diff --git a/app/controllers/account_activations_controller.rb b/app/controllers/account_activations_controller.rb index f508b056..80e7ba22 100644 --- a/app/controllers/account_activations_controller.rb +++ b/app/controllers/account_activations_controller.rb @@ -17,7 +17,7 @@ # with BigBlueButton; if not, see . class AccountActivationsController < ApplicationController - include Verifier + include Emailer before_action :ensure_unauthenticated before_action :find_user @@ -46,7 +46,7 @@ class AccountActivationsController < ApplicationController flash[:alert] = I18n.t("verify.already_verified") else begin - @user.send_activation_email(user_verification_link) + send_activation_email(@user) rescue => e logger.error "Error in email delivery: #{e}" flash[:alert] = I18n.t(params[:message], default: I18n.t("delivery_error")) diff --git a/app/controllers/concerns/verifier.rb b/app/controllers/concerns/emailer.rb similarity index 69% rename from app/controllers/concerns/verifier.rb rename to app/controllers/concerns/emailer.rb index b6bc852b..53a10a9c 100644 --- a/app/controllers/concerns/verifier.rb +++ b/app/controllers/concerns/emailer.rb @@ -16,11 +16,27 @@ # You should have received a copy of the GNU Lesser General Public License along # with BigBlueButton; if not, see . -module Verifier +module Emailer extend ActiveSupport::Concern + # Sends account activation email. + def send_activation_email(user) + @user = user + UserMailer.verify_email(@user, user_verification_link, logo_image, user_color).deliver + end + + # Sends password reset email. + def send_password_reset_email(user) + @user = user + UserMailer.password_reset(@user, reset_link, logo_image, user_color).deliver_now + end + # Returns the link the user needs to click to verify their account def user_verification_link request.base_url + edit_account_activation_path(token: @user.activation_token, email: @user.email) end + + def reset_link + request.base_url + edit_password_reset_path(@user.reset_token, email: @user.email) + end end diff --git a/app/controllers/password_resets_controller.rb b/app/controllers/password_resets_controller.rb index 280ef06f..e4959eb8 100644 --- a/app/controllers/password_resets_controller.rb +++ b/app/controllers/password_resets_controller.rb @@ -17,6 +17,8 @@ # with BigBlueButton; if not, see . class PasswordResetsController < ApplicationController + include Emailer + before_action :disable_password_reset, unless: -> { Rails.configuration.enable_email_verification } before_action :find_user, only: [:edit, :update] before_action :valid_user, only: [:edit, :update] @@ -29,7 +31,7 @@ class PasswordResetsController < ApplicationController @user = User.find_by(email: params[:password_reset][:email].downcase) if @user @user.create_reset_digest - @user.send_password_reset_email(reset_link) + send_password_reset_email(@user) flash[:success] = I18n.t("email_sent", email_type: t("reset_password.subtitle")) redirect_to root_path else @@ -78,10 +80,6 @@ class PasswordResetsController < ApplicationController redirect_to new_password_reset_url, alert: I18n.t("expired_reset_token") if current_user.password_reset_expired? end - def reset_link - request.base_url + edit_password_reset_path(@user.reset_token, email: @user.email) - end - # Confirms a valid user. def valid_user unless current_user.authenticated?(:reset, params[:id]) diff --git a/app/controllers/rooms_controller.rb b/app/controllers/rooms_controller.rb index 17bc0f8d..4f0a3042 100644 --- a/app/controllers/rooms_controller.rb +++ b/app/controllers/rooms_controller.rb @@ -26,6 +26,7 @@ class RoomsController < ApplicationController before_action :verify_room_ownership, except: [:create, :show, :join, :logout] before_action :verify_room_owner_verified, only: [:show, :join], unless: -> { !Rails.configuration.enable_email_verification } + before_action :verify_user_not_admin, only: [:show] # POST / def create @@ -244,11 +245,15 @@ class RoomsController < ApplicationController unless @room.owner.activated? flash[:alert] = t("room.unavailable") - if current_user + if current_user && !@room.owned_by?(current_user) redirect_to current_user.main_room else redirect_to root_path end end end + + def verify_user_not_admin + redirect_to admins_path if current_user && current_user&.has_role?(:super_admin) + end end diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 8d49a5f3..c10b5133 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -18,7 +18,7 @@ class UsersController < ApplicationController include RecordingsHelper - include Verifier + include Emailer before_action :find_user, only: [:edit, :update, :destroy] before_action :ensure_unauthenticated, only: [:new, :create] @@ -46,7 +46,7 @@ class UsersController < ApplicationController # Start email verification and redirect to root. begin - @user.send_activation_email(user_verification_link) + send_activation_email(@user) rescue => e logger.error "Error in email delivery: #{e}" flash[:alert] = I18n.t(params[:message], default: I18n.t("delivery_error")) diff --git a/app/mailers/user_mailer.rb b/app/mailers/user_mailer.rb index 2ca2f404..3ffee474 100644 --- a/app/mailers/user_mailer.rb +++ b/app/mailers/user_mailer.rb @@ -19,15 +19,19 @@ class UserMailer < ApplicationMailer default from: Rails.configuration.smtp_sender - def verify_email(user, url) + def verify_email(user, url, image, color) @user = user @url = url + @image = image + @color = color mail(to: @user.email, subject: t('landing.welcome')) end - def password_reset(user, url) + def password_reset(user, url, image, color) @user = user @url = url + @image = image + @color = color mail to: user.email, subject: t('reset_password.subtitle') end end diff --git a/app/models/user.rb b/app/models/user.rb index de530c94..f67026dc 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -103,8 +103,16 @@ class User < ApplicationRecord end def self.admins_search(string) + active_database = Rails.configuration.database_configuration[Rails.env]["adapter"] + # Postgres requires created_at to be cast to a string + created_at_query = if active_database == "postgresql" + "created_at::text" + else + "created_at" + end + search_query = "name LIKE :search OR email LIKE :search OR username LIKE :search" \ - " OR created_at LIKE :search OR provider LIKE :search" + " OR #{created_at_query} LIKE :search OR provider LIKE :search" search_param = "%#{string}%" where(search_query, search: search_param) end @@ -149,10 +157,6 @@ class User < ApplicationRecord email_verified end - def send_activation_email(url) - UserMailer.verify_email(self, url).deliver - end - # Sets the password reset attributes. def create_reset_digest self.reset_token = User.new_token @@ -160,11 +164,6 @@ class User < ApplicationRecord update_attribute(:reset_sent_at, Time.zone.now) end - # Sends password reset email. - def send_password_reset_email(url) - UserMailer.password_reset(self, url).deliver_now - end - # Returns true if the given token matches the digest. def authenticated?(attribute, token) digest = send("#{attribute}_digest") diff --git a/app/views/user_mailer/password_reset.html.erb b/app/views/user_mailer/password_reset.html.erb index 14055b97..81bba048 100644 --- a/app/views/user_mailer/password_reset.html.erb +++ b/app/views/user_mailer/password_reset.html.erb @@ -17,7 +17,7 @@ %>
- <%= image_tag(logo_image, height: '70')%> + <%= image_tag(@image, height: '70')%>

