BillingInvoiceView, BillingInvoiceNotificationView, SystemSummaryView, CreditDetailView, ProjectUsersView, ProjectUsersTransferView, AppReviseView,
     ProjectUsersHandleInviteView, ClusterProjectsView, ProjectDisableView, ProjectEnableView, AppRedeployView, AppDisableView, AppEnableView,
     TagsView, TagsDetailView, TagFollowingView, GenericSearchView, MLProjectAppsView, ProjectMigrationView,
-    UserDisableView, UserEnableView, AppDockerWebhookListenerView, UserFollowersView, UserFollowView, ProjectFollowingView, ActivityFeedView, SendInactiveUserMailReminder,)
+    UserDisableView, UserEnableView, AppDockerWebhookListenerView, UserFollowersView, UserFollowView, ProjectFollowingView, ActivityFeedView, SendInactiveUserMailReminder,GoogleOAuthView)
 from app.controllers.app import AppRevisionsView
 from app.controllers.billing_invoice import BillingInvoiceDetailView
 from app.controllers.receipts import BillingReceiptsDetailView, BillingReceiptsView
@@ -36,6 +36,7 @@
 api.add_resource(ResetPasswordView, '/users/reset_password/<string:token>')
 api.add_resource(UserDetailView, '/users/<string:user_id>')
 api.add_resource(OAuthView, '/users/oauth')
+api.add_resource(GoogleOAuthView, '/users/oauth/google')
 api.add_resource(UserDataSummaryView, '/users/graph')
 api.add_resource(UserAdminUpdateView, '/users/admin_update')
 api.add_resource(InActiveUsersView, '/users/inactive_users',

config/config.py

@@ -28,6 +28,10 @@ class Base:
     # Github auth
     GITHUB_CLIENT_ID = os.getenv("GITHUB_CLIENT_ID")
     GITHUB_CLIENT_SECRET = os.getenv("GITHUB_CLIENT_SECRET")
+    # Google auth
+    GOOGLE_CLIENT_ID= os.environ.get('GOOGLE_CLIENT_ID'),
+    GOOGLE_CLIENT_SECRET= os.environ.get('GOOGLE_CLIENT_SECRET'),
+    GOOGLE_REDIRECT_URI =os.environ.get('GOOGLE_REDIRECT_URI') ,
 
     # celery
     REDIS_URL = os.getenv("REDIS_URL", "redis://localhost:6379")

docker-compose.yml

@@ -44,6 +44,9 @@ services:
       - cranecloud
       - default
     environment:
+      GOOGLE_CLIENT_ID: ${GOOGLE_CLIENT_ID}
+      GOOGLE_CLIENT_SECRET: ${GOOGLE_CLIENT_SECRET}
+      GOOGLE_REDIRECT_URI: ${GOOGLE_REDIRECT_URI}
       KUBE_HOST:
       KUBE_TOKEN:
       KUBE_CERT: