Fixed #267 Email verification feature (#268)

* <Implemented basic welcome email upon signup> * <Added config option to enable> * <Added verification link routing> * <Added views for verify/resend and reconfigured routes> * <Finished Verification System minus Rspec changes> * <Fixed code style> * <Modified dome rspec tests> * <Switched sample env back to default> * <Added test cases to increase code coverage> * <Added test_helper> * <Minor code changes> * <Added requested changes> * <Added requested changes> * <see if this fixes migration> * <see if this fixes migration> * <fixed migrations> * Delete .rake_tasks~ * Update _confirm_button.html.erb * Update _resend_button.html.erb * Update verify_email.html.erb * Update verify_email.text.erb * <Fixed bugs> * <Added validation of verification link and fixed some code style> * <Disabled updating email for omniauth>
2018-10-09 14:22:02 -04:00
parent daaf305c30
commit 967c805836
26 changed files with 371 additions and 7 deletions
--- a/app/controllers/rooms_controller.rb
+++ b/app/controllers/rooms_controller.rb
@ -18,6 +18,7 @@

 class RoomsController < ApplicationController
  before_action :validate_accepted_terms, unless: -> { !Rails.configuration.terms }
+  before_action :validate_verified_email, unless: -> { !Rails.configuration.enable_email_verification }
  before_action :find_room, except: :create
  before_action :verify_room_ownership, except: [:create, :show, :join, :logout]

@ -184,4 +185,10 @@ class RoomsController < ApplicationController
      redirect_to terms_path unless current_user.accepted_terms
    end
  end
+
+  def validate_verified_email
+    if current_user
+      redirect_to resend_path unless current_user.email_verified
+    end
+  end
 end
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@ -28,7 +28,10 @@ class UsersController < ApplicationController
    @user = User.new(user_params)
    @user.provider = "greenlight"

-    if @user.save
+    if Rails.configuration.enable_email_verification && @user.save
+      UserMailer.verify_email(@user, verification_link(@user)).deliver
+      login(@user)
+    elsif @user.save
      login(@user)
    else
      # Handle error on user creation.
@ -81,6 +84,9 @@ class UsersController < ApplicationController
        errors.each { |k, v| @user.errors.add(k, v) }
        render :edit, params: { settings: params[:settings] }
      end
+    elsif user_params[:email] != @user.email && @user.update_attributes(user_params)
+      @user.update_attributes(email_verified: false)
+      redirect_to edit_user_path(@user), notice: I18n.t("info_update_success")
    elsif @user.update_attributes(user_params)
      redirect_to edit_user_path(@user), notice: I18n.t("info_update_success")
    else
@ -97,18 +103,50 @@ class UsersController < ApplicationController
    redirect_to root_path
  end

-  # GET /terms
+  # GET | POST /terms
  def terms
    redirect_to '/404' unless Rails.configuration.terms

    if params[:accept] == "true"
      current_user.update_attributes(accepted_terms: true)
-      redirect_to current_user.main_room if current_user
+      login(current_user)
+    end
+  end
+
+  # GET | POST /u/verify/confirm
+  def confirm
+    if !current_user || current_user.uid != params[:user_uid]
+      redirect_to '/404'
+    elsif current_user.email_verified
+      login(current_user)
+    elsif params[:email_verified] == "true"
+      current_user.update_attributes(email_verified: true)
+      login(current_user)
+    else
+      render 'verify'
+    end
+  end
+
+  # GET /u/verify/resend
+  def resend
+    if !current_user
+      redirect_to '/404'
+    elsif current_user.email_verified
+      login(current_user)
+    elsif params[:email_verified] == "false"
+      UserMailer.verify_email(current_user, verification_link(current_user)).deliver
+      render 'verify'
+    else
+      render 'verify'
    end
  end

  private

+  def verification_link(user)
+    request.base_url + confirm_path(user.uid)
+  end
+
  def find_user
    @user = User.find_by!(uid: params[:user_uid])
  end
--- a/app/helpers/sessions_helper.rb
+++ b/app/helpers/sessions_helper.rb
@ -21,14 +21,23 @@ module SessionsHelper
  def login(user)
    session[:user_id] = user.id

-    # If there are not terms, or the user has accepted them, go to their room.
+    # If there are not terms, or the user has accepted them, check for email verification
    if !Rails.configuration.terms || user.accepted_terms
-      redirect_to user.main_room
+      check_email_verified(user)
    else
      redirect_to terms_path
    end
  end

