From 5a51f6d7148bbccadc1383fe2e282850f06c6ec5 Mon Sep 17 00:00:00 2001 From: Ahmad Farhat Date: Wed, 16 Dec 2020 19:31:32 -0500 Subject: [PATCH] Added mapping roles through email to site settings (#2373) --- app/assets/javascripts/admins.js | 6 +++ .../account_activations_controller.rb | 2 + app/controllers/concerns/authenticator.rb | 13 +++++ app/controllers/sessions_controller.rb | 2 +- app/controllers/users_controller.rb | 2 +- app/helpers/admins_helper.rb | 4 ++ .../admins/components/_settings.html.erb | 14 +++--- .../site_settings/_registration.html.erb | 31 ++++++++++++ config/locales/en.yml | 5 ++ .../account_activations_controller_spec.rb | 45 ++++++++++++++++++ spec/controllers/sessions_controller_spec.rb | 47 +++++++++++++++++++ spec/controllers/users_controller_spec.rb | 41 ++++++++++++++++ 12 files changed, 202 insertions(+), 10 deletions(-) create mode 100644 app/views/admins/components/site_settings/_registration.html.erb diff --git a/app/assets/javascripts/admins.js b/app/assets/javascripts/admins.js index f8abf681..aff5ed47 100644 --- a/app/assets/javascripts/admins.js +++ b/app/assets/javascripts/admins.js @@ -169,6 +169,12 @@ function clearMaintenanceBanner(path) { $.post(path, {value: "", tab: "administration"}) } +// Change the email mapping to the string provided +function changeEmailMapping(path) { + var url = $("#email-mapping").val() + $.post(path, {value: url, tab: "registration"}) +} + function mergeUsers() { let userToMerge = $("#from-uid").text() $.post($("#merge-save-access").data("path"), {merge: userToMerge}) diff --git a/app/controllers/account_activations_controller.rb b/app/controllers/account_activations_controller.rb index d737c4c7..0de5e776 100644 --- a/app/controllers/account_activations_controller.rb +++ b/app/controllers/account_activations_controller.rb @@ -18,6 +18,7 @@ class AccountActivationsController < ApplicationController include Emailer + include Authenticator before_action :ensure_unauthenticated before_action :find_user_by_token, only: :edit @@ -32,6 +33,7 @@ class AccountActivationsController < ApplicationController # If the user exists and is not verified and provided the correct token if @user && !@user.activated? # Verify user + @user.set_role(initial_user_role(@user.email)) if @user.role.nil? @user.activate # Redirect user to root with account pending flash if account is still pending diff --git a/app/controllers/concerns/authenticator.rb b/app/controllers/concerns/authenticator.rb index b6c3dbfa..8b1e27b3 100644 --- a/app/controllers/concerns/authenticator.rb +++ b/app/controllers/concerns/authenticator.rb @@ -83,6 +83,19 @@ module Authenticator !allow_greenlight_accounts? end + # Sets the initial user role based on the email mapping + def initial_user_role(email) + mapping = @settings.get_value("Email Mapping") + return "user" unless mapping.present? + + mapping.split(",").each do |map| + email_role = map.split("=") + return email_role[1] if email.ends_with?(email_role[0]) + end + + "user" # default to user if role not found + end + private # Migrates all of the twitter users rooms to the new account diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index eaa5e5ea..dcf014f2 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -228,7 +228,7 @@ class SessionsController < ApplicationController send_invite_user_signup_email(user) if invite_registration && !@user_exists - user.set_role :user if !@user_exists && user.role.nil? + user.set_role(initial_user_role(user.email)) if !