From ac9b165ca03ef795f5ff995a36eed5cf88f25480 Mon Sep 17 00:00:00 2001
From: Matthew Welch <matt@narnian.us>
Date: Wed, 8 Nov 2023 20:15:37 -0800
Subject: [PATCH] Add login with Google

---
 .../admin/templates/admin/edit_question.html  |   6 +++
 QuizTheWord/app.py                            |  49 +++++++++++++++++-
 QuizTheWord/config.py                         |   2 +
 QuizTheWord/database.py                       |  25 ++++++---
 .../static/images/sign_in_with_google.png     | Bin 0 -> 3983 bytes
 QuizTheWord/templates/base.html               |   5 ++
 QuizTheWord/templates/login.html              |   5 ++
 requirements.txt                              |   7 ++-
 8 files changed, 90 insertions(+), 9 deletions(-)
 create mode 100644 QuizTheWord/static/images/sign_in_with_google.png

diff --git a/QuizTheWord/admin/templates/admin/edit_question.html b/QuizTheWord/admin/templates/admin/edit_question.html
index d781c0c..2bc4431 100644
--- a/QuizTheWord/admin/templates/admin/edit_question.html
+++ b/QuizTheWord/admin/templates/admin/edit_question.html
@@ -23,6 +23,12 @@
       <div id="hidden-answer-form" class="form-group"></div>
     </div>
     <button id="save" name="save" type="submit" class="btn btn-primary">Save</button>
+
+    {% if request.path != '/admin/questions/add' %}
+      <div class="mt-3">
+        <a class='btn btn-secondary' href='{{ url_for('admin.create_question') }}'>Add Another Question</a>
+      </div>
+    {% endif %}
   </form>
 {% endblock %}
 
diff --git a/QuizTheWord/app.py b/QuizTheWord/app.py
index 9573fc9..b8c9ccf 100644
--- a/QuizTheWord/app.py
+++ b/QuizTheWord/app.py
@@ -1,9 +1,11 @@
 import os
+
+import flask
 from flask import request, render_template, jsonify, Flask, url_for, redirect, flash, session
 from flask_security import Security, SQLAlchemySessionUserDatastore, login_user, logout_user, current_user
 from QuizTheWord import database
 from QuizTheWord.admin import admin
-# from QuizTheWord import config
+from authlib.integrations.flask_client import OAuth
 
 app = Flask(__name__)
 environment_configuration = os.environ.get('CONFIGURATION_SETUP', "QuizTheWord.config.Development")
@@ -11,6 +13,15 @@ with app.app_context():
     app.config.from_object(environment_configuration)
     user_datastore = SQLAlchemySessionUserDatastore(database.get_session(), database.User, database.Role)
     security = Security(app, user_datastore, False)
+    CONF_URL = "https://accounts.google.com/.well-known/openid-configuration"
+    oauth = OAuth(app)
+    oauth.register(
+        name="google",
+        server_metadata_url=CONF_URL,
+        client_kwargs={
+            "scope": "openid email profile"
+        }
+    )
 app.register_blueprint(admin.Admin)
 
 
@@ -102,8 +113,22 @@ def next_multiple_choice():
         return jsonify(None), 204
 
