Issues in application_controller.rb (master) - Issues in master - bigbluebutton/greenlight - Measure and Improve Code Quality continuously with Scrutinizer

Issues (27)

app/controllers/application_controller.rb (1 issue)

Labels

Duplication 1

Severity

Informational 1

# frozen_string_literal: true

# BigBlueButton open source conferencing system - http://www.bigbluebutton.org/.
#
# Copyright (c) 2018 BigBlueButton Inc. and by respective authors (see below).
#
# This program is free software; you can redistribute it and/or modify it under the
# terms of the GNU Lesser General Public License as published by the Free Software
# Foundation; either version 3.0 of the License, or (at your option) any later
# version.
#
# BigBlueButton is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public License along
# with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.

class ApplicationController < ActionController::Base
  include BbbServer

  before_action :redirect_to_https, :set_user_domain, :set_user_settings, :maintenance_mode?, :migration_error?,
    :user_locale, :check_admin_password, :check_user_role

  # Manually handle BigBlueButton errors
  rescue_from BigBlueButton::BigBlueButtonException, with: :handle_bigbluebutton_error

  protect_from_forgery with: :exceptions

  # Retrieves the current user.
  def current_user
    @current_user ||= User.where(id: session[:user_id]).includes(:roles).first

    if Rails.configuration.loadbalanced_configuration
      if @current_user && !@current_user.has_role?(:super_admin) &&
         @current_user.provider != @user_domain
        @current_user = nil
        session.clear
      end
    end

    @current_user
  end
  helper_method :current_user

  def bbb_server
    @bbb_server ||= Rails.configuration.loadbalanced_configuration ? bbb(@user_domain) : bbb("greenlight")
  end

  # Force SSL
  def redirect_to_https
    if Rails.configuration.loadbalanced_configuration && request.headers["X-Forwarded-Proto"] == "http"
      redirect_to protocol: "https://"
    end
  end

  # Sets the user domain variable
  def set_user_domain
    if Rails.env.test? || !Rails.configuration.loadbalanced_configuration
      @user_domain = "greenlight"
    else
      @user_domain = parse_user_domain(request.host)

      check_provider_exists
    end
  end

  # Sets the settinfs variable
  def set_user_settings
    @settings = Setting.find_or_create_by(provider: @user_domain)
  end

  # Redirects the user to a Maintenance page if turned on
  def maintenance_mode?
    if ENV["MAINTENANCE_MODE"] == "true"
      render "errors/greenlight_error", status: 503, formats: :html,
        locals: {
          status_code: 503,
          message: I18n.t("errors.maintenance.message"),
          help: I18n.t("errors.maintenance.help"),
        }
    end
    if Rails.configuration.maintenance_window.present?
      unless cookies[:maintenance_window] == Rails.configuration.maintenance_window
        flash.now[:maintenance] = I18n.t("maintenance.window_alert", date: Rails.configuration.maintenance_window)
      end
    end
  end

  # Show an information page when migration fails and there is a version error.
  def migration_error?
    render :migration_error, status: 500 unless ENV["DB_MIGRATE_FAILED"].blank?
  end

  # Sets the appropriate locale.
  def user_locale(user = current_user)
    locale = if user && user.language != 'default'
      user.language
    else
      http_accept_language.language_region_compatible_from(I18n.available_locales)
    end

    begin
      I18n.locale = locale.tr('-', '_') unless locale.nil?
    rescue
      # Default to English if there are any issues in language
      logger.error("Support: User locale is not supported (#{locale}")
      I18n.locale = "en"
    end
  end

  # Checks to make sure that the admin has changed his password from the default
  def check_admin_password
    if current_user&.has_role?(:admin) && current_user.email == "[email protected]" &&
       current_user&.greenlight_account? && current_user&.authenticate(Rails.configuration.admin_password_default)

      flash.now[:alert] = I18n.t("default_admin",
        edit_link: edit_user_path(user_uid: current_user.uid) + "?setting=password").html_safe
    end
  end

  # Checks if the user is banned and logs him out if he is
  def check_user_role
    if current_user&.has_role? :denied
      session.delete(:user_id)
      redirect_to root_path, flash: { alert: I18n.t("registration.banned.fail") }
    elsif current_user&.has_role? :pending
      session.delete(:user_id)
      redirect_to root_path, flash: { alert: I18n.t("registration.approval.fail") }
    end
  end

