From 0f8a4734b2bb3aba538a62ebdeef426186d165a8 Mon Sep 17 00:00:00 2001
From: Josh <josha5@outlook.com>
Date: Fri, 11 May 2018 15:57:31 -0400
Subject: [PATCH] add lb option

---
 app/controllers/application_controller.rb    | 11 ++++
 app/controllers/sessions_controller.rb       | 16 +++++-
 app/helpers/sessions_helper.rb               |  1 -
 app/models/meeting.rb                        | 56 +++++++++++++++++++-
 app/models/user.rb                           | 10 ++--
 app/views/sessions/new.html.erb              | 28 +++++-----
 config/application.rb                        | 27 +++++++---
 config/initializers/omniauth.rb              |  2 +-
 config/routes.rb                             | 11 ++--
 db/seeds.rb                                  |  4 +-
 sample.env                                   | 49 +++++++++++++++++
 test/controllers/sessions_controller_test.rb |  5 --
 test/models/user_test.rb                     |  4 +-
 13 files changed, 183 insertions(+), 41 deletions(-)
 create mode 100644 sample.env

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index a09ccb57..b6f58987 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -20,10 +20,21 @@ class ApplicationController < ActionController::Base
 
   # Determines if the BigBlueButton endpoint is configured (or set to default).
   def bigbluebutton_endpoint_default?
+    return false if loadbalanced_configuration?
     Rails.configuration.bigbluebutton_endpoint_default == Rails.configuration.bigbluebutton_endpoint
   end
   helper_method :bigbluebutton_endpoint_default?
 
+  def loadbalanced_configuration?
+    Rails.configuration.loadbalanced_configuration
+  end
+  helper_method :loadbalanced_configuration?
+
+  def allow_greenlight_users?
+    Rails.configuration.greenlight_accounts
+  end
+  helper_method :allow_greenlight_users?
+
   private
 
   # Ensure the user is logged into the room they are accessing.
diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index f1883438..ecf32d56 100644
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -6,8 +6,8 @@ class SessionsController < ApplicationController
 
   # GET /logout
   def destroy
-    logout if current_user
-    head :no_content
+    logout
+    redirect_to root_path
   end
 
   # POST /login
@@ -22,6 +22,18 @@ class SessionsController < ApplicationController
     end
   end
 
+  # POST /launch
+  def launch
+    # This will recieve a encoded POST from a launcher that
+    # contains the provider, and all user information. The
+    # launcher is what does the authentication, so we know
+    # that the user is who they say they are. We just need
+    # to use our secret to decode it and then log them in
+    # to GreenLight (or sign them up).
+
+    # User.from_launch()
+  end
+
   # GET/POST /auth/:provider/callback
   def omniauth
     user = User.from_omniauth(request.env['omniauth.auth'])
diff --git a/app/helpers/sessions_helper.rb b/app/helpers/sessions_helper.rb
index 62a344ac..38a76521 100644
--- a/app/helpers/sessions_helper.rb
+++ b/app/helpers/sessions_helper.rb
@@ -8,7 +8,6 @@ module SessionsHelper
   # Logs current user out of GreenLight.
   def logout
     session.delete(:user_id) if current_user
-    redirect_to root_path
   end
 
   # Retrieves the current user.
diff --git a/app/models/meeting.rb b/app/models/meeting.rb
index 6e3112e0..1300d34d 100644
--- a/app/models/meeting.rb
+++ b/app/models/meeting.rb
@@ -6,6 +6,8 @@ class Meeting < ApplicationRecord
 
   belongs_to :room
 
+  RETURNCODE_SUCCESS = "SUCCESS"
+
   # Creates a meeting on the BigBlueButton server.
   def create(options = {})
     create_options = {
@@ -86,9 +88,59 @@ class Meeting < ApplicationRecord
     Rails.configuration.bigbluebutton_secret
   end
 
