SessionsController.check_user_signup_allowed() - Code Metrics - Inspection of "GRN2-196: Fixed issues that scrutinizer is complai..." - bigbluebutton/greenlight - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Pull Request — v2.4-alpha (#765)

by Ahmad

created 2019-08-26 19:18 UTC

SessionsController.check_user_signup_allowed() A

↳ Parent: SessionsController

Complexity

Conditions

Size

Total Lines

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
cc	2
dl	0
loc	3
rs	10
c	0
b	0
f	0

# frozen_string_literal: true

# BigBlueButton open source conferencing system - http://www.bigbluebutton.org/.
#
# Copyright (c) 2018 BigBlueButton Inc. and by respective authors (see below).
#
# This program is free software; you can redistribute it and/or modify it under the
# terms of the GNU Lesser General Public License as published by the Free Software
# Foundation; either version 3.0 of the License, or (at your option) any later
# version.
#
# BigBlueButton is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public License along
# with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.

class SessionsController < ApplicationController
  include Authenticator
  include Registrar
  include Emailer
  include LdapAuthenticator

  skip_before_action :verify_authenticity_token, only: [:omniauth, :fail]
  before_action :check_user_signup_allowed, only: [:new]
  before_action :ensure_unauthenticated_except_twitter, only: [:new, :signin]

  # GET /signin
  def signin
    check_if_twitter_account

    providers = configured_providers
    if one_provider
      provider_path = if Rails.configuration.omniauth_ldap
        ldap_signin_path
      else
        "#{Rails.configuration.relative_url_root}/auth/#{providers.first}"
      end

      return redirect_to provider_path
    end
  end

  # GET /ldap_signin
  def ldap_signin
  end

  # GET /signup
  def new
    # Check if the user needs to be invited
    if invite_registration
      redirect_to root_path, flash: { alert: I18n.t("registration.invite.no_invite") } unless params[:invite_token]

      session[:invite_token] = params[:invite_token]
    end

    check_if_twitter_account(true)

    @user = User.new
  end

  # POST /users/login
  def create
    logger.info "Support: #{session_params[:email]} is attempting to login."

    admin = User.find_by(email: session_params[:email])
    if admin&.has_role? :super_admin
      user = admin
    else
      user = User.find_by(email: session_params[:email], provider: @user_domain)
      redirect_to(signin_path, alert: I18n.t("invalid_credentials")) && return unless user
      redirect_to(root_path, alert: I18n.t("invalid_login_method")) && return unless user.greenlight_account?
      redirect_to(account_activation_path(email: user.email)) && return unless user.activated?
    end
    redirect_to(signin_path, alert: I18n.t("invalid_credentials")) && return unless user.try(:authenticate,
      session_params[:password])

    login(user)
  end

  # GET /users/logout
  def destroy
    logout
    redirect_to root_path
  end

  # GET/POST /auth/:provider/callback
  def omniauth
    @auth = request.env['omniauth.auth']

    begin
      process_signin
    rescue => e
      logger.error "Error authenticating via omniauth: #{e}"
      omniauth_fail
    end
  end

  # POST /auth/failure
  def omniauth_fail
    if params[:message].nil?
      redirect_to root_path, alert: I18n.t("omniauth_error")
    else
      redirect_to root_path, alert: I18n.t("omniauth_specific_error", error: params["message"])
    end
  end

  # GET /auth/ldap
  def ldap
    ldap_config = {}
    ldap_config[:host] = ENV['LDAP_SERVER']
    ldap_config[:port] = ENV['LDAP_PORT'].to_i != 0 ? ENV['LDAP_PORT'].to_i : 389
    ldap_config[:bind_dn] = ENV['LDAP_BIND_DN']
    ldap_config[:password] = ENV['LDAP_PASSWORD']
    ldap_config[:encryption] = if ENV['LDAP_METHOD'] == 'ssl'
                                    'simple_tls'
                                elsif ENV['LDAP_METHOD'] == 'tls'
                                    'start_tls'
                                end
    ldap_config[:base] = ENV['LDAP_BASE']
    ldap_config[:uid] = ENV['LDAP_UID']

    result = send_ldap_request(params[:session], ldap_config)

    return redirect_to(ldap_signin_path, alert: I18n.t("invalid_credentials")) unless result

