Added mapping roles through email to site settings (#2373)

2020-12-16 19:31:32 -05:00 · 2020-12-16 19:31:32 -05:00 · 5a51f6d714
parent 14350c5f5d
commit 5a51f6d714
12 changed files with 202 additions and 10 deletions
--- a/app/assets/javascripts/admins.js
+++ b/app/assets/javascripts/admins.js
@ -169,6 +169,12 @@ function clearMaintenanceBanner(path) {
  $.post(path, {value: "", tab: "administration"})
 }

+// Change the email mapping to the string provided
+function changeEmailMapping(path) {
+  var url = $("#email-mapping").val()
+  $.post(path, {value: url, tab: "registration"})
+}
+
 function mergeUsers() {
  let userToMerge = $("#from-uid").text()
  $.post($("#merge-save-access").data("path"), {merge: userToMerge})
--- a/app/controllers/account_activations_controller.rb
+++ b/app/controllers/account_activations_controller.rb
@ -18,6 +18,7 @@

 class AccountActivationsController < ApplicationController
  include Emailer
+  include Authenticator

  before_action :ensure_unauthenticated
  before_action :find_user_by_token, only: :edit
@ -32,6 +33,7 @@ class AccountActivationsController < ApplicationController
    # If the user exists and is not verified and provided the correct token
    if @user && !@user.activated?
      # Verify user
+      @user.set_role(initial_user_role(@user.email)) if @user.role.nil?
      @user.activate

      # Redirect user to root with account pending flash if account is still pending
--- a/app/controllers/concerns/authenticator.rb
+++ b/app/controllers/concerns/authenticator.rb
@ -83,6 +83,19 @@ module Authenticator
      !allow_greenlight_accounts?
  end

+  # Sets the initial user role based on the email mapping
+  def initial_user_role(email)
+    mapping = @settings.get_value("Email Mapping")
+    return "user" unless mapping.present?
+
+    mapping.split(",").each do |map|
+      email_role = map.split("=")
+      return email_role[1] if email.ends_with?(email_role[0])
+    end
+
+    "user" # default to user if role not found
+  end
+
  private

  # Migrates all of the twitter users rooms to the new account
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@ -228,7 +228,7 @@ class SessionsController < ApplicationController

    send_invite_user_signup_email(user) if invite_registration && !@user_exists

-    user.set_role :user if !@user_exists && user.role.nil?
+    user.set_role(initial_user_role(user.email)) if !@user_exists && user.role.nil?

    login(user)

--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@ -57,7 +57,7 @@ class UsersController < ApplicationController

    # Sign in automatically if email verification is disabled or if user is already verified.
    if !Rails.configuration.enable_email_verification || @user.email_verified
-      @user.set_role :user
+      @user.set_role(initial_user_role(@user.email))

      login(@user) && return
    end
--- a/app/helpers/admins_helper.rb
+++ b/app/helpers/admins_helper.rb
@ -121,6 +121,10 @@ module AdminsHelper
    @settings.get_value("Room Limit").to_i
  end

+  def email_mapping
+    @settings.get_value("Email Mapping")
+  end
+
  # Room Configuration

  def room_configuration_string(name)
--- a/app/views/admins/components/_settings.html.erb
+++ b/app/views/admins/components/_settings.html.erb
@ -28,15 +28,13 @@
       <i class="fas mr-3 fa-tools"></i>
        <%= t("administrator.site_settings.tabs.settings") %>
      </a>
+      <a class="nav-item p-3 nav-link <%= 'active' if @tab == 'registration' %>"  href="?tab=registration" role="tab" aria-selected="false">
+       <i class="far mr-3 fa-newspaper"></i>
+        <%= t("administrator.site_settings.tabs.registration") %>
+      </a>
    </div>
  </nav>
 </div>