-  # Use one common instance of the BigBlueButton API for all meetings.
+  # Sets a BigBlueButtonApi object for interacting with the API.
   def bbb
-    @@bbb ||= BigBlueButton::BigBlueButtonApi.new(bbb_endpoint + "api", bbb_secret, "0.8")
+    @bbb ||= if Rails.configuration.loadbalanced_configuration
+      lb_user = retrieve_loadbalanced_credentials(self.room.user.provider)
+      BigBlueButton::BigBlueButtonApi.new(remove_slash(lb_user["apiURL"]), lb_user["secret"], "0.8")
+    else
+      BigBlueButton::BigBlueButtonApi.new(remove_slash(bbb_endpoint), bbb_secret, "0.8")
+    end
+  end
+
+  # Rereives the loadbalanced BigBlueButton credentials for a user.
+  def retrieve_loadbalanced_credentials(provider)
+    # Include Omniauth accounts under the Greenlight provider.
+    provider = "greenlight" if Rails.configuration.providers.include?(provider.to_sym)
+
+    # Build the URI.
+    uri = encode_bbb_url(
+      Rails.configuration.loadbalancer_endpoint,
+      Rails.configuration.loadbalancer_secret,
+      {name: provider}
+    )
+
+    # Make the request.
+    http = Net::HTTP.new(uri.host, uri.port)
+    http.use_ssl = (uri.scheme == 'https')
+    response = http.get(uri.request_uri)
+
+    unless response.kind_of?(Net::HTTPSuccess)
+      raise "Error retrieving provider credentials: #{response.code} #{response.message}"
+    end
+
+    # Parse XML.
+    doc = XmlSimple.xml_in(response.body, 'ForceArray' => false)
+
+    # Return the user credentials if the request succeeded on the loadbalancer.
+    return doc['user'] if doc['returncode'] == RETURNCODE_SUCCESS
+
+    raise "User with provider #{provider} does not exist." if doc['messageKey'] == "noSuchUser"
+    raise "API call #{url} failed with #{doc['messageKey']}."
+  end
+
+  # Builds a request to retrieve credentials from the load balancer.
+  def encode_bbb_url(base_url, secret, params)
+    encoded_params = OAuth::Helper.normalize(params)
+    string = "getUser" + encoded_params + secret
+    checksum = OpenSSL::Digest.digest('sha1', string).unpack("H*").first
+
+    URI.parse("#{base_url}?#{encoded_params}&checksum=#{checksum}")
+  end
+
+  # Removes trailing forward slash from BigBlueButton URL.
+  def remove_slash(s)
+    s.nil? ? nil : s.chomp("/")
   end
 
   # Generates a BigBlueButton meeting id from a meeting token.
diff --git a/app/models/user.rb b/app/models/user.rb
index febb7f62..89e187bd 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -1,14 +1,14 @@
 class User < ApplicationRecord
 
   after_create :initialize_room
-  before_save { email.downcase! }
+  before_save { email.downcase! unless email.nil? }
 
   has_one :room
 
   validates :name, length: { maximum: 24 }, presence: true
   validates :username, presence: true
   validates :provider, presence: true
-  validates :email, length: { maximum: 60 }, presence: true,
+  validates :email, length: { maximum: 60 }, allow_nil: true,
                     uniqueness: { case_sensitive: false },
                     format: {with: /\A[\w+\-.]+@[a-z\d\-.]+\.[a-z]+\z/i }
 
@@ -31,6 +31,11 @@ class User < ApplicationRecord
       user
     end
 
+    # Generates a user from a trusted launcher.
+    def from_launch(auth)
+
+    end
+
     private
 
     # Provider attributes.
@@ -57,7 +62,6 @@ class User < ApplicationRecord
     def google_email(auth)
       auth['info']['email']
     end
-
   end
 
   private
diff --git a/app/views/sessions/new.html.erb b/app/views/sessions/new.html.erb
index 7b867457..8bc7afb1 100644
--- a/app/views/sessions/new.html.erb
+++ b/app/views/sessions/new.html.erb
@@ -24,20 +24,22 @@
             <% end %>
           <% end %>
 
-          <center><p>or...<br><br></p></center>
+          <% if allow_greenlight_users? %>
+            <center><p>or...<br><br></p></center>
 
