Simplify Facebook authentication flow

[ryanhugh]

Current flow
Right now, the authentication and sign up for notifications flow is quite complicated. There are two parts to it:

If the user does not have a valid loginKey in the frontend:

1. the user clicks the Facebook sign in button on a class and a loginKey is created
2. a request goes to facebook’s servers with a data-ref that includes the class/section they clicked
3. a request goes from the frontend to the backend asking for the latest user data
4. Facebook sends a webhook to the server with authentication verification and the data-ref
5. The backend matches the request from the frontend and the webhook from facebook
6. The backend signs the user up for classes and sends the latest user data to frontend

The frontend’s loginKey is now trusted and this flow doesn’t have to happen again.

This odd process has to happen because we need to trust the user before signing them up for notifications. We get this trust from the Facebook webhook, so we need to wait for that before trusting the loginKey the frontend generated.

If the user has a valid loginKey in the frontend:

1. The frontend makes a request to /addSection, /removeSection, or /addClass with loginKey
2. loginKey is found in DB and DB is updated

Future Flow

What we should be able to change to (regardless of whether the user has logged in before or not):

1. Call FB.login() or FB.getLoginStatus() to get a FB signed token
2. FB will make a popup appear if the user hasen’t signed in before
3. Frontend makes requests to /addSection (etc. ) endpoints with signed FB token
4. Backend verifies the token and trusts the user and updates DB

When we make this refactor, we can delete all of function onSendToMessengerButtonClick and function cleanOldReqs in server.js and the entire opt_in branch at the bottom of facebook.js.