atomic_lti_1v1 1.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 176fa5e170efd585a02c5b801a1a5eb129c442901fb50afa06d53759d6af3d04
+  data.tar.gz: 3a5bda879132e3edc8a7610d26ad5ab0ef1501e5037aa8c88cc8d78e5a7611bf
+SHA512:
+  metadata.gz: 4288e2af09e0f2340604844a8327f1db353b1a19d9cc1262b0801367d5c357eb3152b58467b7467f0ed0c04aaa1b6d3fd94eef71e9e1fd6f4bb6b968e204b21c
+  data.tar.gz: be0b0f824080ed8c5658dfa8ff9d0ed1226385a8727cf3c8060d1d8765b331257e622bf77eae667fda24a2c2b880f04cf7dc78bfe931778f43b34fa388e1f847

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright 2022 Nick Benoit
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,48 @@
+# AtomicLti1v1
+A middleware to validate LTI 1.1 requests. When a request is determined to be an lti launch, the middleware will validate the request. Upon a successful validation the `oauth_consumer_key` will be added to the rack environment here: `atomic.validated.oauth_consumer_key`.
+
+## Usage
+
+In another middleware, the validated oauth_consumer_key can be accessed like this:
+```
+
+def call(env)
+  env['atomic.validated.oauth_consumer_key'] # Validated oauth consumer key
+
+```
+
+In the rails app, the validated oauth_consumer_key can be accessed like this: 
+
+```
+request.env["atomic.validated.oauth_consumer_key"]
+```
+
+
+## Installation
+
+<!-- * Add to gemfile TODO should we pull in tag, or what?
+  
+  `gem 'atomic_lti_1v1', git: '/Users/nickbenoit/Projects/atomic_lti_1v1'` -->
+
+### Install migrations
+
+```bash
+bin/rails atomic_lti1v1:install:migrations
+```
+This will copy only previously uncopied migrations to your project.
+
+
+### Add initializer
+Create file `config/initializers/atomic_lti_1v1.rb`
+Provide `secret_provider`
+
+  ```ruby
+  # Lookup an lti_secret from an oauth_consumer_key
+  AtomicLti1v1.secret_provider = Proc.new do |oauth_consumer_key| 
+    # If using most Atomic Jolt Apps, probably something like this
+    ApplicationInstance.find_by(lti_key: oauth_consumer_key)&.lti_secret 
+  end
+  ```
+
+## License
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,8 @@
+require 'bundler/setup'
+
+APP_RAKEFILE = File.expand_path('test/dummy/Rakefile', __dir__)
+load 'rails/tasks/engine.rake'
+
+load 'rails/tasks/statistics.rake'
+
+require 'bundler/gem_tasks'

data/app/models/atomic_lti1v1/nonce.rb

@@ -0,0 +1,17 @@
+module AtomicLti1v1
+  class Nonce < ApplicationRecord
+    def self.valid?(nonce)
+      create!(nonce: nonce)
+      true
+    rescue ActiveRecord::RecordNotUnique => e
+      Rails.logger.warn("Failed to create nonce: #{nonce}")
+      false
+    end
+
+    # Remove old nonces from db. Run this from a background task to
+    # clean the db of extraneous data.
+    def self.clean
+      delete_all(['created_at < ?', Time.now - 6.hours])
+    end
+  end
+end

data/app/models/atomic_lti_1v1/application_record.rb

@@ -0,0 +1,5 @@
+module AtomicLti1v1
+  class ApplicationRecord < ActiveRecord::Base
+    self.abstract_class = true
+  end
+end

data/config/routes.rb

@@ -0,0 +1,2 @@
+AtomicLti1v1::Engine.routes.draw do
+end

data/db/migrate/20220507041217_create_atomic_lti1v1_nonces.rb

@@ -0,0 +1,9 @@
+class CreateAtomicLti1v1Nonces < ActiveRecord::Migration[6.1]
+  def change
+    create_table :atomic_lti1v1_nonces do |t|
+      t.string 'nonce'
+      t.timestamps
+      t.index ['nonce'], name: 'index_atomic_lti1v1_nonces_on_nonce', unique: true
+    end
+  end
+end

data/lib/atomic_lti_1v1/engine.rb

@@ -0,0 +1,5 @@
+module AtomicLti1v1
+  class Engine < ::Rails::Engine
+    isolate_namespace AtomicLti1v1
+  end
+end

