Merge branch 'master' into dependabot/npm_and_yarn/babel/traverse-7.23.2

Gemfile

@@ -6,7 +6,7 @@ git_source(:github) { |repo| "https://github.com/#{repo}.git" }
 ruby '>= 3.0'
 
 gem 'active_model_serializers', '>= 0.10.14'
-gem 'active_storage_validations', '>= 1.0.4'
+gem 'active_storage_validations', '>= 1.1.0'
 gem 'aws-sdk-s3', require: false
 gem 'bcrypt', '~> 3.1.7'
 gem 'bigbluebutton-api-ruby', '1.9.1'

Gemfile.lock

@@ -54,7 +54,7 @@ GEM
       activemodel (>= 4.1)
       case_transform (>= 0.2)
       jsonapi-renderer (>= 0.1.1.beta1, < 0.3)
-    active_storage_validations (1.0.4)
+    active_storage_validations (1.1.0)
       activejob (>= 5.2.0)
       activemodel (>= 5.2.0)
       activestorage (>= 5.2.0)
@@ -257,7 +257,7 @@ GEM
     memoist (0.16.2)
     mini_magick (4.12.0)
     mini_mime (1.1.5)
-    mini_portile2 (2.8.4)
+    mini_portile2 (2.8.5)
     minitest (5.20.0)
     msgpack (1.6.0)
     multi_json (1.15.0)
@@ -489,7 +489,7 @@ PLATFORMS
 
 DEPENDENCIES
   active_model_serializers (>= 0.10.14)
-  active_storage_validations (>= 1.0.4)
+  active_storage_validations (>= 1.1.0)
   aws-sdk-s3
   bcrypt (~> 3.1.7)
   bigbluebutton-api-ruby (= 1.9.1)

app/assets/locales/el.json

@@ -81,6 +81,7 @@
       "account_info": "Πληροφορίες λογαριασμού",
       "delete_account": "Διαγραφή λογαριασμού",
       "change_password": "Αλλαγή κωδικού πρόσβασης",
+      "set_password": "Ορίστε τον νέο κωδικό πρόσβασής σας",
       "reset_password": "Επαναφορά κωδικού πρόσβασης",
       "update_account_info": "Ενημέρωση πληροφοριών λογαριασμού",
       "current_password": "Τρέχων κωδικός πρόσβασης",
@@ -129,6 +130,7 @@
       "click_to_upload": "Κάντε κλικ για μεταφόρτωση ",
       "drag_and_drop": "ή σύρετε και αποθέστε το αρχείο",
       "upload_description": "Μεταφόρτωση εγγράφου ή αρχείου PDF (έως {{size}}). Ανάλογα με το μέγεθος του αρχείου, απαιτείται χρόνος για τη μεταφόρτωση πριν τη χρήση του",
+      "delete_presentation": "Διαγραφή παρουσίασης",
       "are_you_sure_delete_presentation": "Θέλετε σίγουρα να διαγράψετε αυτή την παρουσίαση;"
     },
     "shared_access": {
@@ -165,6 +167,7 @@
   "recording": {
     "recording": "Καταγραφή",
     "recordings": "Καταγραφές",
+    "processing": "Επεξεργασία καταγραφών... ",
     "name": "Όνομα",
     "length": "Μήκος",
     "users": "Χρήστες",
@@ -358,6 +361,7 @@
         "user_updated": "Ο χρήστης ενημερώθηκε.",
         "user_deleted": "Ο χρήστης διαγράφηκε.",
         "avatar_updated": "Το άβαταρ ενημερώθηκε.",
+        "password_changed": "Επιτυχής ενημέρωση του κωδικού πρόσβασής σας. Παρακαλούμε συνδεθείτε ξανά.",
         "password_updated": "Ο κωδικός πρόσβασης ενημερώθηκε.",
         "account_activated": "Ο λογαριασμός ενεργοποιήθηκε επιτυχώς. Παρακαλούμε συνδεθείτε στον λογαριασμό σας.",
         "activation_email_sent": "Το email επιβεβαίωσης στάλθηκε.",

app/assets/locales/en.json

@@ -81,6 +81,7 @@
       "account_info": "Account Info",
       "delete_account": "Delete Account",
       "change_password": "Change Password",
+      "set_password": "Set Your New Password",
       "reset_password": "Reset Password",
       "update_account_info": "Update Account Info",
       "current_password": "Current Password",
@@ -129,6 +130,7 @@
       "click_to_upload": "Click to Upload",
       "drag_and_drop": " or drag and drop",
       "upload_description": "Upload any office document or PDF file (not larger than {{size}}). Depending on the size of the file, it may require additional time to upload before it can be used",
+      "delete_presentation": "Delete Presentation",
       "are_you_sure_delete_presentation": "Are you sure you want to delete this presentation?"
     },
     "shared_access": {
@@ -165,6 +167,7 @@
   "recording": {
     "recording": "Recording",
     "recordings": "Recordings",
+    "processing": "Recordings Processing...",
     "name": "Name",
     "length": "Length",
     "users": "Users",
@@ -358,6 +361,7 @@
         "user_updated": "The user has been updated.",
         "user_deleted": "The user has been deleted.",
         "avatar_updated": "The avatar has been updated.",
+        "password_changed": "Successfully updated your password. Please sign in again.",
         "password_updated": "The password has been updated.",
         "account_activated": "Your account has been activated.",
         "activation_email_sent": "An email that contains the instructions to activate your account has been sent.",

