Backend/Frontend: Added Sign in via Google (#825)

* feat: first attempt for oauth loggin via google

* Fix: Added missing classes

* Feat: Added misery

* Feat: Added sonarlint gitignore

* Fix: Save some commits

* Feat: Added Endpoint for Google Login

* Feat: Updated google endpoint

* Feat: Implemented Frontend Redirect

* Fixed Redirect:

* Fix: Fixed saving user images

* Fix: some smol mistakes

* Fix: Changed to actual url

* Fix: fixed miniscule mistakes

Author: giomskii

pom.xml

@@ -162,6 +162,18 @@
 			<artifactId>freemarker</artifactId>
 			<version>2.3.33</version>
 		</dependency>
+		<!-- Google OAuth -->
+		<dependency>
+			<groupId>com.google.api-client</groupId>
+			<artifactId>google-api-client</artifactId>
+			<version>2.6.0</version>
+		</dependency>
+
+		<dependency>
+			<groupId>com.google.http-client</groupId>
+			<artifactId>google-http-client-jackson2</artifactId>
+			<version>1.44.2</version>
+		</dependency>
 
 		<!--
 		 <dependency>
@@ -170,7 +182,7 @@
 			<version>2.3.1</version>
 		</dependency>
 		 -->
-
+		
 		<!-- Logging -->
 		<dependency>
 			<groupId>ch.qos.logback</groupId>

src/main/java/de/tinf22b6/dhbwhub/controller/AuthController.java

@@ -1,19 +1,29 @@
 package de.tinf22b6.dhbwhub.controller;
 
-import de.tinf22b6.dhbwhub.model.Account;
-import de.tinf22b6.dhbwhub.model.User;
-import de.tinf22b6.dhbwhub.payload.request.*;
+import com.google.api.client.googleapis.auth.oauth2.GoogleIdToken;
+import com.google.api.client.googleapis.auth.oauth2.GoogleIdTokenVerifier;
+import com.google.api.client.googleapis.javanet.GoogleNetHttpTransport;
+import com.google.api.client.json.gson.GsonFactory;
+import de.tinf22b6.dhbwhub.model.*;
+import de.tinf22b6.dhbwhub.payload.request.EmailVerificationRequest;
+import de.tinf22b6.dhbwhub.payload.request.LoginRequest;
+import de.tinf22b6.dhbwhub.payload.request.SignupRequest;
+import de.tinf22b6.dhbwhub.payload.request.TokenValidationRequest;
 import de.tinf22b6.dhbwhub.payload.response.JwtResponse;
 import de.tinf22b6.dhbwhub.payload.response.MessageResponse;
 import de.tinf22b6.dhbwhub.repository.AccountRepository;
+import de.tinf22b6.dhbwhub.repository.AdministratorRepository;
 import de.tinf22b6.dhbwhub.repository.UserRepository;
 import de.tinf22b6.dhbwhub.security.jwt.JwtUtils;
 import de.tinf22b6.dhbwhub.security.services.UserDetailsImpl;
+import de.tinf22b6.dhbwhub.service.AccountServiceImpl;
 import de.tinf22b6.dhbwhub.service.EmailService;
 import de.tinf22b6.dhbwhub.service.EmailVerificationTokenManager;
+import de.tinf22b6.dhbwhub.service.interfaces.PictureService;
 import jakarta.mail.MessagingException;
 import jakarta.validation.Valid;
 import lombok.RequiredArgsConstructor;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.authentication.AuthenticationManager;
@@ -22,9 +32,13 @@
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.crypto.password.PasswordEncoder;
-import org.springframework.web.bind.annotation.*;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
 
 import java.io.IOException;
+import java.util.Collections;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
@@ -37,10 +51,16 @@ public class AuthController {
 
     private final AuthenticationManager authenticationManager;
     private final AccountRepository accountRepository;
+    private final AdministratorRepository administratorRepository;
     private final PasswordEncoder passwordEncoder;
     private final JwtUtils jwtUtils;
     private final UserRepository userRepository;
     private final EmailService emailService;
+    private final PictureService pictureService;
+    private final AccountServiceImpl accountServiceImpl;
+
+    @Value("${spring.security.oauth2.client.registration.google.client-id}")
+    private String clientId;
 
