atomic_lti 1.1.0 → 1.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1001c55b8a026812a60d322798ed5838ccfa9f9aebe538563b5f33befc7f339b
-  data.tar.gz: 2b19bd4852d7a04517677331951c2a0c9968c79d4e7121e0ffe07892e8f8474a
+  metadata.gz: a219867c2a1f19737d0222b0896e30a28144310a6032f1f6419443af37006304
+  data.tar.gz: ee72503b3f1066f5e3a5ea710da6d818eb2680d79d60e805c828b8f34ef95917
 SHA512:
-  metadata.gz: fa00363f1e618f46db5c5bcb0a0efab5b5b4ebb470b316f3e3a10367e8e5b2dd6b7dca7309c17c59576a086367f99b8109ea7b9e6cc77252c98cfe9f312fa236
-  data.tar.gz: 4b537933b0208bdb34b88e893fd5817a6b5b21bea6a0ac6d2457ed7ba8ac6d71ecd721054e0638a2666c4d559973cf21ecfe05827bd5575bf36f50d956b70b1a
+  metadata.gz: 49fd684fa99b65a02402d968b2c53741af0ca19594f0a9ab083cc6d9e3e3a2780caeba0f4de3b31db200dcb8fa745d9b1771b0eae1ef7c025ad68baff5e49fb6
+  data.tar.gz: 8670e8c13dec604b3af371ad7bff7fb7102be8aac32e32ae0e3ebca80718546e1cab5dfb559f18455bddcd2535032310e6be6b12ad568e9d74b4dc1c29ba25c6

data/README.md

@@ -1,22 +1,42 @@
 # AtomicLti
 Atomic LTI implements the LTI Advantage specification.
 
-## Usage
-Add the gem:
+## Installation
+Add this line to your application's Gemfile:
+
+```ruby
+gem "atomic_lti"
+```
+
+And then execute:
+```bash
+$ bundle
+```
 
-  `gem 'atomic_lti', git: 'https://github.com/atomicjolt/atomic_lti.git', tag: '1.0.9'`
+Or install it yourself as:
+```bash
+$ gem install atomic_tenant
+```
 
-Add an initializer
-  `config/initializers/atomic_lti.rb`
+Then install the migrations:
+./bin/rails atomic_lti:install:migrations
+
+## Usage
+Create a new initializer:
+  ```
+  config/initializers/atomic_lti.rb
+  ```
 
 with the following contents. Adjust paths as needed.
 
-  `
+  ```
   AtomicLti.oidc_init_path = "/oidc/init"
   AtomicLti.oidc_redirect_path = "/oidc/redirect"
   AtomicLti.target_link_path_prefixes = ["/lti_launches"]
   AtomicLti.default_deep_link_path = "/lti_launches"
   AtomicLti.jwt_secret = Rails.application.secrets.auth0_client_secret
   AtomicLti.scopes = AtomicLti::Definitions.scopes.join(" ")
-  `
+  ```
 
+## License
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/app/lib/atomic_lti/auth_token.rb

@@ -13,7 +13,7 @@ module AtomicLti
       payload["aud"] = aud || Rails.application.secrets.auth0_client_id
       JWT.encode(
         payload,
-        AtomicLti.jwt_secret,
+        secret || AtomicLti.jwt_secret,
         ALGORITHM,
         header_fields,
       )
@@ -26,7 +26,7 @@ module AtomicLti
     def self.decode(token, secret = nil, validate = true, algorithm = ALGORITHM)
       JWT.decode(
         token,
-        AtomicLti.jwt_secret,
+        secret || AtomicLti.jwt_secret,
         validate,
         { algorithm: algorithm },
       )

data/app/lib/atomic_lti/config.rb

@@ -33,12 +33,12 @@ module AtomicLti
     # Converts old lti into lti advantage
     # NOTE this is a work in progress and may not correctly convert all LTI configs.
     def self.lti_to_lti_advantage(jwk, domain, args = {})
-      raise ::Exceptions::LtiConfigMissing, "Please provide an LTI launch url" if args[:launch_url].blank?
-      raise ::Exceptions::LtiConfigMissing, "Please provide an LTI secure launch url" if args[:secure_launch_url].blank?
+      raise AtomicLti::Exceptions::LtiConfigMissing, "Please provide an LTI launch url" if args[:launch_url].blank?
+      raise AtomicLti::Exceptions::LtiConfigMissing, "Please provide an LTI secure launch url" if args[:secure_launch_url].blank?
 
