diff --git a/app/controllers/bbb_controller.rb b/app/controllers/bbb_controller.rb index e1d67eaf..825db8dc 100644 --- a/app/controllers/bbb_controller.rb +++ b/app/controllers/bbb_controller.rb @@ -254,7 +254,7 @@ class BbbController < ApplicationController secret = ENV['BIGBLUEBUTTON_SECRET'] checksum = params["checksum"] data = read_body(request) - callback_url = uri_remove_param(request.url, "checksum") + callback_url = uri_remove_param(request.original_url, "checksum") checksum_str = "#{callback_url}#{data}#{secret}" calculated_checksum = Digest::SHA1.hexdigest(checksum_str) @@ -262,6 +262,8 @@ class BbbController < ApplicationController if calculated_checksum != checksum logger.error "Checksum did not match. Calculated: #{calculated_checksum}, received: #{checksum}" false + else + true end end diff --git a/config/environments/test.rb b/config/environments/test.rb index 30587ef6..2b239219 100644 --- a/config/environments/test.rb +++ b/config/environments/test.rb @@ -37,6 +37,8 @@ Rails.application.configure do # Print deprecation notices to the stderr. config.active_support.deprecation = :stderr + config.mail_notifications = true + # Raises error for missing translations # config.action_view.raise_on_missing_translations = true end diff --git a/test/controllers/bbb_controller_test.rb b/test/controllers/bbb_controller_test.rb index c7b2e4a3..74962cd4 100644 --- a/test/controllers/bbb_controller_test.rb +++ b/test/controllers/bbb_controller_test.rb @@ -81,7 +81,6 @@ class BbbControllerTest < ActionController::TestCase end test "should get recordings" do - BbbController.any_instance.expects(:bbb_get_recordings) .returns({status: :ok, recordings: []}).once @@ -94,7 +93,6 @@ class BbbControllerTest < ActionController::TestCase BbbController.any_instance.expects(:bbb_get_recordings) .returns({status: :ok, recordings: [{recordID: @recording}]}).once - BbbController.any_instance.expects(:bbb_update_recordings) .returns({status: :ok}).once @@ -107,7 +105,6 @@ class BbbControllerTest < ActionController::TestCase BbbController.any_instance.expects(:bbb_get_recordings) .returns({status: :ok, recordings: [{recordID: @recording}]}).at_least_once - BbbController.any_instance.expects(:bbb_delete_recordings) .returns({status: :ok}).once @@ -119,8 +116,7 @@ class BbbControllerTest < ActionController::TestCase login users :user2 BbbController.any_instance.expects(:bbb_get_recordings) - .returns({status: :ok, recordings: [{recordID: @recording}]}).at_least_once - + .returns({status: :ok, recordings: [{recordID: @recording}]}).once BbbController.any_instance.expects(:bbb_delete_recordings) .returns({status: :ok}).once @@ -133,7 +129,6 @@ class BbbControllerTest < ActionController::TestCase BbbController.any_instance.expects(:bbb_get_recordings) .returns({status: :ok, recordings: []}).once - BbbController.any_instance.expects(:bbb_update_recordings) .returns({status: :ok}).once @@ -141,28 +136,49 @@ class BbbControllerTest < ActionController::TestCase assert_response :not_found end - test "should return success on invalid checksum" do - + test "should not send notification on invalid checksum" do BbbController.any_instance.expects(:treat_callback_event).never - post :callback, params: { room_id: @user.encrypted_id, resource: 'rooms', id: @meeting_id, event: {} } + post :callback, params: { room_id: @user.encrypted_id, resource: 'rooms', id: @meeting_id } + assert_response :success + BbbController.any_instance.unstub(:treat_callback_event) + end + + test "should send notification on valid callback" do + checksum = set_recording_callback_data(@user, @meeting_id) + request.headers["ORIGINAL_FULLPATH"] = "/rooms/#{@user.encrypted_id}/#{@meeting_id}/callback?checksum=#{checksum}" + + BbbController.any_instance.expects(:bbb_get_recordings) + .returns({status: :ok, recordings: [{recordID: @recording}]}).once + + post :callback, params: { room_id: @user.encrypted_id, resource: 'rooms', id: @meeting_id, checksum: checksum } assert_response :success end - # TODO fix this test - # test "should send notification on valid callback" do - # - # BbbController.any_instance.expects(:treat_callback_event).once - # - # BbbController.any_instance.expects(:validate_checksum) - # .returns(true).once - # - # post :callback, params: { room_id: @user.encrypted_id, resource: 'rooms', id: @meeting_id, event: {} } - # assert_response :success - # end - private + # Sets the raw post data for callback and returns the checksum + def set_recording_callback_data(user, meeting_name) + secret = ENV['BIGBLUEBUTTON_SECRET'] + data = {"event": + {"header":{"name":"publish_ended"}, + "payload":{"metadata": + {"gl-listed": "false", + "isBreakout": "false", + "meetingName": meeting_name, + "meeting-name": meeting_name, + "meetingId": "b483e57c6ea0e38be6f05ac76aec60b5b9cbfe17", + "room-id": user.encrypted_id, + "gl-token": "#{user.encrypted_id}-#{meeting_name}", + "gl-webhooks-callback-url": "http://test.host/rooms/#{user.encrypted_id}/#{meeting_name}/callback"}, + "meeting_id": "f344d42cc5ea2fbb7fe64edabce42dae5dc1c0c5-1487709353538"}}, + "timestamp": 1488557092} + + request.env['RAW_POST_DATA'] = data.to_json + Digest::SHA1.hexdigest( + "#{data[:event][:payload][:metadata][:'gl-webhooks-callback-url']}#{data.to_json}#{secret}") + end + def meeting_token(user, id) "#{user.encrypted_id}-#{id}" end diff --git a/test/fixtures/users.yml b/test/fixtures/users.yml index 54fb027e..456bf7a4 100644 --- a/test/fixtures/users.yml +++ b/test/fixtures/users.yml @@ -22,6 +22,7 @@ user1: username: user1 encrypted_id: u2-<%= SecureRandom.hex(8) %> name: User 1 + email: user1@email.com user2: provider: google @@ -29,3 +30,4 @@ user2: username: user2 encrypted_id: u1-<%= SecureRandom.hex(8) %> name: User 2 + email: user2@email.com