From dd741aeb65b3272b07c97323cc4641a98ffcaccf Mon Sep 17 00:00:00 2001
From: Erik <eguntner2291@gmail.com>
Date: Tue, 11 Jun 2024 16:55:40 -0700
Subject: [PATCH 1/7] Write specs for google sign up and sign in routes

---
 api/openapi_server/openapi/openapi.yaml       |  6 +++-
 .../openapi/paths/auth/authGoogleSignIn.yaml  | 28 +++++++++++++++++++
 .../openapi/paths/auth/authGoogleSignUp.yaml  | 28 +++++++++++++++++++
 3 files changed, 61 insertions(+), 1 deletion(-)
 create mode 100644 api/openapi_server/openapi/paths/auth/authGoogleSignIn.yaml
 create mode 100644 api/openapi_server/openapi/paths/auth/authGoogleSignUp.yaml

diff --git a/api/openapi_server/openapi/openapi.yaml b/api/openapi_server/openapi/openapi.yaml
index a7ac88cf..a9b33fb7 100644
--- a/api/openapi_server/openapi/openapi.yaml
+++ b/api/openapi_server/openapi/openapi.yaml
@@ -43,6 +43,10 @@ paths:
     $ref: "./paths/auth/authPrivate.yaml"
   /auth/google:
     $ref: "./paths/auth/authGoogle.yaml"
+  /auth/google/sign_up:
+    $ref: "./paths/auth/authGoogleSignUp.yaml"
+  /auth/google/sign_in:
+    $ref: "./paths/auth/authGoogleSignIn.yaml"
   /auth/new_password:
     $ref: "./paths/auth/authNewPassword.yaml"
   /auth/invite:
@@ -79,4 +83,4 @@ components:
           title: message
           type: string
       title: ApiResponse
-      type: object
\ No newline at end of file
+      type: object
diff --git a/api/openapi_server/openapi/paths/auth/authGoogleSignIn.yaml b/api/openapi_server/openapi/paths/auth/authGoogleSignIn.yaml
new file mode 100644
index 00000000..0c9a7b0d
--- /dev/null
+++ b/api/openapi_server/openapi/paths/auth/authGoogleSignIn.yaml
@@ -0,0 +1,28 @@
+post:
+  description: Sign in user from OAuth Provider
+  operationId: google_sign_in
+  requestBody:
+    required: true
+    content:
+      application/json:
+        schema:
+          type: object
+          properties:
+            code:
+              type: string
+  parameters:
+    - in: query
+      name: callback_uri
+      schema:
+        type: string
+      required: true
+  responses:
+    "200":
+      content:
+        application/json:
+          schema:
+            $ref: "../../openapi.yaml#/components/schemas/ApiResponse"
+      description: successful operation
+  tags:
+    - auth
+  x-openapi-router-controller: openapi_server.controllers.auth_controller
diff --git a/api/openapi_server/openapi/paths/auth/authGoogleSignUp.yaml b/api/openapi_server/openapi/paths/auth/authGoogleSignUp.yaml
new file mode 100644
index 00000000..8e1db7d4
--- /dev/null
+++ b/api/openapi_server/openapi/paths/auth/authGoogleSignUp.yaml
@@ -0,0 +1,28 @@
+post:
+  description: Sign in user from OAuth Provider
+  operationId: google_sign_up
+  requestBody:
+    required: true
+    content:
+      application/json:
+        schema:
+          type: object
+          properties:
+            code:
+              type: string
+  parameters:
+    - in: query
+      name: callback_uri
+      schema:
+        type: string
+      required: true
+  responses:
+    "200":
+      content:
+        application/json:
+          schema:
+            $ref: "../../openapi.yaml#/components/schemas/ApiResponse"
+      description: successful operation
+  tags:
+    - auth
+  x-openapi-router-controller: openapi_server.controllers.auth_controller

From 14155a0786b97d2371cf0dc3a04201cdc3b4fab5 Mon Sep 17 00:00:00 2001
From: Erik <eguntner2291@gmail.com>
Date: Tue, 11 Jun 2024 16:56:14 -0700
Subject: [PATCH 2/7] create controllers for google sign up and sign in