       if args[:content_migration].present?
-        raise Exceptions::LtiConfigMissing, "Please provide an IMS export url" if args[:export_url].blank?
-        raise Exceptions::LtiConfigMissing, "Please provide an IMS import url" if args[:import_url].blank?
+        raise AtomicLti::Exceptions::LtiConfigMissing, "Please provide an IMS export url" if args[:export_url].blank?
+        raise AtomicLti::Exceptions::LtiConfigMissing, "Please provide an IMS import url" if args[:import_url].blank?
       end
 
       {

data/app/lib/atomic_lti/deep_linking.rb

@@ -2,15 +2,15 @@ module AtomicLti
 
   module DeepLinking
 
-#   # ###########################################################
-#   # Create a jwt to sign a response to the platform
+    # ###########################################################
+    # Create a jwt to sign a response to the platform
     def self.create_deep_link_jwt(iss:, deployment_id:, content_items:, deep_link_claim_data: nil)
       deployment = AtomicLti::Deployment.find_by(iss: iss, deployment_id: deployment_id)
 
-      raise AtomicLti::Exceptions::NoLTIDeployment(iss, deployment_id) if deployment.nil?
+      raise AtomicLti::Exceptions::NoLTIDeployment.new(iss: iss, deployment_id: deployment_id) if deployment.nil?
 
       install = deployment.install
-      raise AtomicLti::Exceptions::NoLTIInstall(iss, deployment_id) if install.nil?
+      raise AtomicLti::Exceptions::NoLTIInstall.new(iss: iss, deployment_id: deployment_id) if install.nil?
 
       payload = {
         iss: install.client_id, # A unique identifier for the entity that issued the JWT
@@ -23,7 +23,7 @@ module AtomicLti
         AtomicLti::Definitions::MESSAGE_TYPE => "LtiDeepLinkingResponse",
         AtomicLti::Definitions::LTI_VERSION => "1.3.0",
         AtomicLti::Definitions::DEPLOYMENT_ID => deployment_id,
-        AtomicLti::Definitions::CONTENT_ITEM_CLAIM => content_items
+        AtomicLti::Definitions::CONTENT_ITEM_CLAIM => content_items,
       }
 
       if deep_link_claim_data.present?
@@ -33,4 +33,4 @@ module AtomicLti
       AtomicLti::Authorization.sign_tool_jwt(payload)
     end
   end
-end
+end

data/app/lib/atomic_lti/definitions.rb

@@ -134,7 +134,7 @@ module AtomicLti
 
     OBSERVER_ROLES = [
       MENTOR_INSTITUTION_ROLE,
-      #NON_CREDIT_LEARNER,
+      # NON_CREDIT_LEARNER,
     ].freeze
 
     def self.lms_host(payload)
@@ -143,7 +143,9 @@ module AtomicLti
              else
                payload.dig(AtomicLti::Definitions::LAUNCH_PRESENTATION, "return_url")
              end
-      UrlHelper.safe_host(host)
+
+      host = "https://#{host}" unless host&.start_with?("http")
+      URI.parse(host).host
     end
 
     def self.lms_url(payload)
@@ -155,14 +157,14 @@ module AtomicLti
     end
 
     def self.names_and_roles_launch?(payload)
-      return false unless payload[AtomicLti::Definitions::NAMES_AND_ROLES_CLAIM]
+      return false unless payload[AtomicLti::Definitions::NAMES_AND_ROLES_CLAIM].present?
 
       payload[AtomicLti::Definitions::NAMES_AND_ROLES_CLAIM]["service_versions"] ==
         AtomicLti::Definitions::NAMES_AND_ROLES_SERVICE_VERSIONS
     end
 
     def self.assignment_and_grades_launch?(payload)
-      payload[AtomicLti::Definitions::AGS_CLAIM]
+      payload[AtomicLti::Definitions::AGS_CLAIM].present?
     end
 
   end

data/app/lib/atomic_lti/exceptions.rb

@@ -35,26 +35,29 @@ module AtomicLti
     class RateLimitError < AtomicLtiException
     end
 
