ExternalApplicationsController.add_allow_credentials_headers() - Code Metrics - Inspection of "Add web extension support" - bigbluebutton/greenlight - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Pull Request — master (#889)

by Amy

created 2019-12-06 21:31 UTC

add_allow_credentials_headers() A

↳ Parent: ExternalApplicationsController

Complexity

Conditions

Size

Total Lines

Duplication

Lines	0
Ratio	0 %

Importance

Changes	3
Bugs	2	Features	1

Metric	Value
cc	1
c	3
b	2
f	1
dl	0
loc	6
rs	10

# frozen_string_literal: true

# BigBlueButton open source conferencing system - http://www.bigbluebutton.org/.
#
# Copyright (c) 2018 BigBlueButton Inc. and by respective authors (see below).
#
# This program is free software; you can redistribute it and/or modify it under the
# terms of the GNU Lesser General Public License as published by the Free Software
# Foundation; either version 3.0 of the License, or (at your option) any later
# version.
#
# BigBlueButton is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public License along
# with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.

require 'net/http'

class ExternalApplicationsController < ApplicationController

  skip_before_action :verify_authenticity_token, only: [:start, :http_options]
  before_action :token_to_omniauth_user, only: [:start]
  before_action :set_user, only: [:start]
  before_action :set_server_url, only: [:start]

  # POST /external_applications/start
  def start
    add_allow_credentials_headers
    respond_to do |format|
      format.json {
        render json: { server_url: @server_url, code: @oauth_response_code }
      }
    end
  end

  # OPTIONS /external_applications/start
  def http_options
    add_allow_credentials_headers
    head :ok
  end

  # GET /external_applications/auto_close
  def auto_close
  end

  private

  def add_allow_credentials_headers
    # TODO: allow only headers stored internally
    response.headers['Access-Control-Allow-Origin'] = request.headers['Origin'] || '*'
    response.headers['Access-Control-Allow-Credentials'] = 'true'
    response.headers['Access-Control-Allow-Headers'] = 'accept, content-type'
  end 

  def token_to_omniauth_user
    token = params[:oauth_token]
    if token.present?
      uri = URI.parse("https://www.googleapis.com/oauth2/v1/userinfo?alt=json&access_token=" + token)
      http = Net::HTTP.new(uri.host, uri.port)
      http.use_ssl = true

      request = Net::HTTP::Get.new(uri.request_uri)
      request.add_field 'Authorization', 'Bearer ' + token
      request['Accept'] = 'application/json'
      request.body = nil
        
      response = http.request(request)

      @oauth_response_code = response.code.to_i
      @omniauth_user = JSON.parse(response.body)
    else
      @oauth_response_code = 500
    end
  end

  def set_user
    if @oauth_response_code == 200
      @auth = {
        'provider' => 'google',
        'uid' => @omniauth_user['id'],
        'info' => @omniauth_user,
      }
      @auth['info']['image'] = @omniauth_user['picture']
      @user = User.from_omniauth(@auth)
    end
  end

  def set_server_url
    if @oauth_response_code == 200
      @room = @user.main_room
      @server_url = @room.join_path(@user.name, room_opts, @user.uid)
    elsif @oauth_response_code == 500
      @server_url = internal_error_url
    else
      @server_url = unauthorized_url
    end
  end

  def room_opts
    # Join the user in and start the meeting.
    opts = default_meeting_options
    opts[:user_is_moderator] = true
    opts[:meeting_logout_url] = auto_close_url

    # Include the user's choices for the room settings
    room_settings = JSON.parse(@room[:room_settings])
    opts[:mute_on_start] = room_settings["muteOnStart"] if room_settings["muteOnStart"]
    opts[:require_moderator_approval] = room_settings["requireModeratorApproval"]
    opts
  end
end


1			# frozen_string_literal: true
2
3			# BigBlueButton open source conferencing system - http://www.bigbluebutton.org/.
4			#
5			# Copyright (c) 2018 BigBlueButton Inc. and by respective authors (see below).
6			#
7			# This program is free software; you can redistribute it and/or modify it under the
8			# terms of the GNU Lesser General Public License as published by the Free Software
9			# Foundation; either version 3.0 of the License, or (at your option) any later
10			# version.
11			#
12			# BigBlueButton is distributed in the hope that it will be useful, but WITHOUT ANY
13			# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
14			# PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
15			#
16			# You should have received a copy of the GNU Lesser General Public License along
17			# with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
18
19			require 'net/http'
20
21			class ExternalApplicationsController < ApplicationController
22
23			skip_before_action :verify_authenticity_token, only: [:start, :http_options]
24			before_action :token_to_omniauth_user, only: [:start]
25			before_action :set_user, only: [:start]
26			before_action :set_server_url, only: [:start]
27
28			# POST /external_applications/start
29			def start
30			add_allow_credentials_headers
31			respond_to do \|format\|
32			format.json {
33			render json: { server_url: @server_url, code: @oauth_response_code }
34			}
35			end
36			end
37
38			# OPTIONS /external_applications/start
39			def http_options
40			add_allow_credentials_headers
41			head :ok
42			end
43
44			# GET /external_applications/auto_close
45			def auto_close
46			end
47
48			private
49
50			def add_allow_credentials_headers
51			# TODO: allow only headers stored internally
52			response.headers['Access-Control-Allow-Origin'] = request.headers['Origin'] \|\| '*'
53			response.headers['Access-Control-Allow-Credentials'] = 'true'
54			response.headers['Access-Control-Allow-Headers'] = 'accept, content-type'
55			end
56
57			def token_to_omniauth_user
58			token = params[:oauth_token]
59			if token.present?
60			uri = URI.parse("https://www.googleapis.com/oauth2/v1/userinfo?alt=json&access_token=" + token)
61			http = Net::HTTP.new(uri.host, uri.port)
62			http.use_ssl = true
63
64			request = Net::HTTP::Get.new(uri.request_uri)
65			request.add_field 'Authorization', 'Bearer ' + token
66			request['Accept'] = 'application/json'
67			request.body = nil
68
69			response = http.request(request)
70
71			@oauth_response_code = response.code.to_i
72			@omniauth_user = JSON.parse(response.body)
73			else
74			@oauth_response_code = 500
75			end
76			end
77
78			def set_user
79			if @oauth_response_code == 200
80			@auth = {
81			'provider' => 'google',
82			'uid' => @omniauth_user['id'],
83			'info' => @omniauth_user,
84			}
85			@auth['info']['image'] = @omniauth_user['picture']
86			@user = User.from_omniauth(@auth)
87			end
88			end
89
90			def set_server_url
91			if @oauth_response_code == 200
92			@room = @user.main_room
93			@server_url = @room.join_path(@user.name, room_opts, @user.uid)
94			elsif @oauth_response_code == 500
95			@server_url = internal_error_url
96			else
97			@server_url = unauthorized_url
98			end
99			end
100
101			def room_opts
102			# Join the user in and start the meeting.
103			opts = default_meeting_options
104			opts[:user_is_moderator] = true
105			opts[:meeting_logout_url] = auto_close_url
106
107			# Include the user's choices for the room settings
108			room_settings = JSON.parse(@room[:room_settings])
109			opts[:mute_on_start] = room_settings["muteOnStart"] if room_settings["muteOnStart"]
110			opts[:require_moderator_approval] = room_settings["requireModeratorApproval"]
111			opts
112			end
113			end
114

bigbluebutton / greenlight

GitHub Access Token became invalid

Pull Request — master (#889)

add_allow_credentials_headers() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like