GRN-80: Allow local accounts on multitenant (#428)

* Changed the way the omniauth providers are declared

* Allow local authentication for multitenant mode based on customer settings

* Cleanead up code mandated by rubocop

* Completed implementation for signin and added the one for signup

* Fixed issue with rubocop

* Renamed customer_name to lb_user

* Renamed lb_user -> user_domain, fixed issue with signup controller, email verification WAS NOT implemented

* Completed implementation of email_verification

* Fixed rubocop issue

* Final update

* Fix for test with loadbalancer

* Make sure loadbalancer mockup is only used when env defined

* Fix for test on rooms_controller

* Fixed most of the test failing on multitenant env

* Fixed issue detected by rubocop

* Fixed issue with activation tockens not working on resend

* Fixed new issue found by rubocop

* Updated travis script

* Harcoded credentials for mockup

* Updated expectation on start_session

* Fixed issue with duplication of home room

* Updated script for rubocop

* Restored Gemfile

app/models/concerns/api_concern.rb

@@ -19,77 +19,6 @@
 module APIConcern
   extend ActiveSupport::Concern
 
-  RETURNCODE_SUCCESS = "SUCCESS"
-
-  def bbb_endpoint
-    Rails.configuration.bigbluebutton_endpoint
-  end
-
-  def bbb_secret
-    Rails.configuration.bigbluebutton_secret
-  end
-
-  # Sets a BigBlueButtonApi object for interacting with the API.
-  def bbb
-    @bbb ||= if Rails.configuration.loadbalanced_configuration
-      if instance_of? Room
-        # currently in the Room Model
-        lb_user = retrieve_loadbalanced_credentials(owner.provider)
-      elsif instance_of? User
-        # currently in the User Model
-        lb_user = retrieve_loadbalanced_credentials(provider)
-      end
-      BigBlueButton::BigBlueButtonApi.new(remove_slash(lb_user["apiURL"]), lb_user["secret"], "0.8")
-    else
-      BigBlueButton::BigBlueButtonApi.new(remove_slash(bbb_endpoint), bbb_secret, "0.8")
-    end
-  end
-
-  # Rereives the loadbalanced BigBlueButton credentials for a user.
-  def retrieve_loadbalanced_credentials(provider)
-    # Include Omniauth accounts under the Greenlight provider.
-    provider = "greenlight" if Rails.configuration.providers.include?(provider.to_sym)
-
-    # Build the URI.
-    uri = encode_bbb_url(
-      Rails.configuration.loadbalancer_endpoint + "getUser",
-      Rails.configuration.loadbalancer_secret,
-      name: provider
-    )
-
-    # Make the request.
-    http = Net::HTTP.new(uri.host, uri.port)
-    http.use_ssl = (uri.scheme == 'https')
-    response = http.get(uri.request_uri)
-
-    unless response.is_a?(Net::HTTPSuccess)
-      raise "Error retrieving provider credentials: #{response.code} #{response.message}"
-    end
-
-    # Parse XML.
-    doc = XmlSimple.xml_in(response.body, 'ForceArray' => false)
-
-    # Return the user credentials if the request succeeded on the loadbalancer.
-    return doc['user'] if doc['returncode'] == RETURNCODE_SUCCESS
-
-    raise "User with provider #{provider} does not exist." if doc['messageKey'] == "noSuchUser"
-    raise "API call #{url} failed with #{doc['messageKey']}."
-  end
-
-  # Builds a request to retrieve credentials from the load balancer.
-  def encode_bbb_url(base_url, secret, params)
-    encoded_params = OAuth::Helper.normalize(params)
-    string = "getUser" + encoded_params + secret
-    checksum = OpenSSL::Digest.digest('sha1', string).unpack("H*").first
-
-    URI.parse("#{base_url}?#{encoded_params}&checksum=#{checksum}")
-  end
-
-  # Removes trailing forward slash from a URL.
-  def remove_slash(s)
-    s.nil? ? nil : s.chomp("/")
-  end
-
   # Format recordings to match their current use in the app
   def format_recordings(api_res)
     api_res[:recordings].each do |r|

app/models/room.rb

@@ -16,8 +16,11 @@
 # You should have received a copy of the GNU Lesser General Public License along
 # with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
 
+require 'bbb_api'
+
 class Room < ApplicationRecord
   include ::APIConcern
+  include ::BbbApi
 
   before_create :setup
 

app/models/user.rb

@@ -16,13 +16,15 @@
 # You should have received a copy of the GNU Lesser General Public License along
 # with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
 
+require 'bbb_api'
+
 class User < ApplicationRecord
   include ::APIConcern
+  include ::BbbApi
 
-  attr_accessor :reset_token, :activation_token
-  after_create :create_home_room_if_verified
+  attr_accessor :reset_token
+  after_create :initialize_main_room
   before_save { email.try(:downcase!) }
-  before_create :create_activation_digest
 
   before_destroy :destroy_rooms
 
@@ -125,8 +127,11 @@ class User < ApplicationRecord
   def activate
     update_attribute(:email_verified, true)
     update_attribute(:activated_at, Time.zone.now)
+  end
 
-    initialize_main_room
+  def activated?
+    return true unless Rails.configuration.enable_email_verification
+    email_verified
   end
 
   def send_activation_email(url)
@@ -180,7 +185,17 @@ class User < ApplicationRecord
   end
 
   def greenlight_account?
-    provider == "greenlight"
+    return provider == "greenlight" unless Rails.configuration.loadbalanced_configuration
+    # No need to retrive the provider info if the provider is whitelisted
+    return true if launcher_allow_user_signup_whitelisted?(provider)
+    # Proceed with fetching the provider info
+    provider_info = retrieve_provider_info(provider, 'api2', 'getUserGreenlightCredentials')
+    provider_info['provider'] == 'greenlight'
+  end
+
+  def activation_token
+    # Create the token.
+    create_reset_activation_digest(User.new_token)
   end
 
   def self.digest(string)
@@ -195,10 +210,11 @@ class User < ApplicationRecord
 
   private
 
-  def create_activation_digest
-    # Create the token and digest.
-    self.activation_token  = User.new_token
-    self.activation_digest = User.digest(activation_token)
+  def create_reset_activation_digest(token)
+    # Create the digest and persist it.
+    self.activation_digest = User.digest(token)
+    save
+    token
   end
 
   # Destory a users rooms when they are removed.
@@ -206,16 +222,9 @@ class User < ApplicationRecord
     rooms.destroy_all
   end
 
-  # Assigns the user a BigBlueButton id and a home room if verified
-  def create_home_room_if_verified
-    self.uid = "gl-#{(0...12).map { (65 + rand(26)).chr }.join.downcase}"
-
-    initialize_main_room if email_verified
-    save
-  end
-
   # Initializes a room for the user and assign a BigBlueButton user id.
   def initialize_main_room
+    self.uid = "gl-#{(0...12).map { (65 + rand(26)).chr }.join.downcase}"
     self.main_room = Room.create!(owner: self, name: I18n.t("home_room"))
     save
   end