 
+def get_auth_url(redirect_uri, **kwargs):
+    rv = oauth.google.create_authorization_url(redirect_uri, **kwargs)
+
+    if oauth.google.request_token_url:
+        request_token = rv.pop('request_token', None)
+        oauth.google._save_request_token(request_token)
+
+    oauth.google.save_authorize_data(request, redirect_uri=redirect_uri, **rv)
+    return rv["url"]
+
+
 @app.route("/login", methods=["GET", "POST"])
 def login():
+    redirect_uri = url_for("auth_google", _external=True)
+    google_url = get_auth_url(redirect_uri)
+
     next_page = request.args.get("next", default=url_for("index"))
     if request.method == "POST":
         email = request.form.get("email")
@@ -115,7 +140,27 @@ def login():
             return redirect(url_for("login"))
         login_user(user, remember=remember)
         return redirect(next_page)
-    return render_template("login.html", title="login")
+    return render_template("login.html", title="login", google_url=google_url)
+
+
+@app.route("/login/auth/google")
+def auth_google():
+    token = oauth.google.authorize_access_token()
+    user = oauth.google.parse_id_token(token)
+    unique_id = user["sub"]
+    email = user["email"]
+    username = user["given_name"]
+    user = database.get_user(google_id=unique_id)
+    if user is not None:
+        login_user(user)
+    else:
+        user = database.add_user(email, None, username, google_id=unique_id)
+        if user is not None:
+            login_user(user)
+        else:
+            flash("That email is already in use. Login with that email or choose a different account.")
+            return redirect(url_for("login"))
+    return redirect(url_for("index"))
 
 
 @app.route("/register", methods=["GET", "POST"])
diff --git a/QuizTheWord/config.py b/QuizTheWord/config.py
index e7e1f87..77be34c 100644
--- a/QuizTheWord/config.py
+++ b/QuizTheWord/config.py
@@ -14,6 +14,8 @@ class Config:
     DB_PORT = environ.get("DB_PORT")
     DB_NAME = environ.get("DB_NAME")
     SECURITY_REGISTERABLE = True
+    GOOGLE_CLIENT_ID = environ.get("GOOGLE_CLIENT_ID")
+    GOOGLE_CLIENT_SECRET = environ.get("GOOGLE_CLIENT_SECRET")
 
 
 class Production(Config):
diff --git a/QuizTheWord/database.py b/QuizTheWord/database.py
index 2c05467..4852f6f 100644
--- a/QuizTheWord/database.py
+++ b/QuizTheWord/database.py
@@ -4,7 +4,7 @@ from flask_security import UserMixin, RoleMixin, SQLAlchemySessionUserDatastore,
 import sqlalchemy
 from typing import Union, Optional, Literal, Type, List, Tuple
 import random
-from sqlalchemy import Column, JSON, String, Integer, create_engine, ForeignKey, func, Boolean, UnicodeText, DateTime
+from sqlalchemy import Column, JSON, String, Integer, create_engine, ForeignKey, func, Boolean, UnicodeText, DateTime, Numeric, CheckConstraint
 from sqlalchemy.sql.expression import and_
 from sqlalchemy.ext.declarative import declarative_base
 from sqlalchemy.ext.associationproxy import association_proxy
@@ -51,7 +51,7 @@ class User(Base, UserMixin):
     user_id = Column(Integer, primary_key=True)
     email = Column(String, unique=True, nullable=False)
     username = Column(String, unique=True)
-    password = Column(String, nullable=False)
+    password = Column(String, nullable=True)
     active = Column(Boolean, nullable=False)
     last_login_at = Column(DateTime())
     current_login_at = Column(DateTime())
@@ -59,6 +59,12 @@ class User(Base, UserMixin):
     current_login_ip = Column(String(100))
     login_count = Column(Integer)
     fs_uniquifier = Column(String, unique=True, nullable=False)
+    google_id = Column(Numeric, nullable=True)
+
+    __table_args__ = (
+        CheckConstraint("(password IS NOT NULL) OR (google_id IS NOT NULL)", "password_google_id_null_check"),
+    )
+
     roles = relationship("Role", secondary="users_roles")
 
     def check_password(self, password):
@@ -356,11 +362,14 @@ def update_question(question_id, data):
     session.commit()
 
 
-def add_user(email, password):
+def add_user(email, password, username=None, **kwargs):
     session = get_session()
     user_datastore = get_user_datastore()
     if user_datastore.find_user(email=email) is None:
-        user = user_datastore.create_user(email=email, password=hash_password(password), username=email)
+        password_hash = hash_password(password) if password is not None else None
+        if username is None:
+            username = email
+        user = user_datastore.create_user(email=email, password=password_hash, username=username, **kwargs)
         session.add(user)
         role = session.query(Role).filter(Role.name == "basic").one_or_none()
         if role is not None:
@@ -375,9 +384,13 @@ def add_user(email, password):
     return None
 
