Merge pull request #28 from zach-chai/oauth_update

oauth update

app/assets/javascripts/channels/meeting_updates.js

@@ -9,7 +9,7 @@
   var initRooms = function() {
     App.messages = App.cable.subscriptions.create({
       channel: 'MeetingUpdatesChannel',
-      username: getRoomName()
+      encrypted_id: getEncryptedId()
     },
     {
       received: function(data) {

app/assets/javascripts/channels/recording_update.js

@@ -3,7 +3,7 @@
   var initRooms = function() {
     App.messages = App.cable.subscriptions.create({
       channel: 'RecordingUpdatesChannel',
-      username: getRoomName()
+      encrypted_id: getEncryptedId()
     },
     {
       received: function(data) {

app/assets/javascripts/landing.js

@@ -152,7 +152,7 @@
           targets: -1,
           render: function(data, type, row) {
             if (type === 'display') {
-              var roomName = getRoomName();
+              var roomName = getEncryptedId();
               var published = row.published;
               var eye = getPublishClass(published);
               return '<button type="button" class="btn btn-default recording-update" data-published="'+published+'">' +
@@ -210,7 +210,7 @@
       return;
     }
     table = recordingsTable.api();
-    $.get("/rooms/"+getRoomName()+"/recordings", function(data) {
+    $.get("/rooms/"+getEncryptedId()+"/recordings", function(data) {
       if (!data.is_owner) {
         table.column(-1).visible( false );
       }

app/assets/javascripts/shared.js

@@ -4,7 +4,7 @@ $.ajaxSetup({
   }
 });
 
-var getRoomName = function() {
+var getEncryptedId = function() {
   return $(".page-wrapper.rooms").data('room');
 }
 

app/assets/stylesheets/users.scss

@@ -1,13 +0,0 @@
-.user {
-  .error {
-    p {
-      font-size: 14px;
-      color: red;
-    }
-  }
-  .description {
-    p {
-      font-size: 14px;
-    }
-  }
-}

app/channels/meeting_updates_channel.rb

@@ -1,5 +1,5 @@
 class MeetingUpdatesChannel < ApplicationCable::Channel
   def subscribed
-    stream_from "#{params[:username]}_meeting_updates_channel"
+    stream_from "#{params[:encrypted_id]}_meeting_updates_channel"
   end
 end

app/channels/recording_updates_channel.rb

@@ -1,5 +1,5 @@
 class RecordingUpdatesChannel < ApplicationCable::Channel
   def subscribed
-    stream_from "#{params[:username]}_recording_updates_channel"
+    stream_from "#{params[:encrypted_id]}_recording_updates_channel"
   end
 end

app/controllers/bbb_controller.rb

@@ -9,7 +9,7 @@ class BbbController < ApplicationController
     if params[:name].blank?
       render_bbb_response("missing_parameter", "user name was not included", :unprocessable_entity)
     else
-      user = User.find_by username: params[:id]
+      user = User.find_by encrypted_id: params[:id]
 
       options = if user
         {
@@ -29,7 +29,7 @@ class BbbController < ApplicationController
       )
 
       if bbb_res[:returncode] && current_user && current_user == user
-        ActionCable.server.broadcast "#{user.username}_meeting_updates_channel",
+        ActionCable.server.broadcast "#{user.encrypted_id}_meeting_updates_channel",
           action: 'moderator_joined',
           moderator: 'joined'
       end
@@ -42,9 +42,9 @@ class BbbController < ApplicationController
   def end
     load_and_authorize_room_owner!
 
-    bbb_res = bbb_end_meeting @user.username
+    bbb_res = bbb_end_meeting @user.encrypted_id
     if bbb_res[:returncode]
-      EndMeetingJob.perform_later(@user.username)
+      EndMeetingJob.perform_later(@user.encrypted_id)
     end
     render_bbb_response bbb_res
   end
@@ -53,7 +53,7 @@ class BbbController < ApplicationController
   def recordings
     load_room!
 
-    bbb_res = bbb_get_recordings @user.username
+    bbb_res = bbb_get_recordings @user.encrypted_id
     render_bbb_response bbb_res, bbb_res[:recordings]
   end
 
@@ -61,7 +61,7 @@ class BbbController < ApplicationController
   def update_recordings
     bbb_res = bbb_update_recordings(params[:record_id], params[:published] == 'true')
     if bbb_res[:returncode]
-      RecordingUpdatesJob.perform_later(@user.username, params[:record_id], bbb_res[:published])
+      RecordingUpdatesJob.perform_later(@user.encrypted_id, params[:record_id], bbb_res[:published])
     end
     render_bbb_response bbb_res
   end
@@ -70,7 +70,7 @@ class BbbController < ApplicationController
   def delete_recordings
     bbb_res = bbb_delete_recordings(params[:record_id])
     if bbb_res[:returncode]
-      RecordingDeletesJob.perform_later(@user.username, params[:record_id])
+      RecordingDeletesJob.perform_later(@user.encrypted_id, params[:record_id])
     end
     render_bbb_response bbb_res
   end
@@ -78,7 +78,7 @@ class BbbController < ApplicationController
   private
 
   def load_room!
-    @user = User.find_by username: params[:id]
+    @user = User.find_by encrypted_id: params[:id]
     if !@user
       render head(:not_found) && return
     end

app/controllers/landing_controller.rb

@@ -16,16 +16,20 @@ class LandingController < ApplicationController
   end
 
   def session_status_refresh
-    @user = User.find_by(username: params[:id])
+    @user = User.find_by(encrypted_id: params[:id])
     if @user.nil?
       render head(:not_found) && return
     end
 
