atomic_lti 1.1.0

data/app/lib/atomic_lti/services/names_and_roles.rb

@@ -0,0 +1,74 @@
+module AtomicLti
+  module Services
+    class NamesAndRoles < AtomicLti::Services::Base
+
+      def initialize(lti_token:)
+        super(lti_token: lti_token)
+      end
+
+      def endpoint
+        url = @lti_token.dig(AtomicLti::Definitions::NAMES_AND_ROLES_CLAIM, "context_memberships_url")
+        raise AtomicLti::Exceptions::NamesAndRolesError, "Unable to access names and roles" unless url.present?
+
+        url
+      end
+
+      def url_for(query = nil)
+        url = endpoint.dup
+        url << "?#{query}" if query.present?
+        url
+      end
+
+      def self.enabled?(lti_token)
+        return false unless lti_token&.dig(AtomicLti::Definitions::NAMES_AND_ROLES_CLAIM)
+
+        (AtomicLti::Definitions::NAMES_AND_ROLES_SERVICE_VERSIONS &
+          (lti_token.dig(AtomicLti::Definitions::NAMES_AND_ROLES_CLAIM, "service_versions") || [])).present?
+      end
+
+      def valid?
+        self.class.enabled?(@lti_token)
+      end
+
+      # List names and roles
+      # limit query param - see 'Limit query parameter' section of NRPS spec
+      # to get differences - see 'Membership differences' section of NRPS spec
+      # query parameter of '{"role" => "Learner"}'
+      # will filter the memberships to just those which have a Learner role.
+      # query parameter of '{"rlid" => "49566-rkk96"}' will filter the memberships to just those which
+      # have access to the resource link with ID '49566-rkk96'
+      def list(query: {}, page_url: nil)
+        url = if page_url.present?
+                page_url
+              else
+                uri = Addressable::URI.parse(endpoint)
+                uri.query_values = (uri.query_values || {}).merge(query)
+                uri
+              end
+        verify_received_user_names(
+          HTTParty.get(
+            url,
+            headers: headers(
+              {
+                "Accept" => "application/vnd.ims.lti-nrps.v2.membershipcontainer+json",
+              },
+            ),
+          ),
+        )
+      end
+
+      def verify_received_user_names(names_and_roles_memberships)
+        if names_and_roles_memberships&.body.present?
+          members = JSON.parse(names_and_roles_memberships.body)["members"]
+          if members.present? && members.all? { |member| member["name"].nil? }
+            raise(
+              AtomicLti::Exceptions::NamesAndRolesError,
+              "Unable to fetch user data. Your LTI key may be set to private.",
+            )
+          end
+        end
+        names_and_roles_memberships
+      end
+    end
+  end
+end

data/app/lib/atomic_lti/services/results.rb

@@ -0,0 +1,18 @@
+module AtomicLti
+  module Services
+    # Canvas API docs: https://canvas.instructure.com/doc/api/result.html
+    class Results < AtomicLti::Services::Base
+
+      def list(line_item_id)
+        url = "#{line_item_id}/results"
+        HTTParty.get(url, headers: headers)
+      end
+
+      def show(line_item_id, result_id)
+        url = "#{line_item_id}/results/#{result_id}"
+        HTTParty.get(url, headers: headers)
+      end
+
+    end
+  end
+end

