atomic_lti 1.5.1 → 1.5.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/app/lib/atomic_lti/open_id.rb +4 -2
- data/lib/atomic_lti/open_id_middleware.rb +4 -4
- data/lib/atomic_lti/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: '09e333d2d54ff5b9eb9932e2ac888e8abbeeb12c5e32c39665ba4da721ed77f3'
|
|
4
|
+
data.tar.gz: 0a463b3857c3999ae72be4ebd3c3276581327b6d3d35310720e50fb26945ab54
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: e08ce497b87420a2b9a677052136e0fd6ebaed73dd1e976eb30683a9bbca0134e8146d3881f926821d8a931892e566e866ef0014e9917bafb28e5efc18845998
|
|
7
|
+
data.tar.gz: 205225fe9169e6b65348bd3cc35b545a2cfd00531d5cbd331a49c23b83a86a37f3c1a5c776c6c2fff8047f8a356c12758d825727417c172624ef98412adee007
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
module AtomicLti
|
|
2
2
|
class OpenId
|
|
3
|
-
def self.validate_state(nonce, state)
|
|
3
|
+
def self.validate_state(nonce, state, destroy_state)
|
|
4
4
|
if state.blank?
|
|
5
5
|
return false
|
|
6
6
|
end
|
|
@@ -10,7 +10,9 @@ module AtomicLti
|
|
|
10
10
|
return false
|
|
11
11
|
end
|
|
12
12
|
|
|
13
|
-
|
|
13
|
+
if destroy_state
|
|
14
|
+
open_id_state.destroy
|
|
15
|
+
end
|
|
14
16
|
|
|
15
17
|
# Check that the state hasn't expired
|
|
16
18
|
if open_id_state.created_at < 10.minutes.ago
|
|
@@ -73,7 +73,7 @@ module AtomicLti
|
|
|
73
73
|
end
|
|
74
74
|
end
|
|
75
75
|
|
|
76
|
-
def validate_launch(request, validate_target_link_url)
|
|
76
|
+
def validate_launch(request, validate_target_link_url, destroy_state)
|
|
77
77
|
# Validate and decode id_token
|
|
78
78
|
raise AtomicLti::Exceptions::NoLTIToken if request.params["id_token"].blank?
|
|
79
79
|
|
|
@@ -92,7 +92,7 @@ module AtomicLti
|
|
|
92
92
|
end
|
|
93
93
|
|
|
94
94
|
# Validate the state and nonce
|
|
95
|
-
if !AtomicLti::OpenId.validate_state(id_token_decoded["nonce"], state)
|
|
95
|
+
if !AtomicLti::OpenId.validate_state(id_token_decoded["nonce"], state, destroy_state)
|
|
96
96
|
raise AtomicLti::Exceptions::OpenIDStateError.new("Invalid OIDC state.")
|
|
97
97
|
end
|
|
98
98
|
|
|
@@ -100,7 +100,7 @@ module AtomicLti
|
|
|
100
100
|
end
|
|
101
101
|
|
|
102
102
|
def handle_redirect(request)
|
|
103
|
-
id_token_decoded, _state, _state_verified = validate_launch(request, false)
|
|
103
|
+
id_token_decoded, _state, _state_verified = validate_launch(request, false, false)
|
|
104
104
|
|
|
105
105
|
uri = URI(request.url)
|
|
106
106
|
# Technically the target_link_uri is not required and the certification suite
|
|
@@ -152,7 +152,7 @@ module AtomicLti
|
|
|
152
152
|
end
|
|
153
153
|
|
|
154
154
|
def handle_lti_launch(env, request)
|
|
155
|
-
id_token_decoded, state, state_verified = validate_launch(request, true)
|
|
155
|
+
id_token_decoded, state, state_verified = validate_launch(request, true, true)
|
|
156
156
|
|
|
157
157
|
id_token = request.params["id_token"]
|
|
158
158
|
update_install(id_token: id_token_decoded)
|
data/lib/atomic_lti/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: atomic_lti
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.5.
|
|
4
|
+
version: 1.5.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Matt Petro
|
|
@@ -10,7 +10,7 @@ authors:
|
|
|
10
10
|
autorequire:
|
|
11
11
|
bindir: bin
|
|
12
12
|
cert_chain: []
|
|
13
|
-
date: 2023-08-
|
|
13
|
+
date: 2023-08-18 00:00:00.000000000 Z
|
|
14
14
|
dependencies:
|
|
15
15
|
- !ruby/object:Gem::Dependency
|
|
16
16
|
name: pg
|