Ejected users due to permission check cannot rejoin meeting

- users who are ejected from meeting because of permission check cannot
   rejoin meeting as we mark them as banned. Only users ejected by a
   moderator should be banned. Later on, we should make the moderator
   indicate if the ejected user should be bannd or not.

   see https://github.com/bigbluebutton/bigbluebutton/issues/9608

akka-bbb-apps/src/main/scala/org/bigbluebutton/core/apps/PermissionCheck.scala

@@ -85,7 +85,8 @@ object PermissionCheck {
                                    outGW: OutMsgRouter, liveMeeting: LiveMeeting): Unit = {
     val ejectedBy = SystemUser.ID
 
-    UsersApp.ejectUserFromMeeting(outGW, liveMeeting, userId, ejectedBy, reason, EjectReasonCode.PERMISSION_FAILED)
+    UsersApp.ejectUserFromMeeting(outGW, liveMeeting, userId, ejectedBy, reason, EjectReasonCode.PERMISSION_FAILED, ban = false)
+
     // send a system message to force disconnection
     Sender.sendDisconnectClientSysMsg(meetingId, userId, ejectedBy, reason, outGW)
   }

akka-bbb-apps/src/main/scala/org/bigbluebutton/core/apps/users/EjectDuplicateUserReqMsgHdlr.scala

@@ -17,7 +17,8 @@ trait EjectDuplicateUserReqMsgHdlr {
     val ejectedBy = SystemUser.ID
 
     val reason = "user ejected because of duplicate external userid"
-    UsersApp.ejectUserFromMeeting(outGW, liveMeeting, userId, ejectedBy, reason, EjectReasonCode.DUPLICATE_USER)
+    UsersApp.ejectUserFromMeeting(outGW, liveMeeting, userId, ejectedBy, reason, EjectReasonCode.DUPLICATE_USER, ban = false)
+
     // send a system message to force disconnection
     Sender.sendDisconnectClientSysMsg(meetingId, userId, ejectedBy, EjectReasonCode.DUPLICATE_USER, outGW)
   }

akka-bbb-apps/src/main/scala/org/bigbluebutton/core/apps/users/EjectUserFromMeetingCmdMsgHdlr.scala

@@ -33,6 +33,12 @@ trait EjectUserFromMeetingCmdMsgHdlr extends RightsManagementTrait {
         ejectedByUser <- RegisteredUsers.findWithUserId(ejectedBy, liveMeeting.registeredUsers)
       } yield {
         if (registeredUser.externId != ejectedByUser.externId) {
+          // Hardcode right now to true. Once we've added the ban field to the
+          // eject message, we can use that here.
+          // For the moment, just assume that is a user is ejected by another user,
+          // then that user should be banned (ralam may 19, 2020)
+          // see https://github.com/bigbluebutton/bigbluebutton/issues/9608
+          val ban = true
           // Eject users
           //println("****************** User " + ejectedBy + " ejecting user " + userId)
           // User might have joined using multiple browsers.
@@ -40,7 +46,15 @@ trait EjectUserFromMeetingCmdMsgHdlr extends RightsManagementTrait {
           // ralam april 21, 2020
           RegisteredUsers.findAllWithExternUserId(registeredUser.externId, liveMeeting.registeredUsers) foreach { ru =>
             //println("****************** User " + ejectedBy + " ejecting other user " + ru.id)
-            UsersApp.ejectUserFromMeeting(outGW, liveMeeting, ru.id, ejectedBy, reason, EjectReasonCode.EJECT_USER)
+            UsersApp.ejectUserFromMeeting(
+              outGW,
+              liveMeeting,
+              ru.id,
+              ejectedBy,
+              reason,
+              EjectReasonCode.EJECT_USER,
+              ban
+            )
             // send a system message to force disconnection
             Sender.sendDisconnectClientSysMsg(meetingId, ru.id, ejectedBy, EjectReasonCode.EJECT_USER, outGW)
           }
@@ -48,7 +62,15 @@ trait EjectUserFromMeetingCmdMsgHdlr extends RightsManagementTrait {
           // User is ejecting self, so just eject this userid not all sessions if joined using multiple
           // browsers. ralam april 23, 2020
           //println("****************** User " + ejectedBy + " ejecting self " + userId)
-          UsersApp.ejectUserFromMeeting(outGW, liveMeeting, userId, ejectedBy, reason, EjectReasonCode.EJECT_USER)
+          UsersApp.ejectUserFromMeeting(
+            outGW,
+            liveMeeting,
+            userId,
+            ejectedBy,
+            reason,
+            EjectReasonCode.EJECT_USER,
+            ban = false
+          )
           // send a system message to force disconnection
           Sender.sendDisconnectClientSysMsg(meetingId, userId, ejectedBy, EjectReasonCode.EJECT_USER, outGW)
         }
@@ -70,7 +92,15 @@ trait EjectUserFromMeetingSysMsgHdlr {
     val ejectedBy = msg.body.ejectedBy
 
     val reason = "user ejected by a component on system"
-    UsersApp.ejectUserFromMeeting(outGW, liveMeeting, userId, ejectedBy, reason, EjectReasonCode.SYSTEM_EJECT_USER)
+    UsersApp.ejectUserFromMeeting(
+      outGW,
+      liveMeeting,
+      userId,
+      ejectedBy,
+      reason,
+      EjectReasonCode.SYSTEM_EJECT_USER,
+      ban = false
+    )
     // send a system message to force disconnection
     Sender.sendDisconnectClientSysMsg(meetingId, userId, ejectedBy, EjectReasonCode.SYSTEM_EJECT_USER, outGW)
   }