data/app/lib/atomic_lti/services/score.rb

@@ -0,0 +1,69 @@
+module AtomicLti
+  module Services
+    # Canvas docs: https://canvas.instructure.com/doc/api/score.html
+    class Score < AtomicLti::Services::Base
+
+      attr_accessor :id
+
+      def initialize(lti_token: nil, iss:nil, deployment_id: nil, id: nil)
+        super(lti_token: lti_token, iss: iss, deployment_id: deployment_id)
+        @id = id
+      end
+
+      def endpoint
+        if id.blank?
+          raise ::AtomicLti::Exceptions::ScoreError,
+                "Invalid id or no id provided. Unable to access scores. id should be in the form of a url."
+        end
+        uri = URI(id)
+        uri.path = uri.path+'/scores'
+        uri
+      end
+
+      def generate(
+        user_id:,
+        score:,
+        max_score:,
+        comment: nil,
+        timestamp: Time.now,
+        activity_progress: "Completed",
+        grading_progress: "FullyGraded"
+      )
+        {
+          # The lti_user_id or the Canvas user_id
+          userId: user_id,
+          # The Current score received in the tool for this line item and user, scaled to
+          # the scoreMaximum
+          scoreGiven: score,
+          # Maximum possible score for this result; it must be present if scoreGiven is
+          # present.
+          scoreMaximum: max_score,
+          # Comment visible to the student about this score.
+          comment: comment,
+          # Date and time when the score was modified in the tool. Should use subsecond
+          # precision.
+          timestamp: timestamp.iso8601(3),
+          # Indicate to Canvas the status of the user towards the activity's completion.
+          # Must be one of Initialized, Started, InProgress, Submitted, Completed
+          activityProgress: activity_progress,
+          # Indicate to Canvas the status of the grading process. A value of
+          # PendingManual will require intervention by a grader. Values of NotReady,
+          # Failed, and Pending will cause the scoreGiven to be ignored. FullyGraded
+          # values will require no action. Possible values are NotReady, Failed, Pending,
+          # PendingManual, FullyGraded
+          gradingProgress: grading_progress,
+        }
+      end
+
+      def send(attrs)
+        content_type = { "Content-Type" => "application/vnd.ims.lis.v1.score+json" }
+        HTTParty.post(
+          endpoint,
+          body: attrs.to_json,
+          headers: headers(content_type),
+        )
+      end
+
+    end
+  end
+end

data/app/lib/atomic_lti/services/score_canvas.rb

@@ -0,0 +1,47 @@
+module AtomicLti
+  module Services
+    # Canvas docs: https://canvas.instructure.com/doc/api/score.html
+    class ScoreCanvas < Score
+
+      def generate(
+        new_submission: true,
+        submission_type: nil,
+        submission_data: nil,
+        submitted_at: nil,
+        content_items: nil,
+        **standard_attrs
+      )
+        submission_data = {
+          # (EXTENSION field) flag to indicate that this is a new submission.
+          # Defaults to true unless submission_type is none.
+          new_submission: new_submission,
+
+          # (EXTENSION field) permissible values are: none, basic_lti_launch,
+          # online_text_entry, external_tool, online_upload, or online_url.
+          # Defaults to external_tool. Ignored if content_items are provided.
+          submission_type: submission_type,
+
+          # (EXTENSION field) submission data (URL or body text). Only used
+          # for submission_types basic_lti_launch, online_text_entry, online_url.
+          # Ignored if content_items are provided.
+          submission_data: submission_data,
+
+          # (EXTENSION field) Date and time that the submission was originally created.
+          # Should use ISO8601-formatted date with subsecond precision. This should match
+          # the data and time that the original submission happened in Canvas.
+          submitted_at: submitted_at,
+
+          # (EXTENSION field) Files that should be included with the submission. Each item
+          # should contain `type: file`, and a url pointing to the file. It can also contain
+          # a title, and an explicit MIME type if needed (otherwise, MIME type will be
+          # inferred from the title or url). If any items are present, submission_type
+          # will be online_upload.
+          content_items: content_items,
+        }.compact
+
+        super(**standard_attrs).
+          merge({ "https://canvas.instructure.com/lti/submission": submission_data })
+      end
+    end
+  end
+end

data/app/mailers/atomic_lti/application_mailer.rb

@@ -0,0 +1,6 @@
+module AtomicLti
+  class ApplicationMailer < ActionMailer::Base
+    default from: 'from@example.com'
+    layout 'mailer'
+  end
+end

data/app/models/atomic_lti/application_record.rb

@@ -0,0 +1,5 @@
+module AtomicLti
+  class ApplicationRecord < ActiveRecord::Base
+    self.abstract_class = true
+  end
+end

