diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index a09ccb57..b6f58987 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -20,10 +20,21 @@ class ApplicationController < ActionController::Base
# Determines if the BigBlueButton endpoint is configured (or set to default).
def bigbluebutton_endpoint_default?
+ return false if loadbalanced_configuration?
Rails.configuration.bigbluebutton_endpoint_default == Rails.configuration.bigbluebutton_endpoint
end
helper_method :bigbluebutton_endpoint_default?
+ def loadbalanced_configuration?
+ Rails.configuration.loadbalanced_configuration
+ end
+ helper_method :loadbalanced_configuration?
+
+ def allow_greenlight_users?
+ Rails.configuration.greenlight_accounts
+ end
+ helper_method :allow_greenlight_users?
+
private
# Ensure the user is logged into the room they are accessing.
diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index f1883438..ecf32d56 100644
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -6,8 +6,8 @@ class SessionsController < ApplicationController
# GET /logout
def destroy
- logout if current_user
- head :no_content
+ logout
+ redirect_to root_path
end
# POST /login
@@ -22,6 +22,18 @@ class SessionsController < ApplicationController
end
end
+ # POST /launch
+ def launch
+ # This will recieve a encoded POST from a launcher that
+ # contains the provider, and all user information. The
+ # launcher is what does the authentication, so we know
+ # that the user is who they say they are. We just need
+ # to use our secret to decode it and then log them in
+ # to GreenLight (or sign them up).
+
+ # User.from_launch()
+ end
+
# GET/POST /auth/:provider/callback
def omniauth
user = User.from_omniauth(request.env['omniauth.auth'])
diff --git a/app/helpers/sessions_helper.rb b/app/helpers/sessions_helper.rb
index 62a344ac..38a76521 100644
--- a/app/helpers/sessions_helper.rb
+++ b/app/helpers/sessions_helper.rb
@@ -8,7 +8,6 @@ module SessionsHelper
# Logs current user out of GreenLight.
def logout
session.delete(:user_id) if current_user
- redirect_to root_path
end
# Retrieves the current user.
diff --git a/app/models/meeting.rb b/app/models/meeting.rb
index 6e3112e0..1300d34d 100644
--- a/app/models/meeting.rb
+++ b/app/models/meeting.rb
@@ -6,6 +6,8 @@ class Meeting < ApplicationRecord
belongs_to :room
+ RETURNCODE_SUCCESS = "SUCCESS"
+
# Creates a meeting on the BigBlueButton server.
def create(options = {})
create_options = {
@@ -86,9 +88,59 @@ class Meeting < ApplicationRecord
Rails.configuration.bigbluebutton_secret
end
- # Use one common instance of the BigBlueButton API for all meetings.
+ # Sets a BigBlueButtonApi object for interacting with the API.
def bbb
- @@bbb ||= BigBlueButton::BigBlueButtonApi.new(bbb_endpoint + "api", bbb_secret, "0.8")
+ @bbb ||= if Rails.configuration.loadbalanced_configuration
+ lb_user = retrieve_loadbalanced_credentials(self.room.user.provider)
+ BigBlueButton::BigBlueButtonApi.new(remove_slash(lb_user["apiURL"]), lb_user["secret"], "0.8")
+ else
+ BigBlueButton::BigBlueButtonApi.new(remove_slash(bbb_endpoint), bbb_secret, "0.8")
+ end
+ end
+
+ # Rereives the loadbalanced BigBlueButton credentials for a user.
+ def retrieve_loadbalanced_credentials(provider)
+ # Include Omniauth accounts under the Greenlight provider.
+ provider = "greenlight" if Rails.configuration.providers.include?(provider.to_sym)
+
+ # Build the URI.
+ uri = encode_bbb_url(
+ Rails.configuration.loadbalancer_endpoint,
+ Rails.configuration.loadbalancer_secret,
+ {name: provider}
+ )
+
+ # Make the request.
+ http = Net::HTTP.new(uri.host, uri.port)
+ http.use_ssl = (uri.scheme == 'https')
+ response = http.get(uri.request_uri)
+
+ unless response.kind_of?(Net::HTTPSuccess)
+ raise "Error retrieving provider credentials: #{response.code} #{response.message}"
+ end
+
+ # Parse XML.
+ doc = XmlSimple.xml_in(response.body, 'ForceArray' => false)
+
+ # Return the user credentials if the request succeeded on the loadbalancer.
+ return doc['user'] if doc['returncode'] == RETURNCODE_SUCCESS
+
+ raise "User with provider #{provider} does not exist." if doc['messageKey'] == "noSuchUser"
+ raise "API call #{url} failed with #{doc['messageKey']}."
+ end
+
+ # Builds a request to retrieve credentials from the load balancer.
+ def encode_bbb_url(base_url, secret, params)
+ encoded_params = OAuth::Helper.normalize(params)
+ string = "getUser" + encoded_params + secret
+ checksum = OpenSSL::Digest.digest('sha1', string).unpack("H*").first
+
+ URI.parse("#{base_url}?#{encoded_params}&checksum=#{checksum}")
+ end
+
+ # Removes trailing forward slash from BigBlueButton URL.
