atomic_lti 1.5.1 → 1.5.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/app/lib/atomic_lti/open_id.rb +4 -2
- data/lib/atomic_lti/open_id_middleware.rb +5 -5
- data/lib/atomic_lti/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: f16815adcf7ba9fc0f12a6fae1bd343981576ac85220d10f9a9234cc1a98b4dd
|
4
|
+
data.tar.gz: d541bdb91c0a9ce0d6603c66d65f98bc4cf4482fe5a54702859e0ce25a926708
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: e532a07949f95f49deced1932775cb6eb97d42841edef9df3cdbcfeac0df6f7170ed59f583c0c319bbcff40c01109cd6c1d801c715c340a91408187e389bc105
|
7
|
+
data.tar.gz: a8dca9651cb149c8513c968fc0cb1b1eed168efbb72c4ae86946c3ac2142fd35cb55f773c6e16a957567ec81085204985d6142feec1a52e09fcb91311cc88460
|
@@ -1,6 +1,6 @@
|
|
1
1
|
module AtomicLti
|
2
2
|
class OpenId
|
3
|
-
def self.validate_state(nonce, state)
|
3
|
+
def self.validate_state(nonce, state, destroy_state)
|
4
4
|
if state.blank?
|
5
5
|
return false
|
6
6
|
end
|
@@ -10,7 +10,9 @@ module AtomicLti
|
|
10
10
|
return false
|
11
11
|
end
|
12
12
|
|
13
|
-
|
13
|
+
if destroy_state
|
14
|
+
open_id_state.destroy
|
15
|
+
end
|
14
16
|
|
15
17
|
# Check that the state hasn't expired
|
16
18
|
if open_id_state.created_at < 10.minutes.ago
|
@@ -73,7 +73,7 @@ module AtomicLti
|
|
73
73
|
end
|
74
74
|
end
|
75
75
|
|
76
|
-
def validate_launch(request, validate_target_link_url)
|
76
|
+
def validate_launch(request, validate_target_link_url, destroy_state)
|
77
77
|
# Validate and decode id_token
|
78
78
|
raise AtomicLti::Exceptions::NoLTIToken if request.params["id_token"].blank?
|
79
79
|
|
@@ -92,7 +92,7 @@ module AtomicLti
|
|
92
92
|
end
|
93
93
|
|
94
94
|
# Validate the state and nonce
|
95
|
-
if !AtomicLti::OpenId.validate_state(id_token_decoded["nonce"], state)
|
95
|
+
if !AtomicLti::OpenId.validate_state(id_token_decoded["nonce"], state, destroy_state)
|
96
96
|
raise AtomicLti::Exceptions::OpenIDStateError.new("Invalid OIDC state.")
|
97
97
|
end
|
98
98
|
|
@@ -100,7 +100,7 @@ module AtomicLti
|
|
100
100
|
end
|
101
101
|
|
102
102
|
def handle_redirect(request)
|
103
|
-
id_token_decoded, _state, _state_verified = validate_launch(request, false)
|
103
|
+
id_token_decoded, _state, _state_verified = validate_launch(request, false, false)
|
104
104
|
|
105
105
|
uri = URI(request.url)
|
106
106
|
# Technically the target_link_uri is not required and the certification suite
|
@@ -152,7 +152,7 @@ module AtomicLti
|
|
152
152
|
end
|
153
153
|
|
154
154
|
def handle_lti_launch(env, request)
|
155
|
-
id_token_decoded, state, state_verified = validate_launch(request, true)
|
155
|
+
id_token_decoded, state, state_verified = validate_launch(request, true, true)
|
156
156
|
|
157
157
|
id_token = request.params["id_token"]
|
158
158
|
update_install(id_token: id_token_decoded)
|
@@ -175,7 +175,7 @@ module AtomicLti
|
|
175
175
|
env["atomic.validated.state_validation"] = {
|
176
176
|
state: state,
|
177
177
|
lti_storage_params: lti_storage_params,
|
178
|
-
|
178
|
+
state_verified: state_verified,
|
179
179
|
}
|
180
180
|
end
|
181
181
|
|
data/lib/atomic_lti/version.rb
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: atomic_lti
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.5.
|
4
|
+
version: 1.5.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Matt Petro
|
@@ -10,7 +10,7 @@ authors:
|
|
10
10
|
autorequire:
|
11
11
|
bindir: bin
|
12
12
|
cert_chain: []
|
13
|
-
date: 2023-08-
|
13
|
+
date: 2023-08-18 00:00:00.000000000 Z
|
14
14
|
dependencies:
|
15
15
|
- !ruby/object:Gem::Dependency
|
16
16
|
name: pg
|