-          <%= form_for(:session, url: login_path) do |f| %>
-            <div class="input-field col s12">
-              <%= f.label :email, "Email Address" %>
-              <%= f.text_field :email %>
-            </div>
-            <div class="input-field col s12">
-              <%= f.label :password %>
-              <%= f.password_field :password %>
-            </div>
-            <br>
-            <%= f.submit "Login", class: "btn white-text light-green" %>
-            <%= link_to "Don't have an account? Sign up!", signup_path %>
+            <%= form_for(:session, url: login_path) do |f| %>
+              <div class="input-field col s12">
+                <%= f.label :email, "Email Address" %>
+                <%= f.text_field :email %>
+              </div>
+              <div class="input-field col s12">
+                <%= f.label :password %>
+                <%= f.password_field :password %>
+              </div>
+              <br>
+              <%= f.submit "Login", class: "btn white-text light-green" %>
+              <%= link_to "Don't have an account? Sign up!", signup_path %>
+            <% end %>
           <% end %>
         </div>
       <% end %>
diff --git a/config/application.rb b/config/application.rb
index 5ac89988..523afd10 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -12,12 +12,25 @@ module Greenlight20
     # Application configuration should go into files in config/initializers
     # -- all .rb files in that directory are automatically loaded.
 
-    # Default credentials (test-install.blindsidenetworks.com/bigbluebutton).
-    config.bigbluebutton_endpoint_default = 'http://test-install.blindsidenetworks.com/bigbluebutton/'
-    config.bigbluebutton_secret_default = '8cd8ef52e8e101574e400365b55e11a6'
+    config.loadbalanced_configuration = (ENV["USE_LOADBALANCED_CONFIGURATION"] == "true")
 
-    # BigBlueButton configuration.
-    config.bigbluebutton_endpoint = ENV['BIGBLUEBUTTON_ENDPOINT']  || config.bigbluebutton_endpoint_default
-    config.bigbluebutton_secret = ENV['BIGBLUEBUTTON_SECRET'] || config.bigbluebutton_secret_default
+    # Setup BigBlueButton configuration.
+    unless config.loadbalanced_configuration
+      # Default credentials (test-install.blindsidenetworks.com/bigbluebutton).
+      config.bigbluebutton_endpoint_default = "http://test-install.blindsidenetworks.com/bigbluebutton/"
+      config.bigbluebutton_secret_default = "8cd8ef52e8e101574e400365b55e11a6"
+
+      # Use standalone BigBlueButton server.
+      config.bigbluebutton_endpoint = ENV["BIGBLUEBUTTON_ENDPOINT"] || config.bigbluebutton_endpoint_default
+      config.bigbluebutton_endpoint += "api/" unless config.bigbluebutton_endpoint.ends_with?('api/')
+      config.bigbluebutton_secret = ENV["BIGBLUEBUTTON_SECRET"] || config.bigbluebutton_secret_default
+    else
+      # Fetch credentials from a loadbalancer based on provider.
+      config.loadbalancer_endpoint = ENV["LOADBALANCER_ENDPOINT"]
+      config.loadbalancer_secret = ENV["LOADBALANCER_SECRET"]
+    end
+
+    # Determine if GreenLight should allow non-omniauth signup/login.
+    config.greenlight_accounts = (ENV['ALLOW_GREENLIGHT_ACCOUNTS'] == "true")
   end
-end
+end
\ No newline at end of file
diff --git a/config/initializers/omniauth.rb b/config/initializers/omniauth.rb
index bad87f03..cb6a02ca 100644
--- a/config/initializers/omniauth.rb
+++ b/config/initializers/omniauth.rb
@@ -1,4 +1,4 @@
-# List of supported providers.
+# List of supported Omniauth providers.
 Rails.application.config.providers = [:google, :twitter]
 
 # Set which providers are configured.
diff --git a/config/routes.rb b/config/routes.rb
index 1538d882..2f18fd91 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -1,5 +1,6 @@
 Rails.application.routes.draw do
 
+  # Room and Meeting routes.
   scope '/rooms' do
     scope '/:room_uid' do
       get '/', to: 'rooms#index', as: :room
@@ -9,18 +10,22 @@ Rails.application.routes.draw do
     end
   end
 
+  # Signup routes.
   get '/signup', to: 'users#new'
   post '/signup', to: 'users#create'
 
-  # Login to Greenlight.
-  get '/login', to: 'sessions#new'
-
   # Handles login of :greenlight provider account.
   post '/login',  to: 'sessions#create', as: :create_session
 
+  # Login to Greenlight.
+  get '/login', to: 'sessions#new'
+
   # Log the user out of the session.
   get '/logout', to: 'sessions#destroy'
 
