Feature/learn upon integration (#204)

* LMS integration

* LMS integration

* Remove conflict, ensure user persists when changing email

Author: Wardormeur

config/perm/users.js

@@ -124,5 +124,12 @@ module.exports = function(){
       'kpi_number_of_youth_females_registered': [{
         role: 'cdf-admin',
       }],
+      'get_lms_link': [{
+        role: 'basic-user',
+        userType: 'champion'
+      }, {
+        role: 'basic-user',
+        userType: 'mentor'
+      }],
   };
 };

lib/users/lms/award-badge.js

@@ -0,0 +1,67 @@
+'use strict';
+var async = require('async');
+var _ = require('lodash');
+
+/**
+ * Webhook handler to award badges based on courses
+ * Courses "Code" must correspond to the badge slug
+ * @param  {Object} certificate contains all the info, header/user/course passed
+ */
+function awardLMSBadge (args, cb) {
+  var seneca = this;
+  var plugin = args.role;
+  var certif = args;
+  var user = certif.user;
+
+  function checkTestStatus (waterfallCb) {
+    if (certif.header.webHookType !== 'course_completion')
+      return cb(null, 'Unhandled webhook');
+    if (certif.enrollmentStatus !== 'passed' && certif.enrollmentStatus !== 'completed' )
+      return cb(null, 'Unhandled status');
+    waterfallCb(null, certif.courseReferenceCode);
+  }
+
+  function getBadge (badgeName, waterfallCb) {
+    seneca.act({role: 'cd-badges', cmd: 'getBadge', slug: badgeName},
+      function (err, badge) {
+        if (err) return cb(err);
+        waterfallCb(null, badge);
+    });
+  }
+
+  function getUser (badge, waterfallCb) {
+    seneca.act({role: 'cd-users', cmd: 'list', query: {lmsId: user.userId}},
+      function (err, sysUser) {
+        if (err) return cb(err);
+        if (_.isEmpty(sysUser)) return cb(null, {ok: false, why: 'LMSUser not found'});
+        return waterfallCb(null, sysUser[0], badge);
+    });
+  }
+
+  function awardBadge (sysUser, badge, waterfallCb) {
+    var applicationData = {
+      user: sysUser,
+      badge: badge.badge,
+      emailSubject: 'You have been awarded a new CoderDojo digital badge!'
+    };
+    seneca.act({role: 'cd-badges', cmd: 'sendBadgeApplication',
+        applicationData: applicationData,
+        user: {id: null}
+      },
+      function (err, user) {
+        if (err) return cb(err);
+        waterfallCb();
+    });
+  }
+
+
+  async.waterfall([
+    checkTestStatus,
+    getBadge,
+    getUser,
+    awardBadge
+  ], cb);
+
+}
+
+module.exports = awardLMSBadge;

lib/users/lms/check-certificate-authenticity.js

@@ -0,0 +1,32 @@
+'use strict';
+var _ = require('lodash');
+var crypto = require('crypto');
+
+/**
+ * Verify the validity of a LMS certificate by comparing the signature of this cert
+ * to the value of its hash + our shared private key
+ * @param  {String}   certificate the certificate as a string
+ * @param  {String}   signature   extracted expected hash
+ */
+function checkValidity (args, cb) {
+  var seneca = this;
+  var hash = crypto.createHash('md5');
+  var webhookSecret = process.env.LMS_WEBHOOK_SECRET;
+  var signature = args.signature;
+  var certif = args.certif;
+  var stringCertif = certif + ':' + webhookSecret;
+  hash.update(stringCertif);
+  var digest = hash.digest('hex');
+  if ( !_.isEmpty(webhookSecret)){
+    if ( digest !== signature){
+      cb(null, {ok: false, why: 'Invalid signature', http$:{status: 401}});
+    } else {
+      cb(null, {ok: true});
+    }
+  } else {
+    cb(new Error('Missing Webhook Secret'));
+  }
+}
+
+
+module.exports = checkValidity;

