UsersController.signin() - Code Metrics - Inspection of "WIP - GRN2-6: Added the ability for admins to spec..." - bigbluebutton/greenlight - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Pull Request — master (#520)

by Ahmad

created 2019-05-14 20:35 UTC

UsersController.signin() A

↳ Parent: UsersController

Complexity

Conditions

Size

Total Lines

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
cc	1
c	0
b	0
f	0
dl	0
loc	2
rs	10

# frozen_string_literal: true

# BigBlueButton open source conferencing system - http://www.bigbluebutton.org/.
#
# Copyright (c) 2018 BigBlueButton Inc. and by respective authors (see below).
#
# This program is free software; you can redistribute it and/or modify it under the
# terms of the GNU Lesser General Public License as published by the Free Software
# Foundation; either version 3.0 of the License, or (at your option) any later
# version.
#
# BigBlueButton is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public License along
# with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.

class UsersController < ApplicationController
  include RecordingsHelper
  include Pagy::Backend
  include Emailer
  include Registrar

  before_action :find_user, only: [:edit, :update, :destroy]
  before_action :ensure_unauthenticated, only: [:new, :create]

  # POST /u
  def create
    # Verify that GreenLight is configured to allow user signup.
    return unless Rails.configuration.allow_user_signup

    @user = User.new(user_params)
    @user.provider = @user_domain

    # User or recpatcha is not valid
    render(:new) && return unless valid_user_or_captcha

    # User token is either invalid or expired
    return redirect_to root_path, flash: { alert: I18n.t("registration.invite.fail") } unless passes_invite_reqs

    @user.save

    # Sign in automatically if email verification is disabled or if user is already verified.
    login(@user) && return if !Rails.configuration.enable_email_verification || @user.email_verified

    send_verification

    redirect_to root_path
  end

  # GET /signin
  def signin
  end

  # GET /signup
  def new
    return redirect_to root_path unless Rails.configuration.allow_user_signup

    # Check if the user needs to be invited
    if invite_registration
      redirect_to root_path, flash: { alert: I18n.t("registration.invite.no_invite") } unless params[:invite_token]

      session[:invite_token] = params[:invite_token]
    end

    @user = User.new
  end

  # GET /u/:user_uid/edit
  def edit
    if current_user
      redirect_to current_user.main_room if @user != current_user && !current_user.admin_of?(@user)
    else
      redirect_to root_path
    end
  end

  # PATCH /u/:user_uid/edit
  def update
    if params[:setting] == "password"
      # Update the users password.
      errors = {}

      if @user.authenticate(user_params[:password])
        # Verify that the new passwords match.
        if user_params[:new_password] == user_params[:password_confirmation]
          @user.password = user_params[:new_password]
        else
          # New passwords don't match.
          errors[:password_confirmation] = "doesn't match"
        end
      else
        # Original password is incorrect, can't update.
        errors[:password] = "is incorrect"
      end

      if errors.empty? && @user.save
        # Notify the user that their account has been updated.
        flash[:success] = I18n.t("info_update_success")
        redirect_to edit_user_path(@user)
      else
        # Append custom errors.
        errors.each { |k, v| @user.errors.add(k, v) }
        render :edit, params: { settings: params[:settings] }
      end
    elsif user_params[:email] != @user.email && @user.update_attributes(user_params)
      @user.update_attributes(email_verified: false)
      flash[:success] = I18n.t("info_update_success")
      redirect_to edit_user_path(@user)
    elsif @user.update_attributes(user_params)
      update_locale(@user)
      flash[:success] = I18n.t("info_update_success")
      redirect_to edit_user_path(@user)
    else
      render :edit, params: { settings: params[:settings] }
    end
  end

  # DELETE /u/:user_uid
  def destroy
    if current_user && current_user == @user
      @user.destroy
      session.delete(:user_id)
    elsif current_user.admin_of?(@user)
      begin
        @user.destroy
      rescue => e
        logger.error "Error in user deletion: #{e}"
        flash[:alert] = I18n.t(params[:message], default: I18n.t("administrator.flash.delete_fail"))
      else
        flash[:success] = I18n.t("administrator.flash.delete")
      end
      redirect_to(admins_path) && return
    end
    redirect_to root_path
  end

