624 lines
20 KiB
Ruby
624 lines
20 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
# BigBlueButton open source conferencing system - http://www.bigbluebutton.org/.
|
|
#
|
|
# Copyright (c) 2018 BigBlueButton Inc. and by respective authors (see below).
|
|
#
|
|
# This program is free software; you can redistribute it and/or modify it under the
|
|
# terms of the GNU Lesser General Public License as published by the Free Software
|
|
# Foundation; either version 3.0 of the License, or (at your option) any later
|
|
# version.
|
|
#
|
|
# BigBlueButton is distributed in the hope that it will be useful, but WITHOUT ANY
|
|
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
|
|
# PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU Lesser General Public License along
|
|
# with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
|
|
|
|
require "rails_helper"
|
|
|
|
describe SessionsController, type: :controller do
|
|
describe "GET #new" do
|
|
it "assigns a blank user to the view" do
|
|
allow(Rails.configuration).to receive(:allow_user_signup).and_return(true)
|
|
|
|
get :new
|
|
expect(assigns(:user)).to be_a_new(User)
|
|
end
|
|
|
|
it "redirects to root if allow_user_signup is false" do
|
|
allow(Rails.configuration).to receive(:allow_user_signup).and_return(false)
|
|
|
|
get :new
|
|
expect(response).to redirect_to(root_path)
|
|
end
|
|
|
|
it "rejects the user if they are not invited" do
|
|
allow_any_instance_of(Registrar).to receive(:invite_registration).and_return(true)
|
|
allow(Rails.configuration).to receive(:allow_user_signup).and_return(true)
|
|
|
|
get :new
|
|
|
|
expect(flash[:alert]).to be_present
|
|
expect(response).to redirect_to(root_path)
|
|
end
|
|
end
|
|
|
|
describe "GET #signin" do
|
|
it "redirects to main room if already authenticated" do
|
|
user = create(:user)
|
|
@request.session[:user_id] = user.id
|
|
|
|
post :signin
|
|
expect(response).to redirect_to(room_path(user.main_room))
|
|
end
|
|
end
|
|
|
|
describe 'GET #ldap_signin' do
|
|
it "should render the ldap signin page" do
|
|
get :ldap_signin
|
|
|
|
expect(response).to render_template(:ldap_signin)
|
|
end
|
|
|
|
it "redirects user to main room if already signed in" do
|
|
user = create(:user)
|
|
@request.session[:user_id] = user.id
|
|
|
|
post :signin
|
|
expect(response).to redirect_to(room_path(user.main_room))
|
|
end
|
|
end
|
|
|
|
describe "GET #destroy" do
|
|
before(:each) do
|
|
user = create(:user, provider: "greenlight")
|
|
@request.session[:user_id] = user.id
|
|
post :destroy
|
|
end
|
|
|
|
it "should logout user" do
|
|
expect(@request.session[:user_id]).to be_nil
|
|
end
|
|
|
|
it "should redirect to root" do
|
|
expect(response).to redirect_to(root_path)
|
|
end
|
|
end
|
|
|
|
describe "POST #create" do
|
|
before do
|
|
allow(Rails.configuration).to receive(:enable_email_verification).and_return(true)
|
|
allow_any_instance_of(SessionsController).to receive(:auth_changed_to_local?).and_return(false)
|
|
end
|
|
|
|
before(:each) do
|
|
@user1 = create(:user, provider: 'greenlight', password: 'example', password_confirmation: 'example')
|
|
@user2 = create(:user, password: 'example', password_confirmation: "example")
|
|
end
|
|
|
|
it "should login user in if credentials valid" do
|
|
post :create, params: {
|
|
session: {
|
|
email: @user1.email,
|
|
password: 'example',
|
|
},
|
|
}
|
|
|
|
expect(@request.session[:user_id]).to eql(@user1.id)
|
|
end
|
|
|
|
it "should not login user in if credentials invalid" do
|
|
post :create, params: {
|
|
session: {
|
|
email: @user1.email,