    @auth = parse_auth(result.first, ENV['LDAP_ROLE_FIELD'])

    begin
      process_signin
    rescue => e
      logger.error "Support: Error authenticating via omniauth: #{e}"
      omniauth_fail
    end
  end

  private

  # Verify that GreenLight is configured to allow user signup.
  def check_user_signup_allowed
    redirect_to root_path unless Rails.configuration.allow_user_signup
  end

  def session_params
    params.require(:session).permit(:email, :password)
  end

  def one_provider
    (!allow_user_signup? || !allow_greenlight_accounts?) && providers.count == 1 &&
      !Rails.configuration.loadbalanced_configuration
  end

  def check_user_exists
    provider = @auth['provider'] == "bn_launcher" ? @auth['info']['customer'] : @auth['provider']
    User.exists?(social_uid: @auth['uid'], provider: provider)
  end

  # Check if the user already exists, if not then check for invitation
  def passes_invite_reqs
    return true if @user_exists

    invitation = check_user_invited("", session[:invite_token], @user_domain)
    invitation[:present]
  end

  def process_signin
    @user_exists = check_user_exists

    if !@user_exists && @auth['provider'] == "twitter"
      return redirect_to root_path, flash: { alert: I18n.t("registration.deprecated.twitter_signup") }
    end

    # If using invitation registration method, make sure user is invited
    return redirect_to root_path, flash: { alert: I18n.t("registration.invite.no_invite") } unless passes_invite_reqs


    user = User.from_omniauth(@auth)

    logger.info "Support: Auth user #{user.email} is attempting to login."

    # Add pending role if approval method and is a new user
    if approval_registration && !@user_exists
      user.add_role :pending

      # Inform admins that a user signed up if emails are turned on
      send_approval_user_signup_email(user)

      return redirect_to root_path, flash: { success: I18n.t("registration.approval.signup") }
    end

    send_invite_user_signup_email(user) if invite_registration && !@user_exists

    login(user)

    if @auth['provider'] == "twitter"
      flash[:alert] = if allow_user_signup? && allow_greenlight_accounts?
        I18n.t("registration.deprecated.twitter_signin", link: signup_path(old_twitter_user_id: user.id))
      else
        I18n.t("registration.deprecated.twitter_signin", link: signin_path(old_twitter_user_id: user.id))
      end
    end
  end
end