+  # If email verification is disabled, or the user has verified, go to their room
+  def check_email_verified(user)
+    if !Rails.configuration.enable_email_verification || user.email_verified
+      redirect_to user.main_room
+    else
+      redirect_to resend_path
+    end
+  end
+
  # Logs current user out of GreenLight.
  def logout
    session.delete(:user_id) if current_user
--- a/app/mailers/user_mailer.rb
+++ b/app/mailers/user_mailer.rb
@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+# BigBlueButton open source conferencing system - http://www.bigbluebutton.org/.
+#
+# Copyright (c) 2018 BigBlueButton Inc. and by respective authors (see below).
+#
+# This program is free software; you can redistribute it and/or modify it under the
+# terms of the GNU Lesser General Public License as published by the Free Software
+# Foundation; either version 3.0 of the License, or (at your option) any later
+# version.
+#
+# BigBlueButton is distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License along
+# with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
+
+class UserMailer < ApplicationMailer
+  default from: 'notifications@example.com'
+
+  def verify_email(user, url)
+    @user = user
+    @url = url
+    mail(to: @user.email, subject: 'Welcome to BigBlueButton!')
+  end
+end
--- a/app/models/user.rb
+++ b/app/models/user.rb
@ -51,6 +51,7 @@ class User < ApplicationRecord
        u.username = auth_username(auth) unless u.username
        u.email = auth_email(auth)
        u.image = auth_image(auth)
+        u.email_verified = true
        u.save!
      end
    end
--- a/app/views/layouts/mailer.html.erb
+++ b/app/views/layouts/mailer.html.erb
@ -1,6 +1,8 @@
 <%
 # BigBlueButton open source conferencing system - http://www.bigbluebutton.org/.
+#
 # Copyright (c) 2018 BigBlueButton Inc. and by respective authors (see below).
+#
 # This program is free software; you can redistribute it and/or modify it under the
 # terms of the GNU Lesser General Public License as published by the Free Software
 # Foundation; either version 3.0 of the License, or (at your option) any later
@ -9,6 +11,7 @@
 # BigBlueButton is distributed in the hope that it will be useful, but WITHOUT ANY
 # WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
 # PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
+#
 # You should have received a copy of the GNU Lesser General Public License along
 # with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
 %>
--- a/app/views/layouts/mailer.text.erb
+++ b/app/views/layouts/mailer.text.erb
@ -1,6 +1,8 @@
 <%
 # BigBlueButton open source conferencing system - http://www.bigbluebutton.org/.
+#
 # Copyright (c) 2018 BigBlueButton Inc. and by respective authors (see below).
+#
 # This program is free software; you can redistribute it and/or modify it under the
 # terms of the GNU Lesser General Public License as published by the Free Software
 # Foundation; either version 3.0 of the License, or (at your option) any later
@ -9,6 +11,7 @@
 # BigBlueButton is distributed in the hope that it will be useful, but WITHOUT ANY
 # WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
 # PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
+#
 # You should have received a copy of the GNU Lesser General Public License along
 # with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
 %>
--- a/app/views/shared/components/_confirm_button.html.erb
+++ b/app/views/shared/components/_confirm_button.html.erb
@ -0,0 +1,18 @@
+<%
+# BigBlueButton open source conferencing system - http://www.bigbluebutton.org/.
+# Copyright (c) 2018 BigBlueButton Inc. and by respective authors (see below).
+# This program is free software; you can redistribute it and/or modify it under the
+# terms of the GNU Lesser General Public License as published by the Free Software
+# Foundation; either version 3.0 of the License, or (at your option) any later
+# version.
+#
+# BigBlueButton is distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
+# You should have received a copy of the GNU Lesser General Public License along
+# with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
+%>
+
+<div class="btn-list text-right pt-8">
+    <%= button_to t("verify.accept"), confirm_path, params: { user_uid: params[:user_uid], email_verified: true }, class: "btn btn-primary btn-space" %>
+</div>
--- a/app/views/shared/components/_resend_button.html.erb
+++ b/app/views/shared/components/_resend_button.html.erb
@ -0,0 +1,18 @@
+<%
+# BigBlueButton open source conferencing system - http://www.bigbluebutton.org/.
+# Copyright (c) 2018 BigBlueButton Inc. and by respective authors (see below).
+# This program is free software; you can redistribute it and/or modify it under the