     // TODO: Save JWT in Database
     @PostMapping("login")
@@ -122,5 +142,54 @@ public ResponseEntity<?> tokenValidation (@Valid @RequestBody TokenValidationReq
         }
     }
 
+    @PostMapping("google")
+    public ResponseEntity<?> googleLogin(@RequestBody Map<String, String> request) {
+        String idTokenString = request.get("token");
+        GoogleIdToken idToken = null;
+
+        try {
+            GoogleIdTokenVerifier verifier = new GoogleIdTokenVerifier.Builder(GoogleNetHttpTransport.newTrustedTransport(), new GsonFactory())
+                    .setAudience(Collections.singletonList(clientId))
+                    .build();
+
+            idToken = verifier.verify(idTokenString);
+        }catch (Exception e) {
+            return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).body("There has been a serverside problem");
+        }
+
+        if (idToken == null) return ResponseEntity.status(HttpStatus.UNAUTHORIZED).body("Invalid ID token");
+        GoogleIdToken.Payload payload = idToken.getPayload();
+        String userId = payload.getSubject();
+        String email = payload.getEmail();
+        String name = (String) payload.get("name");
+        String pictureUrl = (String) payload.get("picture");
+        Picture picture = pictureService.getImageFromUrl(pictureUrl);
+
+        Account account = accountServiceImpl.findByEmail(email);
+        User user = null;
+
+        if(account == null) {
+            account = accountRepository.save(new Account(name, email, null, picture, true));
+            user = userRepository.save(new User(0, null, null, account));
+            accountRepository.saveOAuthEntry(new OAuthAccount(account,OAuthAccount.GOOGLE_ENTRY));
+        } else if (!accountRepository.existsOAuthEntry(account.getId())) {
+            return ResponseEntity.status(HttpStatus.UNAUTHORIZED).body("Access denied - No such account exists");
+        } else {
+            user = userRepository.findByAccountId(account.getId());
+        }
+
+        String jwt = jwtUtils.generateJwtToken(account.getUsername());
+        UserDetailsImpl userDetails = UserDetailsImpl.build(user, administratorRepository);
 
+        List<String> roles = userDetails.getAuthorities().stream()
+                .map(GrantedAuthority::getAuthority)
+                .collect(Collectors.toList());
+
+        return ResponseEntity.ok(new JwtResponse(jwt,
+                userDetails.getAccountId(),
+                userDetails.getUserId(),
+                userDetails.getUsername(),
+                userDetails.getEmail(),
+                roles));
+    }
 }

src/main/java/de/tinf22b6/dhbwhub/model/Account.java

@@ -22,7 +22,6 @@ public class Account {
     @NotBlank
     private final String email;
 
-    @NotBlank
     private final String password;
 
     @JoinColumn(name = "picture_id")

src/main/java/de/tinf22b6/dhbwhub/model/OAuthAccount.java

@@ -0,0 +1,28 @@
+package de.tinf22b6.dhbwhub.model;
+
+import jakarta.persistence.*;
+import lombok.Getter;
+import lombok.NoArgsConstructor;
+import lombok.RequiredArgsConstructor;
+import lombok.Setter;
+
+@Getter
+@Setter
+@RequiredArgsConstructor
+@NoArgsConstructor(force = true)
+@Entity
+public class OAuthAccount {
+    public static String GOOGLE_ENTRY = "GOOGLE";
+
+    @Id
+    @GeneratedValue(strategy = GenerationType.SEQUENCE, generator = "oauth_account_generator")
+    @SequenceGenerator(name = "oauth_account_generator", sequenceName = "oauth_account_seq", allocationSize = 1)
+    @Column(name = "oauth_id")
+    private Long id;
+
+    @JoinColumn(name = "account_id")
+    @ManyToOne(cascade = CascadeType.PERSIST)
+    private final Account account;
+
+    private final String authType;
+}