-    @meeting_running = bbb_get_meeting_info(@user.username)[:returncode]
+    @meeting_running = bbb_get_meeting_info(@user.encrypted_id)[:returncode]
 
     render layout: false
   end
 
+  def auth_failure
+    redirect_to '/'
+  end
+
   def admin?
     @user && @user == current_user
   end
@@ -42,13 +46,13 @@ class LandingController < ApplicationController
   def render_room
     params[:action] = 'rooms'
 
-    @user = User.find_by(username: params[:id])
+    @user = User.find_by(encrypted_id: params[:id])
     if @user.nil?
       redirect_to root_path
       return
     end
 
-    @meeting_running = bbb_get_meeting_info(@user.username)[:returncode]
+    @meeting_running = bbb_get_meeting_info(@user.encrypted_id)[:returncode]
 
     render :action => 'rooms'
   end

app/controllers/sessions_controller.rb

@@ -1,14 +1,8 @@
 class SessionsController < ApplicationController
   def create
     @user = User.from_omniauth(request.env['omniauth.auth'])
-    if @user.persisted?
-      session[:user_id] = @user.id
-      redirect_to controller: 'landing', action: 'index', id: @user.username, resource: 'rooms'
-    else
-      @user.save!
-      session[:user_id] = @user.id
-      redirect_to controller: 'users', action: 'edit', id: @user.id
-    end
+    session[:user_id] = @user.id
+    redirect_to controller: 'landing', action: 'index', id: @user.encrypted_id, resource: 'rooms'
   rescue => e
     logger.error "Error authenticating via omniauth: #{e}"
     redirect_to root_path

app/controllers/users_controller.rb

@@ -1,32 +0,0 @@
-class UsersController < ApplicationController
-  before_action :set_user, only: [:edit, :update]
-
-  # GET /users/1/edit
-  def edit
-  end
-
-  # PATCH/PUT /users/1
-  # PATCH/PUT /users/1.json
-  def update
-    if @user.update(user_params)
-      redirect_to controller: 'landing', action: 'index', id: @user.username, resource: 'rooms'
-    else
-      @error = @user.errors.first[1] rescue nil
-      render :edit
-    end
-  end
-
-  private
-    # Use callbacks to share common setup or constraints between actions.
-    def set_user
-      @user = User.find(params[:id])
-      if @user.username
-        render 'errors/error'
-      end
-    end
-
-    # Never trust parameters from the scary internet, only allow the white list through.
-    def user_params
-      params.require(:user).permit(:username)
-    end
-end

app/models/user.rb

@@ -1,17 +1,17 @@
 class User < ApplicationRecord
 
-  validates :username,
-    uniqueness: { message: "this username is taken" },
-    format: { with: /\A^[0-9a-z-_]+\Z/,
-    message: "Only allows lowercase alphanumeric characters with dashes and underscores",
-    allow_blank: true }
+  # validates :username,
+  #   format: { with: /\A^[0-9a-z-_]+\Z/,
+  #   message: "Only allows lowercase alphanumeric characters with dashes and underscores",
+  #   allow_blank: true }
+
+  before_create :set_encrypted_id
 
   def self.from_omniauth(auth_hash)
     user = find_or_initialize_by(uid: auth_hash['uid'], provider: auth_hash['provider'])
-    unless user.persisted?
-      # user.username = self.send("#{auth_hash['provider']}_username", auth_hash) rescue nil
-      user.name = auth_hash['info']['name']
-    end
+    user.username = self.send("#{auth_hash['provider']}_username", auth_hash) rescue nil
+    user.name = auth_hash['info']['name']
+    user.save!
     user
   end
 
@@ -19,7 +19,15 @@ class User < ApplicationRecord
     auth_hash['info']['nickname']
   end
 
+  def self.google_username(auth_hash)
+    auth_hash['info']['email'].split('@').first
+  end
+
   def room_url
-    "/rooms/#{username}"
+    "/rooms/#{encrypted_id}"
+  end
+
+  def set_encrypted_id
+    self.encrypted_id = Digest::SHA1.hexdigest(uid+provider)
   end
 end

app/views/landing/rooms.html.erb

@@ -16,7 +16,7 @@
   </div>
 <% end %>
 
-<div class="page-wrapper rooms" data-room="<%= @user.username %>">
+<div class="page-wrapper rooms" data-room="<%= @user.encrypted_id %>">
   <div class="container-fluid">
 