|
|
password: 'invalid',
|
|
},
|
|
}
|
|
|
|
expect(@request.session[:user_id]).to be_nil
|
|
end
|
|
|
|
it "should not login user in if account mismatch" do
|
|
post :create, params: {
|
|
session: {
|
|
email: @user2.email,
|
|
password: "example",
|
|
},
|
|
}
|
|
|
|
expect(@request.session[:user_id]).to be_nil
|
|
end
|
|
|
|
it "should not login user if account is not verified" do
|
|
@user3 = create(:user, email_verified: false, provider: "greenlight",
|
|
password: "example", password_confirmation: 'example')
|
|
|
|
post :create, params: {
|
|
session: {
|
|
email: @user3.email,
|
|
password: 'example',
|
|
},
|
|
}
|
|
|
|
expect(@request.session[:user_id]).to be_nil
|
|
# Expect to redirect to activation path since token is not known here
|
|
expect(response.location.start_with?(account_activation_url(digest: @user3.activation_digest))).to be true
|
|
end
|
|
|
|
it "should not login user if account is deleted" do
|
|
user = create(:user, provider: "greenlight",
|
|
password: "example", password_confirmation: 'example')
|
|
|
|
user.delete
|
|
user.reload
|
|
expect(user.deleted?).to be true
|
|
|
|
post :create, params: {
|
|
session: {
|
|
email: user.email,
|
|
password: 'example',
|
|
},
|
|
}
|
|
|
|
expect(@request.session[:user_id]).to be_nil
|
|
expect(flash[:alert]).to eq(I18n.t("registration.banned.fail"))
|
|
expect(response).to redirect_to(root_path)
|
|
end
|
|
|
|
it "redirects the user to the page they clicked sign in from" do
|
|
user = create(:user, provider: "greenlight",
|
|
password: "example", password_confirmation: 'example')
|
|
|
|
url = Faker::Internet.domain_name
|
|
|
|
@request.cookies[:return_to] = url
|
|
|
|
post :create, params: {
|
|
session: {
|
|
email: user.email,
|
|
password: 'example',
|
|
},
|
|
}
|
|
|
|
expect(@request.session[:user_id]).to eql(user.id)
|
|
expect(response).to redirect_to(url)
|
|
end
|
|
|
|
it "redirects the user to their home room if they clicked the sign in button from root" do
|
|
user = create(:user, provider: "greenlight",
|
|
password: "example", password_confirmation: 'example')
|
|
|
|
@request.cookies[:return_to] = root_url
|
|
|
|
post :create, params: {
|
|
session: {
|
|
email: user.email,
|
|
password: 'example',
|
|
},
|
|
}
|
|
|
|
expect(@request.session[:user_id]).to eql(user.id)
|
|
expect(response).to redirect_to(user.main_room)
|
|
end
|
|
|
|
it "redirects the user to their home room if return_to cookie doesn't exist" do
|
|
user = create(:user, provider: "greenlight",
|
|
password: "example", password_confirmation: 'example')
|
|
|
|
post :create, params: {
|
|
session: {
|
|
email: user.email,
|
|
password: 'example',
|
|
},
|
|
}
|
|
|
|
expect(@request.session[:user_id]).to eql(user.id)
|
|
expect(response).to redirect_to(user.main_room)
|
|
end
|
|
|
|
it "redirects to the admins page for admins" do
|
|
user = create(:user, provider: "greenlight",
|
|
password: "example", password_confirmation: 'example')
|
|
user.set_role :super_admin
|
|
|
|
post :create, params: {
|
|
session: {
|
|
email: user.email,
|
|
password: 'example',
|
|
},
|
|
}
|
|
|
|
expect(@request.session[:user_id]).to eql(user.id)
|
|
expect(response).to redirect_to(admins_path)
|
|
end
|
|
|
|
it "should migrate old rooms from the twitter account to the new user" do
|
|
twitter_user = create(:user, name: "Twitter User", email: "user@twitter.com", image: "example.png",
|
|
username: "twitteruser", email_verified: true, provider: 'twitter', social_uid: "twitter-user")
|
|
|
|
room = Room.new(name: "Test")
|
|
room.owner = twitter_user
|
|
room.save!