@user_exists && user.role.nil? login(user) diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 3b26e52c..34aea389 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -57,7 +57,7 @@ class UsersController < ApplicationController # Sign in automatically if email verification is disabled or if user is already verified. if !Rails.configuration.enable_email_verification || @user.email_verified - @user.set_role :user + @user.set_role(initial_user_role(@user.email)) login(@user) && return end diff --git a/app/helpers/admins_helper.rb b/app/helpers/admins_helper.rb index f704ae97..b3058ce0 100644 --- a/app/helpers/admins_helper.rb +++ b/app/helpers/admins_helper.rb @@ -121,6 +121,10 @@ module AdminsHelper @settings.get_value("Room Limit").to_i end + def email_mapping + @settings.get_value("Email Mapping") + end + # Room Configuration def room_configuration_string(name) diff --git a/app/views/admins/components/_settings.html.erb b/app/views/admins/components/_settings.html.erb index c38c8767..a788698b 100644 --- a/app/views/admins/components/_settings.html.erb +++ b/app/views/admins/components/_settings.html.erb @@ -28,15 +28,13 @@ <%= t("administrator.site_settings.tabs.settings") %> + + + <%= t("administrator.site_settings.tabs.registration") %> + -<% if @tab == "appearance"%> - <%= render "admins/components/site_settings/appearance" %> -<% elsif @tab == "administration"%> - <%= render "admins/components/site_settings/administration" %> -<% else %> - <%= render "admins/components/site_settings/settings" %> -<% end %> - +<%= render "admins/components/site_settings/#{@tab}" %> + diff --git a/app/views/admins/components/site_settings/_registration.html.erb b/app/views/admins/components/site_settings/_registration.html.erb new file mode 100644 index 00000000..888ae93f --- /dev/null +++ b/app/views/admins/components/site_settings/_registration.html.erb @@ -0,0 +1,31 @@ +<% +# BigBlueButton open source conferencing system - http://www.bigbluebutton.org/. +# Copyright (c) 2018 BigBlueButton Inc. and by respective authors (see below). +# This program is free software; you can redistribute it and/or modify it under the +# terms of the GNU Lesser General Public License as published by the Free Software +# Foundation; either version 3.0 of the License, or (at your option) any later +# version. +# +# BigBlueButton is distributed in the hope that it will be useful, but WITHOUT ANY +# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. +# You should have received a copy of the GNU Lesser General Public License along +# with BigBlueButton; if not, see . +%> + +
+
+
+
+ + +
+ + + + +
+
+
+
+
\ No newline at end of file diff --git a/config/locales/en.yml b/config/locales/en.yml index 4dc5181d..5982fde3 100755 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -69,6 +69,10 @@ en: regular: Regular lighten: Lighten darken: Darken + email_mapping: + info: Map the user to a role using their email. Must be in the format email1=role1,email2=role2 + title: Role Mapping by Email + update: log_level: title: Log Level information: Change the Log Level for the entire deployment @@ -111,6 +115,7 @@ en: tabs: appearance: Appearance administration: Administration + registration: Registration settings: Settings title: Site Settings flash: diff --git a/spec/controllers/account_activations_controller_spec.rb b/spec/controllers/account_activations_controller_spec.rb index f2edb458..332f47df 100644 --- a/spec/controllers/account_activations_controller_spec.rb +++ b/spec/controllers/account_activations_controller_spec.rb @@ -79,6 +79,51 @@ describe AccountActivationsController, type: :controller do expect(flash[:success]).to be_present expect(response).to redirect_to(root_path) end + + context "email mapping" do + before do + @role1 = Role.create(name: "role1", priority: 2, provider: "greenlight") + @role2 = Role.create(name: "role2", priority: 3, provider: "greenlight") + allow_any_instance_of(Setting).to receive(:get_value).and_return("-123@test.com=role1,@testing.com=role2") + end + + it "correctly sets users role if email mapping is set" do + @user = create(:user, email: "test-123@test.com", email_verified: false, provider: "greenlight", role: nil) + + get :edit, params: { token: @user.create_activation_token } + + u = User.last + expect(u.role).to eq(@role1) + end + + it "correctly sets users role if email mapping is set (second test)" do + @user = create(:user, email: "test@testing.com", email_verified: false, provider: "greenlight", role: nil) + + get :edit, params: { token: @user.create_activation_token } + + u = User.last + expect(u.role).to