+    class LtiConfigMissing < AtomicLtiException
+    end
+
     class InvalidLTIVersion < AtomicLtiException
-      def initialize(msg="Invalid LTI version")
+      def initialize(msg = "Invalid LTI version")
         super(msg)
       end
     end
 
     class NoLTIVersion < AtomicLtiException
-      def initialize(msg="No LTI Version provided")
+      def initialize(msg = "No LTI Version provided")
         super(msg)
       end
     end
 
     class NoLTIToken < AtomicLtiException
-      def initialize(msg="No LTI token provided")
+      def initialize(msg = "No LTI token provided")
         super(msg)
       end
     end
 
     class InvalidLTIToken < AtomicLtiException
-      def initialize(msg="Invalid LTI token provided")
+      def initialize(msg = "Invalid LTI token provided")
         super(msg)
       end
     end
@@ -65,21 +68,24 @@ module AtomicLti
 
     class NoLTIDeployment < AtomicLtiNotFoundException
       def initialize(iss:, deployment_id:)
-        msg="No LTI Deployment found for iss: #{iss} and deployment_id #{deployment_id}"
+        msg = "No LTI Deployment found for iss: #{iss} and deployment_id #{deployment_id}"
         super(msg)
       end
     end
 
     class NoLTIInstall < AtomicLtiNotFoundException
       def initialize(iss:, deployment_id:)
-        msg="No LTI Install found for iss: #{iss} and deployment_id #{deployment_id}"
+        msg = "No LTI Install found for iss: #{iss} and deployment_id #{deployment_id}"
         super(msg)
       end
     end
 
     class NoLTIPlatform < AtomicLtiNotFoundException
-      def initialize(iss:, deployment_id:)
-        msg="No LTI Platform associated with the LTI Install. iss: #{iss} and deployment_id #{deployment_id}"
+      def initialize(iss:, deployment_id: nil)
+        msg = "No LTI Platform associated with the LTI Install. iss: #{iss}"
+        if iss && deployment_id
+          msg = "No LTI Platform associated with the LTI Install. iss: #{iss} and deployment_id #{deployment_id}"
+        end
         super(msg)
       end
     end

data/app/lib/atomic_lti/lti.rb

@@ -16,6 +16,19 @@ module AtomicLti
         errors.push("LTI token is missing required field sub")
       end
 
+      if decoded_token["aud"].blank?
+        errors.push("LTI token is missing required field aud")
+      end
+
+      if decoded_token["aud"].is_a?(Array) && decoded_token["aud"].length > 1
+        # OpenID Connect spec specifies the AZP should exist and be an AUD
+        if decoded_token["azp"].blank?
+          errors.push("LTI token has multiple aud and is missing required field azp")
+        elsif decoded_token["aud"].exclude?(decoded_token["azp"])
+          errors.push("LTI token azp is not one of the aud's")
+        end
+      end
+
       if decoded_token[AtomicLti::Definitions::DEPLOYMENT_ID].blank?
         errors.push(
           "LTI token is missing required field #{AtomicLti::Definitions::DEPLOYMENT_ID}"
@@ -90,5 +103,17 @@ module AtomicLti
         false
       end
     end
+
+    def self.client_id(decoded_token)
+      if decoded_token["aud"]&.is_a?(Array)
+        if decoded_token["aud"].length > 1
+          decoded_token["azp"]
+        else
+          decoded_token["aud"][0]
+        end
+      else
+        decoded_token["aud"]
+      end
+    end
   end
-end
+end

data/app/lib/atomic_lti/services/line_items.rb

@@ -27,7 +27,7 @@ module AtomicLti
           tag: tag,
           startDateTime: start_date_time,
           endDateTime: end_date_time,
-        }
+        }.compact
         attrs["resourceLinkId"] = resource_link_id if resource_link_id
         if external_tool_url
           attrs[AtomicLti::Definitions::CANVAS_SUBMISSION_TYPE] = {

data/app/lib/atomic_lti/services/names_and_roles.rb

@@ -43,7 +43,7 @@ module AtomicLti
               else
                 uri = Addressable::URI.parse(endpoint)
                 uri.query_values = (uri.query_values || {}).merge(query)
-                uri
+                uri.to_str
               end
         verify_received_user_names(
           HTTParty.get(

data/lib/atomic_lti/open_id_middleware.rb

@@ -6,13 +6,13 @@ module AtomicLti
 
     def init_paths
       [
-        AtomicLti.oidc_init_path
+        AtomicLti.oidc_init_path,
       ]
     end
 
     def redirect_paths
       [
-        AtomicLti.oidc_redirect_path
+        AtomicLti.oidc_redirect_path,
       ]
     end
 
@@ -47,7 +47,7 @@ module AtomicLti
       target_link_uri = lti_token[AtomicLti::Definitions::TARGET_LINK_URI_CLAIM] ||
         File.join("#{uri.scheme}://#{uri.host}", AtomicLti.default_deep_link_path)
 
