From f89bca5967325eca0ca823385091621a5408729d Mon Sep 17 00:00:00 2001
From: Zachary Chai <zachary.chai@blindsidenetworks.com>
Date: Fri, 24 Feb 2017 10:56:37 -0500
Subject: [PATCH] meeting and user name character limits

---
 app/assets/stylesheets/main/shared.scss      |  1 +
 app/controllers/application_controller.rb    | 12 ++++++++++++
 app/controllers/bbb_controller.rb            | 12 ++++++++++++
 app/controllers/landing_controller.rb        |  4 +++-
 app/views/shared/_join_form.html.erb         |  2 +-
 app/views/shared/_meeting_name_form.html.erb |  2 +-
 6 files changed, 30 insertions(+), 3 deletions(-)

diff --git a/app/assets/stylesheets/main/shared.scss b/app/assets/stylesheets/main/shared.scss
index 73486b80..138edcff 100644
--- a/app/assets/stylesheets/main/shared.scss
+++ b/app/assets/stylesheets/main/shared.scss
@@ -81,6 +81,7 @@ body[data-controller=landing].app-background {
 
   .panel {
     position: relative;
+    overflow: hidden;
   }
 
   .input-spacing {
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 6c43a367..4cc52a0e 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -20,6 +20,8 @@ require 'digest/sha1'
 class ApplicationController < ActionController::Base
   protect_from_forgery with: :exception
   before_action :set_locale
+  MEETING_NAME_LIMIT = 200
+  USER_NAME_LIMIT = 100
 
   def set_locale
     I18n.locale = http_accept_language.language_region_compatible_from(I18n.available_locales)
@@ -34,4 +36,14 @@ class ApplicationController < ActionController::Base
     Rails.configuration.relative_url_root || ""
   end
   helper_method :relative_root
+
+  def meeting_name_limit
+    MEETING_NAME_LIMIT
+  end
+  helper_method :meeting_name_limit
+
+  def user_name_limit
+    USER_NAME_LIMIT
+  end
+  helper_method :user_name_limit
 end
diff --git a/app/controllers/bbb_controller.rb b/app/controllers/bbb_controller.rb
index e5acec6e..0108b4f0 100644
--- a/app/controllers/bbb_controller.rb
+++ b/app/controllers/bbb_controller.rb
@@ -32,6 +32,18 @@ class BbbController < ApplicationController
         message: "user name was not included",
         status: :unprocessable_entity
       )
+    elsif params[:name].size > user_name_limit
+      return render_bbb_response(
+        messageKey: "invalid_parameter",
+        message: "user name is too long",
+        status: :unprocessable_entity
+      )
+    elsif params[:id].size > meeting_name_limit
+      return render_bbb_response(
+        messageKey: "invalid_parameter",
+        message: "meeting name is too long",
+        status: :unprocessable_entity
+      )
     else
       if params[:room_id]
         user = User.find_by encrypted_id: params[:room_id]
diff --git a/app/controllers/landing_controller.rb b/app/controllers/landing_controller.rb
index b8da6142..93062bc2 100644
--- a/app/controllers/landing_controller.rb
+++ b/app/controllers/landing_controller.rb
@@ -21,7 +21,9 @@ class LandingController < ApplicationController
   end
 
   def resource
-    if params[:resource] == 'meetings'
+    if params[:id].size > meeting_name_limit
+      redirect_to action: :index
+    elsif params[:resource] == 'meetings'
       render_meeting
     elsif params[:resource] == 'rooms'
       render_room
diff --git a/app/views/shared/_join_form.html.erb b/app/views/shared/_join_form.html.erb
index 31d854ee..cb1bd679 100644
--- a/app/views/shared/_join_form.html.erb
+++ b/app/views/shared/_join_form.html.erb
@@ -44,7 +44,7 @@
 
         <!-- if not signed in show field to enter name -->
         <% else %>
-          <%= text_field_tag 'user[name]', '', class: 'form-control meeting-user-name', placeholder: t('enter_name') %>
+          <%= text_field_tag 'user[name]', '', class: 'form-control meeting-user-name', placeholder: t('enter_name'), maxlength: user_name_limit %>
           <span class="input-group-btn">
             <button type="button" class="btn btn-primary center-block meeting-join">
               <%= t('join') %>
diff --git a/app/views/shared/_meeting_name_form.html.erb b/app/views/shared/_meeting_name_form.html.erb
index 300546ab..1bdb1bff 100644
--- a/app/views/shared/_meeting_name_form.html.erb
+++ b/app/views/shared/_meeting_name_form.html.erb
@@ -14,5 +14,5 @@
 %>
 
 <div class="meeting-name-form-wrapper">
-  <input type="text" class="form-control meeting-name" placeholder="<%= t('enter_meeting_name') %>"/>
+  <input type="text" class="form-control meeting-name" placeholder="<%= t('enter_meeting_name') %>" maxlength="<%= meeting_name_limit %>"/>
 </div>