From 7d1c9e87a95b742fe1d8d79d4af8c965640fb030 Mon Sep 17 00:00:00 2001
From: shawn-higgins1 <23224097+shawn-higgins1@users.noreply.github.com>
Date: Mon, 22 Jul 2019 13:12:44 -0400
Subject: [PATCH] Allow rooms to have an optional access code (#646)

---
 app/assets/javascripts/room.js.erb            | 31 ++++++++
 app/assets/stylesheets/rooms.scss             |  4 +
 app/controllers/rooms_controller.rb           | 78 ++++++++++++-------
 app/views/rooms/join.html.erb                 | 14 +++-
 app/views/rooms/wait.html.erb                 |  2 +-
 app/views/shared/_room_event.html.erb         |  4 +-
 .../shared/components/_room_block.html.erb    |  2 +-
 .../shared/modals/_create_room_modal.html.erb | 13 +++-
 config/locales/en.yml                         |  5 ++
 config/routes.rb                              |  1 +
 ...0711192033_add_password_digest_to_rooms.rb |  7 ++
 db/schema.rb                                  |  3 +-
 spec/controllers/rooms_controller_spec.rb     | 49 ++++++++++++
 13 files changed, 179 insertions(+), 34 deletions(-)
 create mode 100644 db/migrate/20190711192033_add_password_digest_to_rooms.rb

diff --git a/app/assets/javascripts/room.js.erb b/app/assets/javascripts/room.js.erb
index 1dc13675..15893e68 100644
--- a/app/assets/javascripts/room.js.erb
+++ b/app/assets/javascripts/room.js.erb
@@ -44,6 +44,9 @@ $(document).on('turbolinks:load', function(){
   // Display and update all fields related to creating a room in the createRoomModal
   $("#create-room-block").click(function(){
     $("#create-room-name").val("")
+    $("#create-room-access-code").text("<%= I18n.t("modal.create_room.access_code_placeholder") %>")
+    $("#room_access_code").val(null)
+
     $("#createRoomModal form").attr("action", $("body").data('relative-root'))
     updateDropdown($(".dropdown-item[value='default']"))
     $("#room_mute_on_join").prop("checked", false)
@@ -80,6 +83,16 @@ $(document).on('turbolinks:load', function(){
     })
 
     updateCurrentSettings($(this).closest("#room-block").data("room-settings"))
+    
+    accessCode = $(this).closest("#room-block").data("room-access-code")
+
+    if(accessCode){
+      $("#create-room-access-code").text("<%= I18n.t("modal.create_room.access_code") %>: " + accessCode)
+      $("#room_access_code").val(accessCode)
+    } else{
+      $("#create-room-access-code").text("<%= I18n.t("modal.create_room.access_code_placeholder") %>")
+      $("#room_access_code").val(null)
+    }
   })
 
   //Update the createRoomModal to show the correct current settings
@@ -107,3 +120,21 @@ function updateDropdown(element) {
   $("#dropdown-trigger").text(element.text())
   $("#room_client").val(element.val())
 }
+
+function generateAccessCode(){
+  const accessCodeLength = 6
+  var validCharacters = "0123456789"
+  var accessCode = ""
+
+  for( var i = 0; i < accessCodeLength; i++){
+    accessCode += validCharacters.charAt(Math.floor(Math.random() * validCharacters.length));
+  }
+
+  $("#create-room-access-code").text("<%= I18n.t("modal.create_room.access_code") %>: " + accessCode)
+  $("#room_access_code").val(accessCode)
+}
+
+function ResetAccessCode(){
+  $("#create-room-access-code").text("<%= I18n.t("modal.create_room.access_code_placeholder") %>")
+  $("#room_access_code").val(null)
+}
diff --git a/app/assets/stylesheets/rooms.scss b/app/assets/stylesheets/rooms.scss
index e971c0bb..1d037930 100644
--- a/app/assets/stylesheets/rooms.scss
+++ b/app/assets/stylesheets/rooms.scss
@@ -65,3 +65,7 @@
     background-color: rgba(0, 0, 0, 0.04);
   }
 }
+
+.allow-icon-click{
+  pointer-events: auto;
+}
diff --git a/app/controllers/rooms_controller.rb b/app/controllers/rooms_controller.rb
index 1e633d0d..5a92f114 100644
--- a/app/controllers/rooms_controller.rb
+++ b/app/controllers/rooms_controller.rb
@@ -25,7 +25,7 @@ class RoomsController < ApplicationController
   before_action :validate_verified_email, except: [:show, :join],
                 unless: -> { !Rails.configuration.enable_email_verification }
   before_action :find_room, except: :create
-  before_action :verify_room_ownership, except: [:create, :show, :join, :logout]
+  before_action :verify_room_ownership, except: [:create, :show, :join, :logout, :login]
   before_action :verify_room_owner_verified, only: [:show, :join],
                 unless: -> { !Rails.configuration.enable_email_verification }
   before_action :verify_user_not_admin, only: [:show]
@@ -36,7 +36,7 @@ class RoomsController < ApplicationController
 