 
-def get_user(user_id) -> User:
+def get_user(user_id=None, google_id=None) -> User:
     session = get_session()
-    return session.query(User).filter(User.user_id == user_id).one_or_none()
+    if user_id is not None:
+        user = session.query(User).filter(User.user_id == user_id).one_or_none()
+    else:
+        user = session.query(User).filter(User.google_id == google_id).one_or_none()
+    return user
 
 
 def update_user(user_id, data):
diff --git a/QuizTheWord/static/images/sign_in_with_google.png b/QuizTheWord/static/images/sign_in_with_google.png
new file mode 100644
index 0000000000000000000000000000000000000000..b1327b4f7b47c04368da6c4b066645453398eca5
GIT binary patch
literal 3983
zcmV;A4{-2_P)<h;3K|Lk000e1NJLTq006%L001rs1^@s6dC<t<00001b5ch_0Itp)
z=>Px^Nl8RORCodHT?=$n)w%v==FB6L2}BY?f<Z$=VvGUQ077eM0TEe9u`JgT?7f$E
z6|7Zjt$k2U+l6aYE!39QN|&ytRjgF$y`;Ayy_80{ZKNtM3x!ky5s@^Q7$G#1d7hcm
zZ=W-dGm{BSCW(af{A-=e*?a$IKfe9#|Nr-%GXNN3AYdS1AYdTy?}dOVX}BUCy^@NI
zq=CRCjex@5M=y0Cdh(lQee39L_Uyt9X0xT}k{+hfc>{qY1j6Ca>0o#JeY@9{|CU8!
z5kS)ESnSSmKl}bNXW<Q#^w~O%i*)<uaTyQ)#($AoH<}#@2nd62bro#jSYGBOi!qtS
zpNL3ii!|(rFZwpz7Go4J<MYx&K=7MAj#+j+`Sl^tr8O#}w*~^~BM{@cp8V-QZfF_^
zi~s}-@{fQ?G=`8F0tWdr!_9bV1R!9Le*{dTF@($zFvy=7ZpKq100D#iBVZDZA!LSt
zLH^8eGoBg&2*eKj2V*S3qfPK_t%rQ#I6`f$P=Wzi^2WkC`C8aNH6ONVGY6v?qYeXs
zK|x?p$RBEdAKmL7LGa-IUY!d4;}pc@+rAZ2)l`gHy#|(|%X{e=83qC$H39<;dxA}W
z!`XX3my-C&gOLv(MECl~le3MqfxtyUU_h2X)Y*Y^4?h6K-JQ^ROYs$uO3R^y!;o8=
z5oQP^L@KMmsP8<MpgWX_qVX0it+XJQqwF~sM#Fv?hXY!Rr4?2@Fx`xOulljEZIF9m
zGo$u1RyaFk)b0uma^;EDEuCY>oH1cMvn7bbiA8FvsLF=tK5a$UQ9th3qQ1|SLMug9
zt{JPQNhlz8L4Ozr-jdPKl|pZ*va%&?{)!#B9|m#HGXb;=K|2E?fA_jI3B)&#Er9F(
z)v(X1N$9G-aTmj$myz?WM_|qwl~6WRiRDYOu=1Kj$F_Km4S(3|#kv*+H%_;qasp63
zFNBT1>IW&(=y1`;te9I$XiH6~BKcF1GL34|P%+`=SrW>q`N>?8zsrPGOKhmlR<P-R
z0%+tycUn#An_Lci8r4Nqrq8nDdvm1t8(_>|z`SJ#d|0`CXcx1-mkuVR922tinS*$r
zG5M9VufbYakD#R(2$^Bd%SY}HpMhn3?|9x`GY8`Os3fP<79qZZrUL=|?ig_6Y#VBd
zOjvNc4ZmOO#|~QjiM0HC|1!A57h^pAb^tFOP>|hDPcx*0CdvO8z`W54wnwaTWf>QP
