atomic_lti 1.5.1 → 1.5.2

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 5d5ac127a756ff607e54df192d284113a67977880c5e3e4416486aa6de13eabe
4
- data.tar.gz: b6faaf01549cf54c3066aabea0482b175df5b257833cda7151dfcd715c9ea93e
3
+ metadata.gz: '09e333d2d54ff5b9eb9932e2ac888e8abbeeb12c5e32c39665ba4da721ed77f3'
4
+ data.tar.gz: 0a463b3857c3999ae72be4ebd3c3276581327b6d3d35310720e50fb26945ab54
5
5
  SHA512:
6
- metadata.gz: 3b857a49181529e25e889fb89398ac0fac6b247b041df4437eede5e88c8e6137dba32bd4d1c8d7aafb7c9d4fbbedacce674bd3018906d8cc7c76d2a88c706077
7
- data.tar.gz: 2d5b787191d04f5abe4750be5c7e2741107d8b0c51528a25cbd9a4eedda743ef7fc0a5e802594e0235f6c0aedeb2de64f5497371909886952c855bc4a0fa8eff
6
+ metadata.gz: e08ce497b87420a2b9a677052136e0fd6ebaed73dd1e976eb30683a9bbca0134e8146d3881f926821d8a931892e566e866ef0014e9917bafb28e5efc18845998
7
+ data.tar.gz: 205225fe9169e6b65348bd3cc35b545a2cfd00531d5cbd331a49c23b83a86a37f3c1a5c776c6c2fff8047f8a356c12758d825727417c172624ef98412adee007
@@ -1,6 +1,6 @@
1
1
  module AtomicLti
2
2
  class OpenId
3
- def self.validate_state(nonce, state)
3
+ def self.validate_state(nonce, state, destroy_state)
4
4
  if state.blank?
5
5
  return false
6
6
  end
@@ -10,7 +10,9 @@ module AtomicLti
10
10
  return false
11
11
  end
12
12
 
13
- open_id_state.destroy
13
+ if destroy_state
14
+ open_id_state.destroy
15
+ end
14
16
 
15
17
  # Check that the state hasn't expired
16
18
  if open_id_state.created_at < 10.minutes.ago
@@ -73,7 +73,7 @@ module AtomicLti
73
73
  end
74
74
  end
75
75
 
76
- def validate_launch(request, validate_target_link_url)
76
+ def validate_launch(request, validate_target_link_url, destroy_state)
77
77
  # Validate and decode id_token
78
78
  raise AtomicLti::Exceptions::NoLTIToken if request.params["id_token"].blank?
79
79
 
@@ -92,7 +92,7 @@ module AtomicLti
92
92
  end
93
93
 
94
94
  # Validate the state and nonce
95
- if !AtomicLti::OpenId.validate_state(id_token_decoded["nonce"], state)
95
+ if !AtomicLti::OpenId.validate_state(id_token_decoded["nonce"], state, destroy_state)
96
96
  raise AtomicLti::Exceptions::OpenIDStateError.new("Invalid OIDC state.")
97
97
  end
98
98
 
@@ -100,7 +100,7 @@ module AtomicLti
100
100
  end
101
101
 
102
102
  def handle_redirect(request)
103
- id_token_decoded, _state, _state_verified = validate_launch(request, false)
103
+ id_token_decoded, _state, _state_verified = validate_launch(request, false, false)
104
104
 
105
105
  uri = URI(request.url)
106
106
  # Technically the target_link_uri is not required and the certification suite
@@ -152,7 +152,7 @@ module AtomicLti
152
152
  end
153
153
 
154
154
  def handle_lti_launch(env, request)
155
- id_token_decoded, state, state_verified = validate_launch(request, true)
155
+ id_token_decoded, state, state_verified = validate_launch(request, true, true)
156
156
 
157
157
  id_token = request.params["id_token"]
158
158
  update_install(id_token: id_token_decoded)
@@ -1,3 +1,3 @@
1
1
  module AtomicLti
2
- VERSION = "1.5.1".freeze
2
+ VERSION = "1.5.2".freeze
3
3
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: atomic_lti
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.5.1
4
+ version: 1.5.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Matt Petro
@@ -10,7 +10,7 @@ authors:
10
10
  autorequire:
11
11
  bindir: bin
12
12
  cert_chain: []
13
- date: 2023-08-17 00:00:00.000000000 Z
13
+ date: 2023-08-18 00:00:00.000000000 Z
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
16
16
  name: pg