1		# frozen_string_literal: true
2
3		# BigBlueButton open source conferencing system - http://www.bigbluebutton.org/.
4		#
5		# Copyright (c) 2018 BigBlueButton Inc. and by respective authors (see below).
6		#
7		# This program is free software; you can redistribute it and/or modify it under the
8		# terms of the GNU Lesser General Public License as published by the Free Software
9		# Foundation; either version 3.0 of the License, or (at your option) any later
10		# version.
11		#
12		# BigBlueButton is distributed in the hope that it will be useful, but WITHOUT ANY
13		# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
14		# PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
15		#
16		# You should have received a copy of the GNU Lesser General Public License along
17		# with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
18
19		class SessionsController < ApplicationController
20		include Authenticator
21		include Registrar
22		include Emailer
23		include LdapAuthenticator
24
25		skip_before_action :verify_authenticity_token, only: [:omniauth, :fail]
26		before_action :check_user_signup_allowed, only: [:new]
27		before_action :ensure_unauthenticated_except_twitter, only: [:new, :signin]
28
29		# GET /signin
30		def signin
31		check_if_twitter_account
32
33		providers = configured_providers
34		if one_provider
35		provider_path = if Rails.configuration.omniauth_ldap
36		ldap_signin_path
37		else
38		"#{Rails.configuration.relative_url_root}/auth/#{providers.first}"
39		end
40
41		return redirect_to provider_path
42		end
43		end
44
45		# GET /ldap_signin
46		def ldap_signin
47		end
48
49		# GET /signup
50		def new
51		# Check if the user needs to be invited
52		if invite_registration
53		redirect_to root_path, flash: { alert: I18n.t("registration.invite.no_invite") } unless params[:invite_token]
54
55		session[:invite_token] = params[:invite_token]
56		end
57
58		check_if_twitter_account(true)
59
60		@user = User.new
61		end
62
63		# POST /users/login
64		def create
65		logger.info "Support: #{session_params[:email]} is attempting to login."
66
67		admin = User.find_by(email: session_params[:email])
68		if admin&.has_role? :super_admin
69		user = admin
70		else
71		user = User.find_by(email: session_params[:email], provider: @user_domain)
72		redirect_to(signin_path, alert: I18n.t("invalid_credentials")) && return unless user
73		redirect_to(root_path, alert: I18n.t("invalid_login_method")) && return unless user.greenlight_account?
74		redirect_to(account_activation_path(email: user.email)) && return unless user.activated?
75		end
76		redirect_to(signin_path, alert: I18n.t("invalid_credentials")) && return unless user.try(:authenticate,
77		session_params[:password])
78
79		login(user)
80		end
81
82		# GET /users/logout
83		def destroy
84		logout
85		redirect_to root_path
86		end
87
88		# GET/POST /auth/:provider/callback
89		def omniauth
90		@auth = request.env['omniauth.auth']
91
92		begin
93		process_signin
94		rescue => e
95		logger.error "Error authenticating via omniauth: #{e}"
96		omniauth_fail
97		end
98		end
99
100		# POST /auth/failure
101		def omniauth_fail
102		if params[:message].nil?
103		redirect_to root_path, alert: I18n.t("omniauth_error")
104		else
105		redirect_to root_path, alert: I18n.t("omniauth_specific_error", error: params["message"])
106		end
107		end
108
109		# GET /auth/ldap
110		def ldap
111		ldap_config = {}
112		ldap_config[:host] = ENV['LDAP_SERVER']
113		ldap_config[:port] = ENV['LDAP_PORT'].to_i != 0 ? ENV['LDAP_PORT'].to_i : 389
114		ldap_config[:bind_dn] = ENV['LDAP_BIND_DN']
115		ldap_config[:password] = ENV['LDAP_PASSWORD']
116		ldap_config[:encryption] = if ENV['LDAP_METHOD'] == 'ssl'
117		'simple_tls'
118		elsif ENV['LDAP_METHOD'] == 'tls'
119		'start_tls'
120		end
121		ldap_config[:base] = ENV['LDAP_BASE']
122		ldap_config[:uid] = ENV['LDAP_UID']
123
124		result = send_ldap_request(params[:session], ldap_config)
125
126		return redirect_to(ldap_signin_path, alert: I18n.t("invalid_credentials")) unless result
127
128		@auth = parse_auth(result.first, ENV['LDAP_ROLE_FIELD'])
129
130		begin
131		process_signin
132		rescue => e
133		logger.error "Support: Error authenticating via omniauth: #{e}"
134		omniauth_fail
135		end
136		end
137
138		private
139
140		# Verify that GreenLight is configured to allow user signup.
141		def check_user_signup_allowed
142		redirect_to root_path unless Rails.configuration.allow_user_signup
143		end
144
145		def session_params
146		params.require(:session).permit(:email, :password)
147		end
148
149		def one_provider
150		(!allow_user_signup? \|\| !allow_greenlight_accounts?) && providers.count == 1 &&
151		!Rails.configuration.loadbalanced_configuration
152		end
153
154		def check_user_exists
155		provider = @auth['provider'] == "bn_launcher" ? @auth['info']['customer'] : @auth['provider']
156		User.exists?(social_uid: @auth['uid'], provider: provider)
157		end
158
159		# Check if the user already exists, if not then check for invitation
160		def passes_invite_reqs
161		return true if @user_exists
162
163		invitation = check_user_invited("", session[:invite_token], @user_domain)
164		invitation[:present]
165		end
166
167		def process_signin
168		@user_exists = check_user_exists
169
170		if !@user_exists && @auth['provider'] == "twitter"
171		return redirect_to root_path, flash: { alert: I18n.t("registration.deprecated.twitter_signup") }
172		end
173
174		# If using invitation registration method, make sure user is invited
175	View Code Duplication	return redirect_to root_path, flash: { alert: I18n.t("registration.invite.no_invite") } unless passes_invite_reqs
		0 ignored issues – show Duplication introduced 2019-05-16 21:00 UTC by Report Bug Copy Issue Report This code seems to be duplicated in your project. Loading history...
176
177		user = User.from_omniauth(@auth)
178
179		logger.info "Support: Auth user #{user.email} is attempting to login."
180
181		# Add pending role if approval method and is a new user
182		if approval_registration && !@user_exists
183		user.add_role :pending
184
185		# Inform admins that a user signed up if emails are turned on
186		send_approval_user_signup_email(user)
187
188		return redirect_to root_path, flash: { success: I18n.t("registration.approval.signup") }
189		end
190
191		send_invite_user_signup_email(user) if invite_registration && !@user_exists
192
193		login(user)
194
195		if @auth['provider'] == "twitter"
196		flash[:alert] = if allow_user_signup? && allow_greenlight_accounts?
197		I18n.t("registration.deprecated.twitter_signin", link: signup_path(old_twitter_user_id: user.id))
198		else
199		I18n.t("registration.deprecated.twitter_signin", link: signin_path(old_twitter_user_id: user.id))
200		end
201		end
202		end
203		end
204

bigbluebutton / greenlight

GitHub Access Token became invalid

Pull Request — v2.4-alpha (#765)

SessionsController.check_user_signup_allowed() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like