GRN2-118: Create a setting to require authentication to join a room (#541)

* Create a setting to require authentication to join a room

* Apply comments

app/assets/javascripts/admins.js

@@ -106,6 +106,11 @@ function changeBrandingImage(path) {
   $.post(path, {url: url})
 }
 
+// Change whether or not user have to be signed in to join a room
+function changeRoomAuthentication(checked, path) {
+  $.post(path, {authenticationRequired: checked})
+}
+
 // Filters by role
 function filterRole(role) {
   search = new URL(location.href).searchParams.get('search')

app/controllers/admins_controller.rb

@@ -22,7 +22,7 @@ class AdminsController < ApplicationController
   include Emailer
 
   manage_users = [:edit_user, :promote, :demote, :ban_user, :unban_user, :approve]
-  site_settings = [:branding, :coloring, :coloring_lighten, :coloring_darken, :registration_method]
+  site_settings = [:branding, :coloring, :coloring_lighten, :coloring_darken, :registration_method, :room_authentication]
 
   authorize_resource class: false
   before_action :find_user, only: manage_users
@@ -130,6 +130,12 @@ class AdminsController < ApplicationController
     redirect_to admins_path
   end
 
+  # POST /admins/meetingAuthentication
+  def room_authentication
+    @settings.update_value("Room Authentication", params[:authenticationRequired])
+    redirect_to admins_path
+  end
+
   # POST /admins/registration_method/:method
   def registration_method
     new_method = Rails.configuration.registration_methods[params[:method].to_sym]

app/controllers/rooms_controller.rb

@@ -98,6 +98,9 @@ class RoomsController < ApplicationController
 
   # POST /:room_uid
   def join
+    # If this setting is turned on only authenticated users are allowed to join rooms
+    room_authentication_required
+
     opts = default_meeting_options
     unless @room.owned_by?(current_user)
       # Assign join name if passed.
@@ -271,4 +274,12 @@ class RoomsController < ApplicationController
   def verify_user_not_admin
     redirect_to admins_path if current_user && current_user&.has_role?(:super_admin)
   end
+
+  def room_authentication_required
+    if Setting.find_or_create_by!(provider: user_settings_provider).get_value("Room Authentication") == "true" &&
+       current_user.nil?
+      flash[:alert] = I18n.t("administrator.site_settings.authentication.user-info")
+      redirect_to signin_path
+    end
+  end
 end

app/helpers/admins_helper.rb

@@ -35,6 +35,10 @@ module AdminsHelper
     registration_method == Rails.configuration.registration_methods[:approval]
   end
 
+  def room_authentication_required
+    Setting.find_or_create_by!(provider: user_settings_provider).get_value("Room Authentication") == "true"
+  end
+
   def registration_method_string
     case registration_method
     when Rails.configuration.registration_methods[:open]

app/models/setting.rb

@@ -39,6 +39,8 @@ class Setting < ApplicationRecord
         Rails.configuration.primary_color_default
       when "Registration Method"
         Rails.configuration.registration_method_default
+      when "Room Authentication"
+        false
       end
     end
   end

app/views/rooms/join.html.erb

@@ -14,6 +14,9 @@
 %>
 
 <%= render 'shared/room_event' do %>
+  <% if room_authentication_required && current_user.nil? %>
+    <h2><%= t("administrator.site_settings.authentication.user-info") %></h2>
+  <% else %>
     <%= form_for room_path(@room), method: :post do |f| %>
       <div class="input-group join-input">
         <%= f.hidden_field(:search, :value => params[:search])%>
@@ -28,4 +31,5 @@
         <%= f.submit t("room.join"), class: "btn btn-primary btn-sm col-sm-3 form-control join-form" %>
       </div>
     <% end %>
+  <% end %>
 <% end %>

app/views/shared/admin_settings/_site_settings.html.erb

@@ -28,6 +28,19 @@
       </div>
     </div>
   </div>
+  <div class="row">
+    <div class="col-12">
+      <div class="mb-7 form-group">
+        <label class="form-label"><%= t("administrator.site_settings.authentication.title") %></label>
+        <div class="row gutters-xs">
+          <label class="custom-control custom-checkbox ml-1">
+            <%= check_box_tag "room_authentication", '', room_authentication_required, class: 'custom-control-input', onchange: "changeRoomAuthentication(this.checked, '#{admin_room_authentication_path}')"%>
+            <span class="custom-control-label text-muted pt-1"><%= t("administrator.site_settings.authentication.info") %></span>
+          </label>
+        </div>
+      </div>
+    </div>
+  </div>
   <div class="row">
     <div class="col-12">
       <div class="mb-7 form-group">

config/locales/en.yml

@@ -23,6 +23,10 @@ en:
         accepted_terms: "Terms and Conditions"
   administrator:
     site_settings:
+      authentication:
+        info: Only allow authenticated users to join a room
+        title: Require Authentication for Rooms
+        user-info: You must sign in to Greenlight to join this room
       branding:
         change: Change Image
         info: Change the branding image that appears in the top left corner

config/routes.rb

@@ -39,6 +39,7 @@ Rails.application.routes.draw do
   scope '/admins' do
     post '/branding', to: 'admins#branding', as: :admin_branding
     post '/coloring', to: 'admins#coloring', as: :admin_coloring
+    post '/room_authentication', to: 'admins#room_authentication', as: :admin_room_authentication
     post '/coloring_lighten', to: 'admins#coloring_lighten', as: :admin_coloring_lighten
     post '/coloring_darken', to: 'admins#coloring_darken', as: :admin_coloring_darken
     post '/signup', to: 'admins#signup', as: :admin_signup

spec/controllers/admins_controller_spec.rb

@@ -278,5 +278,22 @@ describe AdminsController, type: :controller do
         expect(response).to redirect_to(admins_path)
       end
     end
+
+    context "POST #room_authentication" do
+      it "changes the room authentication required setting" do
+        allow(Rails.configuration).to receive(:loadbalanced_configuration).and_return(true)
+        allow_any_instance_of(User).to receive(:greenlight_account?).and_return(true)
+
+        @request.session[:user_id] = @admin.id
+        checked = true
+
+        post :room_authentication, params: { authenticationRequired: checked }
+
+        feature = Setting.find_by(provider: "provider1").features.find_by(name: "Room Authentication")
+
+        expect(feature[:value]).to eq(checked.to_s)
+        expect(response).to redirect_to(admins_path)
+      end
+    end
   end
 end

spec/controllers/rooms_controller_spec.rb

@@ -206,6 +206,14 @@ describe RoomsController, type: :controller do
       expect(flash[:alert]).to be_present
       expect(response).to redirect_to(root_path)
     end
+
+    it "should not allow the user to join if the user isn't signed in and room authentication is required" do
+      allow_any_instance_of(Setting).to receive(:get_value).and_return("true")
+
+      post :join, params: { room_uid: @room }
+
+      expect(response).to redirect_to(signin_path)
+    end
   end
 
   describe "DELETE #destroy" do