+ {t('admin.site_settings.registration.allowed_domains')}
+ {t('admin.site_settings.registration.allowed_domains_signup_description')}
+
+ updateDomainSignUp.mutate({ value: e.target.previousSibling.value })}
+ >
+ {t('update')}
+
+
+
);
}
diff --git a/app/javascript/hooks/mutations/admin/site_settings/useUpdateSiteSetting.jsx b/app/javascript/hooks/mutations/admin/site_settings/useUpdateSiteSetting.jsx
index 9b3725952f..7e4f4e3c0c 100644
--- a/app/javascript/hooks/mutations/admin/site_settings/useUpdateSiteSetting.jsx
+++ b/app/javascript/hooks/mutations/admin/site_settings/useUpdateSiteSetting.jsx
@@ -63,6 +63,9 @@ export default function useUpdateSiteSetting(name) {
case 'Maintenance':
toast.success(t('toast.success.site_settings.maintenance_updated'));
break;
+ case 'AllowedDomains':
+ toast.success(t('toast.success.site_settings.allowed_domains_signup_updated'));
+ break;
default:
toast.success(t('toast.success.site_settings.site_setting_updated'));
}
diff --git a/app/services/tenant_setup.rb b/app/services/tenant_setup.rb
index 47a8b8651f..2bad739f9c 100644
--- a/app/services/tenant_setup.rb
+++ b/app/services/tenant_setup.rb
@@ -56,7 +56,8 @@ def create_site_settings
{ setting: Setting.find_by(name: 'DefaultRole'), provider: @provider, value: 'User' },
{ setting: Setting.find_by(name: 'DefaultRecordingVisibility'), provider: @provider, value: 'Published' },
{ setting: Setting.find_by(name: 'Maintenance'), provider: @provider, value: '' },
- { setting: Setting.find_by(name: 'SessionTimeout'), provider: @provider, value: '1' }
+ { setting: Setting.find_by(name: 'SessionTimeout'), provider: @provider, value: '1' },
+ { setting: Setting.find_by(name: 'AllowedDomains'), value: '', provider: @provider }
]
end
diff --git a/db/data/20240812210436_add_allowed_domains_to_site_settings.rb b/db/data/20240812210436_add_allowed_domains_to_site_settings.rb
new file mode 100644
index 0000000000..5c1aa3f5bb
--- /dev/null
+++ b/db/data/20240812210436_add_allowed_domains_to_site_settings.rb
@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+class AddAllowedDomainsToSiteSettings < ActiveRecord::Migration[7.1]
+ def up
+ setting = Setting.find_or_create_by(name: 'AllowedDomains')
+
+ SiteSetting.create!(setting:, value: '', provider: 'greenlight') unless SiteSetting.exists?(setting:, provider: 'greenlight')
+
+ Tenant.find_each do |tenant|
+ SiteSetting.create!(setting:, value: '', provider: tenant.name) unless SiteSetting.exists?(setting:, provider: tenant.name)
+ end
+ end
+
+ def down
+ Tenant.find_each do |tenant|
+ SiteSetting.find_by(setting: Setting.find_by(name: 'Maintenance'), provider: tenant.name)&.destroy
+ end
+
+ SiteSetting.find_by(setting: Setting.find_by(name: 'Maintenance'), provider: 'greenlight')&.destroy
+
+ Setting.find_by(name: 'AllowedDomains')&.destroy
+ end
+end
diff --git a/db/data_schema.rb b/db/data_schema.rb
index dd44530cd2..5f04068525 100644
--- a/db/data_schema.rb
+++ b/db/data_schema.rb
@@ -1 +1 @@
-DataMigrate::Data.define(version: 20240423162700)
+DataMigrate::Data.define(version: 20240812210436)
diff --git a/spec/controllers/admin/tenants_controller_spec.rb b/spec/controllers/admin/tenants_controller_spec.rb
index dfd13e8e93..a54876a60d 100644
--- a/spec/controllers/admin/tenants_controller_spec.rb
+++ b/spec/controllers/admin/tenants_controller_spec.rb
@@ -18,7 +18,7 @@
require 'rails_helper'
-RSpec.describe Api::V1::Admin::TenantsController, type: :controller do
+RSpec.describe Api::V1::Admin::TenantsController do
