From 70acb9a7e14828f681890facc90f354a02e861d2 Mon Sep 17 00:00:00 2001 From: shawn-higgins1 <23224097+shawn-higgins1@users.noreply.github.com> Date: Wed, 22 May 2019 13:44:40 -0400 Subject: [PATCH] GRN2-118: Create a setting to require authentication to join a room (#541) * Create a setting to require authentication to join a room * Apply comments --- app/assets/javascripts/admins.js | 5 ++++ app/controllers/admins_controller.rb | 8 ++++- app/controllers/rooms_controller.rb | 11 +++++++ app/helpers/admins_helper.rb | 4 +++ app/models/setting.rb | 2 ++ app/views/rooms/join.html.erb | 30 +++++++++++-------- .../admin_settings/_site_settings.html.erb | 13 ++++++++ config/locales/en.yml | 4 +++ config/routes.rb | 1 + spec/controllers/admins_controller_spec.rb | 17 +++++++++++ spec/controllers/rooms_controller_spec.rb | 8 +++++ 11 files changed, 89 insertions(+), 14 deletions(-) diff --git a/app/assets/javascripts/admins.js b/app/assets/javascripts/admins.js index 0dff33ee..d59c3e79 100644 --- a/app/assets/javascripts/admins.js +++ b/app/assets/javascripts/admins.js @@ -106,6 +106,11 @@ function changeBrandingImage(path) { $.post(path, {url: url}) } +// Change whether or not user have to be signed in to join a room +function changeRoomAuthentication(checked, path) { + $.post(path, {authenticationRequired: checked}) +} + // Filters by role function filterRole(role) { search = new URL(location.href).searchParams.get('search') diff --git a/app/controllers/admins_controller.rb b/app/controllers/admins_controller.rb index e7930169..c118e6c5 100644 --- a/app/controllers/admins_controller.rb +++ b/app/controllers/admins_controller.rb @@ -22,7 +22,7 @@ class AdminsController < ApplicationController include Emailer manage_users = [:edit_user, :promote, :demote, :ban_user, :unban_user, :approve] - site_settings = [:branding, :coloring, :coloring_lighten, :coloring_darken, :registration_method] + site_settings = [:branding, :coloring, :coloring_lighten, :coloring_darken, :registration_method, :room_authentication] authorize_resource class: false before_action :find_user, only: manage_users @@ -130,6 +130,12 @@ class AdminsController < ApplicationController redirect_to admins_path end + # POST /admins/meetingAuthentication + def room_authentication + @settings.update_value("Room Authentication", params[:authenticationRequired]) + redirect_to admins_path + end + # POST /admins/registration_method/:method def registration_method new_method = Rails.configuration.registration_methods[params[:method].to_sym] diff --git a/app/controllers/rooms_controller.rb b/app/controllers/rooms_controller.rb index 1918474d..cbec3aec 100644 --- a/app/controllers/rooms_controller.rb +++ b/app/controllers/rooms_controller.rb @@ -98,6 +98,9 @@ class RoomsController < ApplicationController # POST /:room_uid def join + # If this setting is turned on only authenticated users are allowed to join rooms + room_authentication_required + opts = default_meeting_options unless @room.owned_by?(current_user) # Assign join name if passed. @@ -271,4 +274,12 @@ class RoomsController < ApplicationController def verify_user_not_admin redirect_to admins_path if current_user && current_user&.has_role?(:super_admin) end + + def room_authentication_required + if Setting.find_or_create_by!(provider: user_settings_provider).get_value("Room Authentication") == "true" && + current_user.nil? + flash[:alert] = I18n.t("administrator.site_settings.authentication.user-info") + redirect_to signin_path + end + end end diff --git a/app/helpers/admins_helper.rb b/app/helpers/admins_helper.rb index 4ad6bb35..e4065285 100644 --- a/app/helpers/admins_helper.rb +++ b/app/helpers/admins_helper.rb @@ -35,6 +35,10 @@ module AdminsHelper registration_method == Rails.configuration.registration_methods[:approval] end + def room_authentication_required + Setting.find_or_create_by!(provider: user_settings_provider).get_value("Room Authentication") == "true" + end + def registration_method_string case registration_method when Rails.configuration.registration_methods[:open] diff --git a/app/models/setting.rb b/app/models/setting.rb index 3daaa26e..b4f07ff0 100644 --- a/app/models/setting.rb +++ b/app/models/setting.rb @@ -39,6 +39,8 @@ class Setting < ApplicationRecord Rails.configuration.primary_color_default when "Registration Method" Rails.configuration.registration_method_default + when "Room Authentication" + false end end end diff --git a/app/views/rooms/join.html.erb b/app/views/rooms/join.html.erb index 70c74c82..dd8cea98 100644 --- a/app/views/rooms/join.html.erb +++ b/app/views/rooms/join.html.erb @@ -14,18 +14,22 @@ %> <%= render 'shared/room_event' do %> - <%= form_for room_path(@room), method: :post do |f| %> -
