From 08f6f327797a0b12bd97beedc39503266bf9465c Mon Sep 17 00:00:00 2001
From: Jesus Federico <jesus@123it.ca>
Date: Tue, 12 Mar 2019 17:54:57 -0400
Subject: [PATCH] Persist password (#393)

* never hold the owner of the room on the waiting screen

* persist room passwords so we can always call create meeting, even if it's already running, to avoid any inconsistency or race condition when joining a meeting

* Fixed issues in migration, room attribute updates, random_password and tests
---
 Gemfile                                       |  2 ++
 Gemfile.lock                                  |  2 ++
 app/controllers/rooms_controller.rb           |  2 +-
 app/models/room.rb                            | 25 ++++++++-----------
 .../20190312003555_add_password_to_rooms.rb   | 15 +++++++++++
 db/schema.rb                                  |  9 ++++---
 spec/models/room_spec.rb                      |  4 ++-
 7 files changed, 39 insertions(+), 20 deletions(-)
 create mode 100644 db/migrate/20190312003555_add_password_to_rooms.rb

diff --git a/Gemfile b/Gemfile
index 0711779d..245a0094 100644
--- a/Gemfile
+++ b/Gemfile
@@ -111,3 +111,5 @@ end
 gem 'tzinfo-data', platforms: [:mingw, :mswin, :x64_mingw, :jruby]
 
 gem 'coveralls', require: false
+
+gem 'random_password'
diff --git a/Gemfile.lock b/Gemfile.lock
index 30acb359..c2a223c6 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -215,6 +215,7 @@ GEM
       thor (>= 0.18.1, < 2.0)
     rainbow (3.0.0)
     rake (12.3.1)
+    random_password (0.1.1)
     rb-fsevent (0.10.3)
     rb-inotify (0.9.10)
       ffi (>= 0.5.0, < 2)
@@ -355,6 +356,7 @@ DEPENDENCIES
   puma (~> 3.0)
   rails (~> 5.0.7)
   rails-controller-testing
+  random_password
   redcarpet
   redis (~> 3.0)
   rspec-rails (~> 3.7)
diff --git a/app/controllers/rooms_controller.rb b/app/controllers/rooms_controller.rb
index bbe36cbf..a521c5dd 100644
--- a/app/controllers/rooms_controller.rb
+++ b/app/controllers/rooms_controller.rb
@@ -90,7 +90,7 @@ class RoomsController < ApplicationController
       end
     end
 
-    if @room.running?
+    if @room.running? || @room.owned_by?(current_user)
       # Determine if the user needs to join as a moderator.
       opts[:user_is_moderator] = @room.owned_by?(current_user)
 
diff --git a/app/models/room.rb b/app/models/room.rb
index 3901c23d..56558dca 100644
--- a/app/models/room.rb
+++ b/app/models/room.rb
@@ -51,19 +51,20 @@ class Room < ApplicationRecord
     create_options = {
       record: options[:meeting_recorded].to_s,
       logoutURL: options[:meeting_logout_url] || '',
-      moderatorPW: random_password(12),
-      attendeePW: random_password(12),
+      moderatorPW: moderator_pw,
+      attendeePW: attendee_pw,
       moderatorOnlyMessage: options[:moderator_message],
       muteOnStart: options[:mute_on_start] || false,
       "meta_#{META_LISTED}": false,
     }
 
-    # Update session info.
-    update_attributes(sessions: sessions + 1, last_session: DateTime.now)
-
     # Send the create request.
     begin
-      bbb.create_meeting(name, bbb_id, create_options)
+      meeting = bbb.create_meeting(name, bbb_id, create_options)
+      # Update session info.
+      unless meeting[:messageKey] == 'duplicateWarning'
+        update_attributes(sessions: sessions + 1, last_session: DateTime.now)
+      end
     rescue BigBlueButton::BigBlueButtonException => exc
       puts "BigBlueButton failed on create: #{exc.key}: #{exc.message}"
       raise exc
@@ -72,8 +73,8 @@ class Room < ApplicationRecord
 
