Persist password (#393)

* never hold the owner of the room on the waiting screen

* persist room passwords so we can always call create meeting, even if it's already running, to avoid any inconsistency or race condition when joining a meeting

* Fixed issues in migration, room attribute updates, random_password and tests

Gemfile

@@ -111,3 +111,5 @@ end
 gem 'tzinfo-data', platforms: [:mingw, :mswin, :x64_mingw, :jruby]
 
 gem 'coveralls', require: false
+
+gem 'random_password'

Gemfile.lock

@@ -215,6 +215,7 @@ GEM
       thor (>= 0.18.1, < 2.0)
     rainbow (3.0.0)
     rake (12.3.1)
+    random_password (0.1.1)
     rb-fsevent (0.10.3)
     rb-inotify (0.9.10)
       ffi (>= 0.5.0, < 2)
@@ -355,6 +356,7 @@ DEPENDENCIES
   puma (~> 3.0)
   rails (~> 5.0.7)
   rails-controller-testing
+  random_password
   redcarpet
   redis (~> 3.0)
   rspec-rails (~> 3.7)

app/controllers/rooms_controller.rb

@@ -90,7 +90,7 @@ class RoomsController < ApplicationController
       end
     end
 
-    if @room.running?
+    if @room.running? || @room.owned_by?(current_user)
       # Determine if the user needs to join as a moderator.
       opts[:user_is_moderator] = @room.owned_by?(current_user)
 

app/models/room.rb

@@ -51,19 +51,20 @@ class Room < ApplicationRecord
     create_options = {
       record: options[:meeting_recorded].to_s,
       logoutURL: options[:meeting_logout_url] || '',
-      moderatorPW: random_password(12),
-      attendeePW: random_password(12),
+      moderatorPW: moderator_pw,
+      attendeePW: attendee_pw,
       moderatorOnlyMessage: options[:moderator_message],
       muteOnStart: options[:mute_on_start] || false,
       "meta_#{META_LISTED}": false,
     }
 
-    # Update session info.
-    update_attributes(sessions: sessions + 1, last_session: DateTime.now)
-
     # Send the create request.
     begin
-      bbb.create_meeting(name, bbb_id, create_options)
+      meeting = bbb.create_meeting(name, bbb_id, create_options)
+      # Update session info.
+      unless meeting[:messageKey] == 'duplicateWarning'
+        update_attributes(sessions: sessions + 1, last_session: DateTime.now)
+      end
     rescue BigBlueButton::BigBlueButtonException => exc
       puts "BigBlueButton failed on create: #{exc.key}: #{exc.message}"
       raise exc
@@ -72,8 +73,8 @@ class Room < ApplicationRecord
 
   # Returns a URL to join a user into a meeting.
   def join_path(name, options = {}, uid = nil)
-    # Create the meeting if it isn't running.
-    start_session(options) unless running?
+    # Create the meeting, even if it's running
+    start_session(options)
 
     # Set meeting options.
     options[:meeting_logout_url] ||= nil
@@ -145,6 +146,8 @@ class Room < ApplicationRecord
   def setup
     self.uid = random_room_uid
     self.bbb_id = Digest::SHA1.hexdigest(Rails.application.secrets[:secret_key_base] + Time.now.to_i.to_s).to_s
+    self.moderator_pw = RandomPassword.generate(length: 12)
+    self.attendee_pw = RandomPassword.generate(length: 12)
   end
 
   # Deletes all recordings associated with the room.
@@ -163,10 +166,4 @@ class Room < ApplicationRecord
   def random_room_uid
     [owner.name_chunk, uid_chunk, uid_chunk].join('-').downcase
   end
-
-  # Generates a random password for a meeting.
-  def random_password(length)
-    charset = ("a".."z").to_a + ("A".."Z").to_a
-    ((0...length).map { charset[rand(charset.length)] }).join
-  end
 end

db/migrate/20190312003555_add_password_to_rooms.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+class AddPasswordToRooms < ActiveRecord::Migration[5.0]
+  def change
+    add_column :rooms, :moderator_pw, :string
+    add_column :rooms, :attendee_pw, :string
+    Room.reset_column_information
+    Room.all.each do |room|
+      room.update_attributes!(
+        moderator_pw: RandomPassword.generate(length: 12),
+        attendee_pw: RandomPassword.generate(length: 12)
+      )
+    end
+  end
+end

db/schema.rb

@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 20190206210049) do
+ActiveRecord::Schema.define(version: 20190312003555) do
 
   create_table "rooms", force: :cascade do |t|
     t.integer  "user_id"
@@ -22,6 +22,8 @@ ActiveRecord::Schema.define(version: 20190206210049) do
     t.datetime "created_at",                    null: false
     t.datetime "updated_at",                    null: false
     t.string   "room_settings", default: "{ }"
+    t.string   "moderator_pw"
+    t.string   "attendee_pw"
     t.index ["bbb_id"], name: "index_rooms_on_bbb_id"
     t.index ["last_session"], name: "index_rooms_on_last_session"
     t.index ["name"], name: "index_rooms_on_name"
@@ -41,11 +43,10 @@ ActiveRecord::Schema.define(version: 20190206210049) do
     t.string   "image"
     t.string   "password_digest"
     t.boolean  "accepted_terms",    default: false
-    t.datetime "created_at",                              null: false
-    t.datetime "updated_at",                              null: false
+    t.datetime "created_at",                            null: false
+    t.datetime "updated_at",                            null: false
     t.boolean  "email_verified",    default: false
     t.string   "language",          default: "default"
-    t.string   "role",              default: "moderator"
     t.string   "reset_digest"
     t.datetime "reset_sent_at"
     t.string   "activation_digest"

spec/models/room_spec.rb

@@ -75,7 +75,9 @@ describe Room, type: :model do
 
   context "#start_session" do
     it "should update latest session info" do
-      allow_any_instance_of(BigBlueButton::BigBlueButtonApi).to receive(:create_meeting).and_return(true)
+      allow_any_instance_of(BigBlueButton::BigBlueButtonApi).to receive(:create_meeting).and_return(
+        messageKey: ""
+      )
 
       expect do
         @room.start_session