-        redirect_params = {
+      redirect_params = {
         state: request.params["state"],
         id_token: request.params["id_token"],
       }
@@ -63,6 +63,7 @@ module AtomicLti
 
     def matches_redirect?(request)
       raise AtomicLti::Exceptions::ConfigurationError.new("AtomicLti.oidc_redirect_path is not configured") if AtomicLti.oidc_redirect_path.blank?
+
       redirect_uri = URI.parse(AtomicLti.oidc_redirect_path)
       redirect_path_params = if redirect_uri.query
                                CGI.parse(redirect_uri.query)
@@ -99,13 +100,13 @@ module AtomicLti
         update_deployment(id_token: decoded_jwt)
         update_lti_context(id_token: decoded_jwt)
 
-        errors = decoded_jwt.dig(AtomicLti::Definitions::TOOL_PLATFORM_CLAIM, 'errors')
-        if errors.present? && !errors['errors'].empty?
+        errors = decoded_jwt.dig(AtomicLti::Definitions::TOOL_PLATFORM_CLAIM, "errors")
+        if errors.present? && !errors["errors"].empty?
           Rails.logger.error("Detected errors in lti launch: #{errors}, id_token: #{id_token}")
         end
 
-        env['atomic.validated.decoded_id_token'] = decoded_jwt
-        env['atomic.validated.id_token'] = id_token
+        env["atomic.validated.decoded_id_token"] = decoded_jwt
+        env["atomic.validated.id_token"] = id_token
 
         @app.call(env)
       else
@@ -134,18 +135,19 @@ module AtomicLti
     protected
 
     def update_platform_instance(id_token:)
-      if id_token[AtomicLti::Definitions::TOOL_PLATFORM_CLAIM].present? && id_token.dig(AtomicLti::Definitions::TOOL_PLATFORM_CLAIM, 'guid').present?
-        name = id_token.dig(AtomicLti::Definitions::TOOL_PLATFORM_CLAIM, 'name')
-        version = id_token.dig(AtomicLti::Definitions::TOOL_PLATFORM_CLAIM, 'version')
-        product_family_code = id_token.dig(AtomicLti::Definitions::TOOL_PLATFORM_CLAIM, 'product_family_code')
+      if id_token[AtomicLti::Definitions::TOOL_PLATFORM_CLAIM].present? &&
+          id_token.dig(AtomicLti::Definitions::TOOL_PLATFORM_CLAIM, "guid").present?
+        name = id_token.dig(AtomicLti::Definitions::TOOL_PLATFORM_CLAIM, "name")
+        version = id_token.dig(AtomicLti::Definitions::TOOL_PLATFORM_CLAIM, "version")
+        product_family_code = id_token.dig(AtomicLti::Definitions::TOOL_PLATFORM_CLAIM, "product_family_code")
 
         AtomicLti::PlatformInstance.create_with(
           name: name,
           version: version,
           product_family_code: product_family_code,
         ).find_or_create_by!(
-          iss: id_token['iss'],
-          guid: id_token.dig(AtomicLti::Definitions::TOOL_PLATFORM_CLAIM, 'guid')
+          iss: id_token["iss"],
+          guid: id_token.dig(AtomicLti::Definitions::TOOL_PLATFORM_CLAIM, "guid"),
         ).update!(
           name: name,
           version: version,
@@ -157,14 +159,14 @@ module AtomicLti
     end
 
     def update_install(id_token:)
-      client_id = id_token["aud"]
+      client_id = AtomicLti::Lti.client_id(id_token)
       iss = id_token["iss"]
 
       if client_id.present? && iss.present?
 
         AtomicLti::Install.find_or_create_by!(
           iss: iss,
-          client_id: client_id
+          client_id: client_id,
         )
       else
         Rails.logger.info("No client_id recieved: #{id_token}")
@@ -172,13 +174,14 @@ module AtomicLti
     end
 