     return redirect_to current_user.main_room, flash: { alert: I18n.t("room.room_limit") } if room_limit_exceeded
 
-    @room = Room.new(name: room_params[:name])
+    @room = Room.new(name: room_params[:name], access_code: room_params[:access_code])
     @room.owner = current_user
     @room.room_settings = create_room_settings_string(room_params[:mute_on_join], room_params[:client])
 
@@ -106,6 +106,12 @@ class RoomsController < ApplicationController
 
     opts = default_meeting_options
     unless @room.owned_by?(current_user)
+      # Don't allow users to join unless they have a valid access code or the room doesn't
+      # have an access code
+      if @room.access_code && !@room.access_code.empty? && @room.access_code != session[:access_code]
+        return redirect_to room_path(room_uid: params[:room_uid]), flash: { alert: I18n.t("room.access_code_required") }
+      end
+
       # Assign join name if passed.
       if params[@room.invite_path]
         @join_name = params[@room.invite_path][:join_name]
@@ -118,31 +124,7 @@ class RoomsController < ApplicationController
     # create or update cookie with join name
     cookies.encrypted[:greenlight_name] = @join_name unless cookies.encrypted[:greenlight_name] == @join_name
 
-    if @room.running? || @room.owned_by?(current_user)
-      # Determine if the user needs to join as a moderator.
-      opts[:user_is_moderator] = @room.owned_by?(current_user)
-
-      # Check if the user has specified which client to use
-      room_settings = JSON.parse(@room[:room_settings])
-      opts[:join_via_html5] = room_settings["joinViaHtml5"] if room_settings["joinViaHtml5"]
-
-      if current_user
-        redirect_to @room.join_path(current_user.name, opts, current_user.uid)
-      else
-        join_name = params[:join_name] || params[@room.invite_path][:join_name]
-        redirect_to @room.join_path(join_name, opts)
-      end
-    else
-
-      search_params = params[@room.invite_path] || params
-      @search, @order_column, @order_direction, pub_recs =
-        public_recordings(@room.bbb_id, @user_domain, search_params.permit(:search, :column, :direction), true)
-
-      @pagy, @public_recordings = pagy_array(pub_recs)
-
-      # They need to wait until the meeting begins.
-      render :wait
-    end
+    join_room(opts)
   end
 
   # DELETE /:room_uid
@@ -185,6 +167,8 @@ class RoomsController < ApplicationController
       update_room_attributes("settings")
       # Update the rooms name if it has been changed
       update_room_attributes("name") if @room.name != room_params[:name]
+      # Update the room's access code if it has changed
+      update_room_attributes("access_code") if @room.access_code != room_params[:access_code]
     rescue StandardError
       flash[:alert] = I18n.t("room.update_settings_error")
     else
@@ -199,6 +183,15 @@ class RoomsController < ApplicationController
     redirect_to @room
   end
 