zO~J>k8u??*r_0%~R;-B-zw_N7o_{lhvTLnae3b<gueW2x8y;-@h&+HgGwioFHi*H!
z$(a1%_g{d0>KRxHz38c*i0m)io09m0+uihPb6F#L-Vh$%E<*%m4Yc-~Ry$B=F{3&c
zc&F5YtFJU8*kZ!A55#X9OsM@&2WC$&LkcNq?NH##HNkz%j}^Osx-ZyqnLmWLX<euB
zSy1QHkpRB>idKI@&$8JDEq~4!1x0U#feIU*S}4KS6+*Yog0egl<Ukm&Zueo`VfA+v
z@yEwX*!UkdINF0)`Rkyn|I@qeDCmr*pJuwqBjdrkAZAxcm^@0s)Po8hT5iV#o2bf!
zJHO<_#O+@EDpIo}U&7O0v}tX7!}!0KefTjkNtUG_mmn;z+!4SXY+sd@5Ns>6v7o?&
zSy!8|@pTQaRkzx4YlQ_aw&`<+@W&l~{P^v7omJP_@QoS?g)Y8GNxYg524eFe>RrT;
z?XDRTT!gdpl#H`Z3yMNwT&csHswykKG1rR1EUmtS`~CRl0K&?Q$*-K-qv9fs^CD+e
zJFN3=QPcWAkH38WAE4Y=Zb1zvZ?NU`KNa=Y3R0GY=RQx;?+l{;WC)*K+Y@VQ#RLoT
zIVpt^pZdT`C*~Gt#qNL!#q<(F9HX?)vD9_BB+SeM+%!clPQb(|c6{ycGS;+c&&B_m
zP&AtQS!PfjUb^mFF=6aaAxS`<kT7N}SVS*$*q`Vf&MA<nn_ptV4G7}RatW1!JZyV5
z)7#kZGLa^<9jrS)-^{ud<Pk<INfbp>;(gQxh<-_<`5fE!v26$YwfJ^B_OJD!Q55PV
zFIyXL^T9-qxUQ}T>vVc6?#RM2hIK;RUK$EAc=1vva_c=<!v#>p1^<(US`U0I7h|fV
z=XhZ>uw=80s_Aw-$dFBlD9@iDAzvhjeX1}=c=I1}?;@U%1FX+xLiH>Mp7wch_v<t;
z8AxJK+@A`3@5Qvuc~`+?A=*jOaG0B<^IU%=A%{fTf_QR|R(EcZ759GDiC0%UvHm6t
zav}`|^i6YfRihGLLH(v4ELq=!x+5B(Q3`0E3bsbdw+iM_^2TTc&{FZg2`)QYiCe~3
z)_Smnq-z!J6SG<LLJ7i-9sE$_SWq<<n14+aS2I3Y0ZhL_o3hqs&ErIDGXnH-E7p6l
zUyTtIJpYsjwR*1-X?szuZ8Iv8+h(hmITLyVVQtskYD4WUHuZDGl^ieeTB;I1iianL
zSIs;tF*f18n>FIMa-Xnhy$82%3c$^(T_o{xF0kbh;=g}LE5EHisQtW(xTFem?!QSR
z{)s(aEO^2Lp)aItrWK{?UH|`NPX7M4)$55sloY*62A;94!H0Q2^WhIiL+BDGJQfqC
z%y8g^JEOKS-bPM7t+YszK=miJ{QqxBVNF=RIZ}SsA9wHZn$CacZjWw$!)TA3Iz>Jb
z9(<i)hLDOXF3R!o#Z`KZ6`v>;Q>Ngpqbd5wlBl(}MQ=n!l=Rv*VYE|gPmat@HA9!0
zDcrzcZ&g2MjR$fH&1z_b4`uu!g2#&uL6zK~g};*R2`?o2xwBClOZQ0`??eVWj@Ca~
zz9SO0be{@q&x^-;2|ZzCQBIibz~=k2P#5tkv=J#iMXxGSWb|f23Z;};jtM+JJfar)
zJSUJ94#8rMS}E;`;v}mWBo6I#>ru&#xY%fVus*98O5Mb;<=EjM)@{+iui<IMx4DsX
zmDsQ%TSh9<2_U0}&zVG?Xy2mcfs_?Qwfgu>gr^TBps^_g-wcK+?6Z*8J${@hwWH=L
z8y1R;PzbyGIG&Aq0-=^5X|=83aJzz;46DYB6N@Z_9a}wUA{L*xB@2rum=NTmC}1d<
zia2^(Cgxh~JzN5?c(keJWizgcmG^<OcsiwU91`o5xUf3U@t#H~m8VGgY*J>bF(j#^
zPKI-)!A$Zu%cJnnnM&MsvJs0WekwtE<K0oJXxaa}FNmM+h_mL3yrFSC)z{mwxP+U^
