Changes to LRS Basic Authentication

Author: farhatahmad

app/models/tenant.rb

@@ -3,8 +3,8 @@
 class Tenant < ApplicationRedisRecord
   SECRETS_SEPARATOR = ':'
 
-  define_attribute_methods :id, :name, :secrets, :lrs_endpoint, :lrs_basic_token, :kc_token_url, :kc_client_id, :kc_client_secret, :kc_username,
-:kc_password
+  define_attribute_methods :id, :name, :secrets, :lrs_endpoint, :lrs_username, :lrs_password,
+                           :kc_token_url, :kc_client_id, :kc_client_secret, :kc_username, :kc_password
 
   # Unique ID for this tenant
   application_redis_attr :id
@@ -17,7 +17,8 @@ class Tenant < ApplicationRedisRecord
 
   # Custom LRS work
   application_redis_attr :lrs_endpoint
-  application_redis_attr :lrs_basic_token
+  application_redis_attr :lrs_username
+  application_redis_attr :lrs_password
   application_redis_attr :kc_token_url
   application_redis_attr :kc_client_id
   application_redis_attr :kc_client_secret
@@ -45,7 +46,8 @@ def save!
           pipeline.hset(id_key, 'name', name) if name_changed?
           pipeline.hset(id_key, 'secrets', secrets) if secrets_changed?
           pipeline.hset(id_key, 'lrs_endpoint', lrs_endpoint) if lrs_endpoint_changed?
-          pipeline.hset(id_key, 'lrs_basic_token', lrs_basic_token) if lrs_basic_token_changed?
+          pipeline.hset(id_key, 'lrs_username', lrs_username) if lrs_username_changed?
+          pipeline.hset(id_key, 'lrs_password', lrs_password) if lrs_password_changed?
           pipeline.hset(id_key, 'kc_token_url', kc_token_url) if kc_token_url_changed?
           pipeline.hset(id_key, 'kc_client_id', kc_client_id) if kc_client_id_changed?
           pipeline.hset(id_key, 'kc_client_secret', kc_client_secret) if kc_client_secret_changed?

app/services/lrs_payload_service.rb

@@ -7,18 +7,24 @@ def initialize(tenant:, secret:)
   end
 
   def call
-    token = @tenant.kc_token_url.present? ? fetch_token_from_keycloak : @tenant.lrs_basic_token
-
-    if token.nil?
-      Rails.logger.warn("LRS Token not found")
-      return nil
-    end
-
     lrs_payload = {
       lrs_endpoint: @tenant.lrs_endpoint,
-      lrs_token: token
     }
 
+    if @tenant.lrs_username.present?
+      lrs_payload[:lrs_username] = @tenant.lrs_username
+      lrs_payload[:lrs_password] = @tenant.lrs_password
+    else
+      token = fetch_token_from_keycloak
+
+      if token.nil?
+        Rails.logger.warn("LRS Token not found")
+        return nil
+      end
+
+      lrs_payload[:lrs_token] = token
+    end
+
     # Generate a random salt
     salt = SecureRandom.random_bytes(8)
 

lib/tasks/tenants.rake

@@ -15,7 +15,8 @@ task tenants: :environment do |_t, _args|
       puts("\tname: #{tenant.name}")
       puts("\tsecrets: #{tenant.secrets}")
       puts("\tlrs_endpoint: #{tenant.lrs_endpoint}") if tenant.lrs_endpoint.present?
-      puts("\tlrs_basic_token: #{tenant.lrs_basic_token}") if tenant.lrs_basic_token.present?
+      puts("\tlrs_username: #{tenant.lrs_username}") if tenant.lrs_username.present?
+      puts("\tlrs_password: #{tenant.lrs_password}") if tenant.lrs_password.present?
       puts("\tkc_token_url: #{tenant.kc_token_url}") if tenant.kc_token_url.present?
       puts("\tkc_client_id: #{tenant.kc_client_id}") if tenant.kc_client_id.present?
       puts("\tkc_client_secret: #{tenant.kc_client_secret}") if tenant.kc_client_secret.present?
@@ -68,20 +69,22 @@ namespace :tenants do
   end
 
   desc 'Update an existing Tenants LRS credentials with basic authentication'
-  task :update_lrs_basic, [:id, :lrs_endpoint, :lrs_basic_token] => :environment do |_t, args|
+  task :update_lrs_basic, [:id, :lrs_endpoint, :lrs_username, :lrs_password] => :environment do |_t, args|
     check_multitenancy
     id = args[:id]
     lrs_endpoint = args[:lrs_endpoint]
-    lrs_basic_token = args[:lrs_basic_token]
+    lrs_username = args[:lrs_username]
+    lrs_password = args[:lrs_password]
 
-    if id.blank? || lrs_endpoint.blank? || lrs_basic_token.blank?
-      puts('Error: id, LRS_ENDPOINT, LRS_BASIC_TOKEN are required to update a Tenant')
+    if id.blank? || lrs_endpoint.blank? || lrs_username.blank? || lrs_password.blank?
+      puts('Error: id, LRS_ENDPOINT, LRS_USERNAME, LRS_PASSWORD are required to update a Tenant')
       exit(1)
     end
 
     tenant = Tenant.find(id)
     tenant.lrs_endpoint = lrs_endpoint
-    tenant.lrs_basic_token = lrs_basic_token
+    tenant.lrs_username = lrs_username
+    tenant.lrs_password = lrs_password
 
     tenant.save!
 

spec/factories/tenant.rb

@@ -5,7 +5,8 @@
     name { Faker::Creature::Animal.name }
     secrets { "#{Faker::Crypto.sha256}:#{Faker::Crypto.sha512}" }
     lrs_endpoint { nil }
-    lrs_basic_token { nil }
+    lrs_username { nil }
+    lrs_password { nil }
     kc_token_url { nil }
     kc_client_id { nil }
     kc_client_secret { nil }

spec/services/lrs_payload_service_spec.rb

@@ -5,20 +5,13 @@
 RSpec.describe LrsPayloadService, type: :service do
   describe '#call' do
     context 'Basic Auth' do
-      it 'uses the lrs_basic_token if set' do
-        tenant = create(:tenant, name: 'bn', lrs_endpoint: 'https://lrs_endpoint.com', lrs_basic_token: 'basic_token')
+      it 'uses the lrs_username and lrs_password if set' do
+        tenant = create(:tenant, name: 'bn', lrs_endpoint: 'https://lrs_endpoint.com', lrs_username: 'basic_username', lrs_password: 'basic_password')
 
         encrypted_value = described_class.new(tenant: tenant, secret: 'server-secret').call
 
-        expect(JSON.parse(decrypt(encrypted_value, 'server-secret'))["lrs_token"]).to eq(tenant.lrs_basic_token)
-      end
-
-      it 'logs a warning and returns nil if lrs_basic_token is not set' do
-        tenant = create(:tenant, name: 'bn', lrs_endpoint: 'https://lrs_endpoint.com')
-
-        expect(Rails.logger).to receive(:warn)
-
-        expect(described_class.new(tenant: tenant, secret: 'server-secret').call).to be_nil
+        expect(JSON.parse(decrypt(encrypted_value, 'server-secret'))["lrs_username"]).to eq(tenant.lrs_username)
+        expect(JSON.parse(decrypt(encrypted_value, 'server-secret'))["lrs_password"]).to eq(tenant.lrs_password)
       end
     end