---
 .../controllers/auth_controller.py            | 138 +++++++++++++++++-
 1 file changed, 137 insertions(+), 1 deletion(-)

diff --git a/api/openapi_server/controllers/auth_controller.py b/api/openapi_server/controllers/auth_controller.py
index 7812d399..d6df6d86 100644
--- a/api/openapi_server/controllers/auth_controller.py
+++ b/api/openapi_server/controllers/auth_controller.py
@@ -283,7 +283,143 @@ def signout():
     # send response
     return response
 
-def token():    # get code from body
+def google_sign_in():
+    print('google_sign_in')
+    # get code from body
+    code = request.get_json()['code']
+    client_id = current_app.config['COGNITO_CLIENT_ID']
+    client_secret = current_app.config['COGNITO_CLIENT_SECRET']
+    callback_uri = request.args['callback_uri']
+
+    token_url = f"{cognito_client_url}/oauth2/token"
+    auth = requests.auth.HTTPBasicAuth(client_id, client_secret)
+    redirect_uri = f"{current_app.root_url}{callback_uri}"
+
+    params = {
+      'grant_type': 'authorization_code',
+      'client_id': client_id,
+      'code': code,
+      'redirect_uri': redirect_uri
+    }
+
+    # get tokens from oauth2/token endpoint
+    response = requests.post(token_url, auth=auth, data=params)
+
+    refresh_token = response.json().get('refresh_token')
+    access_token = response.json().get('access_token')
+    id_token = response.json().get('id_token')
+
+    # retrieve user data
+    try:
+        user_data = current_app.boto_client.get_user(AccessToken=access_token)
+    except botocore.exceptions.ClientError as e:        
+        code = e.response['Error']['Code']
+        message = e.response['Error']['Message']
+        raise AuthError({
+                  "code": code, 
+                  "message": message
+              }, 401)
+
+    # create user object from user data
+    user_attrs = get_user_attr(user_data)
+
+    with DataAccessLayer.session() as db_session:
+        user_repo = UserRepository(db_session)
+        signed_in_user = user_repo.get_user(user_attrs['email'])
+        if(bool(signed_in_user) == True):
+            user = user_schema.dump(signed_in_user)
+
+    # set refresh token cookie
+    session['refresh_token'] = refresh_token
+    session['username'] = user_attrs['email']
+    session['id_token'] = id_token
+
+
+    # return user data json
+    return {
+        'token': access_token,
+        'user': user
+    }
+
+def google_sign_up():
+    print('google_sign_in')
+
+    # get code from body
+    code = request.get_json()['code']
+    client_id = current_app.config['COGNITO_CLIENT_ID']
+    client_secret = current_app.config['COGNITO_CLIENT_SECRET']
+    callback_uri = request.args['callback_uri']
+
+    token_url = f"{cognito_client_url}/oauth2/token"
+    auth = requests.auth.HTTPBasicAuth(client_id, client_secret)
+    redirect_uri = f"{current_app.root_url}{callback_uri}"
+
+    params = {
+      'grant_type': 'authorization_code',
+      'client_id': client_id,
+      'code': code,
+      'redirect_uri': redirect_uri
+    }
+
+    # get tokens from oauth2/token endpoint
+    response = requests.post(token_url, auth=auth, data=params)
+
+    refresh_token = response.json().get('refresh_token')
+    access_token = response.json().get('access_token')
+    id_token = response.json().get('id_token')
+
+    # retrieve user data
+    try:
+        user_data = current_app.boto_client.get_user(AccessToken=access_token)
+    except botocore.exceptions.ClientError as e:        
+        code = e.response['Error']['Code']
+        message = e.response['Error']['Message']
+        raise AuthError({
+                  "code": code, 
+                  "message": message
+              }, 401)
+
+    # create user object from user data
+    user_attrs = get_user_attr(user_data)
+
+    user_role = callback_uri.split('/')[2].capitalize()
+    role = UserRole.COORDINATOR if user_role == 'Coordinator' else UserRole.HOST
+
+    try:
+        with DataAccessLayer.session() as db_session:
+            user_repo = UserRepository(db_session)
+            user_repo.add_user(
+                email=user_attrs['email'],
+                role=role,
+                firstName=user_attrs['first_name'],
+                middleName=user_attrs.get('middle_name', ''),
+                lastName=user_attrs.get('last_name', '')
+            )
+    except Exception as error:
+        raise AuthError({"message": str(error)}, 400)
+    
+    with DataAccessLayer.session() as db_session:
+        user_repo = UserRepository(db_session)
+        signed_in_user = user_repo.get_user(user_attrs['email'])
+        if(bool(signed_in_user) == True):
+            user = user_schema.dump(signed_in_user)
+        else:
+            raise AuthError({"message": "User not found in database"}, 400)
+        
+    # set refresh token cookie
+    session['refresh_token'] = refresh_token
+    session['username'] = user_attrs['email']
+    session['id_token'] = id_token
+
+
+    # return user data json
+    return {
+        'token': access_token,
+        'user': user
+    }
+
+def token():    
+    # get code from body
     code = request.get_json()['code']
     client_id = current_app.config['COGNITO_CLIENT_ID']
     client_secret = current_app.config['COGNITO_CLIENT_SECRET']