app/assets/stylesheets/application.bootstrap.scss

@@ -197,8 +197,6 @@ input.search-bar {
 }
 
 #footer {
-  margin-top: $footer-buffer-height;
-
   #footer-container {
     border-top: 1px solid #d0d5dd;
   }
@@ -423,6 +421,14 @@ input.search-bar {
   }
 }
 
+.badge-brand-outline {
+  font-size: 0.8rem;
+  border: 2px solid gainsboro;
+  color: var(--brand-color);
+  background-color: white !important;
+  box-shadow: var(--brand-color-light);
+}
+
 .setting-select {
   button {
     background: white !important;
@@ -464,7 +470,7 @@ input.search-bar {
       box-shadow: 0 0 0 0.25rem var(--brand-color-light) !important;
     }
     &::after {
-      display: none;
+      display: none !important;
     }
   }
 

app/assets/stylesheets/helpers.scss

@@ -34,14 +34,14 @@
 }
 
 .no-header-height {
-  min-height: calc(100vh - $footer-height - $footer-buffer-height);
+  min-height: calc(100vh - $footer-height);
 }
 
 .regular-height {
-  min-height: calc(100vh - $header-height - $footer-height - $footer-buffer-height);
+  min-height: calc(100vh - $header-height - $footer-height);
 
   .vertical-center {
-    min-height: calc(100vh - $header-height - $header-height - $footer-height - $footer-buffer-height);
+    min-height: calc(100vh - $header-height - $header-height - $footer-height);
   }
 }
 

app/assets/stylesheets/recordings.scss

@@ -13,10 +13,15 @@
 //
 // You should have received a copy of the GNU Lesser General Public License along
 // with Greenlight; if not, see <http://www.gnu.org/licenses/>.
+#user-recordings {
+  min-height: 699px;
+}
 
-#user-recordings, #room-recordings {
-  min-height: 400px;
+#room-recordings {
+  min-height: 491px;
+}
 
+#user-recordings, #room-recordings {
   table {
     border-top-right-radius: $border-radius-lg;
     border-top-left-radius: $border-radius-lg;

app/controllers/api/v1/admin/invitations_controller.rb

@@ -39,7 +39,7 @@ def index
         # Creates an invitation for the specified emails (comma separated) and sends them an email
         def create
           params[:invitations][:emails].split(',').each do |email|
-            invitation = Invitation.find_or_initialize_by(email:, provider: current_provider).tap do |i|
+            invitation = Invitation.find_or_initialize_by(email: email.downcase, provider: current_provider).tap do |i|
               i.updated_at = Time.zone.now
               i.save!
             end

app/controllers/api/v1/admin/role_permissions_controller.rb

@@ -56,7 +56,10 @@ def role_params
         def create_default_room
           return unless role_params[:name] == 'CreateRoom' && role_params[:value] == true
 
-          User.includes(:rooms).where(role_id: role_params[:role_id]).where(rooms: { id: nil }).find_in_batches do |group|
+          User.includes(:rooms)
+              .with_provider(current_provider)
+              .where(role_id: role_params[:role_id])
+              .where(rooms: { id: nil }).find_in_batches do |group|
             group.each do |user|
               Room.create(name: t('room.new_room_name', username: user.name, locale: user.language), user_id: user.id)
             end

app/controllers/api/v1/api_controller.rb

@@ -89,9 +89,11 @@ def config_sorting(allowed_columns: [])
         { sort_column => sort_direction }
       end
 