  # Relative root helper (when deploying to subdirectory).
  def relative_root
    Rails.configuration.relative_url_root || ""
  end
  helper_method :relative_root

  # Determines if the BigBlueButton endpoint is configured (or set to default).
  def bigbluebutton_endpoint_default?
    return false if Rails.configuration.loadbalanced_configuration
    Rails.configuration.bigbluebutton_endpoint_default == Rails.configuration.bigbluebutton_endpoint
  end
  helper_method :bigbluebutton_endpoint_default?

  def allow_greenlight_accounts?
    return Rails.configuration.allow_user_signup unless Rails.configuration.loadbalanced_configuration
    return false unless @user_domain && !@user_domain.empty? && Rails.configuration.allow_user_signup
    return false if @user_domain == "greenlight"
    # Proceed with retrieving the provider info
    begin
      provider_info = retrieve_provider_info(@user_domain, 'api2', 'getUserGreenlightCredentials')
      provider_info['provider'] == 'greenlight'
    rescue => e
      logger.error "Error in checking if greenlight accounts are allowed: #{e}"
      false
    end
  end
  helper_method :allow_greenlight_accounts?

  # Determine if Greenlight is configured to allow user signups.
  def allow_user_signup?
    Rails.configuration.allow_user_signup
  end
  helper_method :allow_user_signup?

  # Gets all configured omniauth providers.
  def configured_providers
    Rails.configuration.providers.select do |provider|
      Rails.configuration.send("omniauth_#{provider}")
    end
  end
  helper_method :configured_providers

  # Parses the url for the user domain
  def parse_user_domain(hostname)

    return hostname.split('.').first if Rails.configuration.url_host.empty?
    Rails.configuration.url_host.split(',').each do |url_host|
      return hostname.chomp(url_host).chomp('.') if hostname.include?(url_host)
    end
    ''
  end

  # Include user domain in lograge logs
  def append_info_to_payload(payload)
    super
    payload[:host] = @user_domain
  end

  # Manually Handle BigBlueButton errors
  def handle_bigbluebutton_error
    render "errors/bigbluebutton_error"
  end

  # Manually deal with 401 errors
  rescue_from CanCan::AccessDenied do |_exception|
    render "errors/greenlight_error"
  end

  private

  def check_provider_exists
    # Checks to see if the user exists
    begin
      # Check if the session has already checked that the user exists
      # and return true if they did for this domain
      return if session[:provider_exists] == @user_domain

      retrieve_provider_info(@user_domain, 'api2', 'getUserGreenlightCredentials')

      # Add a session variable if the provider exists
      session[:provider_exists] = @user_domain
    rescue => e
      logger.error "Error in retrieve provider info: #{e}"
      # Use the default site settings
      @user_domain = "greenlight"

      if e.message.eql? "No user with that id exists"
        render "errors/greenlight_error", locals: { message: I18n.t("errors.not_found.user_not_found.message"),
          help: I18n.t("errors.not_found.user_not_found.help") }
      elsif e.message.eql? "Provider not included."
        render "errors/greenlight_error", locals: { message: I18n.t("errors.not_found.user_missing.message"),
          help: I18n.t("errors.not_found.user_missing.help") }
      elsif e.message.eql? "That user has no configured provider."
        render "errors/greenlight_error", locals: { status_code: 501,
          message: I18n.t("errors.no_provider.message"),
          help: I18n.t("errors.no_provider.help") }
      else
        render "errors/greenlight_error", locals: { status_code: 500, message: I18n.t("errors.internal.message"),
          help: I18n.t("errors.internal.help"), display_back: true }
      end
    end
  end
end


GitHub Access Token became invalid

Issues (27)

app/controllers/application_controller.rb (1 issue)

