atomic_lti_1v1 1.0.1 → 1.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 176fa5e170efd585a02c5b801a1a5eb129c442901fb50afa06d53759d6af3d04
-  data.tar.gz: 3a5bda879132e3edc8a7610d26ad5ab0ef1501e5037aa8c88cc8d78e5a7611bf
+  metadata.gz: 332b4e4c334846321195e2ea3f46f1e25806ac7c08973fecc533b52e56034cb9
+  data.tar.gz: c2b0499894e487fee66aec9c3e6fad1e3013b0fc00b210922411c668955f0601
 SHA512:
-  metadata.gz: 4288e2af09e0f2340604844a8327f1db353b1a19d9cc1262b0801367d5c357eb3152b58467b7467f0ed0c04aaa1b6d3fd94eef71e9e1fd6f4bb6b968e204b21c
-  data.tar.gz: be0b0f824080ed8c5658dfa8ff9d0ed1226385a8727cf3c8060d1d8765b331257e622bf77eae667fda24a2c2b880f04cf7dc78bfe931778f43b34fa388e1f847
+  metadata.gz: 39c89b02401dbfd8c07bdaa3e7e6307a5a1181d449e6e84a989d269abc48e16cb8a42f4a6b5025fdebf2324fcf27c12fd10b0f8d736f360990f444772b0db467
+  data.tar.gz: 88e1022bd1dcb20e1475696838088fa9fd89cfc075fe2563284e5e3b07b0e1a6a94a7537cc6a187821f8c8bf7ca1d109c257940b83e192d15dafa2e709fed673

data/README.md

@@ -42,6 +42,8 @@ Provide `secret_provider`
     # If using most Atomic Jolt Apps, probably something like this
     ApplicationInstance.find_by(lti_key: oauth_consumer_key)&.lti_secret 
   end
+  # List of path prefixes to handle. Default is the following:
+  AtomicLti1v1.path_prefixes = ["/lti_launches"] 
   ```
 
 ## License

data/lib/atomic_lti_1v1/lti_1v1.rb

@@ -1,7 +1,9 @@
 module AtomicLti1v1
   class Lti1v1
     def self.is_lti_1v1?(request)
-      request.params['oauth_consumer_key'].present?
+      request.params['oauth_consumer_key'].present? &&
+        request.params['oauth_signature'].present? &&
+        request.params['lti_version'] == 'LTI-1p0'
     end
 
     def self.valid_timestamp?(request)

data/lib/atomic_lti_1v1/lti_1v1_middleware.rb

@@ -5,9 +5,15 @@ module AtomicLti1v1
       @app = app
     end
 
+    def matches_path_prefixes?(request)
+      AtomicLti1v1.path_prefixes.any? do |prefix|
+        request.path.starts_with? prefix
+      end
+    end
+
     def call(env)
       request = Rack::Request.new(env)
-      if AtomicLti1v1::Lti1v1.is_lti_1v1?(request)
+      if matches_path_prefixes?(request) && AtomicLti1v1::Lti1v1.is_lti_1v1?(request)
         oauth_consumer_key = request.params['oauth_consumer_key']
 
         lti_secret = nil
@@ -26,6 +32,11 @@ module AtomicLti1v1
         elsif lti_secret.present? && !AtomicLti1v1::Lti1v1.valid_lti_request?(request, lti_secret)
           raise AtomicLti1v1::LtiValidationFailed, "Validation failed for oauth_consumer_key: #{oauth_consumer_key}"
         end
+
+        # Let the frontend know there's no state to validate.  This is an LTI 1.3 thing.
+        env["atomic.validated.state_validation"] = {
+          state_verified: true,
+        }
       end
 
       @app.call(env)

data/lib/atomic_lti_1v1/version.rb

@@ -1,3 +1,3 @@
 module AtomicLti1v1
-  VERSION = '1.0.1'
+  VERSION = '1.2.0'
 end

data/lib/atomic_lti_1v1.rb

@@ -4,6 +4,7 @@ require 'atomic_lti_1v1/lti_1v1_middleware'
 
 module AtomicLti1v1
   mattr_accessor :secret_provider
+  mattr_accessor :path_prefixes, default: ['/lti_launches']
 
   class LtiValidationFailed < StandardError; end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: atomic_lti_1v1
 version: !ruby/object:Gem::Version
-  version: 1.0.1
+  version: 1.2.0
 platform: ruby
 authors:
 - Nick Benoit
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-06-02 00:00:00.000000000 Z
+date: 2023-10-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rspec
@@ -91,7 +91,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.2
+rubygems_version: 3.4.19
 signing_key:
 specification_version: 4
 summary: Rack middleware to handle validating Lti 1.1 requests