-      # Checks if external authentication is enabled
-      def external_authn_enabled?
-        ENV['OPENID_CONNECT_ISSUER'].present?
+      # Checks if external authentication is enabled (currently only OIDC is implemented)
+      def external_auth?
+        return ENV['OPENID_CONNECT_ISSUER'].present? if ENV['LOADBALANCER_ENDPOINT'].blank?
+
+        !Tenant.exists?(name: current_provider, client_secret: 'local')
       end
     end
   end

app/controllers/api/v1/env_controller.rb

@@ -25,7 +25,7 @@ class EnvController < ApiController
       # Returns basic NON-CONFIDENTIAL information on the environment variables
       def index
         render_data data: {
-          OPENID_CONNECT: ENV['OPENID_CONNECT_ISSUER'].present?,
+          EXTERNAL_AUTH: external_auth?,
           HCAPTCHA_KEY: ENV.fetch('HCAPTCHA_SITE_KEY', nil),
           VERSION_TAG: ENV.fetch('VERSION_TAG', ''),
           CURRENT_PROVIDER: current_provider,

app/controllers/api/v1/migrations/external_controller.rb

@@ -91,7 +91,7 @@ def create_user
             return render_error(status: :bad_request, errors: 'Provider does not exist')
           end
 
-          return render_data status: :created if User.exists?(email: user_hash[:email], provider: user_hash[:provider])
+          return render_data status: :created if User.exists?(email: user_hash[:email].downcase, provider: user_hash[:provider])
 
           user_hash[:language] = I18n.default_locale if user_hash[:language].blank? || user_hash[:language] == 'default'
 
@@ -105,6 +105,11 @@ def create_user
 
           return render_error(status: :bad_request, errors: user&.errors&.to_a) unless user.save
 
+          if user_hash[:provider] != 'greenlight'
+            user.password_digest = nil
+            user.save(validations: false)
+          end
+
           render_data status: :created
         end
 
@@ -250,7 +255,7 @@ def decrypted_params
 
           raise ActiveSupport::MessageEncryptor::InvalidMessage unless encrypted_params.is_a? String
 
-          crypt = ActiveSupport::MessageEncryptor.new(Rails.application.secrets.secret_key_base[0..31], cipher: 'aes-256-gcm', serializer: Marshal)
+          crypt = ActiveSupport::MessageEncryptor.new(Rails.application.secret_key_base[0..31], cipher: 'aes-256-gcm', serializer: Marshal)
           decrypted_params = crypt.decrypt_and_verify(encrypted_params) || {}
 
           raise ActiveSupport::MessageEncryptor::InvalidMessage unless decrypted_params.is_a? Hash

app/controllers/api/v1/recordings_controller.rb

@@ -37,7 +37,7 @@ class RecordingsController < ApiController
       def index
         sort_config = config_sorting(allowed_columns: %w[name length visibility])
 
-        pagy, recordings = pagy(current_user.recordings&.order(sort_config, recorded_at: :desc)&.search(params[:search]))
+        pagy, recordings = pagy(current_user.recordings&.order(sort_config, recorded_at: :desc)&.search(params[:search]), items: 5)
         render_data data: recordings, meta: pagy_metadata(pagy), status: :ok
       end
 

app/controllers/api/v1/reset_password_controller.rb

@@ -30,7 +30,7 @@ def create
         # TODO: Log events.
         return render_error unless params[:user]
 
-        user = User.find_by email: params[:user][:email]
+        user = User.find_by email: params[:user][:email].downcase, provider: current_provider
 
         # Silently fail for unfound or external users.
         return render_data status: :ok unless user && !user.external_id?

app/controllers/api/v1/rooms_configurations_controller.rb

@@ -19,9 +19,10 @@
 module Api
   module V1
     class RoomsConfigurationsController < ApiController
-      before_action only: %i[index show] do
+      before_action only: %i[index] do
         ensure_authorized(%w[CreateRoom ManageSiteSettings ManageRoles ManageRooms], friendly_id: params[:friendly_id])
       end
+      skip_before_action :ensure_authenticated, only: %i[show]
 
       # GET /api/v1/rooms_configurations.json
       # Fetches and returns all rooms configurations.

app/controllers/api/v1/rooms_controller.rb

@@ -133,7 +133,7 @@ def purge_presentation
       def recordings
         sort_config = config_sorting(allowed_columns: %w[name length visibility])
 
-        pagy, room_recordings = pagy(@room.recordings&.order(sort_config, recorded_at: :desc)&.search(params[:q]))
+        pagy, room_recordings = pagy(@room.recordings&.order(sort_config, recorded_at: :desc)&.search(params[:q]), items: 3)
         render_data data: room_recordings, meta: pagy_metadata(pagy), status: :ok
       end
 

app/controllers/api/v1/sessions_controller.rb

@@ -36,14 +36,21 @@ def create
         return render_error if hcaptcha_enabled? && !verify_hcaptcha(response: params[:token])
 
         # Search for a user within the current provider and, if not found, search for a super admin within bn provider
-        user = User.find_by(email: session_params[:email], provider: current_provider) || User.find_by(email: session_params[:email], provider: 'bn')
+        user = User.find_by(email: session_params[:email].downcase, provider: current_provider) ||
+               User.find_by(email: session_params[:email].downcase, provider: 'bn')
 
         # Return an error if the user is not found
         return render_error if user.blank?
 
         # Will return an error if the user is NOT from the current provider and if the user is NOT a super admin
         return render_error if user.provider != current_provider && !user.super_admin?
 
