GRN2-155: Begin preparing for removal of Twitter accounts (#615)

* Add twitter deprecation message * Fix rspec test * Extract room switch to its own method * update method name
2019-07-09 13:06:07 -04:00 · 2019-07-09 13:06:07 -04:00 · 40b05b1626
parent a3158b5872
commit 40b05b1626
8 changed files with 180 additions and 49 deletions
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@ -51,6 +51,10 @@ class SessionsController < ApplicationController
      @auth = request.env['omniauth.auth']
      @user_exists = check_user_exists

+      if !@user_exists && @auth['provider'] == "twitter"
+        return redirect_to root_path, flash: { alert: I18n.t("registration.deprecated.twitter_signup") }
+      end
+
      # If using invitation registration method, make sure user is invited
      return redirect_to root_path, flash: { alert: I18n.t("registration.invite.no_invite") } unless passes_invite_reqs

@ -70,6 +74,16 @@ class SessionsController < ApplicationController
                                             invite_registration && !@user_exists

      login(user)
+
+      if @auth['provider'] == "twitter"
+        flash[:alert] = if allow_user_signup? && allow_greenlight_accounts?
+                          I18n.t("registration.deprecated.twitter_signin",
+                            link: signup_path(old_twitter_user_id: user.id))
+                        else
+                          I18n.t("registration.deprecated.twitter_signin",
+                            link: signin_path(old_twitter_user_id: user.id))
+                        end
+      end
    rescue => e
        logger.error "Error authenticating via omniauth: #{e}"
        omniauth_fail
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@ -62,6 +62,10 @@ class UsersController < ApplicationController

  # GET /signin
  def signin
+    unless params[:old_twitter_user_id].nil? && session[:old_twitter_user_id].nil?
+      flash[:alert] = I18n.t("registration.deprecated.new_signin")
+      session[:old_twitter_user_id] = params[:old_twitter_user_id] unless params[:old_twitter_user_id].nil?
+    end
  end

  # GET /signup
@ -75,6 +79,12 @@ class UsersController < ApplicationController
      session[:invite_token] = params[:invite_token]
    end

+    unless params[:old_twitter_user_id].nil? && session[:old_twitter_user_id].nil?
+      logout
+      flash.now[:alert] = I18n.t("registration.deprecated.new_signin")
+      session[:old_twitter_user_id] = params[:old_twitter_user_id] unless params[:old_twitter_user_id].nil?
+    end
+
    @user = User.new
  end

@ -175,7 +185,7 @@ class UsersController < ApplicationController
  end

  def ensure_unauthenticated
-    redirect_to current_user.main_room if current_user
+    redirect_to current_user.main_room if current_user && params[:old_twitter_user_id].nil?
  end

  def user_params
--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@ -33,7 +33,11 @@ module ApplicationHelper

  # Determines which providers can show a login button in the login modal.
  def iconset_providers
-    configured_providers & [:google, :twitter, :microsoft_office365]
+    providers = configured_providers & [:google, :twitter, :microsoft_office365]
+
+    providers.delete(:twitter) if session[:old_twitter_user_id]
+
+    providers
  end

  # Generates the login URL for a specific provider.
--- a/app/helpers/sessions_helper.rb
+++ b/app/helpers/sessions_helper.rb
@ -19,6 +19,8 @@
 module SessionsHelper
  # Logs a user into GreenLight.
  def login(user)
+    migrate_twitter_user(user)
+
    session[:user_id] = user.id