     def update_lti_context(id_token:)
-      if id_token[AtomicLti::Definitions::CONTEXT_CLAIM].present? && id_token[AtomicLti::Definitions::CONTEXT_CLAIM]['id'].present?
-        iss = id_token['iss']
+      if id_token[AtomicLti::Definitions::CONTEXT_CLAIM].present? &&
+          id_token[AtomicLti::Definitions::CONTEXT_CLAIM]["id"].present?
+        iss = id_token["iss"]
         deployment_id = id_token[AtomicLti::Definitions::DEPLOYMENT_ID]
-        context_id = id_token[AtomicLti::Definitions::CONTEXT_CLAIM]['id']
-        label = id_token[AtomicLti::Definitions::CONTEXT_CLAIM]['label']
-        title = id_token[AtomicLti::Definitions::CONTEXT_CLAIM]['title']
-        types = id_token[AtomicLti::Definitions::CONTEXT_CLAIM]['type']
+        context_id = id_token[AtomicLti::Definitions::CONTEXT_CLAIM]["id"]
+        label = id_token[AtomicLti::Definitions::CONTEXT_CLAIM]["label"]
+        title = id_token[AtomicLti::Definitions::CONTEXT_CLAIM]["title"]
+        types = id_token[AtomicLti::Definitions::CONTEXT_CLAIM]["type"]
 
         AtomicLti::Context.create_with(
           label: label,
@@ -187,7 +190,7 @@ module AtomicLti
         ).find_or_create_by!(
           iss: iss,
           deployment_id: deployment_id,
-          context_id: context_id
+          context_id: context_id,
         ).update!(
           label: label,
           title: title,
@@ -199,24 +202,23 @@ module AtomicLti
     end
 
     def update_deployment(id_token:)
-      client_id = id_token["aud"]
+      client_id = AtomicLti::Lti.client_id(id_token)
       iss = id_token["iss"]
       deployment_id = id_token[AtomicLti::Definitions::DEPLOYMENT_ID]
       platform_guid = id_token.dig(AtomicLti::Definitions::TOOL_PLATFORM_CLAIM, "guid")
 
       Rails.logger.debug("Associating deployment: #{iss}/#{deployment_id} with client_id: iss: #{iss} / client_id: #{client_id} / platform_guid: #{platform_guid}")
 
-
-      AtomicLti::Deployment
-        .create_with(
+      AtomicLti::Deployment.
+        create_with(
           client_id: client_id,
-          platform_guid: platform_guid
+          platform_guid: platform_guid,
         ).find_or_create_by!(
           iss: iss,
-          deployment_id: deployment_id
+          deployment_id: deployment_id,
         ).update!(
           client_id: client_id,
-          platform_guid: platform_guid
+          platform_guid: platform_guid,
         )
     end
 
@@ -245,7 +247,7 @@ module AtomicLti
     def build_oidc_response(request, state, nonce, redirect_uri)
       platform = AtomicLti::Platform.find_by(iss: request.params["iss"])
       if !platform
-        raise AtomicLti::Exceptions::NoLTIPlatform, "No LTI Platform found for iss #{request.params["iss"]}"
+        raise AtomicLti::Exceptions::NoLTIPlatform(iss: request.params["iss"])
       end
 
       uri = URI.parse(platform.oidc_url)

data/lib/atomic_lti/version.rb

@@ -1,3 +1,3 @@
 module AtomicLti
-  VERSION = '1.1.0'
+  VERSION = '1.3.0'
 end

data/lib/atomic_lti.rb

@@ -3,7 +3,7 @@ require "atomic_lti/engine"
 require "atomic_lti/open_id_middleware"
 require "atomic_lti/error_handling_middleware"
 require_relative "../app/lib/atomic_lti/definitions"
-
+require_relative "../app/lib/atomic_lti/exceptions"
 module AtomicLti
 
   # Set this to true to scope context_id's to the ISS rather than

metadata

@@ -1,49 +1,51 @@
 --- !ruby/object:Gem::Specification
 name: atomic_lti
 version: !ruby/object:Gem::Version
-  version: 1.1.0
+  version: 1.3.0
 platform: ruby
 authors:
 - Matt Petro
 - Justin Ball
+- Nick Benoit
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-02-27 00:00:00.000000000 Z
+date: 2023-03-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
-  name: rails
+  name: pg
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 7.0.3
+        version: '1.3'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 7.0.3
+        version: '1.3'
 - !ruby/object:Gem::Dependency
-  name: pg
+  name: rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '='
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.3.5
+        version: '7.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '='
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.3.5
+        version: '7.0'
 description: AtomicLti implements the LTI Advantage specification. This gem does contain
   source code specific to other Atomic Jolt products
 email:
 - matt.petro@atomicjolt.com
 - justin.ball@atomicjolt.com
+- nick.benoit@atomicjolt.com
 executables: []
 extensions: []
 extra_rdoc_files: []