+ def remove_slash(s)
+ s.nil? ? nil : s.chomp("/")
end
# Generates a BigBlueButton meeting id from a meeting token.
diff --git a/app/models/user.rb b/app/models/user.rb
index febb7f62..89e187bd 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -1,14 +1,14 @@
class User < ApplicationRecord
after_create :initialize_room
- before_save { email.downcase! }
+ before_save { email.downcase! unless email.nil? }
has_one :room
validates :name, length: { maximum: 24 }, presence: true
validates :username, presence: true
validates :provider, presence: true
- validates :email, length: { maximum: 60 }, presence: true,
+ validates :email, length: { maximum: 60 }, allow_nil: true,
uniqueness: { case_sensitive: false },
format: {with: /\A[\w+\-.]+@[a-z\d\-.]+\.[a-z]+\z/i }
@@ -31,6 +31,11 @@ class User < ApplicationRecord
user
end
+ # Generates a user from a trusted launcher.
+ def from_launch(auth)
+
+ end
+
private
# Provider attributes.
@@ -57,7 +62,6 @@ class User < ApplicationRecord
def google_email(auth)
auth['info']['email']
end
-
end
private
diff --git a/app/views/sessions/new.html.erb b/app/views/sessions/new.html.erb
index 7b867457..8bc7afb1 100644
--- a/app/views/sessions/new.html.erb
+++ b/app/views/sessions/new.html.erb
@@ -24,20 +24,22 @@
<% end %>
<% end %>
-
or...
+ <% if allow_greenlight_users? %>
+ or...
- <%= form_for(:session, url: login_path) do |f| %>
-
- <%= f.label :email, "Email Address" %>
- <%= f.text_field :email %>
-
-
- <%= f.label :password %>
- <%= f.password_field :password %>
-
-
- <%= f.submit "Login", class: "btn white-text light-green" %>
- <%= link_to "Don't have an account? Sign up!", signup_path %>
+ <%= form_for(:session, url: login_path) do |f| %>
+
+ <%= f.label :email, "Email Address" %>
+ <%= f.text_field :email %>
+
+
+ <%= f.label :password %>
+ <%= f.password_field :password %>
+
+
+ <%= f.submit "Login", class: "btn white-text light-green" %>
+ <%= link_to "Don't have an account? Sign up!", signup_path %>
+ <% end %>
<% end %>
<% end %>
diff --git a/config/application.rb b/config/application.rb
index 5ac89988..523afd10 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -12,12 +12,25 @@ module Greenlight20
# Application configuration should go into files in config/initializers
# -- all .rb files in that directory are automatically loaded.
- # Default credentials (test-install.blindsidenetworks.com/bigbluebutton).
- config.bigbluebutton_endpoint_default = 'http://test-install.blindsidenetworks.com/bigbluebutton/'
- config.bigbluebutton_secret_default = '8cd8ef52e8e101574e400365b55e11a6'
+ config.loadbalanced_configuration = (ENV["USE_LOADBALANCED_CONFIGURATION"] == "true")
- # BigBlueButton configuration.
- config.bigbluebutton_endpoint = ENV['BIGBLUEBUTTON_ENDPOINT'] || config.bigbluebutton_endpoint_default
- config.bigbluebutton_secret = ENV['BIGBLUEBUTTON_SECRET'] || config.bigbluebutton_secret_default
+ # Setup BigBlueButton configuration.
+ unless config.loadbalanced_configuration
+ # Default credentials (test-install.blindsidenetworks.com/bigbluebutton).
+ config.bigbluebutton_endpoint_default = "http://test-install.blindsidenetworks.com/bigbluebutton/"
+ config.bigbluebutton_secret_default = "8cd8ef52e8e101574e400365b55e11a6"
+
+ # Use standalone BigBlueButton server.
+ config.bigbluebutton_endpoint = ENV["BIGBLUEBUTTON_ENDPOINT"] || config.bigbluebutton_endpoint_default
+ config.bigbluebutton_endpoint += "api/" unless config.bigbluebutton_endpoint.ends_with?('api/')
+ config.bigbluebutton_secret = ENV["BIGBLUEBUTTON_SECRET"] || config.bigbluebutton_secret_default
+ else
+ # Fetch credentials from a loadbalancer based on provider.
+ config.loadbalancer_endpoint = ENV["LOADBALANCER_ENDPOINT"]
+ config.loadbalancer_secret = ENV["LOADBALANCER_SECRET"]
+ end
+
+ # Determine if GreenLight should allow non-omniauth signup/login.
+ config.greenlight_accounts = (ENV['ALLOW_GREENLIGHT_ACCOUNTS'] == "true")
end
-end
+end
\ No newline at end of file
diff --git a/config/initializers/omniauth.rb b/config/initializers/omniauth.rb
index bad87f03..cb6a02ca 100644
--- a/config/initializers/omniauth.rb
+++ b/config/initializers/omniauth.rb
@@ -1,4 +1,4 @@
-# List of supported providers.
+# List of supported Omniauth providers.