From bbe44a672433ffee71a03922fbaef7f25af4ad10 Mon Sep 17 00:00:00 2001
From: Erik <eguntner2291@gmail.com>
Date: Tue, 11 Jun 2024 17:40:42 -0700
Subject: [PATCH 3/7] Rollback aws user if no role or has not signed up

---
 .../controllers/auth_controller.py            | 58 +++++++++++++++++--
 1 file changed, 53 insertions(+), 5 deletions(-)

diff --git a/api/openapi_server/controllers/auth_controller.py b/api/openapi_server/controllers/auth_controller.py
index d6df6d86..6b4aaeb1 100644
--- a/api/openapi_server/controllers/auth_controller.py
+++ b/api/openapi_server/controllers/auth_controller.py
@@ -284,7 +284,6 @@ def signout():
     return response
 
 def google_sign_in():
-    print('google_sign_in')
     # get code from body
     code = request.get_json()['code']
     client_id = current_app.config['COGNITO_CLIENT_ID']
@@ -323,11 +322,33 @@ def google_sign_in():
     # create user object from user data
     user_attrs = get_user_attr(user_data)
 
+    # check if user exists in database
     with DataAccessLayer.session() as db_session:
         user_repo = UserRepository(db_session)
         signed_in_user = user_repo.get_user(user_attrs['email'])
         if(bool(signed_in_user) == True):
             user = user_schema.dump(signed_in_user)
+        else:
+            #if user does not exist in database, they haven't gone through sign up process, delete user from Cognito and return error
+            try:
+                current_app.logger.info('Deleting user from Cognito')
+                response = current_app.boto_client.admint_delete_user(
+                    UserPoolId=current_app.config['COGNITO_USER_POOL_ID'],
+                    Username=user_attrs['email']
+                )
+                current_app.logger.info('User deleted from Cognito')
+                raise AuthError({
+                    'code': 'invalid_role',
+                    'message': 'Invalid role. no role found provided'
+                }, 400)
+            except botocore.exceptions.ClientError as e:
+                current_app.logger.error('Failed to delete user from Cognito')
+                code = e.response['Error']['Code']
+                message = e.response['Error']['Message']
+                raise AuthError({
+                    'code': code,
+                    'message': message
+                }, 400)
 
     # set refresh token cookie
     session['refresh_token'] = refresh_token
@@ -342,8 +363,6 @@ def google_sign_in():
     }
 
 def google_sign_up():
-    print('google_sign_in')
-
     # get code from body
     code = request.get_json()['code']
     client_id = current_app.config['COGNITO_CLIENT_ID']
@@ -381,9 +400,38 @@ def google_sign_up():
 
     # create user object from user data
     user_attrs = get_user_attr(user_data)
-
     user_role = callback_uri.split('/')[2].capitalize()
-    role = UserRole.COORDINATOR if user_role == 'Coordinator' else UserRole.HOST
+
+    role = None
+    if user_role == 'Coordinator':
+        role = UserRole.COORDINATOR
+    
+    if user_role == 'Host':
+        role = UserRole.HOST
+    
+    # if role is None, delete user from Cognito and return error
+    if role is None:
+        try:
+            current_app.logger.info('Deleting user from Cognito')
+            response = current_app.boto_client.admint_delete_user(
+                UserPoolId=current_app.config['COGNITO_USER_POOL_ID'],
+                Username=user_attrs['email']
+            )
+            current_app.logger.info('User deleted from Cognito')
+            raise AuthError({
+                'code': 'invalid_role',
+                'message': 'Invalid role. no role found provided'
+            }, 400)
+        except botocore.exceptions.ClientError as e:
+            current_app.logger.error('Failed to delete user from Cognito')
+            code = e.response['Error']['Code']
+            message = e.response['Error']['Message']
+            raise AuthError({
+                'code': code,
+                'message': message
+            }, 400)
+
+
 
     try:
         with DataAccessLayer.session() as db_session:

From d1c214a2311c6b854bf461cda4d8473ded4306b5 Mon Sep 17 00:00:00 2001
From: Erik <eguntner2291@gmail.com>
Date: Tue, 11 Jun 2024 18:24:44 -0700
Subject: [PATCH 4/7] Update client to use new endpoints

---
 .../hooks/useAuthenticateWithOAuth.ts         | 29 ++++++++++++++-----
 app/src/services/auth.ts                      | 24 +++++++++++++++
 app/src/views/SignIn.tsx                      | 11 +++++--
 app/src/views/SignUp.tsx                      |  6 +++-
 4 files changed, 60 insertions(+), 10 deletions(-)

diff --git a/app/src/components/authentication/hooks/useAuthenticateWithOAuth.ts b/app/src/components/authentication/hooks/useAuthenticateWithOAuth.ts
index d687ae27..393e3be9 100644
--- a/app/src/components/authentication/hooks/useAuthenticateWithOAuth.ts
+++ b/app/src/components/authentication/hooks/useAuthenticateWithOAuth.ts
@@ -1,9 +1,16 @@
 import React from 'react';
 import {setCredentials} from '../../../app/authSlice';
 import {isFetchBaseQueryError, isErrorWithMessage} from '../../../app/helpers';
-import {useGetTokenMutation} from '../../../services/auth';
+import {TokenRequest, TokenResponse} from '../../../services/auth';
 import {useNavigate} from 'react-router-dom';
 import {useAppDispatch} from '../../../app/hooks/store';
+import {
+  MutationActionCreatorResult,
+  MutationDefinition,
+  BaseQueryFn,
+  FetchArgs,
+  FetchBaseQueryError,
+} from '@reduxjs/toolkit/query';
 
 // TODO: Maybe store this in a more global location? with routes?
 export const redirectsByRole = {
@@ -14,23 +21,33 @@ export const redirectsByRole = {
 };
 
 interface UseAuthenticateWithOAuth {
+  query: (
+    arg: TokenRequest,
+  ) => MutationActionCreatorResult<
+    MutationDefinition<
+      TokenRequest,
+      BaseQueryFn<string | FetchArgs, unknown, FetchBaseQueryError>,
+      'Hosts',
+      TokenResponse,
+      'api'
+    >
+  >;
   setErrorMessage: React.Dispatch<React.SetStateAction<string>>;
   callbackUri: string;
 }
 
 export const useAuthenticateWithOAuth = ({
+  query,
   setErrorMessage,
   callbackUri,
 }: UseAuthenticateWithOAuth) => {
   const navigate = useNavigate();
   const dispatch = useAppDispatch();
 
