feat: Social Logins

app/api/dao/user.py

@@ -69,6 +69,30 @@ def create_user(data: Dict[str, str]):
 
         return messages.USER_WAS_CREATED_SUCCESSFULLY, HTTPStatus.CREATED
 
+    @staticmethod
+    def create_user_using_social_login(data: Dict[str, str], apple_auth_id: str=None):
+        """
+        Creates a new user using Google Auth.
+
+        Arguments:
+            data: A list containing the user's name and email
+
+        Returns:
+            The new user created
+        """
+
+        name = data["name"]
+        username = None
+        password = None
+        email = data["email"]
+        terms_and_conditions_checked = True
+        social_login = True
+
+        user = UserModel(name, username, password, email, terms_and_conditions_checked, social_login, apple_auth_id)
+        user.save_to_db()
+
+        return user
+
     @staticmethod
     @email_verification_required
     def delete_user(user_id: int):
@@ -377,6 +401,37 @@ def authenticate(username_or_email: str, password: str):
 
         return None
 
+    @staticmethod
+    def get_user_for_social_login(email: str, apple_auth_id: str=None):
+        """Returns user for google login
+
+        Checks email of the user to find an existing user. 
+        If found, the user is returned.
+        Else, a new user is created and returned
+
+        Arguments:
+            email: email of the user, used to check for existing user
+
+        Returns:
+            Returns authenticated user
+        """
+
+        # If apple auth id given, first try to find existing user using it
+        if apple_auth_id:
+            user = UserModel.find_by_apple_auth_id(apple_auth_id)
+            # if user not found, try finding using email
+            if not user:
+                user = UserModel.find_by_email(email)
+
+        # If apple auth id not given, try finding using email
+        else:
+            user = UserModel.find_by_email(email)
+
+        if user:
+            return user
+        else:
+            return None
+
     @staticmethod
     @email_verification_required
     def get_achievements(user_id: int):

app/api/models/user.py

@@ -16,6 +16,7 @@ def add_models_to_namespace(api_namespace):
         update_user_request_body_model.name
     ] = update_user_request_body_model
     api_namespace.models[login_request_body_model.name] = login_request_body_model
+    api_namespace.models[social_auth_body_model.name] = social_auth_body_model
     api_namespace.models[login_response_body_model.name] = login_response_body_model
     api_namespace.models[refresh_response_body_model.name] = refresh_response_body_model
     api_namespace.models[
@@ -119,8 +120,8 @@ def add_models_to_namespace(api_namespace):
     "User registration model",
     {
         "name": fields.String(required=True, description="User name"),
-        "username": fields.String(required=True, description="User username"),
-        "password": fields.String(required=True, description="User password"),
+        "username": fields.String(required=False, description="User username"),
+        "password": fields.String(required=False, description="User password"),
         "email": fields.String(required=True, description="User email"),
         "terms_and_conditions_checked": fields.Boolean(
             required=True, description="User check Terms and Conditions value"
@@ -152,6 +153,15 @@ def add_models_to_namespace(api_namespace):
     },
 )
 
+social_auth_body_model = Model(
+    "Google authentication data model",
+    {
+        "id_token": fields.String(required=True, description="User's idToken given by Google auth"),
+        "name": fields.String(required=True, description="User's name given by Google auth"),
+        "email": fields.String(required=True, description="User's email given by Google auth"),
+    },
+)
+
 # TODO: Remove 'expiry' after the android app refactoring.
 login_response_body_model = Model(
     "Login response data model",

app/api/resources/user.py

@@ -16,6 +16,8 @@
 from app.api.models.user import *
 from app.api.dao.user import UserDAO
 from app.api.resources.common import auth_header_parser
+from google.oauth2 import id_token
+from google.auth.transport import requests
 
 users_ns = Namespace("Users", description="Operations related to users")
 add_models_to_namespace(users_ns)
@@ -390,6 +392,118 @@ def post(cls):
         )
 