-<% if @tab == "appearance"%>
-  <%= render "admins/components/site_settings/appearance" %>
-<% elsif @tab == "administration"%>
-  <%= render "admins/components/site_settings/administration" %>
-<% else %>
-  <%= render "admins/components/site_settings/settings" %>
-<% end %>
-   
+<%= render "admins/components/site_settings/#{@tab}" %>
+
--- a/app/views/admins/components/site_settings/_registration.html.erb
+++ b/app/views/admins/components/site_settings/_registration.html.erb
@ -0,0 +1,31 @@
+<%
+# BigBlueButton open source conferencing system - http://www.bigbluebutton.org/.
+# Copyright (c) 2018 BigBlueButton Inc. and by respective authors (see below).
+# This program is free software; you can redistribute it and/or modify it under the
+# terms of the GNU Lesser General Public License as published by the Free Software
+# Foundation; either version 3.0 of the License, or (at your option) any later
+# version.
+#
+# BigBlueButton is distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
+# You should have received a copy of the GNU Lesser General Public License along
+# with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
+%>
+
+<div class="form-group">
+  <div class="row mb-2">
+    <div class="col-12">
+      <div class="form-group">
+        <label class="form-label"><%= t("administrator.site_settings.email_mapping.title") %></label>
+        <label class="form-label text-muted"><%= t("administrator.site_settings.email_mapping.info") %></label>
+        <div class="input-group">
+          <input id="email-mapping" type="text" class="form-control" value="<%= email_mapping %>">
+          <span class="input-group-append">
+            <button id="branding-image" onclick="changeEmailMapping('<%= admin_update_settings_path(setting: 'Email Mapping') %>')" class="btn btn-primary" type="button"><%= t("update") %></button>
+          </span>
+        </div>
+      </div>
+    </div>
+  </div>
+</div>
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@ -69,6 +69,10 @@ en:
        regular: Regular
        lighten: Lighten
        darken: Darken
+      email_mapping:
+        info: Map the user to a role using their email. Must be in the format email1=role1,email2=role2
+        title: Role Mapping by Email
+        update: 
      log_level:
        title: Log Level
        information: Change the Log Level for the entire deployment
@ -111,6 +115,7 @@ en:
      tabs:
        appearance: Appearance
        administration: Administration
+        registration: Registration
        settings: Settings
      title: Site Settings
    flash:
--- a/spec/controllers/account_activations_controller_spec.rb
+++ b/spec/controllers/account_activations_controller_spec.rb
@ -79,6 +79,51 @@ describe AccountActivationsController, type: :controller do
      expect(flash[:success]).to be_present
      expect(response).to redirect_to(root_path)
    end
+
+    context "email mapping" do
+      before do
+        @role1 = Role.create(name: "role1", priority: 2, provider: "greenlight")
+        @role2 = Role.create(name: "role2", priority: 3, provider: "greenlight")
+        allow_any_instance_of(Setting).to receive(:get_value).and_return("-123@test.com=role1,@testing.com=role2")
+      end
+
+      it "correctly sets users role if email mapping is set" do
+        @user = create(:user, email: "test-123@test.com", email_verified: false, provider: "greenlight", role: nil)
+
+        get :edit, params: { token: @user.create_activation_token }
+
+        u = User.last
+        expect(u.role).to eq(@role1)
+      end
+
+      it "correctly sets users role if email mapping is set (second test)" do
+        @user = create(:user, email: "test@testing.com", email_verified: false, provider: "greenlight", role: nil)
+
+        get :edit, params: { token: @user.create_activation_token }
+
+        u = User.last
+        expect(u.role).to eq(@role2)
+      end
+
+      it "does not replace the role if already set" do
+        pending = Role.find_by(name: "pending", provider: "greenlight")
+        @user = create(:user, email: "test@testing.com", email_verified: false, provider: "greenlight", role: pending)
+
+        get :edit, params: { token: @user.create_activation_token }
+
+        u = User.last
+        expect(u.role).to eq(pending)
+      end
+
+      it "defaults to user if no mapping matches" do
+        @user = create(:user, email: "test@testing1.com", email_verified: false, provider: "greenlight")
+
+        get :edit, params: { token: @user.create_activation_token }
+
+        u = User.last
+        expect(u.role).to eq(Role.find_by(name: "user", provider: "greenlight"))
+      end
+    end
  end