|
|
|
|
post :create, params: {
|
|
session: {
|
|
email: @user1.email,
|
|
password: 'example',
|
|
},
|
|
}, session: {
|
|
old_twitter_user_id: twitter_user.id
|
|
}
|
|
|
|
@user1.reload
|
|
expect(@user1.rooms.count).to eq(3)
|
|
expect(@user1.rooms.find { |r| r.name == "Old Home Room" }).to_not be_nil
|
|
expect(@user1.rooms.find { |r| r.name == "Test" }).to_not be_nil
|
|
end
|
|
|
|
it "sends the user a reset password email if the authentication method is changing to local" do
|
|
allow_any_instance_of(SessionsController).to receive(:auth_changed_to_local?).and_return(true)
|
|
email = Faker::Internet.email
|
|
|
|
create(:user, email: email, provider: "greenlight", social_uid: "google-user")
|
|
|
|
expect {
|
|
post :create, params: {
|
|
session: {
|
|
email: email,
|
|
password: 'example',
|
|
},
|
|
}
|
|
}.to change { ActionMailer::Base.deliveries.count }.by(1)
|
|
end
|
|
end
|
|
|
|
describe "GET/POST #omniauth" do
|
|
before(:all) do
|
|
OmniAuth.config.test_mode = true
|
|
|
|
OmniAuth.config.mock_auth[:twitter] = OmniAuth::AuthHash.new(
|
|
provider: "twitter",
|
|
uid: "twitter-user",
|
|
info: {
|
|
email: "user@twitter.com",
|
|
name: "Twitter User",
|
|
nickname: "twitteruser",
|
|
image: "example.png",
|
|
},
|
|
)
|
|
|
|
OmniAuth.config.mock_auth[:google] = OmniAuth::AuthHash.new(
|
|
provider: "google",
|
|
uid: "google-user",
|
|
info: {
|
|
email: "user@google.com",
|
|
name: "Google User",
|
|
nickname: "googleuser",
|
|
image: "touch.png",
|
|
customer: 'customer1',
|
|
}
|
|
)
|
|
|
|
OmniAuth.config.mock_auth[:bn_launcher] = OmniAuth::AuthHash.new(
|
|
provider: "bn_launcher",
|
|
uid: "bn-launcher-user",
|
|
info: {
|
|
email: "user@google.com",
|
|
name: "Google User",
|
|
nickname: "googleuser",
|
|
image: "touch.png",
|
|
customer: 'customer1',
|
|
}
|
|
)
|
|
|
|
OmniAuth.config.on_failure = proc { |env|
|
|
OmniAuth::FailureEndpoint.new(env).redirect_to_failure
|
|
}
|
|
end
|
|
|
|
it "should create and login user with omniauth google" do
|
|
request.env["omniauth.auth"] = OmniAuth.config.mock_auth[:google]
|
|
get :omniauth, params: { provider: :google }
|
|
|
|
u = User.last
|
|
expect(u.provider).to eql("google")
|
|
expect(u.email).to eql("user@google.com")
|
|
expect(@request.session[:user_id]).to eql(u.id)
|
|
end
|
|
|
|
it "should create and login user with omniauth bn launcher" do
|
|
request.env["omniauth.auth"] = OmniAuth.config.mock_auth[:bn_launcher]
|
|
get :omniauth, params: { provider: 'bn_launcher' }
|
|
|
|
u = User.last
|
|
expect(u.provider).to eql("customer1")
|
|
expect(u.email).to eql("user@google.com")
|
|
expect(@request.session[:user_id]).to eql(u.id)
|
|
end
|
|
|
|
it "redirects a deleted user to the root page" do
|
|
# Create the user first
|
|
request.env["omniauth.auth"] = OmniAuth.config.mock_auth[:bn_launcher]
|
|
get :omniauth, params: { provider: 'bn_launcher' }
|
|
|
|
# Delete the user
|
|
user = User.find_by(social_uid: "bn-launcher-user")
|
|
|
|
@request.session[:user_id] = nil
|
|
user.delete
|
|
user.reload
|
|
expect(user.deleted?).to be true