z5@6f28XX!Bh2SRng{K!*G2RQHyOXgn^Ih}~3{}y>!tvbfUNmV7;S~E&rfyz=w-|r#
z=5*KOSya-wxjEc>fzG)-7f|S<xV3{Gg&X=}Vz~SbFJA0YaGJW6nhjB(YH22x+`zl|
zUBC^@Y2Z~QzE2UQjK@XPrdf92%3|Uu4ivb@8KW*h1szl<i!8=TWh~#za(W!G(e6v4
zi@JHY7hhI4+zbJ)BYls^8Gi?mIr+ye$M4_Wi66M9kVqChb!Zc&j=dViu5l^*f6k*|
z%iib^w0|6EhB!4D0;zvf#+@aM5sP@Pf4>FIog_0iirVCa@Ol?8S>J9C!x09gGr4Jd
zkS_I>HU*U>y1sF-WCRqe5SzF2S*8fT^}XSJ82j0WGA>{+Hr)LI`4RC3f*|i5i!(85
zIHUDwX%m*Ma$wwcKei^-tWQRt(dRYp@?-zCPE>PKyz(9==Do|da(K+i6RMaHuRSF2
zTrS3kzMh3eI=q@V$ERtP|9f8u)ioAWFLa`=Tt<%A&=L>1BZ!x{psxKJ%jw;w%y(jA
znG6TZRr2d#SKCuDjMrB=$B9joWSp^EP|4FL)R=MGlL7TaFV?>_Z!$K$j{Lc3$o`y4
ze9=~??=0@#`CT-&?d#R_(X%J;z~*<+b~YaJ%&W4*;>%tS3^1dcru&}y09wg9iG&tJ
z&LxQMb22v6C7!Nmu3ACuFMK#eH!3WY(AT?gaN%;jB*;H|w6P@UC1@}~>zzRSIA=vf
zp^DxE=^x)2A$ZrRkY?rEWHhUlDcIK($59I()Ta2jf^8&~5EoB(D#oa{+Ml%BR`AUY
zUc7Ny>?wGnRU&D`=Sk7ALw-CatTfws^jYfgI9T8{g?I_$aO{9TW|j9g`mo_ZNX2m?
zkA3sG(%dBe_nznREp;2YCwnQfZz*OQ>PZjt1uhAvJrN8=eLvbGs~)<L3q=rL=CN7b
zi<uE$G^Jb4$eR18+w<zf*&;tJ>F|7rW!oP_cQ7HS!xgR~lwUTHdrUJ<cDLc}v+uwZ
zcJS=_E?7O)$Yv<}^Oac`H#+^bH}A2;Hqz=Km2$YRC=li_sG#LMRTS}chx<wt{IXF-
zM~?~rb!Qfq((-m5@!^i&>6w#m%NJ3PV=m>GTWDbiBs@+m6_G0)c1vWjC)X$N6^8|G
zmJ3q%5>W>?xWa%W;Lk;~X0e3V{><ZC?gJ~P@>}Kk{8pKs?ye{N=Luz4A6>YI^LhF_
z^VzE(k&K<S>MlezBN=(~XvGE2Jp5#KEx!KRTAc9<v#H5@?$Z#LUKFzr-l8Wl%6}Uk
znZ3MU#Mjr;-}~;qCMBUF9?dPZVJ1z^w5x4!GxpC_V*&*Yf4anoFUG|&w<L@&!vy1Z
zvHv-rTo7MT2g9~xx#?!Hfj9G#(8Z85SA2ItIk7)@fxff8WH+2#d7A0;O>Z9+PR=jK
z#`)hzb-^`#XvDKiaxTXci$9L*^zn4O_#)mh?0J@7_%Ocpk@zkP!yF#tJ^!2sKOZEZ
zFXG^aWz!9>_)vF1Mkj5s_`=Y~Z=K&@XtQ!x>Lc8t7{q|Wp5zWSojHyz$9LfPx%bfO
zejol&0C|pFROOXpZt)G6!^_N2C=<yv?8&4p<C&3*z@UXa$q-eJnS{z2lajNIw1L2|
zL?AOWJS>M|bjm=We+U@l?;l=<_6S12ApZ!OOk*hhL%<+^|L`)jM-T!A`A5)X8bj$H
z0tWf}hnJx}f)FssKY}LH7)t*TFv#COybSFTgn*v>N=Wv7ApY~W;U>eePs0r(qdyl$
zK=7MdvA6y7FSdm{o3=i-deg177Hd}Q4bux(X=oS-41WYdL2qZr-(Pu@J&nCQq<^<Z
zcmeT`4P4Gk{C-Yf#-t$z0+%cT!rF^}O5`8B#1GBX1&~Z|u>izxX_E7qWr%^mC5?bs
p0OI}hnB~8uM`Lu}KwuyU{0ol9?A&&aoGkzV002ovPDHLkV1g7pu<!r?