-  const [getToken, {isLoading: getTokenIsLoading}] = useGetTokenMutation();
-
   React.useEffect(() => {
     if (location.search.includes('code')) {
       const code = location.search.split('?code=')[1];
-      getToken({
+      query({
         code,
         callbackUri,
       })
@@ -51,7 +68,5 @@ export const useAuthenticateWithOAuth = ({
           }
         });
     }
-  }, [location, setErrorMessage, getToken, dispatch, navigate, callbackUri]);
-
-  return {getTokenIsLoading};
+  }, [location, setErrorMessage, dispatch, navigate, callbackUri, query]);
 };
diff --git a/app/src/services/auth.ts b/app/src/services/auth.ts
index a99c565b..83ad4396 100644
--- a/app/src/services/auth.ts
+++ b/app/src/services/auth.ts
@@ -130,6 +130,28 @@ const authApi = api.injectEndpoints({
         };
       },
     }),
+    googleSignUp: build.mutation<TokenResponse, TokenRequest>({
+      query: data => {
+        const {code, callbackUri} = data;
+        return {
+          url: `auth/google/sign_up?callback_uri=${callbackUri}`,
+          method: 'POST',
+          withCredentials: true,
+          body: {code},
+        };
+      },
+    }),
+    googleSignIn: build.mutation<TokenResponse, TokenRequest>({
+      query: data => {
+        const {code, callbackUri} = data;
+        return {
+          url: `auth/google/sign_in?callback_uri=${callbackUri}`,
+          method: 'POST',
+          withCredentials: true,
+          body: {code},
+        };
+      },
+    }),
     verification: build.mutation<void, VerificationRequest>({
       query: credentials => ({
         url: 'auth/verify',
@@ -212,6 +234,8 @@ export const {
   useSignOutMutation,
   useVerificationMutation,
   useNewPasswordMutation,
+  useGoogleSignUpMutation,
+  useGoogleSignInMutation,
   useGetTokenMutation,
   useForgotPasswordMutation,
   useConfirmForgotPasswordMutation,
diff --git a/app/src/views/SignIn.tsx b/app/src/views/SignIn.tsx
index 4a380979..83eccdbf 100644
--- a/app/src/views/SignIn.tsx
+++ b/app/src/views/SignIn.tsx
@@ -13,7 +13,11 @@ import CloseIcon from '@mui/icons-material/Close';
 import {setCredentials} from '../app/authSlice';
 import {useAppDispatch} from '../app/hooks/store';
 import {SignInForm} from '../components/authentication/SignInForm';
-import {SignInRequest, useSignInMutation} from '../services/auth';
+import {
+  SignInRequest,
+  useGoogleSignInMutation,
+  useSignInMutation,
+} from '../services/auth';
 import {isFetchBaseQueryError, isErrorWithMessage} from '../app/helpers';
 import {FormContainer} from '../components/authentication';
 import {
@@ -30,11 +34,14 @@ export const SignIn = () => {
   const navigate = useNavigate();
   const dispatch = useAppDispatch();
   const [signIn, {isLoading: signInIsLoading}] = useSignInMutation();
+  const [googleSignIn, {isLoading: getTokenIsLoading}] =
+    useGoogleSignInMutation();
   // const locationState = location.state as LocationState;
 
   // Save location from which user was redirected to login page
   // const from = locationState?.from?.pathname || '/';
-  const {getTokenIsLoading} = useAuthenticateWithOAuth({
+  useAuthenticateWithOAuth({
+    query: googleSignIn,
     setErrorMessage,
     callbackUri: '/signin',
   });
diff --git a/app/src/views/SignUp.tsx b/app/src/views/SignUp.tsx
index 8cee004a..dc632032 100644
--- a/app/src/views/SignUp.tsx
+++ b/app/src/views/SignUp.tsx
@@ -16,6 +16,7 @@ import {
   SignUpCoordinatorRequest,
   useSignUpHostMutation,
   useSignUpCoordinatorMutation,
+  useGoogleSignUpMutation,
 } from '../services/auth';
 import {isErrorWithMessage, isFetchBaseQueryError} from '../app/helpers';
 import {FormContainer} from '../components/authentication';
@@ -30,6 +31,8 @@ export const SignUp = () => {
     useSignUpHostMutation();
   const [signUpCoordinator, {isLoading: signUpCoordinatorIsLoading}] =
     useSignUpCoordinatorMutation();
+  const [googleSignUp, {isLoading: getTokenIsLoading}] =
+    useGoogleSignUpMutation();
   // get type from params
   // const locationState = location.state as LocationState;
 
@@ -37,7 +40,8 @@ export const SignUp = () => {
   // const from = locationState?.from?.pathname || '/';
 
   const callbackUri = `/signup/${type}`;
-  const {getTokenIsLoading} = useAuthenticateWithOAuth({
+  useAuthenticateWithOAuth({
+    query: googleSignUp,
     setErrorMessage,
     callbackUri,
   });

From cee6a81b8835ac53b103b9d47198f6a74f60e57b Mon Sep 17 00:00:00 2001
From: Erik <eguntner2291@gmail.com>
Date: Tue, 11 Jun 2024 18:25:11 -0700
Subject: [PATCH 5/7] Use aws username to delete users