|
|
|
|
# Try to sign back in
|
|
get :omniauth, params: { provider: 'bn_launcher' }
|
|
|
|
expect(@request.session[:user_id]).to be_nil
|
|
expect(flash[:alert]).to eq(I18n.t("registration.banned.fail"))
|
|
expect(response).to redirect_to(root_path)
|
|
end
|
|
|
|
it "should redirect to root on invalid omniauth login" do
|
|
request.env["omniauth.auth"] = :invalid_credentials
|
|
get :omniauth, params: { provider: :google }
|
|
|
|
expect(response).to redirect_to(root_path)
|
|
end
|
|
|
|
it "should not create session without omniauth env set for google" do
|
|
get :omniauth, params: { provider: 'google' }
|
|
|
|
expect(response).to redirect_to(root_path)
|
|
end
|
|
|
|
context 'twitter deprecation' do
|
|
it "should not allow new user sign up with omniauth twitter" do
|
|
request.env["omniauth.auth"] = OmniAuth.config.mock_auth[:twitter]
|
|
get :omniauth, params: { provider: :twitter }
|
|
|
|
expect(response).to redirect_to(root_path)
|
|
expect(flash[:alert]).to eq(I18n.t("registration.deprecated.twitter_signup"))
|
|
end
|
|
|
|
it "should notify twitter users that twitter is deprecated" do
|
|
allow(Rails.configuration).to receive(:allow_user_signup).and_return(true)
|
|
twitter_user = create(:user, name: "Twitter User", email: "user@twitter.com", image: "example.png",
|
|
username: "twitteruser", email_verified: true, provider: 'twitter', social_uid: "twitter-user")
|
|
|
|
request.env["omniauth.auth"] = OmniAuth.config.mock_auth[:twitter]
|
|
get :omniauth, params: { provider: :twitter }
|
|
|
|
expect(flash[:alert]).to eq(I18n.t("registration.deprecated.twitter_signin",
|
|
link: signup_path(old_twitter_user_id: twitter_user.id)))
|
|
end
|
|
|
|
it "should migrate rooms from the twitter account to the google account" do
|
|
twitter_user = create(:user, name: "Twitter User", email: "user@twitter.com", image: "example.png",
|
|
username: "twitteruser", email_verified: true, provider: 'twitter', social_uid: "twitter-user")
|
|
|
|
room = Room.new(name: "Test")
|
|
room.owner = twitter_user
|
|
room.save!
|
|
|
|
request.env["omniauth.auth"] = OmniAuth.config.mock_auth[:google]
|
|
get :omniauth, params: { provider: :google }, session: { old_twitter_user_id: twitter_user.id }
|
|
|
|
u = User.last
|
|
expect(u.provider).to eql("google")
|
|
expect(u.email).to eql("user@google.com")
|
|
expect(@request.session[:user_id]).to eql(u.id)
|
|
expect(u.rooms.count).to eq(3)
|
|
expect(u.rooms.find { |r| r.name == "Old Home Room" }).to_not be_nil
|
|
expect(u.rooms.find { |r| r.name == "Test" }).to_not be_nil
|
|
end
|
|
end
|
|
|
|
context 'registration notification emails' do
|
|
before do
|
|
allow(Rails.configuration).to receive(:enable_email_verification).and_return(true)
|
|
@user = create(:user, provider: "greenlight")
|
|
@admin = create(:user, provider: "greenlight", email: "test@example.com")
|
|
@admin.set_role :admin
|
|
end
|
|
|
|
it "should notify admin on new user signup with approve/reject registration" do
|
|
allow_any_instance_of(Registrar).to receive(:approval_registration).and_return(true)