let(:user) { create(:user, :with_super_admin) }
let(:valid_tenant_params) do
{
@@ -146,6 +146,7 @@ def create_settings_permissions_meetingoptions
Setting.find_or_create_by(name: 'HelpCenter')
Setting.find_or_create_by(name: 'Maintenance')
Setting.find_or_create_by(name: 'SessionTimeout')
+ Setting.find_or_create_by(name: 'AllowedDomains')
Permission.find_or_create_by(name: 'CreateRoom')
Permission.find_or_create_by(name: 'ManageUsers')
diff --git a/spec/controllers/external_controller_spec.rb b/spec/controllers/external_controller_spec.rb
index 607dac434f..764690dbc1 100644
--- a/spec/controllers/external_controller_spec.rb
+++ b/spec/controllers/external_controller_spec.rb
@@ -18,7 +18,7 @@
require 'rails_helper'
-RSpec.describe ExternalController, type: :controller do
+RSpec.describe ExternalController do
let(:fake_setting_getter) { instance_double(SettingGetter) }
describe '#create_user' do
@@ -80,7 +80,7 @@
expect do
get :create_user, params: { provider: 'openid_connect' }
- end.to change(User, :count).by(0)
+ end.not_to change(User, :count)
end
it 'looks the user up based on email' do
@@ -90,7 +90,7 @@
expect do
get :create_user, params: { provider: 'openid_connect' }
- end.to change(User, :count).by(0)
+ end.not_to change(User, :count)
end
context 'redirect' do
@@ -212,40 +212,52 @@
email: 'email@example.com')
end
- it 'overwrites the saved values with the values from the authentication provider if true' do
- allow_any_instance_of(SettingGetter).to receive(:call).and_return(true)
+ context 'value is true' do
+ before do
+ reg_method = instance_double(SettingGetter)
+ allow(SettingGetter).to receive(:new).with(setting_name: 'ResyncOnLogin', provider: 'greenlight').and_return(reg_method)
+ allow(reg_method).to receive(:call).and_return(true)
+ end
- request.env['omniauth.auth'] = OmniAuth.config.mock_auth[:openid_connect]
+ it 'overwrites the saved values with the values from the authentication provider if true' do
+ request.env['omniauth.auth'] = OmniAuth.config.mock_auth[:openid_connect]
- get :create_user, params: { provider: 'openid_connect' }
+ get :create_user, params: { provider: 'openid_connect' }
- user.reload
- expect(user.name).to eq(OmniAuth.config.mock_auth[:openid_connect]['info']['name'])
- expect(user.email).to eq(OmniAuth.config.mock_auth[:openid_connect]['info']['email'])
- end
+ user.reload
+ expect(user.name).to eq(OmniAuth.config.mock_auth[:openid_connect]['info']['name'])
+ expect(user.email).to eq(OmniAuth.config.mock_auth[:openid_connect]['info']['email'])
+ end
- it 'does not overwrite the saved values with the values from the authentication provider if false' do
- allow_any_instance_of(SettingGetter).to receive(:call).and_return(false)
+ it 'does not overwrite the role even if true' do
+ allow_any_instance_of(SettingGetter).to receive(:call).and_return(true)
+ request.env['omniauth.auth'] = OmniAuth.config.mock_auth[:openid_connect]
- request.env['omniauth.auth'] = OmniAuth.config.mock_auth[:openid_connect]
+ new_role = create(:role)
+ user.update(role: new_role)
- get :create_user, params: { provider: 'openid_connect' }
+ get :create_user, params: { provider: 'openid_connect' }
- user.reload
- expect(user.name).to eq('Example Name')
- expect(user.email).to eq('email@example.com')
+ expect(user.reload.role).to eq(new_role)
+ end
end
- it 'does not overwrite the role even if true' do
- allow_any_instance_of(SettingGetter).to receive(:call).and_return(true)
