atomic_lti 1.5.1 → 1.5.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 5d5ac127a756ff607e54df192d284113a67977880c5e3e4416486aa6de13eabe
4
- data.tar.gz: b6faaf01549cf54c3066aabea0482b175df5b257833cda7151dfcd715c9ea93e
3
+ metadata.gz: '09e333d2d54ff5b9eb9932e2ac888e8abbeeb12c5e32c39665ba4da721ed77f3'
4
+ data.tar.gz: 0a463b3857c3999ae72be4ebd3c3276581327b6d3d35310720e50fb26945ab54
5
5
  SHA512:
6
- metadata.gz: 3b857a49181529e25e889fb89398ac0fac6b247b041df4437eede5e88c8e6137dba32bd4d1c8d7aafb7c9d4fbbedacce674bd3018906d8cc7c76d2a88c706077
7
- data.tar.gz: 2d5b787191d04f5abe4750be5c7e2741107d8b0c51528a25cbd9a4eedda743ef7fc0a5e802594e0235f6c0aedeb2de64f5497371909886952c855bc4a0fa8eff
6
+ metadata.gz: e08ce497b87420a2b9a677052136e0fd6ebaed73dd1e976eb30683a9bbca0134e8146d3881f926821d8a931892e566e866ef0014e9917bafb28e5efc18845998
7
+ data.tar.gz: 205225fe9169e6b65348bd3cc35b545a2cfd00531d5cbd331a49c23b83a86a37f3c1a5c776c6c2fff8047f8a356c12758d825727417c172624ef98412adee007
@@ -1,6 +1,6 @@
1
1
  module AtomicLti
2
2
  class OpenId
3
- def self.validate_state(nonce, state)
3
+ def self.validate_state(nonce, state, destroy_state)
4
4
  if state.blank?
5
5
  return false
6
6
  end
@@ -10,7 +10,9 @@ module AtomicLti
10
10
  return false
11
11
  end
12
12
 
13
- open_id_state.destroy
13
+ if destroy_state
14
+ open_id_state.destroy
15
+ end
14
16
 
15
17
  # Check that the state hasn't expired
16
18
  if open_id_state.created_at < 10.minutes.ago
@@ -73,7 +73,7 @@ module AtomicLti
73
73
  end
74
74
  end
75
75
 
76
- def validate_launch(request, validate_target_link_url)
76
+ def validate_launch(request, validate_target_link_url, destroy_state)
77
77
  # Validate and decode id_token
78
78
  raise AtomicLti::Exceptions::NoLTIToken if request.params["id_token"].blank?
79
79
 
@@ -92,7 +92,7 @@ module AtomicLti
92
92
  end
93
93
 
94
94
  # Validate the state and nonce
95
- if !AtomicLti::OpenId.validate_state(id_token_decoded["nonce"], state)
95
+ if !AtomicLti::OpenId.validate_state(id_token_decoded["nonce"], state, destroy_state)
96
96
  raise AtomicLti::Exceptions::OpenIDStateError.new("Invalid OIDC state.")
97
97
  end
98
98
 
@@ -100,7 +100,7 @@ module AtomicLti
100
100
  end
101
101
 
102
102
  def handle_redirect(request)
103
- id_token_decoded, _state, _state_verified = validate_launch(request, false)
103
+ id_token_decoded, _state, _state_verified = validate_launch(request, false, false)
104
104
 
105
105
  uri = URI(request.url)
106
106
  # Technically the target_link_uri is not required and the certification suite
@@ -152,7 +152,7 @@ module AtomicLti
152
152
  end
153
153
 
154
154
  def handle_lti_launch(env, request)
155
- id_token_decoded, state, state_verified = validate_launch(request, true)
155
+ id_token_decoded, state, state_verified = validate_launch(request, true, true)
156
156
 
157
157
  id_token = request.params["id_token"]
158
158
  update_install(id_token: id_token_decoded)
@@ -1,3 +1,3 @@
1
1
  module AtomicLti
2
- VERSION = "1.5.1".freeze
2
+ VERSION = "1.5.2".freeze
3
3
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: atomic_lti
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.5.1
4
+ version: 1.5.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Matt Petro
@@ -10,7 +10,7 @@ authors:
10
10
  autorequire:
11
11
  bindir: bin
12
12
  cert_chain: []
13
- date: 2023-08-17 00:00:00.000000000 Z
13
+ date: 2023-08-18 00:00:00.000000000 Z
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
16
16
  name: pg