GRN2-xx: Email and admin fix (#515)

* Email and admin fix * Redirected super_admins to the admins page * Small fix * Update rooms_controller.rb
2019-05-09 18:07:18 -04:00 · 2019-05-09 18:07:18 -04:00 · 75bde6a42d
parent 63ada8b3db
commit 75bde6a42d
10 changed files with 58 additions and 27 deletions
--- a/app/controllers/account_activations_controller.rb
+++ b/app/controllers/account_activations_controller.rb
@ -17,7 +17,7 @@
 # with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
 class AccountActivationsController < ApplicationController
-  include Verifier
+  include Emailer
  before_action :ensure_unauthenticated
  before_action :find_user
@ -46,7 +46,7 @@ class AccountActivationsController < ApplicationController
      flash[:alert] = I18n.t("verify.already_verified")
    else
      begin
-        @user.send_activation_email(user_verification_link)
+        send_activation_email(@user)
      rescue => e
        logger.error "Error in email delivery: #{e}"
        flash[:alert] = I18n.t(params[:message], default: I18n.t("delivery_error"))
--- a/app/controllers/concerns/verifier.rb
+++ b/app/controllers/concerns/verifier.rb
@ -16,11 +16,27 @@
 # You should have received a copy of the GNU Lesser General Public License along
 # with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
-module Verifier
+module Emailer
  extend ActiveSupport::Concern
  # Sends account activation email.
  def send_activation_email(user)
    @user = user
    UserMailer.verify_email(@user, user_verification_link, logo_image, user_color).deliver
  end
  # Sends password reset email.
  def send_password_reset_email(user)
    @user = user
    UserMailer.password_reset(@user, reset_link, logo_image, user_color).deliver_now
  end
  # Returns the link the user needs to click to verify their account
  def user_verification_link
    request.base_url + edit_account_activation_path(token: @user.activation_token, email: @user.email)
  end
  def reset_link
    request.base_url + edit_password_reset_path(@user.reset_token, email: @user.email)
  end
 end
--- a/app/controllers/password_resets_controller.rb
+++ b/app/controllers/password_resets_controller.rb
@ -17,6 +17,8 @@
 # with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
 class PasswordResetsController < ApplicationController
  include Emailer
  before_action :disable_password_reset, unless: -> { Rails.configuration.enable_email_verification }
  before_action :find_user,   only: [:edit, :update]
  before_action :valid_user, only: [:edit, :update]
@ -29,7 +31,7 @@ class PasswordResetsController < ApplicationController
    @user = User.find_by(email: params[:password_reset][:email].downcase)
    if @user
      @user.create_reset_digest
-      @user.send_password_reset_email(reset_link)
+      send_password_reset_email(@user)
      flash[:success] = I18n.t("email_sent", email_type: t("reset_password.subtitle"))
      redirect_to root_path
    else
@ -78,10 +80,6 @@ class PasswordResetsController < ApplicationController
    redirect_to new_password_reset_url, alert: I18n.t("expired_reset_token") if current_user.password_reset_expired?
  end
  def reset_link
    request.base_url + edit_password_reset_path(@user.reset_token, email: @user.email)
  end
  # Confirms a valid user.
  def valid_user
    unless current_user.authenticated?(:reset, params[:id])
--- a/app/controllers/rooms_controller.rb
+++ b/app/controllers/rooms_controller.rb
@ -26,6 +26,7 @@ class RoomsController < ApplicationController
  before_action :verify_room_ownership, except: [:create, :show, :join, :logout]
  before_action :verify_room_owner_verified, only: [:show, :join],
                unless: -> { !Rails.configuration.enable_email_verification }
  before_action :verify_user_not_admin, only: [:show]
  # POST /
  def create
@ -244,11 +245,15 @@ class RoomsController < ApplicationController
    unless @room.owner.activated?
      flash[:alert] = t("room.unavailable")
-      if current_user
+      if current_user && !@room.owned_by?(current_user)
        redirect_to current_user.main_room
      else
        redirect_to root_path
      end
    end
  end
  def verify_user_not_admin
    redirect_to admins_path if current_user && current_user&.has_role?(:super_admin)
  end
 end
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@ -18,7 +18,7 @@
 class UsersController < ApplicationController
  include RecordingsHelper
-  include Verifier
+  include Emailer
  before_action :find_user, only: [:edit, :update, :destroy]
  before_action :ensure_unauthenticated, only: [:new, :create]
