Merge branch 'bigbluebutton:master' into email-fallback-flag

bigbluebutton · Aug 21, 2024 · 4b58c12 · 4b58c12
2 parents a12b602 + a1b9e5b
commit 4b58c12
Show file tree

Hide file tree

Showing 18 changed files with 321 additions and 54 deletions.
diff --git a/app/assets/locales/el.json b/app/assets/locales/el.json
@@ -319,7 +319,10 @@
           "open": "Ενεργοποίηση εγγραφών",
           "invite": "Συμμετοχή με πρόσκληση",
           "approval": "Έγκριση/Απόρριψη"
-        }
+        },
+        "allowed_domains": "Επιτρέπονται τα email ονομάτων τομεα",
+        "allowed_domains_signup_description": "Επιτρέπονται συγκεκριμένα email ονομάτων τομεα για εγγραφή. Η μορφή πρέπει να είναι @test.com,domain.com",
+        "enter_allowed_domains_rule" : "Προσθηκη επιτρεπόμενου ονόματος τομέα "
       }
     },
     "room_configuration": {
@@ -420,7 +423,8 @@
         "privacy_policy_updated": "Η πολιτική απορρήτου ενημερώθηκε.",
         "helpcenter_updated": "Ο σύνδεσμος για το Κέντρο βοήθειας ενημερώθηκε. ",
         "terms_of_service_updated": "Οι όριο χρήσης ενημερώθηκαν.",
-        "maintenance_updated": "Το μήνυμα της λειτουργίας συντήρησης ενημερώθηκε."
+        "maintenance_updated": "Το μήνυμα της λειτουργίας συντήρησης ενημερώθηκε.",
+        "allowed_domains_signup_updated": "Τα επιτρεπόμενα ονόματα τομέα ενημερώθηκαν"
       },
       "recording": {
         "recording_visibility_updated": "Η εμφάνιση καταγραφής ενημερώθηκε.",

diff --git a/app/assets/locales/en.json b/app/assets/locales/en.json
@@ -319,7 +319,10 @@
           "open": "Open Registration",
           "invite": "Join by Invitation",
           "approval": "Approve/Decline"
-        }
+        },
+        "allowed_domains": "Allowed Email Domains",
+        "allowed_domains_signup_description": "Allow specific email domains to sign up. Format must be: @test.com,domain.com",
+        "enter_allowed_domains_rule" : "Enter the allowed domains"
       }
     },
     "room_configuration": {
@@ -420,7 +423,8 @@
         "privacy_policy_updated": "The privacy notice has been updated.",
         "helpcenter_updated": "The help center link has been updated.",
         "terms_of_service_updated": "The terms of service have been updated.",
-        "maintenance_updated": "The maintenance banner has been updated."
+        "maintenance_updated": "The maintenance banner has been updated.",
+        "allowed_domains_signup_updated": "The allowed email domains have been updated."
       },
       "recording": {
         "recording_visibility_updated": "The recording visibility has been updated.",

diff --git a/app/assets/locales/ja.json b/app/assets/locales/ja.json
@@ -319,7 +319,10 @@
           "open": "誰でも自由に登録",
           "invite": "招待制",
           "approval": "承認制"
-        }
+        },
+        "allowed_domains": "許可するEmailのドメイン",
+        "allowed_domains_signup_description": "特定のEmailドメインのみからのサインアップを許可します。@test.com や domain.com のような形式で記入してください。",
+        "enter_allowed_domains_rule" : "許可するドメインを入力"
       }
     },
     "room_configuration": {
@@ -420,7 +423,8 @@
         "privacy_policy_updated": "プライバシーに関する告知がアップデートされました。",
         "helpcenter_updated": "ヘルプセンターのリンクが更新されました。",
         "terms_of_service_updated": "利用規約が更新されました。",
-        "maintenance_updated": "メンテナンスバナーが更新されました。"
+        "maintenance_updated": "メンテナンスバナーが更新されました。",
+        "allowed_domains_signup_updated": "許可するEmailのドメインが更新されました。"
       },
       "recording": {
         "recording_visibility_updated": "録画の公開度が更新されました。",