src/main/java/de/tinf22b6/dhbwhub/repository/AccountRepository.java

@@ -1,7 +1,9 @@
 package de.tinf22b6.dhbwhub.repository;
 
 import de.tinf22b6.dhbwhub.model.Account;
+import de.tinf22b6.dhbwhub.model.OAuthAccount;
 import de.tinf22b6.dhbwhub.repository.interfaces.SpringAccountRepository;
+import de.tinf22b6.dhbwhub.repository.interfaces.SpringOAuthRepository;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Repository;
 
@@ -11,9 +13,12 @@
 @Repository
 public class AccountRepository {
     private final SpringAccountRepository repository;
+    private final SpringOAuthRepository oAuthRepository;
 
-    public AccountRepository(@Autowired SpringAccountRepository repository) {
+    public AccountRepository(@Autowired SpringAccountRepository repository,
+                             @Autowired SpringOAuthRepository oAuthRepository) {
         this.repository = repository;
+        this.oAuthRepository = oAuthRepository;
     }
 
     public List<Account> findAll() {
@@ -44,4 +49,15 @@ public Boolean existsByEmail(String email) {
         return repository.existsByEmail(email);
     }
 
+    public Account findByEmail(String email) {
+        return repository.findByEmail(email).orElse(null);
+    }
+
+    public Boolean existsOAuthEntry(Long accountId) {
+        return oAuthRepository.findByAccountId(accountId).orElse(null) != null;
+    }
+
+    public OAuthAccount saveOAuthEntry(OAuthAccount account) {
+        return oAuthRepository.save(account);
+    }
 }

src/main/java/de/tinf22b6/dhbwhub/repository/interfaces/SpringAccountRepository.java

@@ -12,4 +12,5 @@ public interface SpringAccountRepository extends JpaRepository<Account, Long> {
 
     Boolean existsByEmail(String email);
 
+    Optional<Account> findByEmail(String email);
 }

src/main/java/de/tinf22b6/dhbwhub/repository/interfaces/SpringOAuthRepository.java

@@ -0,0 +1,11 @@
+package de.tinf22b6.dhbwhub.repository.interfaces;
+
+import de.tinf22b6.dhbwhub.model.OAuthAccount;
+import org.springframework.data.jpa.repository.JpaRepository;
+
+import java.util.Optional;
+
+public interface SpringOAuthRepository extends JpaRepository<OAuthAccount, Long> {
+
+    Optional<OAuthAccount> findByAccountId(Long accountId);
+}

src/main/java/de/tinf22b6/dhbwhub/security/WebSecurityConfig.java

@@ -28,6 +28,7 @@ public class WebSecurityConfig {
     private static final String[] PUBLIC_ENDPOINTS = {
             "/api/auth/login",
             "/api/auth/signup",
+            "/api/auth/google",
             "/api/auth/email-verification",
             "/api/auth/token-validation",
             "/post/homepage-preview-posts",

src/main/java/de/tinf22b6/dhbwhub/security/jwt/JwtUtils.java

@@ -30,8 +30,13 @@ public String generateJwtToken(Authentication authentication) {
 
         UserDetailsImpl userPrincipal = (UserDetailsImpl) authentication.getPrincipal();
 
+        return generateJwtToken(userPrincipal.getUsername());
+    }
+
+    public String generateJwtToken(String username) {
+
         return Jwts.builder()
-                .subject((userPrincipal.getUsername()))
+                .subject(username)
                 .issuedAt(new Date())
                 .expiration(new Date((new Date()).getTime() + jwtExpirationMs))
                 .signWith(key())

src/main/java/de/tinf22b6/dhbwhub/service/AccountServiceImpl.java

@@ -3,6 +3,7 @@
 import de.tinf22b6.dhbwhub.exception.NoSuchEntryException;
 import de.tinf22b6.dhbwhub.mapper.AccountMapper;
 import de.tinf22b6.dhbwhub.model.Account;
+import de.tinf22b6.dhbwhub.model.OAuthAccount;
 import de.tinf22b6.dhbwhub.proposal.AccountProposal;
 import de.tinf22b6.dhbwhub.repository.AccountRepository;
 import de.tinf22b6.dhbwhub.service.interfaces.AccountService;
@@ -57,8 +58,28 @@ public void delete(Long id) {
         repository.delete(id);
     }
 