    # If there are not terms, or the user has accepted them, check for email verification
@ -97,4 +99,24 @@ module SessionsHelper
        hd_opts
      end
  end
+
+  def migrate_twitter_user(user)
+    if !session["old_twitter_user_id"].nil? && user.provider != "twitter"
+      old_user = User.find(session["old_twitter_user_id"])
+
+      old_user.rooms.each do |room|
+        room.owner = user
+
+        room.name = "Old " + room.name if room.id == old_user.main_room.id
+
+        room.save!
+      end
+
+      # Query for the old user again so the migrated rooms don't get deleted
+      old_user.reload
+      old_user.destroy!
+
+      session["old_twitter_user_id"] = nil
+    end
+  end
 end
--- a/app/views/shared/_flash_messages.html.erb
+++ b/app/views/shared/_flash_messages.html.erb
@ -17,17 +17,17 @@
  <% if key.eql? "success" %>
    <div class="alert alert-success alert-dismissible text-center mb-0">
      <button type="button" class="close" data-dismiss="alert">&times</button>
-      <%= value %>
+      <%= value.html_safe %>
    </div>
  <% elsif key.eql? "alert" %>
    <div class="alert alert-danger alert-dismissible text-center mb-0">
      <button type="button" class="close" data-dismiss="alert">&times</button>
-      <%= value %>
+      <%= value.html_safe %>
    </div>
  <% elsif key.eql? "info" %>
    <div class="alert alert-info alert-dismissible text-center mb-0">
      <button type="button" class="close" data-dismiss="alert">&times</button>
-      <%= value %>
+      <%= value.html_safe %>
    </div>
  <% end %>
 <% end %>
--- a/config/environments/test.rb
+++ b/config/environments/test.rb
@ -49,4 +49,6 @@ Rails.application.configure do
  # Use standalone BigBlueButton server.
  config.bigbluebutton_endpoint = config.bigbluebutton_endpoint_default
  config.bigbluebutton_secret = config.bigbluebutton_secret_default
+
+  config.loadbalanced_configuration = false
 end
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@ -330,7 +330,11 @@ en:
      fail: Your account has not been approved yet. If multiples days have passed since you signed up, please contact your administrator.
      signup: Your account was successfully created. It has been sent to an administrator for approval.
    banned:
-      fail: You do not have access to this application. If you believe this is a mistake, please contact your administrator.
+      fail: You do not have access to this application. If you believe this is a mistake, please contact your administrator. 
+    deprecated:
+      new_signin: Select a new login method for you account. All your rooms from your old account will be migrated to the new account
+      twitter_signin: Signing in via Twitter has been deprecated and will be removed in the next release. Click <a href="%{link}"> here </a> to move your account to a new authentication method
+      twitter_signup: Sign up via Twitter has been deprecated. Please use a different sign up method
    invite:
      fail: Your token is either invalid or has expired. If you believe this is a mistake, please contact your administrator.
      no_invite: You do not have an invitation to join. Please contact your administrator to receive one.
--- a/spec/controllers/sessions_controller_spec.rb
+++ b/spec/controllers/sessions_controller_spec.rb
@ -156,6 +156,29 @@ describe SessionsController, type: :controller do
      expect(@request.session[:user_id]).to eql(user.id)
      expect(response).to redirect_to(admins_path)
    end
+
+    it "should migrate old rooms from the twitter account to the new user" do
+      twitter_user = User.create(name: "Twitter User", email: "user@twitter.com", image: "example.png",
+        username: "twitteruser", email_verified: true, provider: 'twitter', social_uid: "twitter-user")
+
+      room = Room.new(name: "Test")
+      room.owner = twitter_user
+      room.save!
+
+      post :create, params: {
+        session: {
+          email: @user1.email,
+          password: 'example',
+        },
+      }, session: {
+        old_twitter_user_id: twitter_user.id
+      }
+
+      @user1.reload
+      expect(@user1.rooms.count).to eq(3)
+      expect(@user1.rooms.find { |r| r.name == "Old Home Room" }).to_not be_nil
+      expect(@user1.rooms.find { |r| r.name == "Test" }).to_not be_nil
+    end
  end

  describe "GET/POST #omniauth" do
@ -173,6 +196,18 @@ describe SessionsController, type: :controller do
        },
      )

+      OmniAuth.config.mock_auth[:google] = OmniAuth::AuthHash.new(
+        provider: "google",
+        uid: "google-user",
+        info: {
+          email: "user@google.com",
+          name: "Google User",
+          nickname: "googleuser",
+          image: "touch.png",
+          customer: 'customer1',
+        }
+      )
+
      OmniAuth.config.mock_auth[:bn_launcher] = OmniAuth::AuthHash.new(
        provider: "bn_launcher",
        uid: "bn-launcher-user",
@ -190,68 +225,108 @@ describe SessionsController, type: :controller do
      }
    end

-    unless Rails.configuration.omniauth_bn_launcher
-      it "should create and login user with omniauth twitter" do
+    it "should create and login user with omniauth google" do
+      request.env["omniauth.auth"] = OmniAuth.config.mock_auth[:google]
+      get :omniauth, params: { provider: :google }
+
+      u = User.last
+      expect(u.provider).to eql("google")
+      expect(u.email).to eql("user@google.com")
+      expect(@request.session[:user_id]).to eql(u.id)
+    end
+
+    it "should create and login user with omniauth bn launcher" do
+      request.env["omniauth.auth"] = OmniAuth.config.mock_auth[:bn_launcher]
+      get :omniauth, params: { provider: 'bn_launcher' }
+
+      u = User.last
+      expect(u.provider).to eql("customer1")
+      expect(u.email).to eql("user@google.com")
+      expect(@request.session[:user_id]).to eql(u.id)
+    end
+
+    it "should redirect to root on invalid omniauth login" do
+      request.env["omniauth.auth"] = :invalid_credentials
+      get :omniauth, params: { provider: :google }
+
+      expect(response).to redirect_to(root_path)
+    end
+
+    it "should not create session without omniauth env set for google" do
+      get :omniauth, params: { provider: 'google' }
+
+      expect(response).to redirect_to(root_path)
+    end
+
+    context 'twitter deprecation' do
+      it "should not allow new user sign up with omniauth twitter" do
        request.env["omniauth.auth"] = OmniAuth.config.mock_auth[:twitter]
        get :omniauth, params: { provider: :twitter }

-        u = User.last
-        expect(u.provider).to eql("twitter")
-        expect(u.email).to eql("user@twitter.com")
-        expect(@request.session[:user_id]).to eql(u.id)
+        expect(response).to redirect_to(root_path)
+        expect(flash[:alert]).to eq(I18n.t("registration.deprecated.twitter_signup"))
      end