<%= t('mailer.user.password_reset.title') %> @@ -32,7 +32,7 @@

<%= t('mailer.user.password_reset.reset_link') %> diff --git a/app/views/user_mailer/verify_email.html.erb b/app/views/user_mailer/verify_email.html.erb index 44eb2df6..22b5f5e0 100644 --- a/app/views/user_mailer/verify_email.html.erb +++ b/app/views/user_mailer/verify_email.html.erb @@ -18,7 +18,7 @@
- <%= image_tag(logo_image, height: '70') %> + <%= image_tag(@image, height: '70') %>

<%= t('mailer.user.verify_email.welcome', name: @user[:name]) %> @@ -36,7 +36,7 @@ <%= t('mailer.user.verify_email.verify') %>

- + <%= t('mailer.user.verify_email.verify_link') %> diff --git a/spec/controllers/rooms_controller_spec.rb b/spec/controllers/rooms_controller_spec.rb index d2f6f096..f34533f7 100644 --- a/spec/controllers/rooms_controller_spec.rb +++ b/spec/controllers/rooms_controller_spec.rb @@ -97,6 +97,15 @@ describe RoomsController, type: :controller do expect(assigns(:name)).to eql("") end + + it "redirects to admin if user is a super_admin" do + @request.session[:user_id] = @owner.id + @owner.add_role :super_admin + + get :show, params: { room_uid: @owner.main_room, search: :none } + + expect(response).to redirect_to(admins_path) + end end describe "POST #create" do