Feature: Implement Google Oauth login #2278
Open
+408
−11
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
yesyash
requested changes
Dec 2, 2024
| scope: ["email"], | ||
| state: redirectURL, | ||
| })(req, res, next); | ||
| } else { |
There was a problem hiding this comment.
- can we remove the
elseblock here? as we're doing an early return above?
Comment on lines
+29
to
+40
| try { | ||
| const redirectUrl = new URL(req.query.state); | ||
|
|
||
| if (`.${redirectUrl.hostname}`.endsWith(`.${rdsUiUrl.hostname}`)) { | ||
| // Matching *.realdevsquad.com | ||
| authRedirectionUrl = redirectUrl; | ||
| } else { | ||
| logger.error(`Malicious redirect URL provided URL: ${redirectUrl}, Will redirect to RDS`); | ||
| } | ||
| } catch (error) { | ||
| logger.error("Invalid redirect URL provided", error); | ||
| } |
There was a problem hiding this comment.
- do we need a try catch here?
Comment on lines
+43
to
+80
| return passport.authenticate("google", { session: false }, async (err, accessToken, user) => { | ||
| if (err) { | ||
| logger.error(err); | ||
| return res.boom.unauthorized("User cannot be authenticated"); | ||
| } | ||
| const userData = { | ||
| email: user.emails[0].value, | ||
| created_at: Date.now(), | ||
| updated_at: null, | ||
| }; | ||
|
|
||
| const userDataFromDB = await users.fetchUser({ email: userData.email }); | ||
|
|
||
| if (userDataFromDB.userExists) { | ||
| if (userDataFromDB.user.roles.developer === true) { | ||
| const errorMessage = encodeURIComponent("Google login is restricted for developer role."); | ||
| return res.redirect(`${authRedirectionUrl}?error=${errorMessage}`); | ||
| } | ||
| } | ||
|
|
||
| const { userId, incompleteUserDetails } = await users.addOrUpdate(userData); | ||
|
|
||
| const token = authService.generateAuthToken({ userId }); | ||
|
|
||
| const cookieOptions = { | ||
| domain: rdsUiUrl.hostname, | ||
| expires: new Date(Date.now() + config.get("userToken.ttl") * 1000), | ||
| httpOnly: true, | ||
| secure: true, | ||
| sameSite: "lax", | ||
| }; | ||
|
|
||
| res.cookie(config.get("userToken.cookieName"), token, cookieOptions); | ||
|
|
||
| if (incompleteUserDetails) authRedirectionUrl = "https://my.realdevsquad.com/new-signup"; | ||
|
|
||
| return res.redirect(authRedirectionUrl); | ||
| })(req, res, next); |
There was a problem hiding this comment.
- let's move the logic to a different function instead of adding it inside the callback function of the
passport.authenticatemethod.
| github_created_at: Number(new Date(user._json.created_at).getTime()), | ||
| github_user_id: user.id, | ||
| created_at: Date.now(), | ||
| updated_at: null, | ||
| }; | ||
|
|
||
| if (userData.email === null) { | ||
| const res = await fetch("https://api.github.com/user/emails", { |
There was a problem hiding this comment.
- let's move the base path (https://api.github.com) inside an env variable, to allow it to be configurable for different environments if the situation arises.
| github_created_at: Number(new Date(user._json.created_at).getTime()), | ||
| github_user_id: user.id, | ||
| created_at: Date.now(), | ||
| updated_at: null, | ||
| }; | ||
|
|
||
| if (userData.email === null) { |
There was a problem hiding this comment.
- this will also check for undefined along with null.
Suggested change
| if (userData.email === null) { | |
| if (!userData.email) { |
| if (user && !user.empty && user.docs !== null) { | ||
| await userModel.doc(user.docs[0].id).set({ ...userData, updated_at: Date.now() }, { merge: true }); | ||
| const { created_at: createdAt, ...updatedUserData } = userData; | ||
| await userModel.doc(user.docs[0].id).set({ ...updatedUserData, updated_at: Date.now() }, { merge: true }); |
There was a problem hiding this comment.
- can
user.docsbe empty? if yes are we handling that case?
| user = await userModel.where("github_id", "==", userData.github_id).limit(1).get(); | ||
| } | ||
|
|
||
| if (userData.email && (!user || (user && user.empty))) { |
There was a problem hiding this comment.
- if we're already doing a
!usercheck do we need to do(user && user.empty))can we just do!user || user.empty?
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| @@ -9,6 +9,10 @@ | |||
|
|
|||
| router.get("/github/callback", auth.githubAuthCallback); | |||
|
|
|||
| router.get("/google/login", auth.googleAuthLogin); | |||
Check failure
Code scanning / CodeQL
Missing rate limiting High
| @@ -9,6 +9,10 @@ | |||
|
|
|||
| router.get("/github/callback", auth.githubAuthCallback); | |||
|
|
|||
| router.get("/google/login", auth.googleAuthLogin); | |||
|
|
|||
| router.get("/google/callback", auth.googleAuthCallback); | |||
Check failure
Code scanning / CodeQL
Missing rate limiting High
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Date: 02/12/2024
Developer Name: Utkarsh Bansal
Issue Ticket Number
#2216
Description
If the person is a developer they have to login via GitHub but a non developer should be able to login by their Google Account.
Documentation Updated?
Under Feature Flag
Database Changes
Breaking Changes
Development Tested?
Screenshots
Screenshot 1
google-login-test-local.mp4
Test Coverage
Screenshot 1
Additional Notes
Need to generate oauth credentials for staging as well as prod from google cloud console.