Task/ssad 115/create login using google

[Darsicl]

dev

JIRA

• Main JIRA ticket

Code reviewers

• @DrFaust555
• @Serpantyn
• @Sohatzk

Summary of issue

Create an accessibility to LogIn using Google Auth

Summary of change

Create an accessibility to LogIn using Google Auth

Authentication Flow: Fixed JWT and Cookie scheme conflicts in Program.cs. Integrated Google OAuth with automatic user registration.

Business Logic:
Updated LoginWithGoogleHandler to handle automatic user creation and role assignment.

Mapping:
Updated AuthProfile (AutoMapper) to correctly map Name and Surname from Google DTO to ApplicationUser.

Testing:
Added LoginWithGoogleDTOValidatorTests, LoginWithGoogleHandlerTests
Infrastructure: Updated docker-compose to support a unified SQL Server instance with multiple databases.

CHECK LIST

• СI passed
• Сode coverage >=95%
• PR is reviewed manually again (to make sure you have 100% ready code)
• All reviewers agreed to merge the PR
• I've checked new feature as logged in and logged out user if needed
• PR meets all conventions

[sonarqubecloud]

Quality Gate failed

Failed conditions
67.9% Coverage on New Code (required ≥ 80%)

See analysis details on SonarQube Cloud

[Serpantyn]

approved

[DrFaust555]

Problems:

1. Security — GoogleCallback does not validate null claims
   In AuthController.cs GoogleCallback() — result.Principal.FindFirstValue(ClaimTypes.Email/Name/Surname) can return null. These null values ​​are passed to LoginWithGoogleDTO, and then to the handler — where CreateAsync will create a user without email. A null check is required before creating the command.

2. Security — GoogleCallback is available without authorization
   Endpoint google-callback — public, but it reads Cookie-based authentication result. An attacker can send a request directly. It is worth checking result.Succeeded in more detail or adding an anti-forgery token via state parameter.

3. appsettings.json — Google credentials as placeholders
   "ClientId": "clientID", "ClientSecret": "clientSecret" — are OK as placeholders, but it is better to comment that it should be replaced, or use user secrets.

4. docker-compose.yml — not in this PR
   Docker-compose first appeared in this PR. It is not related to Google Auth — it is infrastructure, should be a separate PR or already exist on dev.

5. Microsoft.AspNetCore.Authentication.Cookies version 2.3.9
   Added Microsoft.AspNetCore.Authentication.Cookies version 2.3.9 to .csproj — this is a very old version (for .NET Core 2.x). For .NET 8 cookies middleware is already built into Microsoft.AspNetCore.App — this package is not needed and may cause conflicts.

6. Coverage 67.9% — Quality Gate Failed
   SonarCloud requires ≥80%. There is no test for GoogleCallback (controller) and no sad-path test for handler (when CreateAsync returns failure).

7. Handler — double.Parse without culture
   double.Parse(_configuration["Jwt:ExpireMinutes"]!) — without CultureInfo.InvariantCulture may give an error on systems with a comma as a decimal separator. Although this is already in the existing Login handler, it is worth fixing.

8. LoginWithGoogleDTO — no string? nullable annotations
   Properties Email, Name, Surname — string without ?, but may come null from Google claims.