Fix for missing Speaker’s email in Webuser:Email collection

app/controllers/Authentication.scala

@@ -68,7 +68,6 @@ object Authentication extends Controller {
       emailForm.bindFromRequest.fold(
         errorForm => BadRequest(views.html.Authentication.forgetPassword(errorForm)),
         validEmail => {
-
           if (Webuser.isEmailRegistered(validEmail)) {
             val resetURL = routes.Authentication.resetPassword(Crypto.sign(validEmail.toLowerCase.trim), new String(Base64.encodeBase64(validEmail.toLowerCase.trim.getBytes("UTF-8")), "UTF-8")).absoluteURL()
             TransactionalEmails.sendResetPasswordLink(validEmail, resetURL)

app/controllers/Backoffice.scala

@@ -498,4 +498,37 @@ object Backoffice extends SecureCFPController {
       }
   }
 
+  def checkInvalidWebuserForAllSpeakers()=SecuredAction(IsMemberOf("admin")) {
+    implicit request =>
+      Speaker.allSpeakersUUID().foreach{
+        uuid=>
+          Webuser.findByUUID(uuid) match {
+            case None=>
+               val s = Speaker.findByUUID(uuid)
+              play.Logger.info("Missing Webuser for Speaker "+uuid+" "+s.map(_.cleanName))
+            case other=>
+          }
+
+          Webuser.isSpeaker(uuid) match {
+            case false =>
+              val s = Speaker.findByUUID(uuid)
+              play.Logger.info("Missing group for speaker "+uuid+" "+s.map(_.cleanName))
+            case other=>
+          }
+          Speaker.findByUUID(uuid).foreach{
+            speaker=>
+              Webuser.isEmailRegistered(speaker.email) match {
+                case false =>
+                  play.Logger.error(s"Speaker's email is not stored in Webuser:Email => BUG ${speaker.email}")
+                  Webuser.fixMissingEmail(speaker.email,speaker.uuid)
+                case other=>
+              }
+          }
+
+      }
+      Ok("voir la console")
+
+
+  }
+
 }

app/controllers/CallForPaper.scala

@@ -55,6 +55,7 @@ object CallForPaper extends SecureCFPController {
         speaker: Speaker =>
           // BUG
           if (Webuser.isSpeaker(uuid) == false) {
+            play.Logger.error(s"****** Speaker ${speaker.cleanName} was not in the SPEAKER Webuser group")
             Webuser.addToSpeaker(uuid)
           }
           val hasApproved = Proposal.countByProposalState(uuid, ProposalState.APPROVED) > 0

app/models/ConferenceDescriptor.scala

@@ -106,6 +106,8 @@ case class ConferenceDescriptor(eventCode: String,
 
 object ConferenceDescriptor {
 
+
+
   /**
     * TODO configure here the kind of talks you will propose
     */
@@ -765,5 +767,7 @@ object ConferenceDescriptor {
   def twilioSenderNumber:String =  Play.current.configuration.getString("cfp.twilioSMS.senderNumber").getOrElse("")
 
   def twilioMockSMS:Boolean =  Play.current.configuration.getBoolean("cfp.twilioSMS.mock").getOrElse(true)
+
+  def gluonPassword(): String = Play.current.configuration.getString("gluon.password").getOrElse("")
 }
 

app/models/Webuser.scala

@@ -130,29 +130,37 @@ object Webuser {
 
   def saveAndValidateWebuser(webuser: Webuser): String = Redis.pool.withClient {
     client =>
-      val cleanWebuser = webuser.copy(email = webuser.email.toLowerCase.trim)
+      val cleanEmail =  StringUtils.trimToEmpty(webuser.email.toLowerCase)
+      val cleanWebuser = webuser.copy(email =cleanEmail)
       val json = Json.toJson(cleanWebuser).toString
 
       val tx = client.multi()
       tx.hset("Webuser", cleanWebuser.uuid, json)
       tx.set("Webuser:UUID:" + cleanWebuser.uuid, webuser.email)
-      tx.set("Webuser:Email:" + cleanWebuser.email, webuser.uuid)
+      tx.set("Webuser:Email:" + cleanEmail, webuser.uuid)
       tx.sadd("Webuser:" + cleanWebuser.profile, webuser.uuid)
-      tx.hdel("Webuser:New", cleanWebuser.email)
+      tx.hdel("Webuser:New", cleanEmail)
       tx.exec()
       cleanWebuser.uuid
   }
 
   def isEmailRegistered(email: String): Boolean = Redis.pool.withClient {
     implicit client =>
-      client.exists("Webuser:Email:" + email.toLowerCase.trim)
+      val cleanEmail = StringUtils.trimToEmpty(email.toLowerCase)
+      client.exists("Webuser:Email:" + cleanEmail)
+  }
+
+  def fixMissingEmail(email:String, uuid:String)=Redis.pool.withClient{
+    implicit client=>
+      val cleanEmail = StringUtils.trimToEmpty(email.toLowerCase)
+      client.set("Webuser:Email:" + cleanEmail, uuid)
   }
 
   def findByEmail(email: String): Option[Webuser] = email match {
     case null => None
     case "" => None
     case validEmail =>
-      val _email = validEmail.toLowerCase.trim
+      val _email = StringUtils.trimToEmpty(validEmail.toLowerCase)
       Redis.pool.withClient {
         client =>
           client.get("Webuser:Email:" + _email).flatMap {
@@ -167,7 +175,8 @@ object Webuser {
 
   def getUUIDfromEmail(email: String): Option[String] = Redis.pool.withClient {
     client =>
-      client.get("Webuser:Email:" + email.toLowerCase.trim)
+      val _email = StringUtils.trimToEmpty(email.toLowerCase)
+      client.get("Webuser:Email:" + _email)
   }
 
   def findByUUID(uuid: String): Option[Webuser] = Redis.pool.withClient {
@@ -197,7 +206,7 @@ object Webuser {
   // The My Devoxx Gluon mobile app will use the following hard coded credentials to basic authenticate.
   def gluonUser(email: String, password: String): Boolean = {
     email.equals("[email protected]") &&
-    password.equals("XYiDB;YncRe*QR#KT8FshBKgWqsyDuyq")
+    password.equals(ConferenceDescriptor.gluonPassword())
   }
 
   def delete(webuser: Webuser) = Redis.pool.withClient {

conf/application.conf

@@ -167,3 +167,6 @@ cfp.twilioSMS.authToken=${? TWILIO_AUTH_TOKEN}
 cfp.twilioSMS.senderNumber=${? TWILIO_SENDER_NUMBER}
 cfp.twilioSMS.mock=true
 cfp.twilioSMS.mock=${? TWILIO_MOCK}
+
+# Security fix
+gluon.password=${? GLUON_PASSWORD}

conf/routes

@@ -360,6 +360,7 @@ GET           /toptalks
 GET           /assets/*file                                                     controllers.Assets.at(path="/public", file)
 
 GET           /bp/exportAgenda                                                  controllers.Backoffice.exportAgenda()
+GET           /admin/checkWebusersForSpeakers                                   controllers.Backoffice.checkInvalidWebuserForAllSpeakers()
 
 # SMS
 GET           /sms/speakers                                                     controllers.SMSController.allSpeakers()