diff --git a/app/controllers/api/v1/meetings_controller.rb b/app/controllers/api/v1/meetings_controller.rb
@@ -37,6 +37,7 @@ def start
         render_data data: BigBlueButtonApi.new(provider: current_provider).join_meeting(
           room: @room,
           name: current_user.name,
+          user_id: fetch_bbb_user_id,
           avatar_url: current_user.avatar.attached? ? url_for(current_user.avatar) : nil,
           role: 'Moderator'
         ), status: :created
@@ -81,6 +82,7 @@ def status
           data[:joinUrl] = BigBlueButtonApi.new(provider: current_provider).join_meeting(
             room: @room,
             name: current_user ? current_user.name : params[:name],
+            user_id: fetch_bbb_user_id,
             avatar_url: current_user&.avatar&.attached? ? url_for(current_user.avatar) : nil,
             role: bbb_role
           )
@@ -145,6 +147,21 @@ def infer_bbb_role(mod_code:, viewer_code:, anyone_join_as_mod:)
           'Viewer'
         end
       end
+
+      def fetch_bbb_user_id
+        return "gl-#{current_user.id}" if current_user
+
+        return cookies[:guest_id] if cookies[:guest_id].present?
+
+        guest_id = "gl-guest-#{SecureRandom.hex(12)}"
+
+        cookies[:guest_id] = {
+          value: guest_id,
+          expires: 1.day.from_now
+        }
+
+        guest_id
+      end
     end
   end
 end
diff --git a/app/controllers/api/v1/users_controller.rb b/app/controllers/api/v1/users_controller.rb
@@ -61,6 +61,9 @@ def create
         # Users created by a user will have the creator language by default with a fallback to the server configured default_locale.
         create_user_params[:language] = current_user&.language || I18n.default_locale if create_user_params[:language].blank?
 
+        # renders an error if the user is signing up with an invalid domain based off site settings
+        return render_error errors: Rails.configuration.custom_error_msgs[:unauthorized], status: :forbidden unless valid_domain?
+
         user = UserCreator.new(user_params: create_user_params.except(:invite_token), provider: current_provider, role: default_role).call
 
         smtp_enabled = ENV['SMTP_SERVER'].present?
@@ -184,6 +187,17 @@ def valid_invite_token
         Invitation.destroy_by(email: create_user_params[:email].downcase, provider: current_provider,
                               token: create_user_params[:invite_token]).present?
       end
+
+      def valid_domain?
+        allowed_domains_emails = SettingGetter.new(setting_name: 'AllowedDomains', provider: current_provider).call
+        return true if allowed_domains_emails.blank?
+
+        domains = allowed_domains_emails.split(',')
+        domains.each do |domain|
+          return true if create_user_params[:email].end_with?(domain)
+        end
+        false
+      end
     end
   end
 end
diff --git a/app/controllers/external_controller.rb b/app/controllers/external_controller.rb
@@ -48,6 +48,8 @@ def create_user
       return redirect_to root_path(error: Rails.configuration.custom_error_msgs[:invite_token_invalid])
     end
 
+    return render_error status: :forbidden unless valid_domain?(user_info[:email])
+
     # Create the user if they dont exist
     if new_user
       user = UserCreator.new(user_params: user_info, provider: current_provider, role: default_role).call
@@ -171,4 +173,15 @@ def build_user_info(credentials)
       verified: true
     }
   end
+
+  def valid_domain?(email)
+    allowed_domain_emails = SettingGetter.new(setting_name: 'AllowedDomains', provider: current_provider).call
+    return true if allowed_domain_emails.blank?
+
+    domains = allowed_domain_emails.split(',')
+    domains.each do |domain|
+      return true if email.end_with?(domain)
+    end
+    false
+  end
 end
diff --git a/app/javascript/components/admin/site_settings/registration/Registration.jsx b/app/javascript/components/admin/site_settings/registration/Registration.jsx
@@ -28,11 +28,12 @@ import useRoles from '../../../../hooks/queries/admin/roles/useRoles';
 export default function Registration() {
   const { t } = useTranslation();
   const { data: env } = useEnv();
-  const { data: siteSettings } = useSiteSettings(['RoleMapping', 'DefaultRole', 'ResyncOnLogin', 'RegistrationMethod']);
+  const { data: siteSettings } = useSiteSettings(['RoleMapping', 'DefaultRole', 'ResyncOnLogin', 'RegistrationMethod', 'AllowedDomains']);
   const { data: roles } = useRoles();
   const updateRegistrationMethod = useUpdateSiteSetting('RegistrationMethod');
   const updateDefaultRole = useUpdateSiteSetting('DefaultRole');
   const updateRoleMapping = useUpdateSiteSetting('RoleMapping');
+  const updateDomainSignUp = useUpdateSiteSetting('AllowedDomains');
 
   return (
     <>
@@ -99,6 +100,24 @@ export default function Registration() {
           </Button>
         </Stack>
       </Row>
+
+      <Row className="mb-3">
+        <strong> {t('admin.site_settings.registration.allowed_domains')} </strong>
+        <p className="text-muted">{t('admin.site_settings.registration.allowed_domains_signup_description')}</p>
+        <Stack direction="horizontal">
+          <input
+            className="form-control"
+            placeholder={t('admin.site_settings.registration.enter_allowed_domains_rule')}
+          />
+          <Button
+            variant="brand"
+            className="ms-2"
+            onClick={(e) => updateDomainSignUp.mutate({ value: e.target.previousSibling.value })}
+          >
+            {t('update')}
+          </Button>
+        </Stack>
+      </Row>
     </>
   );
 }
diff --git a/app/javascript/hooks/mutations/admin/site_settings/useUpdateSiteSetting.jsx b/app/javascript/hooks/mutations/admin/site_settings/useUpdateSiteSetting.jsx
@@ -63,6 +63,9 @@ export default function useUpdateSiteSetting(name) {
       case 'Maintenance':
         toast.success(t('toast.success.site_settings.maintenance_updated'));
         break;
+      case 'AllowedDomains':
+        toast.success(t('toast.success.site_settings.allowed_domains_signup_updated'));
+        break;
       default:
         toast.success(t('toast.success.site_settings.site_setting_updated'));
     }

diff --git a/app/services/big_blue_button_api.rb b/app/services/big_blue_button_api.rb
@@ -44,12 +44,13 @@ def start_meeting(room:, options: {}, presentation_url: nil)
     end
   end
 