+  # POST /:room_uid/login
+  def login
+    session[:access_code] = room_params[:access_code]
+
+    flash[:alert] = I18n.t("room.access_code_required") if session[:access_code] != @room.access_code
+
+    redirect_to room_path(@room.uid)
+  end
+
   private
 
   def update_room_attributes(update_type)
@@ -208,6 +201,8 @@ class RoomsController < ApplicationController
       elsif update_type.eql? "settings"
         room_settings_string = create_room_settings_string(room_params[:mute_on_join], room_params[:client])
         @room.update_attributes(room_settings: room_settings_string)
+      elsif update_type.eql? "access_code"
+        @room.update_attributes(access_code: room_params[:access_code])
       end
     end
   end
@@ -226,7 +221,7 @@ class RoomsController < ApplicationController
   end
 
   def room_params
-    params.require(:room).permit(:name, :auto_join, :mute_on_join, :client)
+    params.require(:room).permit(:name, :auto_join, :mute_on_join, :client, :access_code)
   end
 
   # Find the room from the uid.
@@ -292,4 +287,31 @@ class RoomsController < ApplicationController
 
     current_user.rooms.count >= limit
   end
+
+  def join_room(opts)
+    if @room.running? || @room.owned_by?(current_user)
+      # Determine if the user needs to join as a moderator.
+      opts[:user_is_moderator] = @room.owned_by?(current_user)
+
+      # Check if the user has specified which client to use
+      room_settings = JSON.parse(@room[:room_settings])
+      opts[:join_via_html5] = room_settings["joinViaHtml5"] if room_settings["joinViaHtml5"]
+
+      if current_user
+        redirect_to @room.join_path(current_user.name, opts, current_user.uid)
+      else
+        join_name = params[:join_name] || params[@room.invite_path][:join_name]
+        redirect_to @room.join_path(join_name, opts)
+      end
+    else
+      search_params = params[@room.invite_path] || params
+      @search, @order_column, @order_direction, pub_recs =
+        public_recordings(@room.bbb_id, @user_domain, search_params.permit(:search, :column, :direction), true)
+
+      @pagy, @public_recordings = pagy_array(pub_recs)
+
+      # They need to wait until the meeting begins.
+      render :wait
+    end
+  end
 end
diff --git a/app/views/rooms/join.html.erb b/app/views/rooms/join.html.erb
index 5e718e15..9cd55d5d 100644
--- a/app/views/rooms/join.html.erb
+++ b/app/views/rooms/join.html.erb
@@ -13,9 +13,21 @@
 # with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
 %>
 
-<%= render 'shared/room_event' do %>
+<% valid_access_code = @room.access_code.nil? || @room.access_code.empty? || @room.access_code == session[:access_code] %>
+<%= render 'shared/room_event', render_recordings: valid_access_code do %>
   <% if room_authentication_required %>
     <h2><%= t("administrator.site_settings.authentication.user-info") %></h2>
+  <% elsif !valid_access_code %>
+    <%= form_for :room, url: login_room_path(@room.uid) do |f| %>
+      <div class="input-group join-input">
+        <%= f.text_field :access_code,
+              required: true,
+              class: "form-control join-form",
+              placeholder: t("room.enter_the_access_code"),
+              value: "" %>
+        <%= f.submit t("room.login"), class: "btn btn-primary btn-sm col-sm-3 form-control join-form" %>
+      </div>
+    <% end %>
   <% else %>
     <%= form_for room_path(@room), method: :post do |f| %>
       <div class="input-group join-input">
diff --git a/app/views/rooms/wait.html.erb b/app/views/rooms/wait.html.erb
index 2afad065..e93f153c 100644
--- a/app/views/rooms/wait.html.erb
+++ b/app/views/rooms/wait.html.erb
@@ -13,7 +13,7 @@
 # with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
 %>
 
-<%= render 'shared/room_event' do %>
+<%= render 'shared/room_event', render_recordings: true do %>
   <div class="row">
     <div class="col-9">
       <h3><%= t("room.wait.message") %></h3>
diff --git a/app/views/shared/_room_event.html.erb b/app/views/shared/_room_event.html.erb
index 2dbcda0e..88a29f1c 100644
--- a/app/views/shared/_room_event.html.erb
+++ b/app/views/shared/_room_event.html.erb
@@ -40,4 +40,6 @@
   </div>
 </div>
 