   # Returns a URL to join a user into a meeting.
   def join_path(name, options = {}, uid = nil)
-    # Create the meeting if it isn't running.
-    start_session(options) unless running?
+    # Create the meeting, even if it's running
+    start_session(options)
 
     # Set meeting options.
     options[:meeting_logout_url] ||= nil
@@ -145,6 +146,8 @@ class Room < ApplicationRecord
   def setup
     self.uid = random_room_uid
     self.bbb_id = Digest::SHA1.hexdigest(Rails.application.secrets[:secret_key_base] + Time.now.to_i.to_s).to_s
+    self.moderator_pw = RandomPassword.generate(length: 12)
+    self.attendee_pw = RandomPassword.generate(length: 12)
   end
 
   # Deletes all recordings associated with the room.
@@ -163,10 +166,4 @@ class Room < ApplicationRecord
   def random_room_uid
     [owner.name_chunk, uid_chunk, uid_chunk].join('-').downcase
   end
-
-  # Generates a random password for a meeting.
-  def random_password(length)
-    charset = ("a".."z").to_a + ("A".."Z").to_a
-    ((0...length).map { charset[rand(charset.length)] }).join
-  end
 end
diff --git a/db/migrate/20190312003555_add_password_to_rooms.rb b/db/migrate/20190312003555_add_password_to_rooms.rb
new file mode 100644
index 00000000..7e45c71e
--- /dev/null
+++ b/db/migrate/20190312003555_add_password_to_rooms.rb
@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+class AddPasswordToRooms < ActiveRecord::Migration[5.0]
+  def change
+    add_column :rooms, :moderator_pw, :string
+    add_column :rooms, :attendee_pw, :string
+    Room.reset_column_information
+    Room.all.each do |room|
+      room.update_attributes!(
+        moderator_pw: RandomPassword.generate(length: 12),
+        attendee_pw: RandomPassword.generate(length: 12)
+      )
+    end
+  end
+end
diff --git a/db/schema.rb b/db/schema.rb
index adcdd5f8..6f3dad39 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 20190206210049) do
+ActiveRecord::Schema.define(version: 20190312003555) do
 
   create_table "rooms", force: :cascade do |t|
     t.integer  "user_id"
@@ -22,6 +22,8 @@ ActiveRecord::Schema.define(version: 20190206210049) do
     t.datetime "created_at",                    null: false
     t.datetime "updated_at",                    null: false
     t.string   "room_settings", default: "{ }"
+    t.string   "moderator_pw"
+    t.string   "attendee_pw"
     t.index ["bbb_id"], name: "index_rooms_on_bbb_id"
     t.index ["last_session"], name: "index_rooms_on_last_session"
     t.index ["name"], name: "index_rooms_on_name"
@@ -41,11 +43,10 @@ ActiveRecord::Schema.define(version: 20190206210049) do
     t.string   "image"
     t.string   "password_digest"
     t.boolean  "accepted_terms",    default: false
-    t.datetime "created_at",                              null: false
-    t.datetime "updated_at",                              null: false
+    t.datetime "created_at",                            null: false
+    t.datetime "updated_at",                            null: false
     t.boolean  "email_verified",    default: false
     t.string   "language",          default: "default"
-    t.string   "role",              default: "moderator"
     t.string   "reset_digest"
     t.datetime "reset_sent_at"
     t.string   "activation_digest"
diff --git a/spec/models/room_spec.rb b/spec/models/room_spec.rb
index 92e777cd..c1f340d1 100644
--- a/spec/models/room_spec.rb
+++ b/spec/models/room_spec.rb
@@ -75,7 +75,9 @@ describe Room, type: :model do
 
   context "#start_session" do
     it "should update latest session info" do
-      allow_any_instance_of(BigBlueButton::BigBlueButtonApi).to receive(:create_meeting).and_return(true)
+      allow_any_instance_of(BigBlueButton::BigBlueButtonApi).to receive(:create_meeting).and_return(
+        messageKey: ""
+      )
 
       expect do
         @room.start_session