/
application_controller.rb
335 lines (287 loc) · 12.4 KB
/
application_controller.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
# frozen_string_literal: true
# BigBlueButton open source conferencing system - http://www.bigbluebutton.org/.
#
# Copyright (c) 2018 BigBlueButton Inc. and by respective authors (see below).
#
# This program is free software; you can redistribute it and/or modify it under the
# terms of the GNU Lesser General Public License as published by the Free Software
# Foundation; either version 3.0 of the License, or (at your option) any later
# version.
#
# BigBlueButton is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public License along
# with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
class ApplicationController < ActionController::Base
include BbbServer
include Errors
before_action :block_unknown_hosts, :redirect_to_https, :set_user_domain, :set_user_settings, :maintenance_mode?,
:migration_error?, :user_locale, :check_admin_password, :check_user_role
protect_from_forgery with: :exceptions
# Retrieves the current user.
def current_user
@current_user ||= User.includes(:role, :main_room).find_by(id: session[:user_id])
if Rails.configuration.loadbalanced_configuration && (@current_user && !@current_user.has_role?(:super_admin) &&
@current_user.provider != @user_domain)
reset_session
return nil # This stops the session validation checks for loadbalanced configurations.
end
# For backward compatibility and for seamless integration with existing and running deployments:
# The active sessions will be declared as active on first interaction after the update.
# This keeps alive the already active sessions before the upgrade for accounts having no password updates.
session[:activated_at] ||= Time.zone.now.to_i if @current_user&.last_pwd_update.nil?
# Once a request is issued back to the server with a session that had been active before
# the last password update it will automatically get invalidated and the request will get
# redirected back to the root path.
# This solves #3086.
unless session[:activated_at].to_i >= @current_user&.last_pwd_update.to_i
# For backward compatibility and for seamless integration with existing and running deployments:
# The last_pwd_update attribute will default to nil and nil.to_i will always be 0.
# This with the activated_at fallback to the first connection after the upgrade will result in
# keeping alive old sessions and ensuring a seamless intergation.
# In cases where the account has a password update after the upgrade, all of old the active sessions
# which haven't updated their state and all the other active updated sessions before the password
# update event will be cought and declared as invalid where users will get unauthenticated and redirected to root path.
reset_session
redirect_to root_path, flash: { alert: I18n.t("session.expired") } and return
end
@current_user
end
helper_method :current_user
def bbb_server
@bbb_server ||= Rails.configuration.loadbalanced_configuration ? bbb(@user_domain) : bbb("greenlight")
end
# Block unknown hosts to mitigate host header injection attacks
def block_unknown_hosts
return if Rails.configuration.hosts.blank?
raise UnsafeHostError, "#{request.host} is not a safe host" unless Rails.configuration.hosts.include?(request.host)
end
# Force SSL
def redirect_to_https
if Rails.configuration.loadbalanced_configuration && request.headers["X-Forwarded-Proto"] == "http"
redirect_to protocol: "https://"
end
end
# Sets the user domain variable
def set_user_domain
if Rails.env.test? || !Rails.configuration.loadbalanced_configuration
@user_domain = "greenlight"
else
@user_domain = parse_user_domain(request.host)
check_provider_exists
end
end
# Sets the settinfs variable
def set_user_settings
@settings = Setting.includes(:features).find_or_create_by(provider: @user_domain)
end
# Redirects the user to a Maintenance page if turned on
def maintenance_mode?
if ENV["MAINTENANCE_MODE"] == "true"
render "errors/greenlight_error", status: 503, formats: :html,
locals: {
status_code: 503,
message: I18n.t("errors.maintenance.message"),
help: I18n.t("errors.maintenance.help"),
}
end
maintenance_string = @settings.get_value("Maintenance Banner").presence || Rails.configuration.maintenance_window
if maintenance_string.present? && cookies[:maintenance_window] != maintenance_string
flash.now[:maintenance] = maintenance_string
end
end
# Show an information page when migration fails and there is a version error.
def migration_error?
render :migration_error, status: 500 unless ENV["DB_MIGRATE_FAILED"].blank?
end
# Determines proper locale to be used by calling user_locale with params based on if room owner exists
def determine_locale(user)
if user && user.language != 'default'
user.language
else
Rails.configuration.default_locale.presence || http_accept_language.language_region_compatible_from(I18n.available_locales)
end
end
# Sets the appropriate locale.
def user_locale(user = current_user)
locale = determine_locale(user)
begin
I18n.locale = locale.tr('-', '_') unless locale.nil?
rescue
# Default to English if there are any issues in language
logger.error("Support: User locale is not supported (#{locale}")
I18n.locale = "en"
end
end
helper_method :user_locale
# Checks to make sure that the admin has changed his password from the default
def check_admin_password
if current_user&.has_role?(:admin) && current_user.email == "admin@example.com" &&
current_user&.greenlight_account? && current_user&.authenticate(Rails.configuration.admin_password_default)
flash.now[:alert] = I18n.t("default_admin",
edit_link: change_password_path(user_uid: current_user.uid)).html_safe
end
end
# Checks if the user is banned and logs him out if he is
def check_user_role
if current_user&.has_role? :denied
session.delete(:user_id)
redirect_to root_path, flash: { alert: I18n.t("registration.banned.fail") }
elsif current_user&.has_role? :pending
session.delete(:user_id)
redirect_to root_path, flash: { alert: I18n.t("registration.approval.fail") }
end
end
# Relative root helper (when deploying to subdirectory).
def relative_root
Rails.configuration.relative_url_root || ""
end
helper_method :relative_root
# Determines if the BigBlueButton endpoint is configured (or set to default).
def bigbluebutton_endpoint_default?
