atomic_lti_1v1 1.0.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA256:
3
+ metadata.gz: 176fa5e170efd585a02c5b801a1a5eb129c442901fb50afa06d53759d6af3d04
4
+ data.tar.gz: 3a5bda879132e3edc8a7610d26ad5ab0ef1501e5037aa8c88cc8d78e5a7611bf
5
+ SHA512:
6
+ metadata.gz: 4288e2af09e0f2340604844a8327f1db353b1a19d9cc1262b0801367d5c357eb3152b58467b7467f0ed0c04aaa1b6d3fd94eef71e9e1fd6f4bb6b968e204b21c
7
+ data.tar.gz: be0b0f824080ed8c5658dfa8ff9d0ed1226385a8727cf3c8060d1d8765b331257e622bf77eae667fda24a2c2b880f04cf7dc78bfe931778f43b34fa388e1f847
data/MIT-LICENSE ADDED
@@ -0,0 +1,20 @@
1
+ Copyright 2022 Nick Benoit
2
+
3
+ Permission is hereby granted, free of charge, to any person obtaining
4
+ a copy of this software and associated documentation files (the
5
+ "Software"), to deal in the Software without restriction, including
6
+ without limitation the rights to use, copy, modify, merge, publish,
7
+ distribute, sublicense, and/or sell copies of the Software, and to
8
+ permit persons to whom the Software is furnished to do so, subject to
9
+ the following conditions:
10
+
11
+ The above copyright notice and this permission notice shall be
12
+ included in all copies or substantial portions of the Software.
13
+
14
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
15
+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
16
+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
17
+ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
18
+ LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
19
+ OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
20
+ WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
data/README.md ADDED
@@ -0,0 +1,48 @@
1
+ # AtomicLti1v1
2
+ A middleware to validate LTI 1.1 requests. When a request is determined to be an lti launch, the middleware will validate the request. Upon a successful validation the `oauth_consumer_key` will be added to the rack environment here: `atomic.validated.oauth_consumer_key`.
3
+
4
+ ## Usage
5
+
6
+ In another middleware, the validated oauth_consumer_key can be accessed like this:
7
+ ```
8
+
9
+ def call(env)
10
+ env['atomic.validated.oauth_consumer_key'] # Validated oauth consumer key
11
+
12
+ ```
13
+
14
+ In the rails app, the validated oauth_consumer_key can be accessed like this:
15
+
16
+ ```
17
+ request.env["atomic.validated.oauth_consumer_key"]
18
+ ```
19
+
20
+
21
+ ## Installation
22
+
23
+ <!-- * Add to gemfile TODO should we pull in tag, or what?
24
+
25
+ `gem 'atomic_lti_1v1', git: '/Users/nickbenoit/Projects/atomic_lti_1v1'` -->
26
+
27
+ ### Install migrations
28
+
29
+ ```bash
30
+ bin/rails atomic_lti1v1:install:migrations
31
+ ```
32
+ This will copy only previously uncopied migrations to your project.
33
+
34
+
35
+ ### Add initializer
36
+ Create file `config/initializers/atomic_lti_1v1.rb`
37
+ Provide `secret_provider`
38
+
39
+ ```ruby
40
+ # Lookup an lti_secret from an oauth_consumer_key
41
+ AtomicLti1v1.secret_provider = Proc.new do |oauth_consumer_key|
42
+ # If using most Atomic Jolt Apps, probably something like this
43
+ ApplicationInstance.find_by(lti_key: oauth_consumer_key)&.lti_secret
44
+ end
45
+ ```
46
+
47
+ ## License
48
+ The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
data/Rakefile ADDED
@@ -0,0 +1,8 @@
1
+ require 'bundler/setup'
2
+
3
+ APP_RAKEFILE = File.expand_path('test/dummy/Rakefile', __dir__)
4
+ load 'rails/tasks/engine.rake'
5
+
6
+ load 'rails/tasks/statistics.rake'
7
+
8
+ require 'bundler/gem_tasks'
@@ -0,0 +1,17 @@
1
+ module AtomicLti1v1
2
+ class Nonce < ApplicationRecord
3
+ def self.valid?(nonce)
4
+ create!(nonce: nonce)
5
+ true
6
+ rescue ActiveRecord::RecordNotUnique => e
7
+ Rails.logger.warn("Failed to create nonce: #{nonce}")
8
+ false
9
+ end
10
+
11
+ # Remove old nonces from db. Run this from a background task to
12
+ # clean the db of extraneous data.
