From 433713439ab027fc251856bd9deef928ab42083a Mon Sep 17 00:00:00 2001
From: Ahmad Farhat <ahmad.af.farhat@gmail.com>
Date: Thu, 2 Feb 2023 15:23:29 -0500
Subject: [PATCH] Added missing features from external login (#4741)

* Added missing features from external login

* quick fix
---
 app/assets/locales/en.json                   |  3 ++-
 app/controllers/api/v1/users_controller.rb   |  7 -------
 app/controllers/application_controller.rb    |  8 ++++++++
 app/controllers/external_controller.rb       | 10 +++++++++-
 app/javascript/components/home/HomePage.jsx  | 14 +++++++++++---
 spec/controllers/external_controller_spec.rb | 19 +++++++++++++++++++
 6 files changed, 49 insertions(+), 12 deletions(-)

diff --git a/app/assets/locales/en.json b/app/assets/locales/en.json
index 82866828..40991f2b 100644
--- a/app/assets/locales/en.json
+++ b/app/assets/locales/en.json
@@ -250,7 +250,7 @@
       "administration": {
         "administration": "Administration",
         "terms": "Terms & Conditions",
-        "privacy": "Privacy",
+        "privacy": "Privacy Policy",
         "privacy_policy": "Privacy Policy",
         "change_term_links": "Change the terms links that appears at the bottom of the page",
         "change_privacy_link": "Change the privacy link that appears at the bottom of the page",
@@ -395,6 +395,7 @@
         "role_assigned": "This role can't be deleted as it is assigned to at least one user."
       },
       "users": {
+        "signup_error": "There was an error signing you in. Please contact your administrator.",
         "invalid_invite": "Your invitation token is either invalid or incorrect. Please contact your administrator to receive a new one",
         "email_exists": "An account under this email already exists. Please try again with another email",
         "old_password": "The current password you have entered is incorrect",
diff --git a/app/controllers/api/v1/users_controller.rb b/app/controllers/api/v1/users_controller.rb
index 6323e1bc..a113f2fc 100644
--- a/app/controllers/api/v1/users_controller.rb
+++ b/app/controllers/api/v1/users_controller.rb
@@ -133,13 +133,6 @@ module Api
         @update_user_params ||= params.require(:user).permit(:name, :password, :avatar, :language, :role_id, :invite_token)
       end
 
-      def create_default_room(user)
-        return unless user.rooms.count <= 0
-        return unless PermissionsChecker.new(permission_names: 'CreateRoom', user_id: user.id, current_user: user, current_provider:).call
-
-        Room.create(name: "#{user.name}'s Room", user_id: user.id)
-      end
-
       def change_password_params
         params.require(:user).permit(:old_password, :new_password)
       end
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 7ddb2eee..28d17797 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -41,6 +41,14 @@ class ApplicationController < ActionController::Base
     @default_role = Role.find_by(name: default_role_setting, provider: current_provider) || Role.find_by(name: 'User', provider: current_provider)
   end
 
+  # Creates the default room for the user if they don't already have one
+  def create_default_room(user)
+    return unless user.rooms.count <= 0
+    return unless PermissionsChecker.new(permission_names: 'CreateRoom', user_id: user.id, current_user: user, current_provider:).call
+
+    Room.create(name: "#{user.name}'s Room", user_id: user.id)
+  end
+
   private
 
   # Checks if the user's session_token matches the session and that it is not expired
diff --git a/app/controllers/external_controller.rb b/app/controllers/external_controller.rb
index eeaccc76..ea1b9ec7 100644
--- a/app/controllers/external_controller.rb
+++ b/app/controllers/external_controller.rb
@@ -13,6 +13,7 @@ class ExternalController < ApplicationController
       name: credentials['info']['name'],
       email: credentials['info']['email'],
       language: extract_language_code(credentials['info']['locale']),
+      external_id: credentials['uid'],
       verified: true
     }
 
@@ -27,7 +28,11 @@ class ExternalController < ApplicationController
     end
 
     # Create the user if they dont exist
-    user = User.create({ external_id: credentials['uid'], provider:, role: default_role }.merge(user_info)) if new_user
+    if new_user
+      user = UserCreator.new(user_params: user_info, provider: current_provider, role: default_role).call
+      user.save!
+      create_default_room(user)
+    end
 
     if SettingGetter.new(setting_name: 'ResyncOnLogin', provider:).call
       user.assign_attributes(user_info.except(:language)) # Don't reset the user's language
@@ -49,6 +54,9 @@ class ExternalController < ApplicationController
     return redirect_to redirect_location if redirect_location&.match?('\A\/rooms\/\w{3}-\w{3}-\w{3}-\w{3}\/join\z')
 
     redirect_to '/rooms'
+  rescue StandardError => e
+    Rails.logger.error("Error during authentication: #{e}")
+    redirect_to '/?error=SignupError'
   end
 
   # POST /recording_ready
diff --git a/app/javascript/components/home/HomePage.jsx b/app/javascript/components/home/HomePage.jsx
index 76ea7735..dae0f8d1 100644
--- a/app/javascript/components/home/HomePage.jsx
+++ b/app/javascript/components/home/HomePage.jsx
@@ -15,7 +15,7 @@ export default function HomePage() {
   const { t } = useTranslation();
   const currentUser = useAuth();
   const navigate = useNavigate();
-  const [searchParams] = useSearchParams();
+  const [searchParams, setSearchParams] = useSearchParams();
   const error = searchParams.get('error');
 
   // Redirects the user to the proper page based on signed in status and CreateRoom permission
@@ -33,9 +33,17 @@ export default function HomePage() {
 
   // hack to deal with the fact that useEffect and toast dont work together very well
   useMemo(() => {
-    if (error === 'InviteInvalid') {
-      toast.error(t('toast.error.users.invalid_invite'));
+    switch (error) {
+      case 'InviteInvald':
+        toast.error(t('toast.error.users.invalid_invite'));
+        break;
+      case 'SignupError':
+        toast.error(t('toast.error.users.signup_error'));
+        break;
+      default:
     }
+    // Remove the error
+    setSearchParams(searchParams.delete('error'));
   }, [error]);
 
   return (
diff --git a/spec/controllers/external_controller_spec.rb b/spec/controllers/external_controller_spec.rb
index 3b7116de..81a90b1a 100644
--- a/spec/controllers/external_controller_spec.rb
+++ b/spec/controllers/external_controller_spec.rb
@@ -239,6 +239,25 @@ RSpec.describe ExternalController, type: :controller do
         end
       end
     end
+
+    context 'Role mapping' do
+      let!(:role1) { create(:role, name: 'role1') }
+
+      before do
+        role_map = instance_double(SettingGetter)
+        allow(SettingGetter).to receive(:new).with(setting_name: 'RoleMapping', provider: 'greenlight').and_return(role_map)
+        allow(role_map).to receive(:call).and_return(
+          "role1=#{OmniAuth.config.mock_auth[:openid_connect][:info][:email].split('@')[1]}"
+        )
+      end
+
+      it 'Creates a User and assign a role if a rule matches their email' do
+        request.env['omniauth.auth'] = OmniAuth.config.mock_auth[:openid_connect]
+
+        expect { get :create_user, params: { provider: 'openid_connect' } }.to change(User, :count).by(1)
+        expect(User.find_by(email: OmniAuth.config.mock_auth[:openid_connect][:info][:email]).role).to eq(role1)
+      end
+    end
   end
 
   describe '#recording_ready' do
-- 
GitLab