+# terms of the GNU Lesser General Public License as published by the Free Software
+# Foundation; either version 3.0 of the License, or (at your option) any later
+# version.
+#
+# BigBlueButton is distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
+# You should have received a copy of the GNU Lesser General Public License along
+# with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
+%>
+
+<div class="btn-list text-right pt-8">
+    <%= button_to t("verify.resend"), resend_path, params: { email_verified: false }, class: "btn btn-primary btn-space" %>
+</div>
--- a/app/views/shared/settings/_account.html.erb
+++ b/app/views/shared/settings/_account.html.erb
@ -27,7 +27,7 @@
      <div class="col-6">
        <%= f.label t("email"), class: "form-label" %>
        <div class="input-icon">
-          <%= f.text_field :email, class: "form-control #{form_is_invalid?(@user, :email)}", placeholder: t("email") %>
+          <%= f.text_field :email, class: "form-control #{form_is_invalid?(@user, :email)}", placeholder: t("email"), readonly: !current_user.greenlight_account? %>
        </div>
      </div>
    </div>
--- a/app/views/user_mailer/verify_email.html.erb
+++ b/app/views/user_mailer/verify_email.html.erb
@ -0,0 +1,35 @@
+<%
+# BigBlueButton open source conferencing system - http://www.bigbluebutton.org/.
+#
+# Copyright (c) 2018 BigBlueButton Inc. and by respective authors (see below).
+#
+# This program is free software; you can redistribute it and/or modify it under the
+# terms of the GNU Lesser General Public License as published by the Free Software
+# Foundation; either version 3.0 of the License, or (at your option) any later
+# version.
+#
+# BigBlueButton is distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License along
+# with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
+%>
+
+<!DOCTYPE html>
+<html>
+  <head>
+    <meta content='text/html; charset=UTF-8' http-equiv='Content-Type' />
+  </head>
+  <body>
+    <h1>Welcome to Greenlight!, <%= @user.name %></h1>
+    <p>
+      You have successfully signed up for Greenlight,
+      your username is: <%= @user.email %>.<br>
+    </p>
+    <p>
+      To verify your account, just follow this link: <%= link_to 'verify your email', @url %>.
+    </p>
+    <p>Thanks for joining and have a great day!</p>
+  </body>
+</html>
--- a/app/views/user_mailer/verify_email.text.erb
+++ b/app/views/user_mailer/verify_email.text.erb
@ -0,0 +1,28 @@
+<%
+# BigBlueButton open source conferencing system - http://www.bigbluebutton.org/.
+#
+# Copyright (c) 2018 BigBlueButton Inc. and by respective authors (see below).
+#
+# This program is free software; you can redistribute it and/or modify it under the
+# terms of the GNU Lesser General Public License as published by the Free Software
+# Foundation; either version 3.0 of the License, or (at your option) any later
+# version.
+#
+# BigBlueButton is distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License along
+# with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
+%>
+
+
+Welcome to Greenlight, <%= @user.name %>
+===============================================
+ 
+You have successfully signed up for Greenlight,
+your username is: <%= @user.email %>.
+ 
+To verify your account, just follow this link: <%= link_to 'verify your email', @url  %>.
+ 
+Thanks for joining and have a great day!
--- a/app/views/users/verify.html.erb
+++ b/app/views/users/verify.html.erb
@ -0,0 +1,33 @@
+<%
+# BigBlueButton open source conferencing system - http://www.bigbluebutton.org/.
+# Copyright (c) 2018 BigBlueButton Inc. and by respective authors (see below).
+# This program is free software; you can redistribute it and/or modify it under the
+# terms of the GNU Lesser General Public License as published by the Free Software
+# Foundation; either version 3.0 of the License, or (at your option) any later
+# version.
+#
+# BigBlueButton is distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
+# You should have received a copy of the GNU Lesser General Public License along
+# with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
+%>
+
+<div class="container pt-5">
+  <div class="col-md-8 offset-2">
+    <div class="card">
+      <div class="card-header">
+        <h3 class="card-title"><%= t("verify.title") %></h3>
+      </div>
+      <div class="card-body">
+          <p> Your account has not been verified yet. </p>
+          <% if Rails.configuration.enable_email_verification && params[:user_uid] == current_user.uid %>
+            <%= render "/shared/components/confirm_button" %>
+          <% else %>
+            <%= render "/shared/components/resend_button" %>
+          <% end %>
+        </form>
+      </div>
+    </div>
+  </div>
+</div>