akka-bbb-apps/src/main/scala/org/bigbluebutton/core/apps/users/UsersApp.scala

@@ -87,13 +87,14 @@ object UsersApp {
   }
 
   def ejectUserFromMeeting(outGW: OutMsgRouter, liveMeeting: LiveMeeting,
-                           userId: String, ejectedBy: String, reason: String, reasonCode: String): Unit = {
+                           userId: String, ejectedBy: String, reason: String,
+                           reasonCode: String, ban: Boolean): Unit = {
 
     val meetingId = liveMeeting.props.meetingProp.intId
 
     for {
       user <- Users2x.ejectFromMeeting(liveMeeting.users2x, userId)
-      reguser <- RegisteredUsers.eject(userId, liveMeeting.registeredUsers, ejectedBy)
+      reguser <- RegisteredUsers.eject(userId, liveMeeting.registeredUsers, ban)
     } yield {
       sendUserEjectedMessageToClient(outGW, meetingId, userId, ejectedBy, reason, reasonCode)
       sendUserLeftMeetingToAllClients(outGW, meetingId, userId)

akka-bbb-apps/src/main/scala/org/bigbluebutton/core/apps/users/ValidateAuthTokenReqMsgHdlr.scala

@@ -25,13 +25,13 @@ trait ValidateAuthTokenReqMsgHdlr extends HandlerHelpers {
 
     regUser match {
       case Some(u) =>
-        // Check if ejected user is rejoining.
+        // Check if banned user is rejoining.
         // Fail validation if ejected user is rejoining.
         // ralam april 21, 2020
-        if (u.guestStatus == GuestStatus.ALLOW && !u.ejected) {
+        if (u.guestStatus == GuestStatus.ALLOW && !u.banned) {
           userValidated(u, state)
         } else {
-          if (u.ejected) {
+          if (u.banned) {
             failReason = "Ejected user rejoining"
             failReasonCode = EjectReasonCode.EJECTED_USER_REJOINING
           }

akka-bbb-apps/src/main/scala/org/bigbluebutton/core/models/RegisteredUsers.scala

@@ -62,12 +62,12 @@ object RegisteredUsers {
 
     findWithExternUserId(user.externId, users) match {
       case Some(u) =>
-        if (u.ejected) {
-          // Ejected user is rejoining. Don't add so that validate token
+        if (u.banned) {
+          // Banned user is rejoining. Don't add so that validate token
           // will fail and can't join.
           // ralam april 21, 2020
-          val ejectedUser = user.copy(ejected = true)
-          users.save(ejectedUser)
+          val bannedUser = user.copy(banned = true)
+          users.save(bannedUser)
         } else {
           // If user hasn't been ejected, we allow user to join
           // as the user might be joining using 2 browsers for
@@ -81,16 +81,16 @@ object RegisteredUsers {
 
   }
 
-  private def banUser(ejectedUser: RegisteredUser, users: RegisteredUsers, ejectedByUser: RegisteredUser): RegisteredUser = {
+  private def banOrEjectUser(ejectedUser: RegisteredUser, users: RegisteredUsers, ban: Boolean): RegisteredUser = {
     // Some users join with multiple browser to manage the meeting.
     // Don't black list a user ejecting oneself.
     // ralam april 23, 2020
-    if (ejectedUser.externId != ejectedByUser.externId) {
+    if (ban) {
       // Set a flag that user has been ejected. We flag the user instead of
       // removing so we can eject when user tries to rejoin with the same
       // external userid.
       // ralam april 21, 2020
-      val u = ejectedUser.modify(_.ejected).setTo(true)
+      val u = ejectedUser.modify(_.banned).setTo(true)
       users.save(u)
       u
     } else {
@@ -98,12 +98,11 @@ object RegisteredUsers {
       ejectedUser
     }
   }
-  def eject(id: String, users: RegisteredUsers, ejectedBy: String): Option[RegisteredUser] = {
+  def eject(id: String, users: RegisteredUsers, ban: Boolean): Option[RegisteredUser] = {
     for {
       ru <- findWithUserId(id, users)
-      eu <- findWithUserId(ejectedBy, users)
     } yield {
-      banUser(ru, users, eu)
+      banOrEjectUser(ru, users, ban)
     }
   }
 
@@ -166,6 +165,6 @@ case class RegisteredUser(
     registeredOn:       Long,
     joined:             Boolean,
     markAsJoinTimedOut: Boolean,
-    ejected:            Boolean
+    banned:             Boolean
 )
 

akka-bbb-apps/src/main/scala/org/bigbluebutton/core/running/MeetingActor.scala

@@ -740,7 +740,16 @@ class MeetingActor(
     users foreach { u =>
       val respondedOnTime = (lastUserInactivityInspectSentOn - expiryTracker.userInactivityThresholdInMs) < u.lastActivityTime && (lastUserInactivityInspectSentOn + expiryTracker.userActivitySignResponseDelayInMs) > u.lastActivityTime
       if (!respondedOnTime) {
-        UsersApp.ejectUserFromMeeting(outGW, liveMeeting, u.intId, SystemUser.ID, "User inactive for too long.", EjectReasonCode.USER_INACTIVITY)
+        UsersApp.ejectUserFromMeeting(
+          outGW,
+          liveMeeting,
+          u.intId,
+          SystemUser.ID,
+          "User inactive for too long.",
+          EjectReasonCode.USER_INACTIVITY,
+          ban = false
+        )
+
         Sender.sendDisconnectClientSysMsg(liveMeeting.props.meetingProp.intId, u.intId, SystemUser.ID, EjectReasonCode.USER_INACTIVITY, outGW)
       }
     }