-  def join_meeting(room:, role:, name: nil, avatar_url: nil)
+  def join_meeting(room:, role:, user_id:, name: nil, avatar_url: nil)
     bbb_server.join_meeting_url(
       room.meeting_id,
       name,
       '', # empty password -> use the role passed ing
       {
+        userId: user_id,
         role:,
         avatarURL: avatar_url,
         createTime: room.last_session&.to_datetime&.strftime('%Q')

diff --git a/app/services/meeting_starter.rb b/app/services/meeting_starter.rb
@@ -69,9 +69,11 @@ def computed_options(access_code:)
       logoutURL: room_url,
       meta_endCallbackUrl: meeting_ended_url(host: @base_url),
       'meta_bbb-recording-ready-url': recording_ready_url(host: @base_url),
-      'meta_bbb-origin-version': ENV.fetch('VERSION_TAG', 'v3'),
       'meta_bbb-origin': 'greenlight',
-      'meta_bbb-origin-server-name': URI(@base_url).host
+      'meta_bbb-origin-server-name': URI(@base_url).host,
+      'meta_bbb-origin-version': ENV.fetch('VERSION_TAG', 'v3'),
+      'meta_bbb-context-name': @room.name,
+      'meta_bbb-context-id': @room.friendly_id
     }
   end
 

diff --git a/app/services/tenant_setup.rb b/app/services/tenant_setup.rb
@@ -56,7 +56,8 @@ def create_site_settings
       { setting: Setting.find_by(name: 'DefaultRole'), provider: @provider, value: 'User' },
       { setting: Setting.find_by(name: 'DefaultRecordingVisibility'), provider: @provider, value: 'Published' },
       { setting: Setting.find_by(name: 'Maintenance'), provider: @provider, value: '' },
-      { setting: Setting.find_by(name: 'SessionTimeout'), provider: @provider, value: '1' }
+      { setting: Setting.find_by(name: 'SessionTimeout'), provider: @provider, value: '1' },
+      { setting: Setting.find_by(name: 'AllowedDomains'), value: '', provider: @provider }
     ]
   end
 

diff --git a/db/data/20240812210436_add_allowed_domains_to_site_settings.rb b/db/data/20240812210436_add_allowed_domains_to_site_settings.rb
@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+class AddAllowedDomainsToSiteSettings < ActiveRecord::Migration[7.1]
+  def up
+    setting = Setting.find_or_create_by(name: 'AllowedDomains')
+
+    SiteSetting.create!(setting:, value: '', provider: 'greenlight') unless SiteSetting.exists?(setting:, provider: 'greenlight')
+
+    Tenant.find_each do |tenant|
+      SiteSetting.create!(setting:, value: '', provider: tenant.name) unless SiteSetting.exists?(setting:, provider: tenant.name)
+    end
+  end
+
+  def down
+    Tenant.find_each do |tenant|
+      SiteSetting.find_by(setting: Setting.find_by(name: 'Maintenance'), provider: tenant.name)&.destroy
+    end
+
+    SiteSetting.find_by(setting: Setting.find_by(name: 'Maintenance'), provider: 'greenlight')&.destroy
+
+    Setting.find_by(name: 'AllowedDomains')&.destroy
+  end
+end
diff --git a/db/data_schema.rb b/db/data_schema.rb
@@ -1 +1 @@
-DataMigrate::Data.define(version: 20240423162700)
+DataMigrate::Data.define(version: 20240812210436)
diff --git a/spec/controllers/admin/tenants_controller_spec.rb b/spec/controllers/admin/tenants_controller_spec.rb
@@ -18,7 +18,7 @@
 
 require 'rails_helper'
 
-RSpec.describe Api::V1::Admin::TenantsController, type: :controller do
+RSpec.describe Api::V1::Admin::TenantsController do
   let(:user) { create(:user, :with_super_admin) }
   let(:valid_tenant_params) do
     {
@@ -146,6 +146,7 @@ def create_settings_permissions_meetingoptions
     Setting.find_or_create_by(name: 'HelpCenter')
     Setting.find_or_create_by(name: 'Maintenance')
     Setting.find_or_create_by(name: 'SessionTimeout')
+    Setting.find_or_create_by(name: 'AllowedDomains')
 
     Permission.find_or_create_by(name: 'CreateRoom')
     Permission.find_or_create_by(name: 'ManageUsers')