13
+ def self.clean
14
+ delete_all(['created_at < ?', Time.now - 6.hours])
15
+ end
16
+ end
17
+ end
@@ -0,0 +1,5 @@
1
+ module AtomicLti1v1
2
+ class ApplicationRecord < ActiveRecord::Base
3
+ self.abstract_class = true
4
+ end
5
+ end
data/config/routes.rb ADDED
@@ -0,0 +1,2 @@
1
+ AtomicLti1v1::Engine.routes.draw do
2
+ end
@@ -0,0 +1,9 @@
1
+ class CreateAtomicLti1v1Nonces < ActiveRecord::Migration[6.1]
2
+ def change
3
+ create_table :atomic_lti1v1_nonces do |t|
4
+ t.string 'nonce'
5
+ t.timestamps
6
+ t.index ['nonce'], name: 'index_atomic_lti1v1_nonces_on_nonce', unique: true
7
+ end
8
+ end
9
+ end
@@ -0,0 +1,5 @@
1
+ module AtomicLti1v1
2
+ class Engine < ::Rails::Engine
3
+ isolate_namespace AtomicLti1v1
4
+ end
5
+ end
@@ -0,0 +1,21 @@
1
+ module AtomicLti1v1
2
+ class Lti1v1
3
+ def self.is_lti_1v1?(request)
4
+ request.params['oauth_consumer_key'].present?
5
+ end
6
+
7
+ def self.valid_timestamp?(request)
8
+ # If timestamp is older than 5 minutes it's invalid
9
+ !(DateTime.strptime(request.params['oauth_timestamp'], '%s') < 5.minutes.ago)
10
+ end
11
+
12
+ def self.valid_lti_request?(request, lti_secret)
13
+ authenticator = IMS::LTI::Services::MessageAuthenticator.new(request.url, request.params,
14
+ lti_secret)
15
+
16
+ authenticator.valid_signature? &&
17
+ AtomicLti1v1::Nonce.valid?(request.params['oauth_nonce']) &&
18
+ valid_timestamp?(request)
19
+ end
20
+ end
21
+ end
@@ -0,0 +1,34 @@
1
+ require_relative 'lti_1v1'
2
+ module AtomicLti1v1
3
+ class Lti1v1Middleware
4
+ def initialize(app)
5
+ @app = app
6
+ end
7
+
8
+ def call(env)
9
+ request = Rack::Request.new(env)
10
+ if AtomicLti1v1::Lti1v1.is_lti_1v1?(request)
11
+ oauth_consumer_key = request.params['oauth_consumer_key']
12
+
13
+ lti_secret = nil
14
+ begin
15
+ lti_secret = AtomicLti1v1.secret_provider.call(oauth_consumer_key)
16
+ rescue StandardError => e
17
+ Rails.logger.error("Error looking up lti secret, #{e}")
18
+ ensure
19
+ if lti_secret.blank?