data/app/models/atomic_lti/context.rb

@@ -0,0 +1,10 @@
+module AtomicLti
+  class Context < ApplicationRecord
+    belongs_to :platform, primary_key: :iss, foreign_key: :iss
+    # belongs_to :deployment, primary_key: [:iss, :deployment_id], foreign_key: [:iss, :deployment_id] # TODO: this breaks rspec
+
+    validates :context_id, presence: true
+    validates :deployment_id, presence: true
+    validates :iss, presence: true
+  end
+end

data/app/models/atomic_lti/deployment.rb

@@ -0,0 +1,13 @@
+module AtomicLti
+  class Deployment < ApplicationRecord
+    belongs_to :platform, primary_key: :iss, foreign_key: :iss
+    belongs_to :install, primary_key: [:iss, :client_id], foreign_key: [:iss, :client_id],  optional: true
+
+    # we won't have platform_guid during dynamic registration
+    # belongs_to :platform_instance, primary_key: :guid, foreign_key: :platform_guid, optional: true
+
+    validates :deployment_id, presence: true
+    validates :iss, presence: true
+    # validates :platform_guid#, presence: true
+  end
+end

data/app/models/atomic_lti/install.rb

@@ -0,0 +1,11 @@
+module AtomicLti
+  class Install < ApplicationRecord
+    belongs_to :platform, primary_key: :iss, foreign_key: :iss
+
+    validates :client_id, presence: true
+    validates :iss, presence: true
+    def deployments
+      AtomicLti::Deployment.where("iss = ? AND client_id = ?", iss, client_id)
+    end
+  end
+end

data/app/models/atomic_lti/jwk.rb

@@ -0,0 +1,41 @@
+module AtomicLti
+  class Jwk < ApplicationRecord
+    before_create :generate_keys
+
+    def generate_keys
+      pkey = OpenSSL::PKey::RSA.generate(2048)
+      self.pem = pkey.to_pem
+      self.kid = pkey.to_jwk.thumbprint
+    end
+
+    def alg
+      "RS256"
+    end
+
+    def private_key
+      OpenSSL::PKey::RSA.new(pem)
+    end
+
+    def public_key
+      pkey = OpenSSL::PKey::RSA.new(pem)
+      pkey.public_key
+    end
+
+    def to_json
+      pkey = OpenSSL::PKey::RSA.new(pem)
+      json = JSON::JWK.new(pkey.public_key, kid: kid).as_json
+      json["use"] = "sig"
+      json["alg"] = alg
+      json
+    end
+
+    def to_pem
+      pkey = OpenSSL::PKey::RSA.new(pem)
+      pkey.public_key.to_pem
+    end
+
+    def self.current_jwk
+      self.last
+    end
+  end
+end

data/app/models/atomic_lti/oauth_state.rb

@@ -0,0 +1,5 @@
+module AtomicLti
+  class OauthState < ApplicationRecord
+    validates :state, presence: true, uniqueness: true
+  end
+end

data/app/models/atomic_lti/open_id_state.rb

@@ -0,0 +1,5 @@
+module AtomicLti
+  class OpenIdState < ApplicationRecord
+    validates :nonce, presence: true, uniqueness: true
+  end
+end

data/app/models/atomic_lti/platform.rb

@@ -0,0 +1,5 @@
+module AtomicLti
+  class Platform < ApplicationRecord
+    validates :iss, presence: true
+  end
+end

data/app/models/atomic_lti/platform_instance.rb

@@ -0,0 +1,8 @@
+module AtomicLti
+  class PlatformInstance < ApplicationRecord
+    belongs_to :platform, primary_key: :iss, foreign_key: :iss
+
+    validates :guid, presence: true
+    validates :iss, presence: true
+  end
+end

data/app/views/atomic_lti/launches/index.html.erb

@@ -0,0 +1,11 @@
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+  </head>
+  <body>
+    <h1> Atomic LTI launch </h1>
+    <pre>
+      <%= lti.token.pretty_inspect %>
+    </pre>
+  </body>
+</html>