  describe "GET #resend" do
--- a/spec/controllers/sessions_controller_spec.rb
+++ b/spec/controllers/sessions_controller_spec.rb
@ -531,6 +531,53 @@ describe SessionsController, type: :controller do
      new_u = User.find_by(social_uid: "bn-launcher-user-new")
      expect(users_old_uid).to eq(new_u.uid)
    end
+
+    context "email mapping" do
+      before do
+        @role1 = Role.create(name: "role1", priority: 2, provider: "greenlight")
+        @role2 = Role.create(name: "role2", priority: 3, provider: "greenlight")
+        allow_any_instance_of(Setting).to receive(:get_value).and_return("-123@test.com=role1,@testing.com=role2")
+      end
+
+      it "correctly sets users role if email mapping is set" do
+        params = OmniAuth.config.mock_auth[:google]
+        params[:info][:email] = "test-123@test.com"
+
+        request.env["omniauth.auth"] = params
+
+        get :omniauth, params: { provider: :google }
+
+        u = User.last
+
+        expect(u.role).to eq(@role1)
+      end
+
+      it "correctly sets users role if email mapping is set (second test)" do
+        params = OmniAuth.config.mock_auth[:google]
+        params[:info][:email] = "test-123@testing.com"
+
+        request.env["omniauth.auth"] = params
+
+        get :omniauth, params: { provider: :google }
+
+        u = User.last
+
+        expect(u.role).to eq(@role2)
+      end
+
+      it "defaults to user if no mapping matches" do
+        params = OmniAuth.config.mock_auth[:google]
+        params[:info][:email] = "test@test.com"
+
+        request.env["omniauth.auth"] = params
+
+        get :omniauth, params: { provider: :google }
+
+        u = User.last
+
+        expect(u.role).to eq(Role.find_by(name: "user", provider: "greenlight"))
+      end
+    end
  end

  describe "POST #ldap" do
--- a/spec/controllers/users_controller_spec.rb
+++ b/spec/controllers/users_controller_spec.rb
@ -148,6 +148,47 @@ describe UsersController, type: :controller do

        expect(u.last_login).to_not be_nil
      end
+
+      context "email mapping" do
+        before do
+          @role1 = Role.create(name: "role1", priority: 2, provider: "greenlight")
+          @role2 = Role.create(name: "role2", priority: 3, provider: "greenlight")
+          allow_any_instance_of(Setting).to receive(:get_value).and_return("-123@test.com=role1,@testing.com=role2")
+        end
+
+        it "correctly sets users role if email mapping is set" do
+          params = random_valid_user_params
+          params[:user][:email] = "test-123@test.com"
+
+          post :create, params: params
+
+          u = User.find_by(name: params[:user][:name], email: params[:user][:email])
+
+          expect(u.role).to eq(@role1)
+        end
+
+        it "correctly sets users role if email mapping is set (second test)" do
+          params = random_valid_user_params
+          params[:user][:email] = "test@testing.com"
+
+          post :create, params: params
+
+          u = User.find_by(name: params[:user][:name], email: params[:user][:email])
+
+          expect(u.role).to eq(@role2)
+        end
+
+        it "defaults to user if no mapping matches" do
+          params = random_valid_user_params
+          params[:user][:email] = "test@testing1.com"
+
+          post :create, params: params
+
+          u = User.find_by(name: params[:user][:name], email: params[:user][:email])
+
+          expect(u.role).to eq(Role.find_by(name: "user", provider: "greenlight"))
+        end
+      end
    end

    context "disallow greenlight accounts" do