@ -46,7 +46,7 @@ class UsersController < ApplicationController
    # Start email verification and redirect to root.
    begin
-      @user.send_activation_email(user_verification_link)
+      send_activation_email(@user)
    rescue => e
      logger.error "Error in email delivery: #{e}"
      flash[:alert] = I18n.t(params[:message], default: I18n.t("delivery_error"))
--- a/app/mailers/user_mailer.rb
+++ b/app/mailers/user_mailer.rb
@ -19,15 +19,19 @@
 class UserMailer < ApplicationMailer
  default from: Rails.configuration.smtp_sender
-  def verify_email(user, url)
+  def verify_email(user, url, image, color)
    @user = user
    @url = url
    @image = image
    @color = color
    mail(to: @user.email, subject: t('landing.welcome'))
  end
-  def password_reset(user, url)
+  def password_reset(user, url, image, color)
    @user = user
    @url = url
    @image = image
    @color = color
    mail to: user.email, subject: t('reset_password.subtitle')
  end
 end
--- a/app/models/user.rb
+++ b/app/models/user.rb
@ -103,8 +103,16 @@ class User < ApplicationRecord
  end
  def self.admins_search(string)
    active_database = Rails.configuration.database_configuration[Rails.env]["adapter"]
    # Postgres requires created_at to be cast to a string
    created_at_query = if active_database == "postgresql"
      "created_at::text"
    else
      "created_at"
    end
    search_query = "name LIKE :search OR email LIKE :search OR username LIKE :search" \
-                   " OR created_at LIKE :search OR provider LIKE :search"
+                   " OR #{created_at_query} LIKE :search OR provider LIKE :search"
    search_param = "%#{string}%"
    where(search_query, search: search_param)
  end
@ -149,10 +157,6 @@ class User < ApplicationRecord
    email_verified
  end
  def send_activation_email(url)
    UserMailer.verify_email(self, url).deliver
  end
  # Sets the password reset attributes.
  def create_reset_digest
    self.reset_token = User.new_token
@ -160,11 +164,6 @@ class User < ApplicationRecord
    update_attribute(:reset_sent_at, Time.zone.now)
  end
  # Sends password reset email.
  def send_password_reset_email(url)
    UserMailer.password_reset(self, url).deliver_now
  end
  # Returns true if the given token matches the digest.
  def authenticated?(attribute, token)
    digest = send("#{attribute}_digest")
--- a/app/views/user_mailer/password_reset.html.erb
+++ b/app/views/user_mailer/password_reset.html.erb
@ -17,7 +17,7 @@
 %>
  <div style="text-align:center; font-family:'Source Sans Pro', -apple-system, BlinkMacSystemFont, 'Segoe UI', 'Helvetica Neue', Arial, sans-serif">
    <div style="display:inline-block; background-color:#F5F7FB; border:1px solid #d3d3d3; padding: 25px 70px">
-      <%= image_tag(logo_image, height: '70')%>
+      <%= image_tag(@image, height: '70')%>
      <h1 style="margin-bottom:30px">
        <%= t('mailer.user.password_reset.title') %>
@ -32,7 +32,7 @@
      </p>
      <a
-        style="background: <%= user_color %>;color: #ffffff; padding: 10px 15px; box-shadow: 0 2px 4px 0 rgba(0,0,0,.25);border: 1px solid transparent;text-decoration:none;"
+        style="background: <%= @color %>;color: #ffffff; padding: 10px 15px; box-shadow: 0 2px 4px 0 rgba(0,0,0,.25);border: 1px solid transparent;text-decoration:none;"
        href="<%= @url %>">
        <%= t('mailer.user.password_reset.reset_link') %>
      </a>
--- a/app/views/user_mailer/verify_email.html.erb
+++ b/app/views/user_mailer/verify_email.html.erb
@ -18,7 +18,7 @@
  <div style="text-align:center; font-family:'Source Sans Pro', -apple-system, BlinkMacSystemFont, 'Segoe UI', 'Helvetica Neue', Arial, sans-serif">
    <div style="display:inline-block; background-color:#F5F7FB; border:1px solid #d3d3d3; padding: 25px 70px">
-      <%= image_tag(logo_image, height: '70') %>
+      <%= image_tag(@image, height: '70') %>
      <h1 style="margin-bottom:30px">
        <%= t('mailer.user.verify_email.welcome', name: @user[:name]) %>
@ -36,7 +36,7 @@
        <%= t('mailer.user.verify_email.verify') %>
      </p>
-      <a style="background: <%= user_color %>;color: #ffffff; padding: 10px 15px; box-shadow: 0 2px 4px 0 rgba(0,0,0,.25);border: 1px solid transparent;text-decoration:none;" href="<%= @url %>">
+      <a style="background: <%= @color %>;color: #ffffff; padding: 10px 15px; box-shadow: 0 2px 4px 0 rgba(0,0,0,.25);border: 1px solid transparent;text-decoration:none;" href="<%= @url %>">
        <%= t('mailer.user.verify_email.verify_link') %>
      </a>
--- a/spec/controllers/rooms_controller_spec.rb
+++ b/spec/controllers/rooms_controller_spec.rb
@ -97,6 +97,15 @@ describe RoomsController, type: :controller do
      expect(assigns(:name)).to eql("")
    end
    it "redirects to admin if user is a super_admin" do
      @request.session[:user_id] = @owner.id
      @owner.add_role :super_admin
      get :show, params: { room_uid: @owner.main_room, search: :none }
      expect(response).to redirect_to(admins_path)
    end
  end
  describe "POST #create" do