  # GET /u/:user_uid/recordings
  def recordings
    if current_user && current_user.uid == params[:user_uid]
      @search, @order_column, @order_direction, recs =
        current_user.all_recordings(params.permit(:search, :column, :direction), true)
      @pagy, @recordings = pagy_array(recs)
    else
      redirect_to root_path
    end
  end

  # GET | POST /terms
  def terms
    redirect_to '/404' unless Rails.configuration.terms

    if params[:accept] == "true"
      current_user.update_attributes(accepted_terms: true)
      login(current_user)
    end
  end

  private

  def find_user
    @user = User.find_by!(uid: params[:user_uid])
  end

  def ensure_unauthenticated
    redirect_to current_user.main_room if current_user
  end

  def user_params
    params.require(:user).permit(:name, :email, :image, :password, :password_confirmation,
      :new_password, :provider, :accepted_terms, :language)
  end

  def send_verification
    # Start email verification and redirect to root.
    begin
      send_activation_email(@user)
    rescue => e
      logger.error "Error in email delivery: #{e}"
      flash[:alert] = I18n.t(params[:message], default: I18n.t("delivery_error"))
    else
      flash[:success] = I18n.t("email_sent", email_type: t("verify.verification"))
    end
  end

  # Add validation errors to model if they exist
  def valid_user_or_captcha
    valid_user = @user.valid?
    valid_captcha = Rails.configuration.recaptcha_enabled ? verify_recaptcha(model: @user) : true

    valid_user && valid_captcha
  end

  # Checks if the user passes the requirements to be invited
  def passes_invite_reqs
    # check if user needs to be invited and IS invited
    invitation = check_user_invited(@user.email, session[:invite_token], @user_domain)

    @user.email_verified = true if invitation[:verified]