20
+ Rails.logger.warn("No lti secret found for oauth_consumer_key: #{oauth_consumer_key}")
21
+ end
22
+ end
23
+
24
+ if lti_secret.present? && AtomicLti1v1::Lti1v1.valid_lti_request?(request, lti_secret)
25
+ env['atomic.validated.oauth_consumer_key'] = oauth_consumer_key
26
+ elsif lti_secret.present? && !AtomicLti1v1::Lti1v1.valid_lti_request?(request, lti_secret)
27
+ raise AtomicLti1v1::LtiValidationFailed, "Validation failed for oauth_consumer_key: #{oauth_consumer_key}"
28
+ end
29
+ end
30
+
31
+ @app.call(env)
32
+ end
33
+ end
34
+ end
@@ -0,0 +1,3 @@
1
+ module AtomicLti1v1
2
+ VERSION = '1.0.1'
3
+ end
@@ -0,0 +1,9 @@
1
+ require 'atomic_lti_1v1/version'
2
+ require 'atomic_lti_1v1/engine'
3
+ require 'atomic_lti_1v1/lti_1v1_middleware'
4
+
5
+ module AtomicLti1v1
6
+ mattr_accessor :secret_provider
7
+
8
+ class LtiValidationFailed < StandardError; end
9
+ end
@@ -0,0 +1,4 @@
1
+ # desc "Explaining what the task does"
2
+ # task :atomic_lti_1v1 do
3
+ # # Task goes here
4
+ # end
metadata ADDED
@@ -0,0 +1,98 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: atomic_lti_1v1
3
+ version: !ruby/object:Gem::Version
4
+ version: 1.0.1
5
+ platform: ruby
6
+ authors:
7
+ - Nick Benoit
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2023-06-02 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: rspec
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - ">="
18
+ - !ruby/object:Gem::Version
19
+ version: '0'
20
+ type: :development
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - ">="
25
+ - !ruby/object:Gem::Version
26
+ version: '0'
27
+ - !ruby/object:Gem::Dependency
28
+ name: ims-lti
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - "~>"
32
+ - !ruby/object:Gem::Version
33
+ version: 2.3.3
34
+ type: :runtime
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - "~>"
39
+ - !ruby/object:Gem::Version
40
+ version: 2.3.3
41
+ - !ruby/object:Gem::Dependency
42
+ name: rails
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - ">="
46
+ - !ruby/object:Gem::Version
47
+ version: 6.1.3
48
+ type: :runtime
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - ">="
53
+ - !ruby/object:Gem::Version
54
+ version: 6.1.3
55
+ description: Rack middleware to handle validating Lti 1.1 requests
56
+ email:
57
+ - nick.benoit@atomicjolt.com
58
+ executables: []
59
+ extensions: []
60
+ extra_rdoc_files: []
61
+ files:
62
+ - MIT-LICENSE
63
+ - README.md
64
+ - Rakefile
65
+ - app/models/atomic_lti1v1/nonce.rb
66
+ - app/models/atomic_lti_1v1/application_record.rb
67
+ - config/routes.rb
68
+ - db/migrate/20220507041217_create_atomic_lti1v1_nonces.rb
69
+ - lib/atomic_lti_1v1.rb
70
+ - lib/atomic_lti_1v1/engine.rb
71
+ - lib/atomic_lti_1v1/lti_1v1.rb
72
+ - lib/atomic_lti_1v1/lti_1v1_middleware.rb
73
+ - lib/atomic_lti_1v1/version.rb
74
+ - lib/tasks/atomic_lti_1v1_tasks.rake
75
+ homepage: https://github.com/atomicjolt/atomic_lti_1v1
76
+ licenses:
77
+ - MIT
78
+ metadata: {}
79
+ post_install_message:
80
+ rdoc_options: []
81
+ require_paths:
82
+ - lib
83
+ required_ruby_version: !ruby/object:Gem::Requirement
84
+ requirements:
85
+ - - ">="
86
+ - !ruby/object:Gem::Version
87
+ version: '0'
88
+ required_rubygems_version: !ruby/object:Gem::Requirement
89
+ requirements:
90
+ - - ">="
91
+ - !ruby/object:Gem::Version
92
+ version: '0'
93
+ requirements: []
94
+ rubygems_version: 3.1.2
95
+ signing_key:
96
+ specification_version: 4
97
+ summary: Rack middleware to handle validating Lti 1.1 requests
98
+ test_files: []