return false if Rails.configuration.loadbalanced_configuration
Rails.configuration.bigbluebutton_endpoint_default == Rails.configuration.bigbluebutton_endpoint
end
helper_method :bigbluebutton_endpoint_default?
def allow_greenlight_accounts?
return Rails.configuration.allow_user_signup unless Rails.configuration.loadbalanced_configuration
return false unless @user_domain && !@user_domain.empty? && Rails.configuration.allow_user_signup
return false if @user_domain == "greenlight"
# Proceed with retrieving the provider info
begin
provider_info = retrieve_provider_info(@user_domain, 'api2', 'getUserGreenlightCredentials')
provider_info['provider'] == 'greenlight'
rescue => e
logger.error "Error in checking if greenlight accounts are allowed: #{e}"
false
end
end
helper_method :allow_greenlight_accounts?
# Determine if Greenlight is configured to allow user signups.
def allow_user_signup?
Rails.configuration.allow_user_signup
end
helper_method :allow_user_signup?
# Gets all configured omniauth providers.
def configured_providers
Rails.configuration.providers.select do |provider|
Rails.configuration.send("omniauth_#{provider}")
end
end
helper_method :configured_providers
# Indicates whether users are allowed to share rooms
def shared_access_allowed
@settings.get_value("Shared Access") == "true"
end
helper_method :shared_access_allowed
# Indicates whether users should consent recoding when joining rooms
def recording_consent_required?
@settings.get_value("Require Recording Consent") == "true"
end
helper_method :recording_consent_required?
# Indicates whether users are allowed to add moderator access codes to rooms
def moderator_code_allowed?
@settings.get_value("Room Configuration Moderator Access Codes") == "optional"
end
helper_method :moderator_code_allowed?
# Returns a list of allowed file types
def allowed_file_types
Rails.configuration.allowed_file_types
end
helper_method :allowed_file_types
# Allows admins to edit a user's details
def can_edit_user?(user_to_edit, editting_user)
return user_to_edit.greenlight_account? if user_to_edit == editting_user
editting_user.admin_of?(user_to_edit, "can_manage_users")
end
helper_method :can_edit_user?
# Returns the page that the logo redirects to when clicked on
def home_page
return admins_path if current_user.has_role? :super_admin
return current_user.main_room if current_user.role.get_permission("can_create_rooms")
cant_create_rooms_path
end
helper_method :home_page
# Parses the url for the user domain
def parse_user_domain(hostname)
return hostname.split('.').first if Rails.configuration.url_host.empty?
Rails.configuration.url_host.split(',').each do |url_host|
return hostname.chomp(url_host).chomp('.') if hostname.include?(url_host)
end
''
end
# Include user domain in lograge logs
def append_info_to_payload(payload)
super
payload[:host] = @user_domain
end
# Manually handle BigBlueButton errors
rescue_from BigBlueButton::BigBlueButtonException do |ex|
logger.error "BigBlueButtonException: #{ex}"
render "errors/bigbluebutton_error"
end
# Manually deal with 401 errors
rescue_from CanCan::AccessDenied do |_exception|
if current_user
render "errors/greenlight_error"
else
# Store the current url as a cookie to redirect to after sigining in
cookies[:return_to] = request.url
# Get the correct signin path
path = if allow_greenlight_accounts?
signin_path
elsif Rails.configuration.loadbalanced_configuration
"#{Rails.configuration.relative_url_root}/auth/bn_launcher"
else
signin_path
end
redirect_to path
end
end
private
def check_provider_exists
# Checks to see if the user exists
begin
# Check if the session has already checked that the user exists
# and return true if they did for this domain
return if session[:provider_exists] == @user_domain
retrieve_provider_info(@user_domain, 'api2', 'getUserGreenlightCredentials')
# Add a session variable if the provider exists
session[:provider_exists] = @user_domain
rescue => e
logger.error "Error in retrieve provider info: #{e}"
@hide_signin = true
case e.message
when "No user with that id exists"
set_default_settings
render "errors/greenlight_error", locals: { message: I18n.t("errors.not_found.user_not_found.message"),
help: I18n.t("errors.not_found.user_not_found.help") }
when "Provider not included."
set_default_settings
render "errors/greenlight_error", locals: { message: I18n.t("errors.not_found.user_missing.message"),
help: I18n.t("errors.not_found.user_missing.help") }
when "That user has no configured provider."
if Setting.exists?(provider: @user_domain)
# Keep the branding
@settings = Setting.find_by(provider: @user_domain)
else
set_default_settings
end
render "errors/greenlight_error", locals: { status_code: 501,
message: I18n.t("errors.no_provider.message"),
help: I18n.t("errors.no_provider.help") }
else
set_default_settings
render "errors/greenlight_error", locals: { status_code: 500, message: I18n.t("errors.internal.message"),
help: I18n.t("errors.internal.help"), display_back: true }
end
end
end
def set_default_settings
# Use the default site settings
@user_domain = "greenlight"
@settings = Setting.find_or_create_by(provider: @user_domain)
end
end