    invitation[:present]
  end
end


1			# frozen_string_literal: true
2
3			# BigBlueButton open source conferencing system - http://www.bigbluebutton.org/.
4			#
5			# Copyright (c) 2018 BigBlueButton Inc. and by respective authors (see below).
6			#
7			# This program is free software; you can redistribute it and/or modify it under the
8			# terms of the GNU Lesser General Public License as published by the Free Software
9			# Foundation; either version 3.0 of the License, or (at your option) any later
10			# version.
11			#
12			# BigBlueButton is distributed in the hope that it will be useful, but WITHOUT ANY
13			# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
14			# PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
15			#
16			# You should have received a copy of the GNU Lesser General Public License along
17			# with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
18
19			class UsersController < ApplicationController
20			include RecordingsHelper
21			include Pagy::Backend
22			include Emailer
23			include Registrar
24
25			before_action :find_user, only: [:edit, :update, :destroy]
26			before_action :ensure_unauthenticated, only: [:new, :create]
27
28			# POST /u
29			def create
30			# Verify that GreenLight is configured to allow user signup.
31			return unless Rails.configuration.allow_user_signup
32
33			@user = User.new(user_params)
34			@user.provider = @user_domain
35
36			# User or recpatcha is not valid
37			render(:new) && return unless valid_user_or_captcha
38
39			# User token is either invalid or expired
40			return redirect_to root_path, flash: { alert: I18n.t("registration.invite.fail") } unless passes_invite_reqs
41
42			@user.save
43
44			# Sign in automatically if email verification is disabled or if user is already verified.
45			login(@user) && return if !Rails.configuration.enable_email_verification \|\| @user.email_verified
46
47			send_verification
48
49			redirect_to root_path
50			end
51
52			# GET /signin
53			def signin
54			end
55
56			# GET /signup
57			def new
58			return redirect_to root_path unless Rails.configuration.allow_user_signup
59
60			# Check if the user needs to be invited
61			if invite_registration
62			redirect_to root_path, flash: { alert: I18n.t("registration.invite.no_invite") } unless params[:invite_token]
63
64			session[:invite_token] = params[:invite_token]
65			end
66
67			@user = User.new
68			end
69
70			# GET /u/:user_uid/edit
71			def edit
72			if current_user
73			redirect_to current_user.main_room if @user != current_user && !current_user.admin_of?(@user)
74			else
75			redirect_to root_path
76			end
77			end
78
79			# PATCH /u/:user_uid/edit
80			def update
81			if params[:setting] == "password"
82			# Update the users password.
83			errors = {}
84
85			if @user.authenticate(user_params[:password])
86			# Verify that the new passwords match.
87			if user_params[:new_password] == user_params[:password_confirmation]
88			@user.password = user_params[:new_password]
89			else
90			# New passwords don't match.
91			errors[:password_confirmation] = "doesn't match"
92			end
93			else
94			# Original password is incorrect, can't update.
95			errors[:password] = "is incorrect"
96			end
97
98			if errors.empty? && @user.save
99			# Notify the user that their account has been updated.
100			flash[:success] = I18n.t("info_update_success")
101			redirect_to edit_user_path(@user)
102			else
103			# Append custom errors.
104			errors.each { \|k, v\| @user.errors.add(k, v) }
105			render :edit, params: { settings: params[:settings] }
106			end
107			elsif user_params[:email] != @user.email && @user.update_attributes(user_params)
108			@user.update_attributes(email_verified: false)
109			flash[:success] = I18n.t("info_update_success")
110			redirect_to edit_user_path(@user)
111			elsif @user.update_attributes(user_params)
112			update_locale(@user)
113			flash[:success] = I18n.t("info_update_success")
114			redirect_to edit_user_path(@user)
115			else
116			render :edit, params: { settings: params[:settings] }
117			end
118			end
119
120			# DELETE /u/:user_uid
121			def destroy
122			if current_user && current_user == @user
123			@user.destroy
124			session.delete(:user_id)
125			elsif current_user.admin_of?(@user)
126			begin
127			@user.destroy
128			rescue => e
129			logger.error "Error in user deletion: #{e}"
130			flash[:alert] = I18n.t(params[:message], default: I18n.t("administrator.flash.delete_fail"))
131			else
132			flash[:success] = I18n.t("administrator.flash.delete")
133			end
134			redirect_to(admins_path) && return
135			end
136			redirect_to root_path
137			end
138
139			# GET /u/:user_uid/recordings
140			def recordings
141			if current_user && current_user.uid == params[:user_uid]
142			@search, @order_column, @order_direction, recs =
143			current_user.all_recordings(params.permit(:search, :column, :direction), true)
144			@pagy, @recordings = pagy_array(recs)
145			else
146			redirect_to root_path
147			end
148			end
149
150			# GET \| POST /terms
151			def terms
152			redirect_to '/404' unless Rails.configuration.terms
153
154			if params[:accept] == "true"
155			current_user.update_attributes(accepted_terms: true)
156			login(current_user)
157			end
158			end
159
160			private
161
162			def find_user
163			@user = User.find_by!(uid: params[:user_uid])
164			end
165
166			def ensure_unauthenticated
167			redirect_to current_user.main_room if current_user
168			end
169
170			def user_params
171			params.require(:user).permit(:name, :email, :image, :password, :password_confirmation,
172			:new_password, :provider, :accepted_terms, :language)
173			end
174
175			def send_verification
176			# Start email verification and redirect to root.
177			begin
178			send_activation_email(@user)
179			rescue => e
180			logger.error "Error in email delivery: #{e}"
181			flash[:alert] = I18n.t(params[:message], default: I18n.t("delivery_error"))
182			else
183			flash[:success] = I18n.t("email_sent", email_type: t("verify.verification"))
184			end
185			end
186
187			# Add validation errors to model if they exist
188			def valid_user_or_captcha
189			valid_user = @user.valid?
190			valid_captcha = Rails.configuration.recaptcha_enabled ? verify_recaptcha(model: @user) : true
191
192			valid_user && valid_captcha
193			end
194
195			# Checks if the user passes the requirements to be invited
196			def passes_invite_reqs
197			# check if user needs to be invited and IS invited
198			invitation = check_user_invited(@user.email, session[:invite_token], @user_domain)
199
200			@user.email_verified = true if invitation[:verified]
201
202			invitation[:present]
203			end
204			end
205

bigbluebutton / greenlight

GitHub Access Token became invalid

Pull Request — master (#520)

UsersController.signin() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like