From b70ea41f4daa61beba3ac2223ea15e537572568f Mon Sep 17 00:00:00 2001 From: Zachary Chai Date: Fri, 3 Mar 2017 10:47:33 -0500 Subject: [PATCH] test bbb controller --- app/controllers/bbb_controller.rb | 21 ++-- test/controllers/bbb_controller_test.rb | 157 +++++++++++++++++++++++- 2 files changed, 161 insertions(+), 17 deletions(-) diff --git a/app/controllers/bbb_controller.rb b/app/controllers/bbb_controller.rb index 6f8735c4..e1d67eaf 100644 --- a/app/controllers/bbb_controller.rb +++ b/app/controllers/bbb_controller.rb @@ -21,7 +21,6 @@ class BbbController < ApplicationController before_action :load_and_authorize_room_owner!, only: [:end] skip_before_action :verify_authenticity_token, only: :callback - before_action :validate_checksum, only: :callback # GET /:resource/:id/join # GET /:resource/:room_id/:id/join @@ -104,9 +103,13 @@ class BbbController < ApplicationController end end - # POST /:resource/:id/callback + # POST /:resource/:room_id/:id/callback # Endpoint for webhook calls from BigBlueButton def callback + # respond with 200 anyway so BigBlueButton knows the hook call was ok + # but abort execution + head(:ok) && return unless validate_checksum + begin data = JSON.parse(read_body(request)) treat_callback_event(data["event"]) @@ -114,11 +117,10 @@ class BbbController < ApplicationController logger.error "Error parsing webhook data. Data: #{data}, exception: #{e.inspect}" # respond with 200 anyway so BigBlueButton knows the hook call was ok - render head(:ok) + head(:ok) && return end end - # DELETE /rooms/:id/end # DELETE /rooms/:room_id/:id/end def end load_and_authorize_room_owner! @@ -130,7 +132,7 @@ class BbbController < ApplicationController render_bbb_response bbb_res end - # GET /rooms/:id/recordings + # GET /rooms/:room_id/recordings # GET /rooms/:room_id/:id/recordings def recordings load_room! @@ -144,7 +146,7 @@ class BbbController < ApplicationController render_bbb_response bbb_res, bbb_res[:recordings] end - # PATCH /rooms/:id/recordings/:record_id + # PATCH /rooms/:room_id/recordings/:record_id # PATCH /rooms/:room_id/:id/recordings/:record_id def update_recordings published = params[:published] == 'true' @@ -156,7 +158,7 @@ class BbbController < ApplicationController render_bbb_response bbb_res end - # DELETE /rooms/:id/recordings/:record_id + # DELETE /rooms/:room_id/recordings/:record_id # DELETE /rooms/:room_id/:id/recordings/:record_id def delete_recordings recording = bbb_get_recordings({recordID: params[:record_id]})[:recordings].first @@ -259,10 +261,7 @@ class BbbController < ApplicationController if calculated_checksum != checksum logger.error "Checksum did not match. Calculated: #{calculated_checksum}, received: #{checksum}" - - # respond with 200 anyway so BigBlueButton knows the hook call was ok - # but abort execution - render head(:ok) && return + false end end diff --git a/test/controllers/bbb_controller_test.rb b/test/controllers/bbb_controller_test.rb index 241d31d6..c7b2e4a3 100644 --- a/test/controllers/bbb_controller_test.rb +++ b/test/controllers/bbb_controller_test.rb @@ -17,13 +17,158 @@ require 'test_helper' class BbbControllerTest < ActionController::TestCase - # test "should get join" do - # get :join - # assert_response :success - # end + include BbbApi + + setup do + @meeting_id = 'test_id' + @user = users :user1 + @name = 'test_name' + @recording = 'test_recording' + end + + test "should get join URL from join for meeting" do + BbbController.any_instance.expects(:bbb_join_url) + .with() do |token, full_name, opts| + token == @meeting_id && full_name == @name && opts[:user_is_moderator] + end.returns(success_join_res('correct_url')).once + + get :join, params: { id: @meeting_id, resource: 'meetings', name: @name } + assert_response :success + + result = JSON.parse(response.body).deep_symbolize_keys + assert_equal 'correct_url', result[:response][:join_url] + end + + test "should get join URL from join for authenticated meeting" do + login @user + + BbbController.any_instance.expects(:bbb_join_url) + .with() do |token, full_name, opts| + token == meeting_token(@user, @meeting_id) && opts[:wait_for_moderator] && opts[:user_is_moderator] && opts[:meeting_recorded] + end.returns(success_join_res('correct_url')).once + + get :join, params: { room_id: @user.encrypted_id, id: @meeting_id, resource: 'rooms', name: @name } + assert_response :success + end + + test "should wati for moderator on join for authenticated meeting when not room owner" do + BbbController.any_instance.expects(:bbb_join_url) + .with() do |token, full_name, opts| + opts[:wait_for_moderator] && !opts[:user_is_moderator] + end.returns(success_join_res('correct_url')).once + + get :join, params: { room_id: @user.encrypted_id, id: @meeting_id, resource: 'rooms', name: @name } + assert_response :success + end + + test "should end meeting" do + login @user + + BbbController.any_instance.expects(:bbb_end_meeting) + .with() do |token| + token == meeting_token(@user, @meeting_id) + end.returns({status: :ok}).once + + get :end, params: { room_id: @user.encrypted_id, id: @meeting_id, resource: 'rooms' } + assert_response :success + end + + test "should not end meeting for unauthorized user" do + login users :user2 + + get :end, params: { room_id: @user.encrypted_id, id: @meeting_id, resource: 'rooms' } + assert_response :unauthorized + end + + test "should get recordings" do + + BbbController.any_instance.expects(:bbb_get_recordings) + .returns({status: :ok, recordings: []}).once + + get :recordings, params: { room_id: @user.encrypted_id, resource: 'rooms' } + assert_response :success + end + + test "should update recording" do + login @user + + BbbController.any_instance.expects(:bbb_get_recordings) + .returns({status: :ok, recordings: [{recordID: @recording}]}).once + + BbbController.any_instance.expects(:bbb_update_recordings) + .returns({status: :ok}).once + + patch :update_recordings, params: { room_id: @user.encrypted_id, resource: 'rooms', record_id: @recording } + assert_response :success + end + + test "should delete recording" do + login @user + + BbbController.any_instance.expects(:bbb_get_recordings) + .returns({status: :ok, recordings: [{recordID: @recording}]}).at_least_once + + BbbController.any_instance.expects(:bbb_delete_recordings) + .returns({status: :ok}).once + + delete :delete_recordings, params: { room_id: @user.encrypted_id, resource: 'rooms', record_id: @recording } + assert_response :success + end + + test "should not delete recording if unauthorized" do + login users :user2 + + BbbController.any_instance.expects(:bbb_get_recordings) + .returns({status: :ok, recordings: [{recordID: @recording}]}).at_least_once + + BbbController.any_instance.expects(:bbb_delete_recordings) + .returns({status: :ok}).once + + delete :delete_recordings, params: { room_id: @user.encrypted_id, resource: 'rooms', record_id: @recording } + assert_response :unauthorized + end + + test "should not delete recording if not owner" do + login @user + + BbbController.any_instance.expects(:bbb_get_recordings) + .returns({status: :ok, recordings: []}).once + + BbbController.any_instance.expects(:bbb_update_recordings) + .returns({status: :ok}).once + + patch :delete_recordings, params: { room_id: @user.encrypted_id, resource: 'rooms', record_id: @recording } + assert_response :not_found + end + + test "should return success on invalid checksum" do + + BbbController.any_instance.expects(:treat_callback_event).never + + post :callback, params: { room_id: @user.encrypted_id, resource: 'rooms', id: @meeting_id, event: {} } + assert_response :success + end + + # TODO fix this test + # test "should send notification on valid callback" do # - # test "should get end" do - # get :close + # BbbController.any_instance.expects(:treat_callback_event).once + # + # BbbController.any_instance.expects(:validate_checksum) + # .returns(true).once + # + # post :callback, params: { room_id: @user.encrypted_id, resource: 'rooms', id: @meeting_id, event: {} } # assert_response :success # end + + private + + def meeting_token(user, id) + "#{user.encrypted_id}-#{id}" + end + + def login(user) + session[:user_id] = user.id + @current_user = user + end end