+        # Password is not set (local user migrated from v2)
+        if user.external_id.blank? && user.password_digest.blank?
+          token = user.generate_reset_token!
+          return render_error data: token, errors: 'PasswordNotSet'
+        end
+
         # TODO: Add proper error logging for non-verified token hcaptcha
         if user.authenticate(session_params[:password])
           return render_error data: user.id, errors: Rails.configuration.custom_error_msgs[:unverified_user] unless user.verified?

app/controllers/api/v1/shared_accesses_controller.rb

@@ -73,6 +73,7 @@ def shareable_users
 
         # Can't share the room if it's already shared or it's the room owner
         shareable_users = User.with_attached_avatar
+                              .with_provider(current_provider)
                               .where.not(id: [@room.shared_users.pluck(:id) << @room.user_id])
                               .where(role_id: [role_ids])
                               .name_search(params[:search])

app/controllers/api/v1/users_controller.rb

@@ -39,7 +39,7 @@ def show
       # POST /api/v1/users.json
       # Creates and saves a new user record in the database with the provided parameters
       def create
-        return render_error status: :forbidden if external_authn_enabled?
+        return render_error status: :forbidden if external_auth?
 
         # Check if this is an admin creating a user
         admin_create = current_user && PermissionsChecker.new(current_user:, permission_names: 'ManageUsers', current_provider:).call
@@ -169,7 +169,8 @@ def valid_invite_token
         return false if create_user_params[:invite_token].blank?
 
         # Try to delete the invitation and return true if it succeeds
-        Invitation.destroy_by(email: create_user_params[:email], provider: current_provider, token: create_user_params[:invite_token]).present?
+        Invitation.destroy_by(email: create_user_params[:email].downcase, provider: current_provider,
+                              token: create_user_params[:invite_token]).present?
       end
     end
   end

app/controllers/api/v1/verify_account_controller.rb

@@ -61,7 +61,7 @@ def activate
       def find_user_and_authorize
         return render_error status: :bad_request unless params[:user]
 
-        @user = User.find_by id: params[:user][:id]
+        @user = User.find_by id: params[:user][:id], provider: current_provider
         render_data status: :ok unless @user && !@user.verified?
       end
     end

app/controllers/application_controller.rb

@@ -78,6 +78,7 @@ def append_info_to_payload(payload)
   def invalid_session?(user)
     return true if user&.session_token != session[:session_token]
     return true if user&.session_expiry && DateTime.now > user&.session_expiry
+    return true if !user.super_admin? && user.provider != current_provider
 
     false
   end

app/controllers/external_controller.rb

@@ -129,7 +129,7 @@ def valid_invite_token(email:)
     return false if token.blank?
 
     # Try to delete the invitation and return true if it succeeds
-    Invitation.destroy_by(email:, provider: current_provider, token:).present?
+    Invitation.destroy_by(email: email.downcase, provider: current_provider, token:).present?
   end
 
   def build_user_info(credentials)

app/controllers/health_checks_controller.rb

@@ -39,7 +39,7 @@ def check
 
   def check_database
     raise 'Unable to connect to Database' unless ActiveRecord::Base.connection.active?
-    raise 'Unable to connect to Database - pending migrations' unless ActiveRecord::Migration.check_pending!.nil?
+    raise 'Unable to connect to Database - pending migrations' unless ActiveRecord::Migration.check_all_pending!.nil?
   rescue StandardError => e
     raise "Unable to connect to Database - #{e}"
   end

app/javascript/components/admin/manage_users/EditUser.jsx

@@ -39,7 +39,7 @@ export default function EditUser() {
   }
 
   return (
-    <div id="admin-panel" className="pb-3">
+    <div id="admin-panel" className="pb-4">
       <h3 className="py-5"> { t('admin.admin_panel') } </h3>
       <Card className="border-0 card-shadow">
         <Tab.Container activekey="users">

app/javascript/components/admin/manage_users/ManageUsers.jsx

@@ -47,7 +47,7 @@ export default function ManageUsers() {
   }
 
   return (
-    <div id="admin-panel" className="pb-3">
+    <div id="admin-panel" className="pb-4">
       <h3 className="py-5">{t('admin.admin_panel')}</h3>
       <Card className="border-0 card-shadow">
         <Tab.Container activeKey="users">
@@ -81,7 +81,7 @@ export default function ManageUsers() {
                             />
                           )}
                         {
-                          (!envAPI.isLoading && !envAPI.data?.OPENID_CONNECT)
+                          (!envAPI.isLoading && !envAPI.data?.EXTERNAL_AUTH)
                           && (
                             <Modal
                               modalButton={