Labels

Severity

Introduced By

1		# frozen_string_literal: true
2
3		# BigBlueButton open source conferencing system - http://www.bigbluebutton.org/.
4		#
5		# Copyright (c) 2018 BigBlueButton Inc. and by respective authors (see below).
6		#
7		# This program is free software; you can redistribute it and/or modify it under the
8		# terms of the GNU Lesser General Public License as published by the Free Software
9		# Foundation; either version 3.0 of the License, or (at your option) any later
10		# version.
11		#
12		# BigBlueButton is distributed in the hope that it will be useful, but WITHOUT ANY
13		# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
14		# PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
15		#
16		# You should have received a copy of the GNU Lesser General Public License along
17		# with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
18
19		class ApplicationController < ActionController::Base
20		include BbbServer
21
22		before_action :redirect_to_https, :set_user_domain, :set_user_settings, :maintenance_mode?, :migration_error?,
23		:user_locale, :check_admin_password, :check_user_role
24
25		# Manually handle BigBlueButton errors
26		rescue_from BigBlueButton::BigBlueButtonException, with: :handle_bigbluebutton_error
27
28		protect_from_forgery with: :exceptions
29
30		# Retrieves the current user.
31		def current_user
32		@current_user \|\|= User.where(id: session[:user_id]).includes(:roles).first
33
34		if Rails.configuration.loadbalanced_configuration
35		if @current_user && !@current_user.has_role?(:super_admin) &&
36		@current_user.provider != @user_domain
37		@current_user = nil
38		session.clear
39		end
40		end
41
42		@current_user
43		end
44		helper_method :current_user
45
46		def bbb_server
47		@bbb_server \|\|= Rails.configuration.loadbalanced_configuration ? bbb(@user_domain) : bbb("greenlight")
48		end
49
50		# Force SSL
51		def redirect_to_https
52		if Rails.configuration.loadbalanced_configuration && request.headers["X-Forwarded-Proto"] == "http"
53		redirect_to protocol: "https://"
54		end
55		end
56
57		# Sets the user domain variable
58		def set_user_domain
59		if Rails.env.test? \|\| !Rails.configuration.loadbalanced_configuration
60		@user_domain = "greenlight"
61		else
62		@user_domain = parse_user_domain(request.host)
63
64		check_provider_exists
65		end
66		end
67
68		# Sets the settinfs variable
69		def set_user_settings
70		@settings = Setting.find_or_create_by(provider: @user_domain)
71		end
72
73		# Redirects the user to a Maintenance page if turned on
74		def maintenance_mode?
75		if ENV["MAINTENANCE_MODE"] == "true"
76		render "errors/greenlight_error", status: 503, formats: :html,
77		locals: {
78		status_code: 503,
79		message: I18n.t("errors.maintenance.message"),
80		help: I18n.t("errors.maintenance.help"),
81		}
82		end
83		if Rails.configuration.maintenance_window.present?
84		unless cookies[:maintenance_window] == Rails.configuration.maintenance_window
85		flash.now[:maintenance] = I18n.t("maintenance.window_alert", date: Rails.configuration.maintenance_window)
86		end
87		end
88		end
89
90		# Show an information page when migration fails and there is a version error.
91		def migration_error?
92		render :migration_error, status: 500 unless ENV["DB_MIGRATE_FAILED"].blank?
93		end
94
95		# Sets the appropriate locale.
96		def user_locale(user = current_user)
97		locale = if user && user.language != 'default'
98		user.language
99		else
100		http_accept_language.language_region_compatible_from(I18n.available_locales)
101		end
102
103		begin
104		I18n.locale = locale.tr('-', '_') unless locale.nil?
105		rescue
106		# Default to English if there are any issues in language
107		logger.error("Support: User locale is not supported (#{locale}")
108		I18n.locale = "en"
109		end
110		end
111
112		# Checks to make sure that the admin has changed his password from the default
113		def check_admin_password
114		if current_user&.has_role?(:admin) && current_user.email == "[email protected]" &&
115		current_user&.greenlight_account? && current_user&.authenticate(Rails.configuration.admin_password_default)
116
117		flash.now[:alert] = I18n.t("default_admin",
118		edit_link: edit_user_path(user_uid: current_user.uid) + "?setting=password").html_safe
119		end
120		end
121
122		# Checks if the user is banned and logs him out if he is
123		def check_user_role
124		if current_user&.has_role? :denied
125		session.delete(:user_id)
126		redirect_to root_path, flash: { alert: I18n.t("registration.banned.fail") }