eq(@role2) + end + + it "does not replace the role if already set" do + pending = Role.find_by(name: "pending", provider: "greenlight") + @user = create(:user, email: "test@testing.com", email_verified: false, provider: "greenlight", role: pending) + + get :edit, params: { token: @user.create_activation_token } + + u = User.last + expect(u.role).to eq(pending) + end + + it "defaults to user if no mapping matches" do + @user = create(:user, email: "test@testing1.com", email_verified: false, provider: "greenlight") + + get :edit, params: { token: @user.create_activation_token } + + u = User.last + expect(u.role).to eq(Role.find_by(name: "user", provider: "greenlight")) + end + end end describe "GET #resend" do diff --git a/spec/controllers/sessions_controller_spec.rb b/spec/controllers/sessions_controller_spec.rb index 8b7a5c71..79376fb9 100644 --- a/spec/controllers/sessions_controller_spec.rb +++ b/spec/controllers/sessions_controller_spec.rb @@ -531,6 +531,53 @@ describe SessionsController, type: :controller do new_u = User.find_by(social_uid: "bn-launcher-user-new") expect(users_old_uid).to eq(new_u.uid) end + + context "email mapping" do + before do + @role1 = Role.create(name: "role1", priority: 2, provider: "greenlight") + @role2 = Role.create(name: "role2", priority: 3, provider: "greenlight") + allow_any_instance_of(Setting).to receive(:get_value).and_return("-123@test.com=role1,@testing.com=role2") + end + + it "correctly sets users role if email mapping is set" do + params = OmniAuth.config.mock_auth[:google] + params[:info][:email] = "test-123@test.com" + + request.env["omniauth.auth"] = params + + get :omniauth, params: { provider: :google } + + u = User.last + + expect(u.role).to eq(@role1) + end + + it "correctly sets users role if email mapping is set (second test)" do + params = OmniAuth.config.mock_auth[:google] + params[:info][:email] = "test-123@testing.com" + + request.env["omniauth.auth"] = params + + get :omniauth, params: { provider: :google } + + u = User.last + + expect(u.role).to eq(@role2) + end + + it "defaults to user if no mapping matches" do + params = OmniAuth.config.mock_auth[:google] + params[:info][:email] = "test@test.com" + + request.env["omniauth.auth"] = params + + get :omniauth, params: { provider: :google } + + u = User.last + + expect(u.role).to eq(Role.find_by(name: "user", provider: "greenlight")) + end + end end describe "POST #ldap" do diff --git a/spec/controllers/users_controller_spec.rb b/spec/controllers/users_controller_spec.rb index 2d70b11a..46074ebf 100644 --- a/spec/controllers/users_controller_spec.rb +++ b/spec/controllers/users_controller_spec.rb @@ -148,6 +148,47 @@ describe UsersController, type: :controller do expect(u.last_login).to_not be_nil end + + context "email mapping" do + before do + @role1 = Role.create(name: "role1", priority: 2, provider: "greenlight") + @role2 = Role.create(name: "role2", priority: 3, provider: "greenlight") + allow_any_instance_of(Setting).to receive(:get_value).and_return("-123@test.com=role1,@testing.com=role2") + end + + it "correctly sets users role if email mapping is set" do + params = random_valid_user_params + params[:user][:email] = "test-123@test.com" + + post :create, params: params + + u = User.find_by(name: params[:user][:name], email: params[:user][:email]) + + expect(u.role).to eq(@role1) + end + + it "correctly sets users role if email mapping is set (second test)" do + params = random_valid_user_params + params[:user][:email] = "test@testing.com" + + post :create, params: params + + u = User.find_by(name: params[:user][:name], email: params[:user][:email]) + + expect(u.role).to eq(@role2) + end + + it "defaults to user if no mapping matches" do + params = random_valid_user_params + params[:user][:email] = "test@testing1.com" + + post :create, params: params + + u = User.find_by(name: params[:user][:name], email: params[:user][:email]) + + expect(u.role).to eq(Role.find_by(name: "user", provider: "greenlight")) + end + end end context "disallow greenlight accounts" do