lib/users/lms/get-lms-link.js

@@ -0,0 +1,182 @@
+'use strict';
+var async = require('async');
+var _ = require('lodash');
+var request = require('request');
+var url = require('url');
+var crypto = require('crypto');
+var Uuid = require('node-uuid');
+
+/**
+ * Produce an link usable for SQSSO for Learnupon by
+ * * retrieving or creating the user IF he's allowed to access the LMS
+ * * synchronize the groups
+ * to hence provide a link that'll log the user into the LMS,
+ * with the courses corresponding to its userTypes
+ * @param  {Object}   user
+ * @return {Object}   url  contains the link to redirect to consume the SQSSO
+ */
+function getLMSLink (args, cb) {
+  var seneca = this;
+  var plugin = args.role;
+  var APIKey = process.env.LMS_KEY;
+  var user = args.user;
+  var APIUrl = 'https://coderdojo.learnupon.com/api/v1/';
+  var hash = crypto.createHash('md5');
+  var response = {
+    'url': ''
+  };
+  var LMSUsername = process.env.LMSUsername;
+  var LMSPassword = process.env.LMSPassword;
+  /**
+   * GetLMSUser or Create it if it doesn't exists
+   * @return {Number} lmsUserId
+   * @return {Array} UserTypes as GroupMembership
+   */
+  function getUser (waterfallCb) {
+    var userTypes = [];
+    var allowedUserTypes = ['mentor', 'champion'];
+    seneca.act({role: 'cd-profiles', cmd: 'load_user_profile', userId: user.id},
+      function (err, profile) {
+        userTypes = [profile.userType];
+        //  Get extended userTypes
+        seneca.act({role: 'cd-dojos', cmd: 'load_usersdojos', query:{ userId: user.id}},
+          function (err, userDojos) {
+            userTypes = _.flatten(userTypes.concat(_.map(userDojos, 'userTypes')));
+            userTypes = _.intersection(userTypes, allowedUserTypes);
+            if (!_.isEmpty(userTypes)) {
+              if (_.isEmpty(user.lmsId)) {
+                if(!_.isEmpty(args.approval)){
+                  //  The user doesn't exists yet on the LMS, we create it to save the corresponding Id
+                  request.post(APIUrl + 'users', {
+                    auth: {
+                      user: LMSUsername,
+                      pass: LMSPassword
+                    },
+                    json: {
+                      User: {
+                        email: user.email,
+                        password: Uuid() }
+                      }
+                    }, function(err, res, lmsUser) {
+                      seneca.act({role: 'cd-users', cmd: 'update', user: {
+                        id: user.id,
+                        lmsId: lmsUser.id
+                      }}, function (err, profile) {
+                        waterfallCb(null, lmsUser.id, userTypes);
+                      });
+                    });
+                } else {
+                  cb(null, {approvalRequired: true});
+                }
+              } else {
+                //  The user already exists in the LMS, no need to recreate it
+                waterfallCb(null, user.lmsId, userTypes);
+              }
+            } else {
+              cb(null, {ok: false, why: 'UserType not allowed', http$: { status: 403}});
+            }
+        });
+
+    });
+  }
+
+  /**
+   * Recover actual membership on LMS
+   * @param  {Number} lmsUserId
+   * @param  {Array} userTypes
+   * @param  {Fn} waterfallCb
+   */
+  function getUserMemberships (lmsUserId, userTypes, waterfallCb) {
+    // Get the user in LearnUpon
+    request.get(APIUrl + 'group_memberships?user_id=' + lmsUserId, {
+      auth: {
+        user: LMSUsername,
+        pass: LMSPassword
+      },
+      json: true
+    }, function(err, res, groups) {
+          var subscribedGroups = _.map(groups.group, 'title');
+          var userTypesToSync = _.difference(userTypes, subscribedGroups);
+          waterfallCb(null, lmsUserId, userTypesToSync);
+      });
+  }
+
+  /**
+   * Update LMS groups corresponding to the users' ones that arent synced yet
+   * @param  {Number} lmsUserId
+   * @param  {Array} userTypesToSync
+   * @param  {Fn} waterfallCb
+   */
+  function updateGroup (lmsUserId, userTypesToSync, waterfallCb) {
+    //  Get GroupId
+    async.eachSeries(userTypesToSync, function(userType, serieCb){
+      request.get(APIUrl+ 'groups?title=' + userType, {
+        auth: {
+          user: LMSUsername,
+          pass: LMSPassword
+        },
+        json: true
+      }, function (err, res, group) {
+        group = group.groups[0];
+        //  Update group membership
+        request.post(APIUrl + 'group_memberships', {
+          auth: {
+            user: LMSUsername,
+            pass: LMSPassword
+          },
+          json: {
+            GroupMembership: {
+              group_id: group.id,
+              user_id: lmsUserId}
+          }
+        }, serieCb);
+      });
+    }, function (err, res) {
+      waterfallCb();
+    });
+  }
+
+  /**
+   * Build an URL using the SQSSO login for LearnUpon
+   * @param  {Function} cb waterfall callback
+   */
+  function buildURL (waterfallCb) {
+    var email = user.email;
+    var userName = user.name;
+    var baseUrl = 'https://coderdojo.learnupon.com/sqsso';
+    var TS = Date.now();
+    hash.update('USER='+ email +'&TS='+ TS +'&KEY='+ APIKey);
+    var SSOToken = hash.digest('hex');
+    response.url = url.format(
+      _.extend(url.parse(baseUrl),
+      {
+      'query': {
+        'Email': email,
+        'SSOUserName': email,
+        'SSOToken': SSOToken,
+        'TS': TS,
+        //  TODO: use those when we have real FirstName and LastName in the db
+        // 'FirstName': userName,
+        // 'LastName': userName
+      }
+    }));
+    waterfallCb();
+  }
+
+  if (!_.isEmpty(LMSUsername) &&
+      !_.isEmpty(LMSPassword) &&
+      !_.isEmpty(APIKey)) {
+        async.waterfall([
+          getUser,
+          getUserMemberships,
+          updateGroup,
+          buildURL
+        ], function () {
+          return cb(null, response);
+        });
+  } else {
+    cb(new Error('Missing LMS env keys'));
+  }
+}
+
+module.exports = getLMSLink;

