Added mapping roles through email to site settings (#2373)

app/assets/javascripts/admins.js

@@ -169,6 +169,12 @@ function clearMaintenanceBanner(path) {
   $.post(path, {value: "", tab: "administration"})
 }
 
+// Change the email mapping to the string provided
+function changeEmailMapping(path) {
+  var url = $("#email-mapping").val()
+  $.post(path, {value: url, tab: "registration"})
+}
+
 function mergeUsers() {
   let userToMerge = $("#from-uid").text()
   $.post($("#merge-save-access").data("path"), {merge: userToMerge})

app/controllers/account_activations_controller.rb

@@ -18,6 +18,7 @@
 
 class AccountActivationsController < ApplicationController
   include Emailer
+  include Authenticator
 
   before_action :ensure_unauthenticated
   before_action :find_user_by_token, only: :edit
@@ -32,6 +33,7 @@ def edit
     # If the user exists and is not verified and provided the correct token
     if @user && !@user.activated?
       # Verify user
+      @user.set_role(initial_user_role(@user.email)) if @user.role.nil?
       @user.activate
 
       # Redirect user to root with account pending flash if account is still pending

app/controllers/concerns/authenticator.rb

@@ -83,6 +83,19 @@ def auth_changed_to_social?(email)
       !allow_greenlight_accounts?
   end
 
+  # Sets the initial user role based on the email mapping
+  def initial_user_role(email)
+    mapping = @settings.get_value("Email Mapping")
+    return "user" unless mapping.present?
+
+    mapping.split(",").each do |map|
+      email_role = map.split("=")
+      return email_role[1] if email.ends_with?(email_role[0])
+    end
+
+    "user" # default to user if role not found
+  end
+
   private
 
   # Migrates all of the twitter users rooms to the new account

app/controllers/sessions_controller.rb

@@ -228,7 +228,7 @@ def process_signin
 
     send_invite_user_signup_email(user) if invite_registration && !@user_exists
 
-    user.set_role :user if !@user_exists && user.role.nil?
+    user.set_role(initial_user_role(user.email)) if !@user_exists && user.role.nil?
 
     login(user)
 

app/controllers/users_controller.rb

@@ -57,7 +57,7 @@ def create
 
     # Sign in automatically if email verification is disabled or if user is already verified.
     if !Rails.configuration.enable_email_verification || @user.email_verified
-      @user.set_role :user
+      @user.set_role(initial_user_role(@user.email))
 
       login(@user) && return
     end

app/helpers/admins_helper.rb

@@ -121,6 +121,10 @@ def room_limit_number
     @settings.get_value("Room Limit").to_i
   end
 
+  def email_mapping
+    @settings.get_value("Email Mapping")
+  end
+
   # Room Configuration
 
   def room_configuration_string(name)

app/views/admins/components/_settings.html.erb

@@ -28,15 +28,13 @@
        <i class="fas mr-3 fa-tools"></i>
         <%= t("administrator.site_settings.tabs.settings") %>
       </a>
+      <a class="nav-item p-3 nav-link <%= 'active' if @tab == 'registration' %>"  href="?tab=registration" role="tab" aria-selected="false">
+       <i class="far mr-3 fa-newspaper"></i>
+        <%= t("administrator.site_settings.tabs.registration") %>
+      </a>
     </div>
   </nav>
 </div>
 
-<% if @tab == "appearance"%>
-  <%= render "admins/components/site_settings/appearance" %>
-<% elsif @tab == "administration"%>
-  <%= render "admins/components/site_settings/administration" %>
-<% else %>
-  <%= render "admins/components/site_settings/settings" %>
-<% end %>
-
+<%= render "admins/components/site_settings/#{@tab}" %>
+

app/views/admins/components/site_settings/_registration.html.erb

@@ -0,0 +1,31 @@
+<%
+# BigBlueButton open source conferencing system - http://www.bigbluebutton.org/.
+# Copyright (c) 2018 BigBlueButton Inc. and by respective authors (see below).
+# This program is free software; you can redistribute it and/or modify it under the
+# terms of the GNU Lesser General Public License as published by the Free Software
+# Foundation; either version 3.0 of the License, or (at your option) any later
+# version.
+#
+# BigBlueButton is distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
+# You should have received a copy of the GNU Lesser General Public License along
+# with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
+%>
+
+<div class="form-group">
+  <div class="row mb-2">
+    <div class="col-12">
+      <div class="form-group">
+        <label class="form-label"><%= t("administrator.site_settings.email_mapping.title") %></label>
+        <label class="form-label text-muted"><%= t("administrator.site_settings.email_mapping.info") %></label>
+        <div class="input-group">
+          <input id="email-mapping" type="text" class="form-control" value="<%= email_mapping %>">
+          <span class="input-group-append">
+            <button id="branding-image" onclick="changeEmailMapping('<%= admin_update_settings_path(setting: 'Email Mapping') %>')" class="btn btn-primary" type="button"><%= t("update") %></button>
+          </span>
+        </div>
+      </div>
+    </div>
+  </div>
+</div>

config/locales/en.yml

@@ -69,6 +69,10 @@ en:
         regular: Regular
         lighten: Lighten
         darken: Darken
+      email_mapping:
+        info: Map the user to a role using their email. Must be in the format email1=role1,email2=role2
+        title: Role Mapping by Email
+        update: 
       log_level:
         title: Log Level
         information: Change the Log Level for the entire deployment
@@ -111,6 +115,7 @@ en:
       tabs:
         appearance: Appearance
         administration: Administration
+        registration: Registration
         settings: Settings
       title: Site Settings
     flash:

spec/controllers/account_activations_controller_spec.rb

@@ -79,6 +79,51 @@
       expect(flash[:success]).to be_present
       expect(response).to redirect_to(root_path)
     end
+
+    context "email mapping" do
+      before do
+        @role1 = Role.create(name: "role1", priority: 2, provider: "greenlight")
+        @role2 = Role.create(name: "role2", priority: 3, provider: "greenlight")
+        allow_any_instance_of(Setting).to receive(:get_value).and_return("-123@test.com=role1,@testing.com=role2")
+      end
+
+      it "correctly sets users role if email mapping is set" do
+        @user = create(:user, email: "test-123@test.com", email_verified: false, provider: "greenlight", role: nil)
+
+        get :edit, params: { token: @user.create_activation_token }
+
+        u = User.last
+        expect(u.role).to eq(@role1)
+      end
+
+      it "correctly sets users role if email mapping is set (second test)" do
+        @user = create(:user, email: "test@testing.com", email_verified: false, provider: "greenlight", role: nil)
+
+        get :edit, params: { token: @user.create_activation_token }
+
+        u = User.last
+        expect(u.role).to eq(@role2)
+      end
+
+      it "does not replace the role if already set" do
+        pending = Role.find_by(name: "pending", provider: "greenlight")
+        @user = create(:user, email: "test@testing.com", email_verified: false, provider: "greenlight", role: pending)
+
+        get :edit, params: { token: @user.create_activation_token }
+
+        u = User.last
+        expect(u.role).to eq(pending)
+      end
+
+      it "defaults to user if no mapping matches" do
+        @user = create(:user, email: "test@testing1.com", email_verified: false, provider: "greenlight")
+
+        get :edit, params: { token: @user.create_activation_token }
+
+        u = User.last
+        expect(u.role).to eq(Role.find_by(name: "user", provider: "greenlight"))
+      end
+    end
   end
 
   describe "GET #resend" do

spec/controllers/sessions_controller_spec.rb

@@ -531,6 +531,53 @@
       new_u = User.find_by(social_uid: "bn-launcher-user-new")
       expect(users_old_uid).to eq(new_u.uid)
     end
+
+    context "email mapping" do
+      before do
+        @role1 = Role.create(name: "role1", priority: 2, provider: "greenlight")
+        @role2 = Role.create(name: "role2", priority: 3, provider: "greenlight")
+        allow_any_instance_of(Setting).to receive(:get_value).and_return("-123@test.com=role1,@testing.com=role2")
+      end
+
+      it "correctly sets users role if email mapping is set" do
+        params = OmniAuth.config.mock_auth[:google]
+        params[:info][:email] = "test-123@test.com"
+
+        request.env["omniauth.auth"] = params
+
+        get :omniauth, params: { provider: :google }
+
+        u = User.last
+
+        expect(u.role).to eq(@role1)
+      end
+
+      it "correctly sets users role if email mapping is set (second test)" do
+        params = OmniAuth.config.mock_auth[:google]
+        params[:info][:email] = "test-123@testing.com"
+
+        request.env["omniauth.auth"] = params
+
+        get :omniauth, params: { provider: :google }
+
+        u = User.last
+
+        expect(u.role).to eq(@role2)
+      end
+
+      it "defaults to user if no mapping matches" do
+        params = OmniAuth.config.mock_auth[:google]
+        params[:info][:email] = "test@test.com"
+
+        request.env["omniauth.auth"] = params
+
+        get :omniauth, params: { provider: :google }
+
+        u = User.last
+
+        expect(u.role).to eq(Role.find_by(name: "user", provider: "greenlight"))
+      end
+    end
   end
 
   describe "POST #ldap" do

spec/controllers/users_controller_spec.rb

@@ -148,6 +148,47 @@ def random_valid_user_params
 
         expect(u.last_login).to_not be_nil
       end
+
+      context "email mapping" do
+        before do
+          @role1 = Role.create(name: "role1", priority: 2, provider: "greenlight")
+          @role2 = Role.create(name: "role2", priority: 3, provider: "greenlight")
+          allow_any_instance_of(Setting).to receive(:get_value).and_return("-123@test.com=role1,@testing.com=role2")
+        end
+
+        it "correctly sets users role if email mapping is set" do
+          params = random_valid_user_params
+          params[:user][:email] = "test-123@test.com"
+
+          post :create, params: params
+
+          u = User.find_by(name: params[:user][:name], email: params[:user][:email])
+
+          expect(u.role).to eq(@role1)
+        end
+
+        it "correctly sets users role if email mapping is set (second test)" do
+          params = random_valid_user_params
+          params[:user][:email] = "test@testing.com"
+
+          post :create, params: params
+
+          u = User.find_by(name: params[:user][:name], email: params[:user][:email])
+
+          expect(u.role).to eq(@role2)
+        end
+
+        it "defaults to user if no mapping matches" do
+          params = random_valid_user_params
+          params[:user][:email] = "test@testing1.com"
+
+          post :create, params: params
+
+          u = User.find_by(name: params[:user][:name], email: params[:user][:email])
+
+          expect(u.role).to eq(Role.find_by(name: "user", provider: "greenlight"))
+        end
+      end
     end
 
     context "disallow greenlight accounts" do