data/app/views/atomic_lti/shared/redirect.html.erb

@@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <script type="text/javascript">
+      window.onload=function(){document.forms[0].submit();};
+    </script>
+  </head>
+  <body>
+    <form action="<%= @launch_url -%>" method="POST">
+      <% @launch_params.each do |name, value| -%>
+        <%= hidden_field_tag(name, value) %>
+      <% end -%>
+    </form>
+  </body>
+</html>

data/app/views/layouts/atomic_lti/application.html.erb

@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>Atomic lti</title>
+  <%= csrf_meta_tags %>
+  <%= csp_meta_tag %>
+
+</head>
+<body>
+
+<%= yield %>
+
+</body>
+</html>

data/config/routes.rb

@@ -0,0 +1,3 @@
+AtomicLti::Engine.routes.draw do
+  resources :jwks
+end

data/db/migrate/20220428175127_create_atomic_lti_platforms.rb

@@ -0,0 +1,12 @@
+class CreateAtomicLtiPlatforms < ActiveRecord::Migration[6.1]
+  def change
+    create_table :atomic_lti_platforms do |t|
+      t.string :iss, null: false
+      t.string :jwks_url, null: false
+      t.string :token_url, null: false
+      t.string :oidc_url, null: false
+      t.timestamps
+    end
+    add_index :atomic_lti_platforms, :iss, unique: true
+  end
+end

data/db/migrate/20220428175128_create_atomic_lti_platform_instances.rb

@@ -0,0 +1,15 @@
+class CreateAtomicLtiPlatformInstances < ActiveRecord::Migration[6.1]
+  def change
+    create_table :atomic_lti_platform_instances do |t|
+      t.string :iss, null: false
+      t.string :guid, null: false
+      t.string :name
+      t.string :version
+      t.string :product_family_code
+
+      t.timestamps
+    end
+    add_index :atomic_lti_platform_instances, [:guid, :iss],
+              unique: true, name: "index_atomic_lti_platform_instances_guid_iss"
+  end
+end

data/db/migrate/20220428175247_create_atomic_lti_installs.rb

@@ -0,0 +1,11 @@
+class CreateAtomicLtiInstalls < ActiveRecord::Migration[6.1]
+  def change
+    create_table :atomic_lti_installs do |t|
+      t.string :iss, null: false
+      t.string :client_id, null: false
+      t.timestamps
+    end
+    add_index :atomic_lti_installs, [:client_id, :iss],
+              unique: true, name: "index_atomic_lti_installs_c_id_guid"
+  end
+end

data/db/migrate/20220428175305_create_atomic_lti_deployments.rb

@@ -0,0 +1,13 @@
+class CreateAtomicLtiDeployments < ActiveRecord::Migration[6.1]
+  def change
+    create_table :atomic_lti_deployments do |t|
+      t.string :deployment_id, null: false
+      t.string :client_id, null: false
+      t.string :platform_guid
+      t.string :iss, null: false
+      t.timestamps
+    end
+    add_index :atomic_lti_deployments, [:deployment_id, :iss],
+              unique: true, name: "index_atomic_lti_deployments_d_id_iss"
+  end
+end

data/db/migrate/20220428175336_create_atomic_lti_contexts.rb

@@ -0,0 +1,15 @@
+class CreateAtomicLtiContexts < ActiveRecord::Migration[6.1]
+  def change
+    create_table :atomic_lti_contexts do |t|
+      t.string :context_id, null: false
+      t.string :deployment_id, null: false
+      t.string :iss, null: false
+      t.string :label
+      t.string :title
+      t.string :types, array: true
+      t.timestamps
+    end
+    add_index :atomic_lti_contexts, [:context_id, :deployment_id, :iss],
+              unique: true, name: "index_atomic_lti_contexts_c_id_d_id_iss"
+  end
+end

data/db/migrate/20220428175423_create_atomic_lti_oauth_states.rb

@@ -0,0 +1,10 @@
+class CreateAtomicLtiOauthStates < ActiveRecord::Migration[6.1]
+  def change
+    create_table :atomic_lti_oauth_states do |t|
+      t.string :state, null: false
+      t.text :payload, null: false
+      t.timestamps
+    end
+    add_index :atomic_lti_oauth_states, :state
+  end
+end

