Fixed bigbluebutton#318 Allow multiple domains when using Google as O…

…Auth provider (GRN-38) (bigbluebutton#319) * <Added muli_domain restriction with google_oauth> * <Fixed code style> * <Added some rspec tests>
C0-0k · Nov 15, 2018 · efa9e08 · efa9e08
1 parent 1954ba4
commit efa9e08
Show file tree

Hide file tree

Showing 4 changed files with 46 additions and 5 deletions.
diff --git a/app/helpers/sessions_helper.rb b/app/helpers/sessions_helper.rb
@@ -67,4 +67,16 @@ def omniauth_options(env)
     env['omniauth.strategy'].options[:checksum] = generate_checksum parse_customer_name(env["SERVER_NAME"]),
       gl_redirect_url, Rails.configuration.launcher_secret
   end
+
+  def google_omniauth_hd(env, hd)
+    hd_opts = hd.split(',')
+    env['omniauth.strategy'].options[:hd] =
+      if hd_opts.empty?
+        nil
+      elsif hd_opts.length == 1
+        hd_opts[0]
+      else
+        hd_opts
+      end
+  end
 end
diff --git a/config/initializers/omniauth.rb b/config/initializers/omniauth.rb
@@ -17,7 +17,12 @@
 Rails.application.config.allow_user_signup = false if Rails.application.config.omniauth_ldap
 
 SETUP_PROC = lambda do |env|
-  SessionsController.helpers.omniauth_options env
+  provider = env['omniauth.strategy'].options[:name]
+  if provider == "google"
+    SessionsController.helpers.google_omniauth_hd env, ENV['GOOGLE_OAUTH2_HD']
+  else
+    SessionsController.helpers.omniauth_options env
+  end
 end
 
 # Setup the Omniauth middleware.
@@ -35,7 +40,7 @@
     scope: %w(profile email),
     access_type: 'online',
     name: 'google',
-    hd: ENV['GOOGLE_OAUTH2_HD'].blank? ? nil : ENV['GOOGLE_OAUTH2_HD']
+    setup: SETUP_PROC
 
   provider :microsoft_office365, ENV['OFFICE365_KEY'], ENV['OFFICE365_SECRET']
 

diff --git a/sample.env b/sample.env
@@ -22,9 +22,10 @@ BIGBLUEBUTTON_SECRET=
 #
 #   http://docs.bigbluebutton.org/install/greenlight-v2.html#google-oauth2
 #
-# The GOOGLE_OAUTH2_HD variable is used to limit sign-in to a particular Google Apps hosted
-# domain. This can be a string such as, 'domain.com'. If left blank, GreenLight will allow
-# sign-in from all Google Apps hosted domains.
+# The GOOGLE_OAUTH2_HD variable is used to limit sign-ins to a particular set of Google Apps hosted
+# domains. This can be a string with separating commas such as, 'domain.com, example.com' or 
+# a string that specifies a single domain restriction such as, 'domain.com'.
+# If left blank, GreenLight will allow sign-in from all Google Apps hosted domains.
 GOOGLE_OAUTH2_ID=
 GOOGLE_OAUTH2_SECRET=
 GOOGLE_OAUTH2_HD=

diff --git a/spec/controllers/users_controller_spec.rb b/spec/controllers/users_controller_spec.rb
@@ -143,6 +143,29 @@ def random_valid_user_params
     end
   end
 
+  describe "DELETE #user" do
+    before { allow(Rails.configuration).to receive(:allow_user_signup).and_return(true) }
+
+    it "properly deletes user" do
+      user = create(:user)
+
+      delete :destroy, params: { user_uid: user.uid }
+
+      expect(response).to redirect_to(root_path)
+    end
+  end
+
+  describe "GET | POST #terms" do
+    before { allow(Rails.configuration).to receive(:allow_user_signup).and_return(true) }
+    before { allow(Rails.configuration).to receive(:terms).and_return(false) }
+
+    it "Redirects to 404 if terms is disabled" do
+      post :terms, params: { accept: "false" }
+
+      expect(response).to redirect_to('/404')
+    end
+  end
+
   describe "GET | POST #resend" do
     before { allow(Rails.configuration).to receive(:allow_user_signup).and_return(true) }
     before { allow(Rails.configuration).to receive(:enable_email_verification).and_return(true) }