---
 .../controllers/auth_controller.py               | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/api/openapi_server/controllers/auth_controller.py b/api/openapi_server/controllers/auth_controller.py
index 6b4aaeb1..9b2a721e 100644
--- a/api/openapi_server/controllers/auth_controller.py
+++ b/api/openapi_server/controllers/auth_controller.py
@@ -331,15 +331,17 @@ def google_sign_in():
         else:
             #if user does not exist in database, they haven't gone through sign up process, delete user from Cognito and return error
             try:
+                decoded = jwt.decode(id_token, algorithms=["RS256"], options={"verify_signature": False})
+                
                 current_app.logger.info('Deleting user from Cognito')
-                response = current_app.boto_client.admint_delete_user(
+                response = current_app.boto_client.admin_delete_user(
                     UserPoolId=current_app.config['COGNITO_USER_POOL_ID'],
-                    Username=user_attrs['email']
+                    Username=decoded["cognito:username"]
                 )
                 current_app.logger.info('User deleted from Cognito')
                 raise AuthError({
-                    'code': 'invalid_role',
-                    'message': 'Invalid role. no role found provided'
+                    'code': 'No user found',
+                    'message': 'No user found'
                 }, 400)
             except botocore.exceptions.ClientError as e:
                 current_app.logger.error('Failed to delete user from Cognito')
@@ -413,9 +415,11 @@ def google_sign_up():
     if role is None:
         try:
             current_app.logger.info('Deleting user from Cognito')
-            response = current_app.boto_client.admint_delete_user(
+            decoded = jwt.decode(id_token, algorithms=["RS256"], options={"verify_signature": False})
+
+            response = current_app.boto_client.admin_delete_user(
                 UserPoolId=current_app.config['COGNITO_USER_POOL_ID'],
-                Username=user_attrs['email']
+                Username=decoded["cognito:username"]
             )
             current_app.logger.info('User deleted from Cognito')
             raise AuthError({

From 4eddfc7402fe995b59ac7ec944ebdd2a24ca90ab Mon Sep 17 00:00:00 2001
From: Erik <eguntner2291@gmail.com>
Date: Tue, 11 Jun 2024 18:27:01 -0700
Subject: [PATCH 6/7] Remove token endpoint form backend

---
 .../controllers/auth_controller.py            | 88 -------------------
 api/openapi_server/openapi/openapi.yaml       |  2 -
 .../openapi/paths/auth/authToken.yaml         | 13 ---
 3 files changed, 103 deletions(-)
 delete mode 100644 api/openapi_server/openapi/paths/auth/authToken.yaml

diff --git a/api/openapi_server/controllers/auth_controller.py b/api/openapi_server/controllers/auth_controller.py
index 9b2a721e..6ba71acb 100644
--- a/api/openapi_server/controllers/auth_controller.py
+++ b/api/openapi_server/controllers/auth_controller.py
@@ -470,94 +470,6 @@ def google_sign_up():
         'user': user
     }
 