- request.env['omniauth.auth'] = OmniAuth.config.mock_auth[:openid_connect]
+ context 'value is false' do
+ before do
+ reg_method = instance_double(SettingGetter)
+ allow(SettingGetter).to receive(:new).with(setting_name: 'ResyncOnLogin', provider: 'greenlight').and_return(reg_method)
+ allow(reg_method).to receive(:call).and_return(false)
+ end
- new_role = create(:role)
- user.update(role: new_role)
+ it 'does not overwrite the saved values with the values from the authentication provider if false' do
+ request.env['omniauth.auth'] = OmniAuth.config.mock_auth[:openid_connect]
- get :create_user, params: { provider: 'openid_connect' }
+ get :create_user, params: { provider: 'openid_connect' }
- expect(user.reload.role).to eq(new_role)
+ user.reload
+ expect(user.name).to eq('Example Name')
+ expect(user.email).to eq('email@example.com')
+ end
end
end
@@ -325,6 +337,79 @@
end
end
+ context 'Allowed Domains' do
+ context 'restricted domain not set' do
+ before do
+ site_settings = instance_double(SettingGetter)
+ allow(SettingGetter).to receive(:new).with(setting_name: 'AllowedDomains', provider: 'greenlight').and_return(site_settings)
+ allow(site_settings).to receive(:call).and_return('')
+ end
+
+ it 'creates the user' do
+ request.env['omniauth.auth'] = OmniAuth.config.mock_auth[:openid_connect]
+
+ expect { get :create_user, params: { provider: 'openid_connect' } }.to change(User, :count).from(0).to(1)
+ end
+ end
+
+ context 'restricted domain set to 1 domain' do
+ before do
+ site_settings = instance_double(SettingGetter)
+ allow(SettingGetter).to receive(:new).with(setting_name: 'AllowedDomains', provider: 'greenlight').and_return(site_settings)
+ allow(site_settings).to receive(:call).and_return('@domain.com')
+ end
+
+ it 'creates the user if the domain is allowed' do
+ request.env['omniauth.auth'] = OmniAuth.config.mock_auth[:openid_connect]
+ request.env['omniauth.auth'][:info][:email] = 'email@domain.com'
+
+ expect { get :create_user, params: { provider: 'openid_connect' } }.to change(User, :count).from(0).to(1)
+ end
+
+ it 'does not create if the domain is not allowed' do
+ request.env['omniauth.auth'] = OmniAuth.config.mock_auth[:openid_connect]
+
+ expect { get :create_user, params: { provider: 'openid_connect' } }.not_to change(User, :count)
+ end
+ end
+
+ context 'restricted domain set to multiple domain' do
+ before do
+ site_settings = instance_double(SettingGetter)
+ allow(SettingGetter).to receive(:new).with(setting_name: 'AllowedDomains', provider: 'greenlight').and_return(site_settings)
+ allow(site_settings).to receive(:call).and_return('@example.com,@test.com,@domain.com')
+ end
+
+ it 'creates the user if the domain is allowed 1' do
+ request.env['omniauth.auth'] = OmniAuth.config.mock_auth[:openid_connect]
+ request.env['omniauth.auth'][:info][:email] = 'email@example.com'
+
+ expect { get :create_user, params: { provider: 'openid_connect' } }.to change(User, :count).from(0).to(1)
+ end
+
+ it 'creates the user if the domain is allowed 2' do
+ request.env['omniauth.auth'] = OmniAuth.config.mock_auth[:openid_connect]
+ request.env['omniauth.auth'][:info][:email] = 'email@test.com'
+
+ expect { get :create_user, params: { provider: 'openid_connect' } }.to change(User, :count).from(0).to(1)
+ end
+
+ it 'creates the user if the domain is allowed 3' do
+ request.env['omniauth.auth'] = OmniAuth.config.mock_auth[:openid_connect]
+ request.env['omniauth.auth'][:info][:email] = 'email@domain.com'
+