data/db/migrate/20220503003528_create_atomic_lti_jwks.rb

@@ -0,0 +1,12 @@
+class CreateAtomicLtiJwks < ActiveRecord::Migration[6.1]
+  def change
+    create_table :atomic_lti_jwks do |t|
+      t.string :kid
+      t.string :pem
+      t.string :domain
+      t.timestamps
+    end
+    add_index :atomic_lti_jwks, :kid
+    add_index :atomic_lti_jwks, :domain
+  end
+end

data/db/migrate/20221010140920_create_open_id_state.rb

@@ -0,0 +1,9 @@
+class CreateOpenIdState < ActiveRecord::Migration[7.0]
+  def change
+    create_table :atomic_lti_open_id_states do |t|
+      t.string :nonce
+      t.timestamps
+    end
+    add_index :atomic_lti_open_id_states, :nonce, unique: true
+  end
+end

data/db/seeds.rb

@@ -0,0 +1,29 @@
+# Add default jwk
+AtomicLti::Jwk.find_or_create_by(domain: nil)
+
+# Add some platforms
+AtomicLti::Platform.create_with( 
+  jwks_url: "https://canvas.instructure.com/api/lti/security/jwks", 
+  token_url: "https://canvas.instructure.com/login/oauth2/token", 
+  oidc_url: "https://canvas.instructure.com/api/lti/authorize_redirect"
+).find_or_create_by(iss: "https://canvas.instructure.com")
+
+AtomicLti::Platform.create_with(
+  jwks_url: "https://canvas-beta.instructure.com/api/lti/security/jwks",
+  token_url: "https://canvas-beta.instructure.com/login/oauth2/token",
+  oidc_url: "https://canvas-beta.instructure.com/api/lti/authorize_redirect",
+).find_or_create_by(iss: "https://canvas-beta.instructure.com")
+
+
+AtomicLti::Install.create_with(iss: "https://canvas.instructure.com").find_or_create_by(client_id: "43460000000000525")
+
+AtomicTenant::PinnedPlatformGuid.create(iss: "https://canvas.instructure.com", platform_guid: "4MRcxnx6vQbFXxhLb8005m5WXFM2Z2i8lQwhJ1QT:canvas-lms", application_id: 6, application_instance_id: 5)
+
+
+# => #<AtomicTenant::LtiDeployment:0x00000001294e6018
+#  id: 1,
+#  iss: "https://canvas.instructure.com",
+#  deployment_id: "21089:1f5e1ee417cb2b17f86a1232122452ab3f6188f7",
+#  application_instance_id: 5,
+#  created_at: Tue, 16 Aug 2022 16:05:20.848365000 UTC +00:00,
+#  updated_at: Tue, 16 Aug 2022 16:05:20.848365000 UTC +00:00>

data/lib/atomic_lti/engine.rb

@@ -0,0 +1,9 @@
+module AtomicLti
+  class Engine < ::Rails::Engine
+    isolate_namespace AtomicLti
+
+    config.generators do |g|
+      g.test_framework :rspec
+    end
+  end
+end

data/lib/atomic_lti/error_handling_middleware.rb

@@ -0,0 +1,33 @@
+module AtomicLti
+  class ErrorHandlingMiddleware
+    def initialize(app)
+      @app = app
+    end
+
+    def render_error(env, status, message)
+      format = "text/plain"
+      body = message
+
+      render(status, body, format)
+    end
+
+    def render(status, body, format)
+      [status,
+      {
+        "Content-Type" => "#{format}; charset=\"UTF-8\"",
+        "Content-Length" => body.bytesize.to_s,
+      },
+      [body]]
+    end
+
+    def call(env)
+      @app.call(env)
+
+    rescue AtomicLti::Exceptions::AtomicLtiNotFoundException => e
+      render_error(env, 404, e.message)
+
+    rescue AtomicLti::Exceptions::AtomicLtiException => e
+      render_error(env, 500, e.message)
+    end
+  end
+end