-<%= render "shared/sessions", recordings: @public_recordings, pagy: @pagy, only_public: true, user_recordings: false, title: t("room.recordings") %>
+<% if render_recordings %>
+  <%= render "shared/sessions", recordings: @public_recordings, pagy: @pagy, only_public: true, user_recordings: false, title: t("room.recordings") %>
+<% end %>
diff --git a/app/views/shared/components/_room_block.html.erb b/app/views/shared/components/_room_block.html.erb
index 9e8c6fc4..28b81b6f 100644
--- a/app/views/shared/components/_room_block.html.erb
+++ b/app/views/shared/components/_room_block.html.erb
@@ -13,7 +13,7 @@
 # with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
 %>
 
-<div id="<%= if room == current_user.main_room then 'home_room_block' else 'room-block' end %>" data-room-uid="<%= room.uid %>" data-room-settings=<%= room.room_settings %> class="card">
+<div id="<%= if room == current_user.main_room then 'home_room_block' else 'room-block' end %>" data-room-uid="<%= room.uid %>" data-room-settings=<%= room.room_settings %> data-room-access-code="<%= room.access_code %>" class="card">
   <div class="card-body p-1">
     <table class="table table-hover table-vcenter text-wrap table-no-border">
       <tbody class="no-border-top">
diff --git a/app/views/shared/modals/_create_room_modal.html.erb b/app/views/shared/modals/_create_room_modal.html.erb
index 12028de2..658f6f9e 100644
--- a/app/views/shared/modals/_create_room_modal.html.erb
+++ b/app/views/shared/modals/_create_room_modal.html.erb
@@ -28,10 +28,21 @@
               <span class="input-icon-addon">
                 <i class="fas fa-chalkboard-teacher"></i>
               </span>
-              <%= f.text_field :name, id: "create-room-name", class: "form-control", value: "", placeholder: t("modal.create_room.name_placeholder"), autocomplete: :off %>
+              <%= f.text_field :name, id: "create-room-name", class: "form-control text-center", value: "", placeholder: t("modal.create_room.name_placeholder"), autocomplete: :off %>
               <div class="invalid-feedback text-left"><%= t("modal.create_room.not_blank") %></div>
             </div>
 
+            <div class="input-icon mb-2">
+              <span onclick="generateAccessCode()" class="input-icon-addon allow-icon-click">
+                <i class="fas fa-dice"></i>
+              </span>
+              <%= f.label :access_code, t("modal.create_room.access_code_placeholder"), id: "create-room-access-code", class: "form-control" %>
+              <%= f.hidden_field :access_code %>
+              <span onclick="ResetAccessCode()" class="input-icon-addon allow-icon-click">
+                <i class="far fa-trash-alt"></i>
+              </span>
+            </div>
+
             <% if Rails.configuration.room_features.include? "default-client" %>
               <label class="mt-3 mb-3 w-100 text-left d-inline-block">
                 <input type="hidden" name="room[client]" id="room_client">
diff --git a/config/locales/en.yml b/config/locales/en.yml
index fdbec16a..de2128b1 100755
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -252,6 +252,8 @@ en:
   max_concurrent: The maximum number of concurrent sessions allowed has been reached!
   modal:
     create_room:
+      access_code: Access Code
+      access_code_placeholder: Generate an optional room access code
       auto_join: Automatically join me into the room
       create: Create Room
       free_delete: You will be free to delete this room at any time.
@@ -357,13 +359,16 @@ en:
     super_admin: Super Admin
     user: User
   room:
+    access_code_required: Please enter a valid access code to join the room
     create_room: Create a Room
     create_room_error: There was an error creating the room
     create_room_success: Room created successfully
+    enter_the_access_code: Enter the room's access code
     invited: You have been invited to join
     invite_participants: Invite Participants
     join: Join
     last_session: Last session on %{session}
+    login: Login
     owner: Owner
     no_sessions: This room has no sessions, yet!
     recordings: Room Recordings
diff --git a/config/routes.rb b/config/routes.rb
index 56dc67ae..1155b2ac 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -102,6 +102,7 @@ Rails.application.routes.draw do
     post '/update_settings', to: 'rooms#update_settings'
     post '/start', to: 'rooms#start', as: :start_room
     get '/logout', to: 'rooms#logout', as: :logout_room
+    post '/login', to: 'rooms#login', as: :login_room
   end
 