+ expect { get :create_user, params: { provider: 'openid_connect' } }.to change(User, :count).from(0).to(1)
+ end
+
+ it 'does not create if the domain is not allowed' do
+ request.env['omniauth.auth'] = OmniAuth.config.mock_auth[:openid_connect]
+ request.env['omniauth.auth'][:info][:email] = 'test@invaliddomain.com'
+
+ expect { get :create_user, params: { provider: 'openid_connect' } }.not_to change(User, :count)
+ end
+ end
+ end
+
context 'Role mapping' do
let!(:role1) { create(:role, name: 'role1') }
diff --git a/spec/controllers/users_controller_spec.rb b/spec/controllers/users_controller_spec.rb
index 81a9d594ec..d24017fc3b 100644
--- a/spec/controllers/users_controller_spec.rb
+++ b/spec/controllers/users_controller_spec.rb
@@ -301,6 +301,66 @@
expect(response.parsed_body['errors']).not_to be_nil
end
end
+
+ context 'Allowed Domains' do
+ context 'restricted domain not set' do
+ before do
+ site_settings = instance_double(SettingGetter)
+ allow(SettingGetter).to receive(:new).with(setting_name: 'AllowedDomains', provider: 'greenlight').and_return(site_settings)
+ allow(site_settings).to receive(:call).and_return('')
+ end
+
+ it 'creates the user' do
+ expect { post :create, params: user_params }.to change(User, :count).from(0).to(1)
+ end
+ end
+
+ context 'restricted domain set to 1 domain' do
+ before do
+ site_settings = instance_double(SettingGetter)
+ allow(SettingGetter).to receive(:new).with(setting_name: 'AllowedDomains', provider: 'greenlight').and_return(site_settings)
+ allow(site_settings).to receive(:call).and_return('@domain.com')
+ end
+
+ it 'creates the user if the domain is allowed' do
+ user_params[:user][:email] = 'test@domain.com'
+ expect { post :create, params: user_params }.to change(User, :count).from(0).to(1)
+ end
+
+ it 'does not create if the domain is not allowed' do
+ user_params[:user][:email] = 'test@invaliddomain.com'
+ expect { post :create, params: user_params }.not_to change(User, :count)
+ end
+ end
+
+ context 'restricted domain set to multiple domain' do
+ before do
+ site_settings = instance_double(SettingGetter)
+ allow(SettingGetter).to receive(:new).with(setting_name: 'AllowedDomains', provider: 'greenlight').and_return(site_settings)
+ allow(site_settings).to receive(:call).and_return('@example.com,@test.com,@domain.com')
+ end
+
+ it 'creates the user if the domain is allowed 1' do
+ user_params[:user][:email] = 'test@example.com'
+ expect { post :create, params: user_params }.to change(User, :count).from(0).to(1)
+ end
+
+ it 'creates the user if the domain is allowed 2' do
+ user_params[:user][:email] = 'test@test.com'
+ expect { post :create, params: user_params }.to change(User, :count).from(0).to(1)
+ end
+
+ it 'creates the user if the domain is allowed 3' do
+ user_params[:user][:email] = 'test@domain.com'
+ expect { post :create, params: user_params }.to change(User, :count).from(0).to(1)
+ end
+
+ it 'does not create if the domain is not allowed' do
+ user_params[:user][:email] = 'test@invaliddomain.com'
+ expect { post :create, params: user_params }.not_to change(User, :count)
+ end
+ end
+ end
end
describe '#show' do
From a4adf08c6377681dbad098ecbae87e890e7ab43d Mon Sep 17 00:00:00 2001
From: "transifex-integration[bot]"
<43880903+transifex-integration[bot]@users.noreply.github.com>
Date: Wed, 14 Aug 2024 11:15:57 -0400
Subject: [PATCH 8/9] Translate app/assets/locales/en.json in el (#5921)
100% translated source file: 'app/assets/locales/en.json'
on 'el'.
Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
---
app/assets/locales/el.json | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/app/assets/locales/el.json b/app/assets/locales/el.json
index c78670ced6..93cd8e9f7e 100644
--- a/app/assets/locales/el.json
+++ b/app/assets/locales/el.json
@@ -319,7 +319,10 @@
"open": "Ενεργοποίηση εγγραφών",
"invite": "Συμμετοχή με πρόσκληση",
"approval": "Έγκριση/Απόρριψη"
- }
+ },
+ "allowed_domains": "Επιτρέπονται τα email ονομάτων τομεα",
+ "allowed_domains_signup_description": "Επιτρέπονται συγκεκριμένα email ονομάτων τομεα για εγγραφή. Η μορφή πρέπει να είναι @test.com,domain.com",
+ "enter_allowed_domains_rule" : "Προσθηκη επιτρεπόμενου ονόματος τομέα "
}
},
"room_configuration": {
@@ -420,7 +423,8 @@
"privacy_policy_updated": "Η πολιτική απορρήτου ενημερώθηκε.",
"helpcenter_updated": "Ο σύνδεσμος για το Κέντρο βοήθειας ενημερώθηκε. ",
"terms_of_service_updated": "Οι όριο χρήσης ενημερώθηκαν.",
- "maintenance_updated": "Το μήνυμα της λειτουργίας συντήρησης ενημερώθηκε."
+ "maintenance_updated": "Το μήνυμα της λειτουργίας συντήρησης ενημερώθηκε.",
+ "allowed_domains_signup_updated": "Τα επιτρεπόμενα ονόματα τομέα ενημερώθηκαν"
},
"recording": {
"recording_visibility_updated": "Η εμφάνιση καταγραφής ενημερώθηκε.",
From a1b9e5b6b1d8572815aa55d01b07e8c972b159a6 Mon Sep 17 00:00:00 2001
From: "transifex-integration[bot]"
<43880903+transifex-integration[bot]@users.noreply.github.com>
Date: Wed, 14 Aug 2024 11:16:05 -0400
Subject: [PATCH 9/9] Translate app/assets/locales/en.json in ja (#5920)
100% translated source file: 'app/assets/locales/en.json'
on 'ja'.
Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
---
app/assets/locales/ja.json | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/app/assets/locales/ja.json b/app/assets/locales/ja.json
index c33dfe0a3a..41f1604f09 100644
--- a/app/assets/locales/ja.json
+++ b/app/assets/locales/ja.json
@@ -319,7 +319,10 @@
"open": "誰でも自由に登録",
"invite": "招待制",
"approval": "承認制"
- }
+ },
+ "allowed_domains": "許可するEmailのドメイン",
+ "allowed_domains_signup_description": "特定のEmailドメインのみからのサインアップを許可します。@test.com や domain.com のような形式で記入してください。",
+ "enter_allowed_domains_rule" : "許可するドメインを入力"
}
},
"room_configuration": {
@@ -420,7 +423,8 @@
"privacy_policy_updated": "プライバシーに関する告知がアップデートされました。",
"helpcenter_updated": "ヘルプセンターのリンクが更新されました。",
"terms_of_service_updated": "利用規約が更新されました。",
- "maintenance_updated": "メンテナンスバナーが更新されました。"
+ "maintenance_updated": "メンテナンスバナーが更新されました。",
+ "allowed_domains_signup_updated": "許可するEmailのドメインが更新されました。"
},
"recording": {
"recording_visibility_updated": "録画の公開度が更新されました。",