-def token():    
-    # get code from body
-    code = request.get_json()['code']
-    client_id = current_app.config['COGNITO_CLIENT_ID']
-    client_secret = current_app.config['COGNITO_CLIENT_SECRET']
-    callback_uri = request.args['callback_uri']
-
-    token_url = f"{cognito_client_url}/oauth2/token"
-    auth = requests.auth.HTTPBasicAuth(client_id, client_secret)
-    redirect_uri = f"{current_app.root_url}{callback_uri}"
-
-    params = {
-      'grant_type': 'authorization_code',
-      'client_id': client_id,
-      'code': code,
-      'redirect_uri': redirect_uri
-    }
-
-    # get tokens from oauth2/token endpoint
-    response = requests.post(token_url, auth=auth, data=params)
-
-    refresh_token = response.json().get('refresh_token')
-    access_token = response.json().get('access_token')
-    id_token = response.json().get('id_token')
-
-    # retrieve user data
-    try:
-        user_data = current_app.boto_client.get_user(AccessToken=access_token)
-    except botocore.exceptions.ClientError as e:        
-        code = e.response['Error']['Code']
-        message = e.response['Error']['Message']
-        raise AuthError({
-                  "code": code, 
-                  "message": message
-              }, 401)
-
-    # create user object from user data
-    user_attrs = get_user_attr(user_data)
-    
-    # check if user exists in database
-    user = None
-
-    with DataAccessLayer.session() as db_session:
-        user_repo = UserRepository(db_session)
-        signed_in_user = user_repo.get_user(user_attrs['email'])
-        if(bool(signed_in_user) == True):
-            user = user_schema.dump(signed_in_user)
-
-
-    # If not, add user to database and get user object
-    if(user is None):
-        user_role = callback_uri.split('/')[2].capitalize()
-        role = UserRole.COORDINATOR if user_role == 'Coordinator' else UserRole.HOST
-
-        try:
-            with DataAccessLayer.session() as db_session:
-                user_repo = UserRepository(db_session)
-                user_repo.add_user(
-                    email=user_attrs['email'],
-                    role=role,
-                    firstName=user_attrs['first_name'],
-                    middleName=user_attrs.get('middle_name', ''),
-                    lastName=user_attrs.get('last_name', '')
-                )
-        except Exception as error:
-            raise AuthError({"message": str(error)}, 400)
-        
-        with DataAccessLayer.session() as db_session:
-            user_repo = UserRepository(db_session)
-            signed_in_user = user_repo.get_user(user_attrs['email'])
-            if(bool(signed_in_user) == True):
-                user = user_schema.dump(signed_in_user)
-            else:
-                raise AuthError({"message": "User not found in database"}, 400)
-            
-    # set refresh token cookie
-    session['refresh_token'] = refresh_token
-    session['username'] = user_attrs['email']
-    session['id_token'] = id_token
-
-
-    # return user data json
-    return {
-        'token': access_token,
-        'user': user
-    }
-
-
 def current_session():
     user_data = None
     with DataAccessLayer.session() as db_session:
diff --git a/api/openapi_server/openapi/openapi.yaml b/api/openapi_server/openapi/openapi.yaml
index a9b33fb7..6b4dfdf7 100644
--- a/api/openapi_server/openapi/openapi.yaml
+++ b/api/openapi_server/openapi/openapi.yaml
@@ -27,8 +27,6 @@ paths:
     $ref: "./paths/auth/authConfirm.yaml"
   /auth/signout:
     $ref: "./paths/auth/authSignout.yaml"
-  /auth/token:
-    $ref: "./paths/auth/authToken.yaml"
   /auth/session:
     $ref: "./paths/auth/authSession.yaml"
   /auth/refresh:
diff --git a/api/openapi_server/openapi/paths/auth/authToken.yaml b/api/openapi_server/openapi/paths/auth/authToken.yaml
deleted file mode 100644
index f9ab6e61..00000000
--- a/api/openapi_server/openapi/paths/auth/authToken.yaml
+++ /dev/null
@@ -1,13 +0,0 @@
-post:
-  description: Sign in user from OAuth Provider
-  operationId: token
-  responses:
-    "200":
-      content:
-        application/json:
-          schema:
-            $ref: "../../openapi.yaml#/components/schemas/ApiResponse"
-      description: successful operation
-  tags:
-    - auth
-  x-openapi-router-controller: openapi_server.controllers.auth_controller

From 01678c32ddd1d422405d8226988de431c2aee113 Mon Sep 17 00:00:00 2001
From: Erik <eguntner2291@gmail.com>
Date: Tue, 11 Jun 2024 18:28:07 -0700
Subject: [PATCH 7/7] Remove get token mutation from frontend

---
 app/src/services/auth.ts | 12 ------------
 1 file changed, 12 deletions(-)

diff --git a/app/src/services/auth.ts b/app/src/services/auth.ts
index 83ad4396..3d0b453c 100644
--- a/app/src/services/auth.ts
+++ b/app/src/services/auth.ts
@@ -119,17 +119,6 @@ const authApi = api.injectEndpoints({
         body: credentials,
       }),
     }),
-    getToken: build.mutation<TokenResponse, TokenRequest>({
-      query: data => {
-        const {code, callbackUri} = data;
-        return {
-          url: `auth/token?callback_uri=${callbackUri}`,
-          method: 'POST',
-          withCredentials: true,
-          body: {code},
-        };
-      },
-    }),
     googleSignUp: build.mutation<TokenResponse, TokenRequest>({
       query: data => {
         const {code, callbackUri} = data;
@@ -236,7 +225,6 @@ export const {
   useNewPasswordMutation,
   useGoogleSignUpMutation,
   useGoogleSignInMutation,
-  useGetTokenMutation,
   useForgotPasswordMutation,
   useConfirmForgotPasswordMutation,
   useSessionMutation,