|
|
|
|
request.env["omniauth.auth"] = OmniAuth.config.mock_auth[:bn_launcher]
|
|
|
|
expect { get :omniauth, params: { provider: 'bn_launcher' } }
|
|
.to change { ActionMailer::Base.deliveries.count }.by(1)
|
|
end
|
|
|
|
it "should notify admin on new user signup with invite registration" do
|
|
allow_any_instance_of(Registrar).to receive(:invite_registration).and_return(true)
|
|
|
|
invite = Invitation.create(email: "user@google.com", provider: "greenlight")
|
|
@request.session[:invite_token] = invite.invite_token
|
|
|
|
request.env["omniauth.auth"] = OmniAuth.config.mock_auth[:bn_launcher]
|
|
|
|
expect { get :omniauth, params: { provider: 'bn_launcher' } }
|
|
.to change { ActionMailer::Base.deliveries.count }.by(1)
|
|
end
|
|
end
|
|
|
|
it "should not create session without omniauth env set for bn_launcher" do
|
|
get :omniauth, params: { provider: 'bn_launcher' }
|
|
|
|
expect(response).to redirect_to(root_path)
|
|
end
|
|
|
|
it "switches a social account to a different social account if the authentication method changed" do
|
|
request.env["omniauth.auth"] = OmniAuth.config.mock_auth[:bn_launcher]
|
|
get :omniauth, params: { provider: 'bn_launcher' }
|
|
|
|
u = User.find_by(social_uid: "bn-launcher-user")
|
|
u.social_uid = nil
|
|
users_old_uid = u.uid
|
|
u.save!
|
|
|
|
new_user = OmniAuth::AuthHash.new(
|
|
provider: "bn_launcher",
|
|
uid: "bn-launcher-user-new",
|
|
info: {
|
|
email: "user@google.com",
|
|
name: "Office User",
|
|
nickname: "googleuser",
|
|
image: "touch.png",
|
|
customer: 'customer1',
|
|
}
|
|
)
|
|
|
|
allow_any_instance_of(SessionsController).to receive(:auth_changed_to_social?).and_return(true)
|
|
allow_any_instance_of(ApplicationController).to receive(:set_user_domain).and_return("customer1")
|
|
controller.instance_variable_set(:@user_domain, "customer1")
|
|
|
|
request.env["omniauth.auth"] = new_user
|
|
get :omniauth, params: { provider: 'bn_launcher' }
|
|
|
|
new_u = User.find_by(social_uid: "bn-launcher-user-new")
|
|
expect(users_old_uid).to eq(new_u.uid)
|
|
end
|
|
|
|
it "switches a local account to a different social account if the authentication method changed" do
|
|
email = Faker::Internet.email
|
|
user = create(:user, email: email, provider: "customer1")
|
|
users_old_uid = user.uid
|
|
|
|
new_user = OmniAuth::AuthHash.new(
|
|
provider: "bn_launcher",
|
|
uid: "bn-launcher-user-new",
|
|
info: {
|
|
email: email,
|
|
name: "Office User",
|
|
nickname: "googleuser",
|
|
image: "touch.png",
|
|
customer: 'customer1',
|
|
}
|
|
)
|
|
|
|
allow_any_instance_of(SessionsController).to receive(:auth_changed_to_social?).and_return(true)
|
|
allow_any_instance_of(ApplicationController).to receive(:set_user_domain).and_return("customer1")
|
|
controller.instance_variable_set(:@user_domain, "customer1")
|
|
|
|
request.env["omniauth.auth"] = new_user
|
|
get :omniauth, params: { provider: 'bn_launcher' }
|
|
|
|
new_u = User.find_by(social_uid: "bn-launcher-user-new")
|
|
expect(users_old_uid).to eq(new_u.uid)
|
|
end
|
|
end
|
|
|
|
describe "POST #ldap" do