 
+@users_ns.route("apple/auth/callback")
+class AppleAuth(Resource):
+    @classmethod
+    @users_ns.doc("apple-auth callback")
+    @users_ns.response(HTTPStatus.OK, "Successful login", login_response_body_model)
+    @users_ns.expect(social_auth_body_model)
+    def post(cls):
+        """
+        Login/Sign-in user using Apple Sign-In.
+
+        The Apple user id (id_token) is recieved which becomes the primary basis for user identification.
+        If not found then that means user is using apple sign-in for first time. In this case, email is checked.
+        If email found, that account is used. Else, a new account is created.
+        """
+
+        apple_auth_id = request.json.get("id_token")
+        email = request.json.get("email")
+
+        # get existing user
+        user = DAO.get_user_for_social_login(email, apple_auth_id)
+
+        # if user not found, create a new user
+        if not user:
+            data = request.json
+            user = DAO.create_user_using_social_login(data, apple_auth_id)
+        # else, set apple auth id to later identify the user
+        else:
+            user.apple_auth_id = apple_auth_id
+            user.save_to_db()
+
+        # create tokens and expiry timestamps
+        access_token = create_access_token(identity=user.id)
+        refresh_token = create_refresh_token(identity=user.id)
+
+        from run import application
+        access_expiry = datetime.utcnow() + application.config.get(
+            "JWT_ACCESS_TOKEN_EXPIRES"
+        )
+        refresh_expiry = datetime.utcnow() + application.config.get(
+            "JWT_REFRESH_TOKEN_EXPIRES"
+        )
+
+        # return data
+        return (
+            {
+                "access_token": access_token,
+                "access_expiry": access_expiry.timestamp(),
+                "refresh_token": refresh_token,
+                "refresh_expiry": refresh_expiry.timestamp(),
+            },
+            HTTPStatus.OK,
+        )
+
+@users_ns.route("google/auth/callback")
+class GoogleAuth(Resource):
+    @classmethod
+    @users_ns.doc("google-auth callback")
+    @users_ns.response(HTTPStatus.OK, "Successful login", login_response_body_model)
+    @users_ns.response(HTTPStatus.UNAUTHORIZED, f"{messages.GOOGLE_AUTH_TOKEN_VERIFICATION_FAILED}")
+    @users_ns.expect(social_auth_body_model)
+    def post(cls):
+        """
+        Login/Sign-in user using Google Sign-In.
+
+        The Google user idToken is received from the client side, which is then verified for its authenticity.
+        On verification, the user is either logged-in or sign-up depending upon wheter it is an existing
+        or a new user.
+        """
+
+        token = request.json.get("id_token")
+        email = request.json.get("email")
+        client_id = "992237180107-lsibe891591qcubpbd8qom4fts74i5in.apps.googleusercontent.com"
+
+        # Verify google auth id token
+        try:
+            idinfo = id_token.verify_oauth2_token(token, requests.Request(), client_id)
+
+            # id_token is valid. Get user.
+            user = DAO.get_user_for_social_login(email)
+
+            if not user:
+                # create a new user
+                data = request.json
+                user = DAO.create_user_using_social_login(data)
+
+            # create tokens and expiry timestamps
+            access_token = create_access_token(identity=user.id)
+            refresh_token = create_refresh_token(identity=user.id)
+
+            from run import application
+            access_expiry = datetime.utcnow() + application.config.get(
+                "JWT_ACCESS_TOKEN_EXPIRES"
+            )
+            refresh_expiry = datetime.utcnow() + application.config.get(
+                "JWT_REFRESH_TOKEN_EXPIRES"
+            )
+
+            # return data
+            return (
+                {
+                    "access_token": access_token,
+                    "access_expiry": access_expiry.timestamp(),
+                    "refresh_token": refresh_token,
+                    "refresh_expiry": refresh_expiry.timestamp(),
+                },
+                HTTPStatus.OK,
+            )
+
+        except ValueError:
+            return messages.GOOGLE_AUTH_TOKEN_VERIFICATION_FAILED, HTTPStatus.UNAUTHORIZED
+
+
 @users_ns.route("login")
 class LoginUser(Resource):
     @classmethod

app/database/models/user.py

@@ -29,6 +29,7 @@ class UserModel(db.Model):
 
     # security
     password_hash = db.Column(db.String(100))
+    apple_auth_id = db.Column(db.String(100))
 
     # registration
     registration_date = db.Column(db.Float)
@@ -59,7 +60,7 @@ class UserModel(db.Model):
     need_mentoring = db.Column(db.Boolean)
     available_to_mentor = db.Column(db.Boolean)
 
-    def __init__(self, name, username, password, email, terms_and_conditions_checked):
+    def __init__(self, name, username, password, email, terms_and_conditions_checked, social_login=False, apple_auth_id=None):
         """Initialises userModel class with name, username, password, email, and terms_and_conditions_checked. """
         ## required fields
 
@@ -69,11 +70,19 @@ def __init__(self, name, username, password, email, terms_and_conditions_checked
         self.terms_and_conditions_checked = terms_and_conditions_checked
 
         # saving hash instead of saving password in plain text
-        self.set_password(password)
+        if not social_login:
+            self.set_password(password)
+
+        # save auth id for sign in with apple (if present)
+        if apple_auth_id:
+            self.apple_auth_id = apple_auth_id
 
         # default values
         self.is_admin = True if self.is_empty() else False  # first user is admin
-        self.is_email_verified = False
+        if social_login:
+            self.is_email_verified = True
+        else:
+            self.is_email_verified = False
         self.registration_date = time.time()
 
         ## optional fields
@@ -129,6 +138,11 @@ def find_by_id(cls, _id: int) -> 'UserModel':
         """Returns the user that has the id we searched for. """
         return cls.query.filter_by(id=_id).first()
 
+    @classmethod
+    def find_by_apple_auth_id(cls, _id: str) -> 'UserModel':
+        """Returns the user that has apple auth id we searched for."""
+        return cls.query.filter_by(apple_auth_id=_id).first()
+
     @classmethod
     def get_all_admins(cls, is_admin=True):
         """Returns all the admins. """

app/messages.py

@@ -205,6 +205,7 @@
 EMAIL_VERIFICATION_MESSAGE = {
     "message": "Check your email, a new verification" " email was sent."
 }
+GOOGLE_AUTH_TOKEN_VERIFICATION_FAILED = "Google auth token verification failed"
 
 # Success messages
 TASK_WAS_ALREADY_ACHIEVED = {"message": "Task was already achieved."}

requirements.txt

@@ -35,6 +35,7 @@ Flask-SQLAlchemy==2.3.2
 Flask-Testing==0.7.1
 future==0.16.0
 gunicorn==20.0.4
+google-auth==1.20.1
 idna==2.6
 itsdangerous==0.24
 Jinja2==2.10