lib/users/lms/update-user.js

@@ -0,0 +1,47 @@
+'use strict';
+var async = require('async');
+var _ = require('lodash');
+var request = require('request');
+var url = require('url');
+var crypto = require('crypto');
+var Uuid = require('node-uuid');
+
+/**
+ * Update LMS user with the new email to ensure that the linking is not lost upon email update
+ * Doesn't "hard fail" as it shouldn't break the profile saving
+ * @param  {String}   userEmail
+ * @param  {String}   profileEmail
+ * @param  {String}   lmsId
+ */
+function updateUser (args, cb) {
+  var seneca = this;
+  var plugin = args.role;
+  var APIKey = process.env.LMS_KEY;
+  var APIUrl = 'https://coderdojo.learnupon.com/api/v1/';
+  var LMSUsername = process.env.LMSUsername;
+  var LMSPassword = process.env.LMSPassword;
+  var oldEmail = args.userEmail;
+  var newEmail = args.profileEmail;
+  var lmsId = args.lmsId;
+  if (!_.isEmpty(lmsId)) {
+    request.put(APIUrl + 'users/' + lmsId, {
+      auth: {
+        user: LMSUsername,
+        pass: LMSPassword
+      },
+      json: {
+        User: {
+          email: newEmail,
+          username: newEmail
+          }
+        }
+      }, function(err, res, lmsUser) {
+        if (err) {
+          seneca.log.error(new Error(err));
+        }
+        cb();
+    });
+  }
+}
+
+module.exports = updateUser;

package.json

@@ -26,6 +26,7 @@
   "dependencies": {
     "async": "0.9.0",
     "cp-i18n-lib": "git+https://github.com/CoderDojo/cp-i18n-lib.git",
+    "cp-permissions-plugin": "git://github.com/CoderDojo/cp-permissions-plugin#0.0.1",
     "cp-logs-lib": "git://github.com/CoderDojo/cp-logs-lib#v1.0.1",
     "cp-permissions-plugin": "git://github.com/CoderDojo/cp-permissions-plugin#0.0.1",
     "cuid": "1.2.5",

profiles.js

@@ -173,6 +173,7 @@ module.exports = function (options) {
       if (profile.id) {
         profile = _.omit(profile, immutableFields);
       }
+
       seneca.make$(ENTITY_NS).save$(profile, function (err, profile) {
         if (err) return done(err);
         if (process.env.SALESFORCE_ENABLED === 'true') {
@@ -183,7 +184,10 @@ module.exports = function (options) {
             }
           });
         }
-
+        //  TODO: use seneca-mesh to avoid coupling the integration to the user
+        if (args.user && !_.isEmpty(profile.email) && args.user.lmsId && args.user.email !== profile.email) {
+          seneca.act({role: 'cd-users', cmd: 'update_lms_user', lmsId: args.user.lmsId, userEmail: args.user.email, profileEmail: profile.email});
+        }
         syncUserObj(profile, function (err, res) {
           if (err) return done(err);
 

scripts/database/pg/migrations/019.do.add-lms-id.sql

@@ -0,0 +1,9 @@
+DO $$
+    BEGIN
+        BEGIN
+            ALTER TABLE sys_user ADD COLUMN lms_id character varying;
+        EXCEPTION
+            WHEN duplicate_column THEN RAISE NOTICE 'column lms_id already exists in sys_user.';
+        END;
+    END;
+$$

service.js

@@ -62,5 +62,6 @@ require('./migrate-psql-db.js')(function (err) {
 
   seneca.listen()
   .client({ type: 'web', port: 10304, pin: { role: 'cd-salesforce', cmd: '*' } })
-  .client({ type: 'web', port: 10301, pin: 'role:cd-dojos,cmd:*' });
+  .client({ type: 'web', port: 10301, pin: 'role:cd-dojos,cmd:*' })
+  .client({ type: 'web', port: 10305, pin: {role: 'cd-badges', cmd: '*'} });
 });