-      it "should create and login user with omniauth bn launcher" do
-        request.env["omniauth.auth"] = OmniAuth.config.mock_auth[:bn_launcher]
-        get :omniauth, params: { provider: 'bn_launcher' }
+      it "should notify twitter users that twitter is deprecated" do
+        allow(Rails.configuration).to receive(:allow_user_signup).and_return(true)
+        twitter_user = User.create(name: "Twitter User", email: "user@twitter.com", image: "example.png",
+          username: "twitteruser", email_verified: true, provider: 'twitter', social_uid: "twitter-user")

-        u = User.last
-        expect(u.provider).to eql("customer1")
-        expect(u.email).to eql("user@google.com")
-        expect(@request.session[:user_id]).to eql(u.id)
-      end
-
-      it "should redirect to root on invalid omniauth login" do
-        request.env["omniauth.auth"] = :invalid_credentials
+        request.env["omniauth.auth"] = OmniAuth.config.mock_auth[:twitter]
        get :omniauth, params: { provider: :twitter }

-        expect(response).to redirect_to(root_path)
+        expect(flash[:alert]).to eq(I18n.t("registration.deprecated.twitter_signin",
+          link: signup_path(old_twitter_user_id: twitter_user.id)))
      end

-      it "should not create session without omniauth env set for google" do
-        get :omniauth, params: { provider: 'google' }
+      it "should migrate rooms from the twitter account to the google account" do
+        twitter_user = User.create(name: "Twitter User", email: "user@twitter.com", image: "example.png",
+          username: "twitteruser", email_verified: true, provider: 'twitter', social_uid: "twitter-user")

-        expect(response).to redirect_to(root_path)
+        room = Room.new(name: "Test")
+        room.owner = twitter_user
+        room.save!
+
+        request.env["omniauth.auth"] = OmniAuth.config.mock_auth[:google]
+        get :omniauth, params: { provider: :google }, session: { old_twitter_user_id: twitter_user.id }
+
+        u = User.last
+        expect(u.provider).to eql("google")
+        expect(u.email).to eql("user@google.com")
+        expect(@request.session[:user_id]).to eql(u.id)
+        expect(u.rooms.count).to eq(3)
+        expect(u.rooms.find { |r| r.name == "Old Home Room" }).to_not be_nil
+        expect(u.rooms.find { |r| r.name == "Test" }).to_not be_nil
+      end
+    end
+
+    context 'registration notification emails' do
+      before do
+        allow(Rails.configuration).to receive(:enable_email_verification).and_return(true)
+        @user = create(:user, provider: "greenlight")
+        @admin = create(:user, provider: "greenlight", email: "test@example.com")
+        @admin.add_role :admin
      end

-      context 'registration notification emails' do
-        before do
-          allow(Rails.configuration).to receive(:enable_email_verification).and_return(true)
-          @user = create(:user, provider: "greenlight")
-          @admin = create(:user, provider: "greenlight", email: "test@example.com")
-          @admin.add_role :admin
-        end
+      it "should notify admin on new user signup with approve/reject registration" do
+        allow_any_instance_of(Registrar).to receive(:approval_registration).and_return(true)

-        it "should notify admin on new user signup with approve/reject registration" do
-          allow_any_instance_of(Registrar).to receive(:approval_registration).and_return(true)
+        request.env["omniauth.auth"] = OmniAuth.config.mock_auth[:bn_launcher]

-          request.env["omniauth.auth"] = OmniAuth.config.mock_auth[:bn_launcher]
+        expect { get :omniauth, params: { provider: 'bn_launcher' } }
+          .to change { ActionMailer::Base.deliveries.count }.by(1)
+      end

-          expect { get :omniauth, params: { provider: 'bn_launcher' } }
-            .to change { ActionMailer::Base.deliveries.count }.by(1)
-        end
+      it "should notify admin on new user signup with invite registration" do
+        allow_any_instance_of(Registrar).to receive(:invite_registration).and_return(true)

-        it "should notify admin on new user signup with invite registration" do
-          allow_any_instance_of(Registrar).to receive(:invite_registration).and_return(true)
+        invite = Invitation.create(email: "user@google.com", provider: "greenlight")
+        @request.session[:invite_token] = invite.invite_token

-          invite = Invitation.create(email: "user@google.com", provider: "greenlight")
-          @request.session[:invite_token] = invite.invite_token
+        request.env["omniauth.auth"] = OmniAuth.config.mock_auth[:bn_launcher]

-          request.env["omniauth.auth"] = OmniAuth.config.mock_auth[:bn_launcher]
-
-          expect { get :omniauth, params: { provider: 'bn_launcher' } }
-            .to change { ActionMailer::Base.deliveries.count }.by(1)
-        end
+        expect { get :omniauth, params: { provider: 'bn_launcher' } }
+          .to change { ActionMailer::Base.deliveries.count }.by(1)
      end
    end