- <%= f.hidden_field(:search, :value => params[:search])%> - <%= f.hidden_field(:column, :value => params[:column])%> - <%= f.hidden_field(:direction, :value => params[:direction])%> - <%= f.text_field :join_name, - required: true, - class: "form-control join-form", - placeholder: t("enter_your_name"), - value: "#{@name}", - readonly: !current_user.nil? %> - <%= f.submit t("room.join"), class: "btn btn-primary btn-sm col-sm-3 form-control join-form" %> -
+ <% if room_authentication_required && current_user.nil? %> +

<%= t("administrator.site_settings.authentication.user-info") %>

+ <% else %> + <%= form_for room_path(@room), method: :post do |f| %> +
+ <%= f.hidden_field(:search, :value => params[:search])%> + <%= f.hidden_field(:column, :value => params[:column])%> + <%= f.hidden_field(:direction, :value => params[:direction])%> + <%= f.text_field :join_name, + required: true, + class: "form-control join-form", + placeholder: t("enter_your_name"), + value: "#{@name}", + readonly: !current_user.nil? %> + <%= f.submit t("room.join"), class: "btn btn-primary btn-sm col-sm-3 form-control join-form" %> +
+ <% end %> <% end %> <% end %> diff --git a/app/views/shared/admin_settings/_site_settings.html.erb b/app/views/shared/admin_settings/_site_settings.html.erb index 93e81488..0079861c 100644 --- a/app/views/shared/admin_settings/_site_settings.html.erb +++ b/app/views/shared/admin_settings/_site_settings.html.erb @@ -28,6 +28,19 @@ +
+
+
+ +
+ +
+
+
+
diff --git a/config/locales/en.yml b/config/locales/en.yml index 97bdc139..42a549c4 100755 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -23,6 +23,10 @@ en: accepted_terms: "Terms and Conditions" administrator: site_settings: + authentication: + info: Only allow authenticated users to join a room + title: Require Authentication for Rooms + user-info: You must sign in to Greenlight to join this room branding: change: Change Image info: Change the branding image that appears in the top left corner diff --git a/config/routes.rb b/config/routes.rb index 3801a8ab..f2a39a23 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -39,6 +39,7 @@ Rails.application.routes.draw do scope '/admins' do post '/branding', to: 'admins#branding', as: :admin_branding post '/coloring', to: 'admins#coloring', as: :admin_coloring + post '/room_authentication', to: 'admins#room_authentication', as: :admin_room_authentication post '/coloring_lighten', to: 'admins#coloring_lighten', as: :admin_coloring_lighten post '/coloring_darken', to: 'admins#coloring_darken', as: :admin_coloring_darken post '/signup', to: 'admins#signup', as: :admin_signup diff --git a/spec/controllers/admins_controller_spec.rb b/spec/controllers/admins_controller_spec.rb index 3d1ba995..ea3bc9bc 100644 --- a/spec/controllers/admins_controller_spec.rb +++ b/spec/controllers/admins_controller_spec.rb @@ -278,5 +278,22 @@ describe AdminsController, type: :controller do expect(response).to redirect_to(admins_path) end end + + context "POST #room_authentication" do + it "changes the room authentication required setting" do + allow(Rails.configuration).to receive(:loadbalanced_configuration).and_return(true) + allow_any_instance_of(User).to receive(:greenlight_account?).and_return(true) + + @request.session[:user_id] = @admin.id + checked = true + + post :room_authentication, params: { authenticationRequired: checked } + + feature = Setting.find_by(provider: "provider1").features.find_by(name: "Room Authentication") + + expect(feature[:value]).to eq(checked.to_s) + expect(response).to redirect_to(admins_path) + end + end end end diff --git a/spec/controllers/rooms_controller_spec.rb b/spec/controllers/rooms_controller_spec.rb index f34533f7..e9afc767 100644 --- a/spec/controllers/rooms_controller_spec.rb +++ b/spec/controllers/rooms_controller_spec.rb @@ -206,6 +206,14 @@ describe RoomsController, type: :controller do expect(flash[:alert]).to be_present expect(response).to redirect_to(root_path) end + + it "should not allow the user to join if the user isn't signed in and room authentication is required" do + allow_any_instance_of(Setting).to receive(:get_value).and_return("true") + + post :join, params: { room_uid: @room } + + expect(response).to redirect_to(signin_path) + end end describe "DELETE #destroy" do