+  # Handles launches from a trusted launcher.
+  post '/launch', to: 'sessions#launch'
+
   # Handles Omniauth authentication.
   match '/auth/:provider/callback', to: 'sessions#omniauth', via: [:get, :post], as: :omniauth_session
   get '/auth/failure', to: 'sessions#fail'
diff --git a/db/seeds.rb b/db/seeds.rb
index a50361c9..055a93de 100644
--- a/db/seeds.rb
+++ b/db/seeds.rb
@@ -12,6 +12,6 @@ User.create(
   uid: "someuid",
   username: "testuser",
   email: "test@user.com",
-  password: "test",
-  password_confirmation: "test",
+  password: "password",
+  password_confirmation: "password",
 )
\ No newline at end of file
diff --git a/sample.env b/sample.env
new file mode 100644
index 00000000..97a88ef2
--- /dev/null
+++ b/sample.env
@@ -0,0 +1,49 @@
+# If set to true, GreenLight will attempt to fetch the endpoint and secret from the credentials
+# endpoint by passing it the users provider. This is useful when launching into GreenLight from
+# and external service with a customer provider (who may have different credentials).
+
+# It is also worth noting that ALL Omniauth providers resolve to "greenlight" before being sent.
+# If you are configuring GreenLight for use with a single BigBlueButton server, set this to false.
+USE_LOADBALANCED_CONFIGURATION=false
+
+# The endpoint and secret for your BigBlueButton server.
+# Set these if you are running GreenLight on a single BigBlueButton server.
+# You can retrive these by running the following command on your BigBlueButton server:
+#
+#   bbb-conf --secret
+#
+BIGBLUEBUTTON_ENDPOINT=
+BIGBLUEBUTTON_SECRET=
+
+# The endpoint and secret for your Loadbalancer server.
+# Set these ONLY IF you are running BigBlueButton under a loadbalanced configuration.
+# GreenLight will use these credentials to retrieve provider based server credentials.
+LOADBALANCER_ENDPOINT=
+LOADBALANCER_SECRET=
+
+# Google Login Provider (optional)
+#
+# For in-depth steps on setting up a Google Login Provider, see:
+#
+#   http://docs.bigbluebutton.org/install/green-light.html#google-oauth
+#
+# The GOOGLE_OAUTH2_HD variable is used to limit sign-in to a particular Google Apps hosted
+# domain. This can be a string such as, 'domain.com'. If left blank, GreenLight will allow
+# sign-in from all Google Apps hosted domains.
+GOOGLE_OAUTH2_ID=
+GOOGLE_OAUTH2_SECRET=
+GOOGLE_OAUTH2_HD=
+
+# Twitter Login Provider (optional)
+#
+# For in-depth steps on setting up a Twitter Login Provider, see:
+#
+#   http://docs.bigbluebutton.org/install/green-light.html#twitter-oauth
+#
+TWITTER_ID=
+TWITTER_SECRET=
+
+# Set this to true if you want GreenLight to support user signup and login without
+# Omniauth. This will allow users to create an account at www.hostname.com/signup
+# and use that account to fully interact with GreenLight.
+ALLOW_GREENLIGHT_ACCOUNTS=false
\ No newline at end of file
diff --git a/test/controllers/sessions_controller_test.rb b/test/controllers/sessions_controller_test.rb
index f1259deb..ccbda6e7 100644
--- a/test/controllers/sessions_controller_test.rb
+++ b/test/controllers/sessions_controller_test.rb
@@ -9,11 +9,6 @@ class SessionsControllerTest < ActionDispatch::IntegrationTest
     @steve.room = @kitchen
   end
 
-  test 'can get login page.' do
-    get login_path
-    assert_response :success
-  end
-
   test 'can signin with greenlight account.' do
     post create_session_path, params: {session: {email: @steve.email, password: "steve12345"}}
     
diff --git a/test/models/user_test.rb b/test/models/user_test.rb
index ea80fd71..04b0669d 100644
--- a/test/models/user_test.rb
+++ b/test/models/user_test.rb
@@ -15,9 +15,9 @@ class UserTest < ActiveSupport::TestCase
     assert_not @steve.valid?
   end
 
-  test "email should be present." do
+  test "should allow nil email." do
     @steve.email = nil
-    assert_not @steve.valid?
+    assert @steve.valid?
   end
 
   test "username should be present." do