+    @Override
+    public boolean checkIfOAuthAccountExists(Long id) {
+        return repository.existsOAuthEntry(id);
+    }
+
     public boolean checkIfEmailExists(String email) {
         return getAll().stream().anyMatch(account -> account.getEmail().equals(email));
     }
 
+    @Override
+    public Account findByEmail(String email) {
+        return repository.findByEmail(email);
+    }
+
+
+    @Override
+    public boolean existsOAuthEntry(Long accountId) {
+        return repository.existsOAuthEntry(accountId);
+    }
+
+    @Override
+    public OAuthAccount saveOAuthEntry(OAuthAccount account) {
+        return repository.saveOAuthEntry(account);
+    }
 }

src/main/java/de/tinf22b6/dhbwhub/service/PictureServiceImpl.java

@@ -6,9 +6,14 @@
 import de.tinf22b6.dhbwhub.proposal.PictureProposal;
 import de.tinf22b6.dhbwhub.repository.PictureRepository;
 import de.tinf22b6.dhbwhub.service.interfaces.PictureService;
+import org.postgresql.shaded.com.ongres.scram.common.bouncycastle.base64.Base64;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
+import javax.imageio.ImageIO;
+import java.awt.image.BufferedImage;
+import java.io.ByteArrayOutputStream;
+import java.net.URL;
 import java.util.List;
 
 @Service
@@ -58,6 +63,23 @@ public Picture update(Long id, PictureProposal proposal) {
         return repository.save(picture);
     }
 
+    public Picture getImageFromUrl(String imageUrl) {
+        String imageBytes = null;
+        try {
+            URL url = new URL(imageUrl);
+            BufferedImage image = ImageIO.read(url);
+            ByteArrayOutputStream baos = new ByteArrayOutputStream();
+            ImageIO.write(image, "png", baos);
+            imageBytes = "data:image/png;base64," + Base64.toBase64String(baos.toByteArray());
+        }catch (Exception e) {
+            System.out.println("Something went wrong during the image retrieval");
+        }
+        if (imageBytes == null) {
+            return null;
+        }
+        return PictureMapper.mapToModelUser(imageBytes);
+    }
+
     @Override
     public void delete(Long id) {
         // Check if picture exists

src/main/java/de/tinf22b6/dhbwhub/service/interfaces/AccountService.java

@@ -1,14 +1,19 @@
 package de.tinf22b6.dhbwhub.service.interfaces;
 
 import de.tinf22b6.dhbwhub.model.Account;
+import de.tinf22b6.dhbwhub.model.OAuthAccount;
 import de.tinf22b6.dhbwhub.proposal.AccountProposal;
 
 import java.util.List;
 
 public interface AccountService {
     List<Account> getAll();
     Account create(AccountProposal proposal);
+    Account findByEmail(String email);
+    boolean existsOAuthEntry(Long accountId);
+    OAuthAccount saveOAuthEntry(OAuthAccount account);
     Account get(Long id);
     Account update(Long id, AccountProposal proposal);
     void delete(Long id);
+    boolean checkIfOAuthAccountExists(Long id);
 }

src/main/java/de/tinf22b6/dhbwhub/service/interfaces/PictureService.java

@@ -11,5 +11,6 @@ public interface PictureService {
     Picture get(Long id);
     Picture findByUserId(Long id);
     Picture update(Long id, PictureProposal proposal);
+    Picture getImageFromUrl(String url);
     void delete(Long id);
 }