From 3a882f85c60810bd05a3bf410733a7291cb65e0a Mon Sep 17 00:00:00 2001
From: Josh <josha5@outlook.com>
Date: Wed, 12 Jul 2017 16:34:16 -0400
Subject: [PATCH] add ability to disable guest access

---
 app/controllers/landing_controller.rb       | 23 +++++++++++++--------
 config/application.rb                       |  1 +
 env                                         |  4 ++++
 test/controllers/landing_controller_test.rb | 22 +++++++++++++++-----
 4 files changed, 36 insertions(+), 14 deletions(-)

diff --git a/app/controllers/landing_controller.rb b/app/controllers/landing_controller.rb
index 58baeeac..2387c9f4 100644
--- a/app/controllers/landing_controller.rb
+++ b/app/controllers/landing_controller.rb
@@ -18,19 +18,24 @@ class LandingController < ApplicationController
   include BbbApi
 
   def index
+    redirect_to user_login_path if Rails.configuration.disable_guest_access
   end
 
   def resource
-    if params[:id].size > meeting_name_limit
-      redirect_to root_url, flash: {danger: t('meeting_name_long')}
-    elsif ['&', '$', ','].any? { |c| params[:id].include?(c) } # temporary fix for misbehaving characters
-      redirect_to root_url, flash: {danger: t('disallowed_characters_msg')}
-    elsif params[:resource] == 'meetings' && !params[:room_id]
-      render_meeting
-    elsif params[:resource] == 'rooms'
-      render_room
+    if Rails.configuration.disable_guest_access && params[:resource] == 'meetings'
+      redirect_to user_login_path 
     else
-      redirect_to root_url, flash: {danger: t('error')}
+      if params[:id].size > meeting_name_limit
+        redirect_to root_url, flash: {danger: t('meeting_name_long')}
+      elsif ['&', '$', ','].any? { |c| params[:id].include?(c) } # temporary fix for misbehaving characters
+        redirect_to root_url, flash: {danger: t('disallowed_characters_msg')}
+      elsif params[:resource] == 'meetings' && !params[:room_id]
+        render_meeting
+      elsif params[:resource] == 'rooms'
+        render_room
+      else
+        redirect_to root_url, flash: {danger: t('error')}
+      end
     end
   end
 
diff --git a/config/application.rb b/config/application.rb
index 4ef0b937..70cd6df6 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -42,6 +42,7 @@ module Greenlight
 
     config.use_webhooks = ENV['GREENLIGHT_USE_WEBHOOKS'] == "true"
     config.mail_notifications = ENV['GREENLIGHT_MAIL_NOTIFICATIONS'] == "true"
+    config.disable_guest_access = ENV['DISABLE_GUEST_ACCESS'] == "true"
 
     # SMTP and action mailer
     if config.mail_notifications
diff --git a/env b/env
index 935e3456..23568979 100644
--- a/env
+++ b/env
@@ -100,3 +100,7 @@ SMTP_PASSWORD=yourpassword
 #   default is '/b' (recommended)
 #
 #RELATIVE_URL_ROOT=/b
+
+# Uncomment and set to 'true' to only allow users to create meetings when authenticated.
+# Unauthenticated users are still able to join meetings through invites.
+#DISABLE_GUEST_ACCESS=false
diff --git a/test/controllers/landing_controller_test.rb b/test/controllers/landing_controller_test.rb
index b5321449..554068ae 100644
--- a/test/controllers/landing_controller_test.rb
+++ b/test/controllers/landing_controller_test.rb
@@ -18,6 +18,15 @@ require 'test_helper'
 
 class LandingControllerTest < ActionController::TestCase
 
+  # Should redirect to login url if guest access is disabled.
+  def assert_login_or_success
+    if Rails.configuration.disable_guest_access
+      assert_redirected_to user_login_path
+    else
+      assert_response :success
+    end
+  end
+
   setup do
     @meeting_id = 'test_id'
     @user = users :user1
@@ -25,12 +34,12 @@ class LandingControllerTest < ActionController::TestCase
 
   test "should get index" do
     get :index, params: {resource: 'meetings'}
-    assert_response :success
+    assert_login_or_success
   end
 
   test "should get meeting" do
     get :resource, params: { id: @meeting_id, resource: 'meetings' }
-    assert_response :success
+    assert_login_or_success
   end
 
   test "should get room" do
@@ -61,9 +70,12 @@ class LandingControllerTest < ActionController::TestCase
   test "should fallback to en-US locale if locale is en" do
     request.headers["Accept-Language"] = 'en'
     get :index, params: {resource: 'meetings'}
-    assert_response :success
-
-    assert css_select('html').attribute('lang').value, 'en'
+    if Rails.configuration.disable_guest_access
+      assert_redirected_to user_login_path
+    else
+      assert_response :success
+      assert css_select('html').attribute('lang').value, 'en'
+    end
   end
 
 end