   # Recording operations routes
diff --git a/db/migrate/20190711192033_add_password_digest_to_rooms.rb b/db/migrate/20190711192033_add_password_digest_to_rooms.rb
new file mode 100644
index 00000000..a018fed7
--- /dev/null
+++ b/db/migrate/20190711192033_add_password_digest_to_rooms.rb
@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+class AddPasswordDigestToRooms < ActiveRecord::Migration[5.0]
+  def change
+    add_column :rooms, :access_code, :string, null: true, default: nil
+  end
+end
diff --git a/db/schema.rb b/db/schema.rb
index a09c7884..e6fce221 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 20190522195242) do
+ActiveRecord::Schema.define(version: 20190711192033) do
 
   create_table "features", force: :cascade do |t|
     t.integer  "setting_id"
@@ -56,6 +56,7 @@ ActiveRecord::Schema.define(version: 20190522195242) do
     t.string   "room_settings",         default: "{ }"
     t.string   "moderator_pw"
     t.string   "attendee_pw"
+    t.string   "access_code"
     t.index ["bbb_id"], name: "index_rooms_on_bbb_id"
     t.index ["last_session"], name: "index_rooms_on_last_session"
     t.index ["name"], name: "index_rooms_on_name"
diff --git a/spec/controllers/rooms_controller_spec.rb b/spec/controllers/rooms_controller_spec.rb
index 7fe3b6b3..e91e9b13 100644
--- a/spec/controllers/rooms_controller_spec.rb
+++ b/spec/controllers/rooms_controller_spec.rb
@@ -203,6 +203,32 @@ describe RoomsController, type: :controller do
       expect(response).to render_template(:wait)
     end
 
+    it "should render wait if the correct access code is supplied" do
+      allow_any_instance_of(BigBlueButton::BigBlueButtonApi).to receive(:is_meeting_running?).and_return(false)
+
+      protected_room = Room.new(name: 'test', access_code: "123456")
+      protected_room.owner = @owner
+      protected_room.save
+
+      @request.session[:user_id] = @user.id
+      post :join, params: { room_uid: protected_room, join_name: @user.name }, session: { access_code: "123456" }
+
+      expect(response).to render_template(:wait)
+    end
+
+    it "should redirect to login if the correct access code isn't supplied" do
+      allow_any_instance_of(BigBlueButton::BigBlueButtonApi).to receive(:is_meeting_running?).and_return(false)
+
+      protected_room = Room.new(name: 'test', access_code: "123456")
+      protected_room.owner = @owner
+      protected_room.save
+
+      @request.session[:user_id] = @user.id
+      post :join, params: { room_uid: protected_room, join_name: @user.name }, session: { access_code: "123455" }
+
+      expect(response).to redirect_to room_path(protected_room.uid)
+    end
+
     it "should join owner as moderator if meeting running" do
       allow_any_instance_of(BigBlueButton::BigBlueButtonApi).to receive(:is_meeting_running?).and_return(true)
 
@@ -374,4 +400,27 @@ describe RoomsController, type: :controller do
       expect(response).to redirect_to(@room)
     end
   end
+
+  describe "POST #login" do
+    before do
+      @user = create(:user)
+      @room = @user.main_room
+      @room.access_code = "123456"
+      @room.save
+    end
+
+    it "should redirect to show with valid access code" do
+      post :login, params: { room_uid: @room.uid, room: { access_code: "123456" } }
+
+      expect(response).to redirect_to room_path(@room.uid)
+      expect(flash[:alert]).to be_nil
+    end
+
+    it "should redirect to show with and notify user of invalid access code" do
+      post :login, params: { room_uid: @room.uid, room: { access_code: "123455" } }
+
+      expect(response).to redirect_to room_path(@room.uid)
+      expect(flash[:alert]).to eq(I18n.t("room.access_code_required"))
+    end
+  end
 end