data/lib/atomic_lti_1v1/lti_1v1.rb

@@ -0,0 +1,21 @@
+module AtomicLti1v1
+  class Lti1v1
+    def self.is_lti_1v1?(request)
+      request.params['oauth_consumer_key'].present?
+    end
+
+    def self.valid_timestamp?(request)
+      # If timestamp is older than 5 minutes it's invalid
+      !(DateTime.strptime(request.params['oauth_timestamp'], '%s') < 5.minutes.ago)
+    end
+
+    def self.valid_lti_request?(request, lti_secret)
+      authenticator = IMS::LTI::Services::MessageAuthenticator.new(request.url, request.params,
+                                                                   lti_secret)
+
+      authenticator.valid_signature? &&
+        AtomicLti1v1::Nonce.valid?(request.params['oauth_nonce']) &&
+        valid_timestamp?(request)
+    end
+  end
+end

data/lib/atomic_lti_1v1/lti_1v1_middleware.rb

@@ -0,0 +1,34 @@
+require_relative 'lti_1v1'
+module AtomicLti1v1
+  class Lti1v1Middleware
+    def initialize(app)
+      @app = app
+    end
+
+    def call(env)
+      request = Rack::Request.new(env)
+      if AtomicLti1v1::Lti1v1.is_lti_1v1?(request)
+        oauth_consumer_key = request.params['oauth_consumer_key']
+
+        lti_secret = nil
+        begin
+          lti_secret = AtomicLti1v1.secret_provider.call(oauth_consumer_key)
+        rescue StandardError => e
+          Rails.logger.error("Error looking up lti secret, #{e}")
+        ensure
+          if lti_secret.blank?
+            Rails.logger.warn("No lti secret found for oauth_consumer_key: #{oauth_consumer_key}")
+          end
+        end
+
+        if lti_secret.present? && AtomicLti1v1::Lti1v1.valid_lti_request?(request, lti_secret)
+          env['atomic.validated.oauth_consumer_key'] = oauth_consumer_key
+        elsif lti_secret.present? && !AtomicLti1v1::Lti1v1.valid_lti_request?(request, lti_secret)
+          raise AtomicLti1v1::LtiValidationFailed, "Validation failed for oauth_consumer_key: #{oauth_consumer_key}"
+        end
+      end
+
+      @app.call(env)
+    end
+  end
+end

data/lib/atomic_lti_1v1/version.rb

@@ -0,0 +1,3 @@
+module AtomicLti1v1
+  VERSION = '1.0.1'
+end

data/lib/atomic_lti_1v1.rb

@@ -0,0 +1,9 @@
+require 'atomic_lti_1v1/version'
+require 'atomic_lti_1v1/engine'
+require 'atomic_lti_1v1/lti_1v1_middleware'
+
+module AtomicLti1v1
+  mattr_accessor :secret_provider
+
+  class LtiValidationFailed < StandardError; end
+end

data/lib/tasks/atomic_lti_1v1_tasks.rake

@@ -0,0 +1,4 @@
+# desc "Explaining what the task does"
+# task :atomic_lti_1v1 do
+#   # Task goes here
+# end

metadata

@@ -0,0 +1,98 @@
+--- !ruby/object:Gem::Specification
+name: atomic_lti_1v1
+version: !ruby/object:Gem::Version
+  version: 1.0.1
+platform: ruby
+authors:
+- Nick Benoit
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2023-06-02 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: ims-lti
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.3.3
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.3.3
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 6.1.3
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 6.1.3
+description: Rack middleware to handle validating Lti 1.1 requests
+email:
+- nick.benoit@atomicjolt.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- MIT-LICENSE
+- README.md
+- Rakefile
+- app/models/atomic_lti1v1/nonce.rb
+- app/models/atomic_lti_1v1/application_record.rb
+- config/routes.rb
+- db/migrate/20220507041217_create_atomic_lti1v1_nonces.rb
+- lib/atomic_lti_1v1.rb
+- lib/atomic_lti_1v1/engine.rb
+- lib/atomic_lti_1v1/lti_1v1.rb
+- lib/atomic_lti_1v1/lti_1v1_middleware.rb
+- lib/atomic_lti_1v1/version.rb
+- lib/tasks/atomic_lti_1v1_tasks.rake
+homepage: https://github.com/atomicjolt/atomic_lti_1v1
+licenses:
+- MIT
+metadata: {}
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.1.2
+signing_key:
+specification_version: 4
+summary: Rack middleware to handle validating Lti 1.1 requests
+test_files: []