Setup Google OAuth for login, do not create new accounts, add button to front page

[cycomachead]

General Info

• Pivotal Tracker Story
• Breaking?

Changes

Adds Google OAuth as a login option for users who already have an account. Google login will never create new accounts — it only authenticates users whose email matches an existing record. This allows instructors/admins with Google accounts to log in without going through Canvas, while keeping account provisioning strictly tied to the Canvas OAuth flow.

Key changes:

• Added omniauth-google-oauth2 gem and configured the provider conditionally (only when GOOGLE_CLIENT_ID and GOOGLE_CLIENT_SECRET env vars are both present)
• Added google_oauth_enabled? helper in ApplicationHelper to gate UI and provider registration on env var presence
• Added handle_google_login in SessionController that looks up the user by email and sets the session — no user creation, no LMS credential writes
• Added "Login with Google" button to the home page, visible only when the helper returns true
• Documented GOOGLE_CLIENT_ID / GOOGLE_CLIENT_SECRET in .env.example

Note: Users who log in via Google still need valid Canvas LMS credentials to access protected routes (existing authenticated! constraint). Google OAuth only handles the session — it does not bypass Canvas credential requirements.

Testing

Added specs covering:

• google_oauth_enabled? helper (all 4 env var combinations)
• Home page button rendering (shown vs. hidden based on env vars)
• Google OAuth callback: existing user logs in successfully, no new user is created, no LMS credentials are written, missing email redirects with alert, unknown email redirects with alert

All 161 controller specs and 23 new/touched specs pass.

Documentation

No additional documentation required. New environment variables are documented in .env.example.

Checklist

• Name of branch corresponds to story

---

Superconductor Ticket Implementation | App Preview | Guided Review