     <%= render 'shared/title', title: page_title %>

app/views/layouts/application.html.erb

@@ -13,7 +13,7 @@
     <!-- Messages -->
     <div id='alerts'>
     </div>
-    
+
     <!-- Header -->
     <div class='header'>
       <span class="logo-wrapper pull-left">
@@ -22,11 +22,7 @@
       <span class="signup pull-right">
         <% if current_user %>
           <%= current_user.name %> |
-          <% if current_user.username %>
-            <%= link_to t('my_room'), current_user.room_url %> |
-          <% else %>
-            <%= link_to t('my_room'), edit_user_path(current_user) %> |
-          <% end %>
+          <%= link_to t('my_room'), current_user.room_url %> |
           <%= link_to t('logout'), user_logout_url %>
         <% elsif @user %>
           <%= t('are_you', name: @user.username) %> |

app/views/users/edit.html.erb

@@ -1,29 +0,0 @@
-<% content_for :title do %>
-  <div class="title">
-    Enter your Username below
-  </div>
-<% end %>
-
-<div class="page-wrapper user-edit">
-  <div class="container-fluid">
-
-    <%= render 'shared/title', title: 'Complete User Profile' %>
-
-    <%= render layout: 'shared/center_panel' do %>
-      <div class="center-block col-sm-8">
-        <%= form_for(@user) do |f| %>
-          <div class="input-group">
-            <%= f.text_field :username, placeholder: "Username", class: "form-control input" %>
-            <span class="input-group-btn">
-              <%= f.submit class: "btn btn-success", value: "Save" %>
-            </span>
-          </div>
-        <% end %>
-        <div class="error">
-          <p><%= @error %></p>
-        </div>
-      <% end %>
-    </div>
-
-  </div>
-</div>

config/initializers/omniauth.rb

@@ -1,5 +1,5 @@
 Rails.application.config.middleware.use OmniAuth::Builder do
   provider :twitter, ENV['TWITTER_ID'], ENV['TWITTER_SECRET']
   provider :google_oauth2, ENV['GOOGLE_OAUTH2_ID'], ENV['GOOGLE_OAUTH2_SECRET'],
-    scope: ['profile'], access_type: 'online', name: 'google'
+    scope: ['profile', 'email'], access_type: 'online', name: 'google'
 end

config/routes.rb

@@ -5,7 +5,8 @@ Rails.application.routes.draw do
   resources :users, only: [:edit, :update]
   get '/users/logout', to: 'sessions#destroy', as: :user_logout
 
-  get '/auth/:provider/callback', to: 'sessions#create'
+  match '/auth/:provider/callback', to: 'sessions#create', via: [:get, :post]
+  get '/auth/failure', to: 'landing#auth_failure'
 
   # There are two resources [meetings|rooms]
   # meetings offer a landing page for NON authenticated users to create and join session in BigBlueButton

db/migrate/20161108224701_add_unique_id_to_users.rb

@@ -0,0 +1,21 @@
+class AddUniqueIdToUsers < ActiveRecord::Migration[5.0]
+  def up
+    add_column :users, :encrypted_id, :string
+
+    User.all.each do |user|
+      user.set_encrypted_id
+      user.save!
+    end
+
+    change_column_null :users, :encrypted_id, false
+
+    add_index :users, :encrypted_id, unique: true
+    remove_index :users, :username
+  end
+
+  def down
+    add_index :users, :username, unique: true
+    remove_index :users, :encrypted_id
+    remove_column :users, :encrypted_id
+  end
+end

db/schema.rb

@@ -10,19 +10,20 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 20161017203809) do
+ActiveRecord::Schema.define(version: 20161108224701) do
 
   create_table "users", force: :cascade do |t|
-    t.string   "provider",   null: false
-    t.string   "uid",        null: false
+    t.string   "provider",     null: false
+    t.string   "uid",          null: false
     t.string   "name"
-    t.datetime "created_at", null: false
-    t.datetime "updated_at", null: false
+    t.datetime "created_at",   null: false
+    t.datetime "updated_at",   null: false
     t.string   "username"
+    t.string   "encrypted_id", null: false
+    t.index ["encrypted_id"], name: "index_users_on_encrypted_id", unique: true
     t.index ["provider", "uid"], name: "index_users_on_provider_and_uid", unique: true
     t.index ["provider"], name: "index_users_on_provider"
     t.index ["uid"], name: "index_users_on_uid"
-    t.index ["username"], name: "index_users_on_username", unique: true
   end
 
 end

test/controllers/users_controller_test.rb

@@ -1,18 +0,0 @@
-require 'test_helper'
-
-class UsersControllerTest < ActionDispatch::IntegrationTest
-  setup do
-    @user = users(:one)
-  end
-
-  test "should get edit" do
-    get edit_user_url(@user)
-    assert_response :success
-  end
-
-  test "should update user" do
-    patch user_url(@user), params: { user: { username: @user.username } }
-    assert_redirected_to user_url(@user)
-  end
-
-end

test/fixtures/users.yml

@@ -3,11 +3,13 @@
 one:
   provider: twitter
   uid: <%= SecureRandom.hex(10) %>
+  encrypted_id: user1
   name: User 1
   username: user1
 
 two:
   provider: google
   uid: <%= SecureRandom.hex(10) %>
+  encrypted_id: user2
   name: User 2
   username: user2