|
|
it "should create and login a user with a ldap login" do
|
|
entry = Net::LDAP::Entry.new("cn=Test User,ou=people,dc=planetexpress,dc=com")
|
|
entry[:cn] = "Test User"
|
|
entry[:givenName] = "Test"
|
|
entry[:sn] = "User"
|
|
entry[:mail] = "test@example.com"
|
|
allow_any_instance_of(Net::LDAP).to receive(:bind_as).and_return([entry])
|
|
|
|
post :ldap, params: {
|
|
session: {
|
|
username: "test",
|
|
password: 'password',
|
|
},
|
|
}
|
|
|
|
u = User.last
|
|
expect(u.provider).to eql("ldap")
|
|
expect(u.email).to eql("test@example.com")
|
|
expect(@request.session[:user_id]).to eql(u.id)
|
|
end
|
|
|
|
it "should defaults the users image to blank if actual image is provided" do
|
|
entry = Net::LDAP::Entry.new("cn=Test User,ou=people,dc=planetexpress,dc=com")
|
|
entry[:cn] = "Test User"
|
|
entry[:givenName] = "Test"
|
|
entry[:sn] = "User"
|
|
entry[:mail] = "test@example.com"
|
|
entry[:jpegPhoto] = "\FF\F8" # Pretend image
|
|
allow_any_instance_of(Net::LDAP).to receive(:bind_as).and_return([entry])
|
|
|
|
post :ldap, params: {
|
|
session: {
|
|
username: "test",
|
|
password: 'password',
|
|
},
|
|
}
|
|
|
|
u = User.last
|
|
expect(u.provider).to eql("ldap")
|
|
expect(u.image).to eql("")
|
|
expect(@request.session[:user_id]).to eql(u.id)
|
|
end
|
|
|
|
it "uses the users image if a url is provided" do
|
|
image = Faker::Internet.url
|
|
entry = Net::LDAP::Entry.new("cn=Test User,ou=people,dc=planetexpress,dc=com")
|
|
entry[:cn] = "Test User"
|
|
entry[:givenName] = "Test"
|
|
entry[:sn] = "User"
|
|
entry[:mail] = "test@example.com"
|
|
entry[:jpegPhoto] = image
|
|
allow_any_instance_of(Net::LDAP).to receive(:bind_as).and_return([entry])
|
|
|
|
post :ldap, params: {
|
|
session: {
|
|
username: "test",
|
|
password: 'password',
|
|
},
|
|
}
|
|
|
|
u = User.last
|
|
expect(u.provider).to eql("ldap")
|
|
expect(u.image).to eql(image)
|
|
expect(@request.session[:user_id]).to eql(u.id)
|
|
end
|
|
|
|
it "should redirect to signin on invalid credentials" do
|
|
allow_any_instance_of(Net::LDAP).to receive(:bind_as).and_return(false)
|
|
|
|
post :ldap, params: {
|
|
session: {
|
|
username: "test",
|
|
password: 'passwor',
|
|
},
|
|
}
|
|
|
|
expect(response).to redirect_to(ldap_signin_path)
|
|
expect(flash[:alert]).to eq(I18n.t("invalid_credentials"))
|
|
end
|
|
|
|
it "redirects to signin if no password provided" do
|
|
allow_any_instance_of(Net::LDAP).to receive(:bind_as).and_return(false)
|
|
|
|
post :ldap, params: {
|
|
session: {
|
|
username: "test",
|
|
password: '',
|
|
},
|
|
}
|
|
|
|
expect(response).to redirect_to(ldap_signin_path)
|
|
expect(flash[:alert]).to eq(I18n.t("invalid_credentials"))
|
|
end
|
|
|
|
it "redirects to signin if no username provided" do
|
|
allow_any_instance_of(Net::LDAP).to receive(:bind_as).and_return(false)
|
|
|
|
post :ldap, params: {
|
|
session: {
|
|
username: "",
|
|
password: 'test',
|
|
},
|
|
}
|
|
|
|
expect(response).to redirect_to(ldap_signin_path)
|
|
expect(flash[:alert]).to eq(I18n.t("invalid_credentials"))
|
|
end
|
|
end
|
|
end
|