Rails.application.config.providers = [:google, :twitter]
# Set which providers are configured.
diff --git a/config/routes.rb b/config/routes.rb
index 1538d882..2f18fd91 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -1,5 +1,6 @@
Rails.application.routes.draw do
+ # Room and Meeting routes.
scope '/rooms' do
scope '/:room_uid' do
get '/', to: 'rooms#index', as: :room
@@ -9,18 +10,22 @@ Rails.application.routes.draw do
end
end
+ # Signup routes.
get '/signup', to: 'users#new'
post '/signup', to: 'users#create'
- # Login to Greenlight.
- get '/login', to: 'sessions#new'
-
# Handles login of :greenlight provider account.
post '/login', to: 'sessions#create', as: :create_session
+ # Login to Greenlight.
+ get '/login', to: 'sessions#new'
+
# Log the user out of the session.
get '/logout', to: 'sessions#destroy'
+ # Handles launches from a trusted launcher.
+ post '/launch', to: 'sessions#launch'
+
# Handles Omniauth authentication.
match '/auth/:provider/callback', to: 'sessions#omniauth', via: [:get, :post], as: :omniauth_session
get '/auth/failure', to: 'sessions#fail'
diff --git a/db/seeds.rb b/db/seeds.rb
index a50361c9..055a93de 100644
--- a/db/seeds.rb
+++ b/db/seeds.rb
@@ -12,6 +12,6 @@ User.create(
uid: "someuid",
username: "testuser",
email: "test@user.com",
- password: "test",
- password_confirmation: "test",
+ password: "password",
+ password_confirmation: "password",
)
\ No newline at end of file
diff --git a/sample.env b/sample.env
new file mode 100644
index 00000000..97a88ef2
--- /dev/null
+++ b/sample.env
@@ -0,0 +1,49 @@
+# If set to true, GreenLight will attempt to fetch the endpoint and secret from the credentials
+# endpoint by passing it the users provider. This is useful when launching into GreenLight from
+# and external service with a customer provider (who may have different credentials).
+
+# It is also worth noting that ALL Omniauth providers resolve to "greenlight" before being sent.
+# If you are configuring GreenLight for use with a single BigBlueButton server, set this to false.
+USE_LOADBALANCED_CONFIGURATION=false
+
+# The endpoint and secret for your BigBlueButton server.
+# Set these if you are running GreenLight on a single BigBlueButton server.
+# You can retrive these by running the following command on your BigBlueButton server:
+#
+# bbb-conf --secret
+#
+BIGBLUEBUTTON_ENDPOINT=
+BIGBLUEBUTTON_SECRET=
+
+# The endpoint and secret for your Loadbalancer server.
+# Set these ONLY IF you are running BigBlueButton under a loadbalanced configuration.
+# GreenLight will use these credentials to retrieve provider based server credentials.
+LOADBALANCER_ENDPOINT=
+LOADBALANCER_SECRET=
+
+# Google Login Provider (optional)
+#
+# For in-depth steps on setting up a Google Login Provider, see:
+#
+# http://docs.bigbluebutton.org/install/green-light.html#google-oauth
+#
+# The GOOGLE_OAUTH2_HD variable is used to limit sign-in to a particular Google Apps hosted
+# domain. This can be a string such as, 'domain.com'. If left blank, GreenLight will allow
+# sign-in from all Google Apps hosted domains.
+GOOGLE_OAUTH2_ID=
+GOOGLE_OAUTH2_SECRET=
+GOOGLE_OAUTH2_HD=
+
+# Twitter Login Provider (optional)
+#
+# For in-depth steps on setting up a Twitter Login Provider, see:
+#
+# http://docs.bigbluebutton.org/install/green-light.html#twitter-oauth
+#
+TWITTER_ID=
+TWITTER_SECRET=
+
+# Set this to true if you want GreenLight to support user signup and login without
+# Omniauth. This will allow users to create an account at www.hostname.com/signup
+# and use that account to fully interact with GreenLight.
+ALLOW_GREENLIGHT_ACCOUNTS=false
\ No newline at end of file
diff --git a/test/controllers/sessions_controller_test.rb b/test/controllers/sessions_controller_test.rb
index f1259deb..ccbda6e7 100644
--- a/test/controllers/sessions_controller_test.rb
+++ b/test/controllers/sessions_controller_test.rb
@@ -9,11 +9,6 @@ class SessionsControllerTest < ActionDispatch::IntegrationTest
@steve.room = @kitchen
end
- test 'can get login page.' do
- get login_path
- assert_response :success
- end
-
test 'can signin with greenlight account.' do
post create_session_path, params: {session: {email: @steve.email, password: "steve12345"}}
diff --git a/test/models/user_test.rb b/test/models/user_test.rb
index ea80fd71..04b0669d 100644
--- a/test/models/user_test.rb
+++ b/test/models/user_test.rb
@@ -15,9 +15,9 @@ class UserTest < ActiveSupport::TestCase
assert_not @steve.valid?
end
- test "email should be present." do
+ test "should allow nil email." do
@steve.email = nil
- assert_not @steve.valid?
+ assert @steve.valid?
end
test "username should be present." do