127		elsif current_user&.has_role? :pending
128		session.delete(:user_id)
129		redirect_to root_path, flash: { alert: I18n.t("registration.approval.fail") }
130		end
131		end
132
133		# Relative root helper (when deploying to subdirectory).
134		def relative_root
135		Rails.configuration.relative_url_root \|\| ""
136		end
137		helper_method :relative_root
138
139		# Determines if the BigBlueButton endpoint is configured (or set to default).
140		def bigbluebutton_endpoint_default?
141		return false if Rails.configuration.loadbalanced_configuration
142		Rails.configuration.bigbluebutton_endpoint_default == Rails.configuration.bigbluebutton_endpoint
143		end
144		helper_method :bigbluebutton_endpoint_default?
145
146		def allow_greenlight_accounts?
147		return Rails.configuration.allow_user_signup unless Rails.configuration.loadbalanced_configuration
148		return false unless @user_domain && !@user_domain.empty? && Rails.configuration.allow_user_signup
149		return false if @user_domain == "greenlight"
150		# Proceed with retrieving the provider info
151		begin
152		provider_info = retrieve_provider_info(@user_domain, 'api2', 'getUserGreenlightCredentials')
153		provider_info['provider'] == 'greenlight'
154		rescue => e
155		logger.error "Error in checking if greenlight accounts are allowed: #{e}"
156		false
157		end
158		end
159		helper_method :allow_greenlight_accounts?
160
161		# Determine if Greenlight is configured to allow user signups.
162		def allow_user_signup?
163		Rails.configuration.allow_user_signup
164		end
165		helper_method :allow_user_signup?
166
167		# Gets all configured omniauth providers.
168		def configured_providers
169		Rails.configuration.providers.select do \|provider\|
170		Rails.configuration.send("omniauth_#{provider}")
171		end
172		end
173		helper_method :configured_providers
174
175		# Parses the url for the user domain
176	View Code Duplication	def parse_user_domain(hostname)
		0 ignored issues – show Duplication introduced 2019-08-16 15:17 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated in your project. Loading history...
177		return hostname.split('.').first if Rails.configuration.url_host.empty?
178		Rails.configuration.url_host.split(',').each do \|url_host\|
179		return hostname.chomp(url_host).chomp('.') if hostname.include?(url_host)
180		end
181		''
182		end
183
184		# Include user domain in lograge logs
185		def append_info_to_payload(payload)
186		super
187		payload[:host] = @user_domain
188		end
189
190		# Manually Handle BigBlueButton errors
191		def handle_bigbluebutton_error
192		render "errors/bigbluebutton_error"
193		end
194
195		# Manually deal with 401 errors
196		rescue_from CanCan::AccessDenied do \|_exception\|
197		render "errors/greenlight_error"
198		end
199
200		private
201
202		def check_provider_exists
203		# Checks to see if the user exists
204		begin
205		# Check if the session has already checked that the user exists
206		# and return true if they did for this domain
207		return if session[:provider_exists] == @user_domain
208
209		retrieve_provider_info(@user_domain, 'api2', 'getUserGreenlightCredentials')
210
211		# Add a session variable if the provider exists
212		session[:provider_exists] = @user_domain
213		rescue => e
214		logger.error "Error in retrieve provider info: #{e}"
215		# Use the default site settings
216		@user_domain = "greenlight"
217
218		if e.message.eql? "No user with that id exists"
219		render "errors/greenlight_error", locals: { message: I18n.t("errors.not_found.user_not_found.message"),
220		help: I18n.t("errors.not_found.user_not_found.help") }
221		elsif e.message.eql? "Provider not included."
222		render "errors/greenlight_error", locals: { message: I18n.t("errors.not_found.user_missing.message"),
223		help: I18n.t("errors.not_found.user_missing.help") }
224		elsif e.message.eql? "That user has no configured provider."
225		render "errors/greenlight_error", locals: { status_code: 501,
226		message: I18n.t("errors.no_provider.message"),
227		help: I18n.t("errors.no_provider.help") }
228		else
229		render "errors/greenlight_error", locals: { status_code: 500, message: I18n.t("errors.internal.message"),
230		help: I18n.t("errors.internal.help"), display_back: true }
231		end
232		end
233		end
234		end
235

bigbluebutton / greenlight

GitHub Access Token became invalid

Issues (27)

app/controllers/application_controller.rb (1 issue)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like