Use Google sub as temporary password, add 409 fallback handling, and document Google auth flow

[danielitoCode]

Motivation

• Simplify Google-based authentication by using the Google sub identifier as the behind-the-scenes password instead of a hashed email+sub value.
• Provide a clear fallback path when Appwrite reports account conflicts so users are guided to recover access after they change their password.
• Document the intended Google authentication flow and fallback behavior in the README for contributors.

Description

• Replaced the hashed-password generation with password = googleUser.sub in AuthWithGoogleCaseUse and RegisterWithGoogleUseCase and removed the unused hashEmailWithSub import.
• In AuthWithGoogleCaseUse wrapped the register flow to catch a 409 Appwrite response and translate it into an IllegalStateException with a user-facing message that instructs to login once with email+password to recover Google one-tap functionality.
• Consolidated accountRepository.updateProfile so the profile update runs once after successful registration/login.
• Added a new section to README.md describing the current Google authentication flow, rules, and the technical fallback behavior for 401/409 cases.

Testing

• Ran unit and integration tests with ./gradlew test, which completed successfully.
• Built the debug APK with ./gradlew assembleDebug and the build succeeded.

---

Codex Task

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 41f32f9798

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Keep backward-compatible password derivation for Google login

Switching Google sign-in to password = googleUser.sub breaks every existing Google account created before this commit, because those users were registered with hashEmailWithSub(email, sub) and this flow no longer tries that legacy credential. In AuthWithGoogleCaseUse, the first login attempt now always sends the new password format, so legacy users get 401, then 409 on re-register, and are effectively locked out of one-tap despite having valid accounts.

Useful? React with 👍 / 👎.

[github-actions]

Qodana for JVM

4 new problems were found

Inspection name	Severity	Problems
Unstable API Usage	🔶 Warning	4

View the detailed Qodana report

To be able to view the detailed Qodana report, you can either:

• Register at Qodana Cloud and configure the action
• Use GitHub Code Scanning with Qodana
• Host Qodana report at GitHub Pages
• Inspect and use qodana.sarif.json (see the Qodana SARIF format for details)

To get *.log files or any other Qodana artifacts, run the action with upload-result option set to true,
so that the action will upload the files as the job artifacts:

      - name: 'Qodana Scan'
        uses: JetBrains/qodana-action@v2025.3.2
        with:
          upload-result: true

Contact Qodana team

Contact us at qodana-support@jetbrains.com

• Or via our issue tracker: https://jb.gg/qodana-issue
• Or share your feedback: https://jb.gg/qodana-discussions