literal 0
HcmV?d00001

diff --git a/QuizTheWord/templates/base.html b/QuizTheWord/templates/base.html
index a3bb568..0018329 100644
--- a/QuizTheWord/templates/base.html
+++ b/QuizTheWord/templates/base.html
@@ -29,6 +29,11 @@
         </li>
       </ul>
       <ul class="navbar-nav ms-auto">
+        {% if has_admin_access %}
+          <li class="nav-item me-1">
+            <a class="nav-link" href="{{ url_for('admin.index') }}">Admin</a>
+          </li>
+        {% endif %}
         {% if not user_authenticated %}
         <li class="nav-item">
           <a class="btn btn-primary" href="{{ url_for('login') }}">Login</a>
diff --git a/QuizTheWord/templates/login.html b/QuizTheWord/templates/login.html
index a62bf48..21a3500 100644
--- a/QuizTheWord/templates/login.html
+++ b/QuizTheWord/templates/login.html
@@ -19,6 +19,11 @@
           </div>
           <button id="submit" name="submit" type="submit" class="btn btn-primary">Submit</button>
         </form>
+      <div class="mt-3">
+        <a href="{{ google_url }}">
+            <img src="/static/images/sign_in_with_google.png" alt="Sign in with Google">
+        </a>
+      </div>
       <div class="mt-3">
         Don't have an account? <a href="{{ url_for('register') }}">Register</a>
       </div>
diff --git a/requirements.txt b/requirements.txt
index 6dc84fb..5ed1bec 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -13,4 +13,9 @@ Flask-Security-Too~=4.0.0
 pytest~=6.2.2
 gunicorn~=20.1.0
 html5validate~=0.0.2
-bcrypt
\ No newline at end of file
+Authlib~=0.15.4
+Flask-WTF~=0.14.3
+bcrypt~=3.2.0
+WTForms~=2.3.3
+html5validate~=0.0.2
+requests~=2.26.0
\ No newline at end of file