atomic_lti_1v1 1.0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/MIT-LICENSE +20 -0
- data/README.md +48 -0
- data/Rakefile +8 -0
- data/app/models/atomic_lti1v1/nonce.rb +17 -0
- data/app/models/atomic_lti_1v1/application_record.rb +5 -0
- data/config/routes.rb +2 -0
- data/db/migrate/20220507041217_create_atomic_lti1v1_nonces.rb +9 -0
- data/lib/atomic_lti_1v1/engine.rb +5 -0
- data/lib/atomic_lti_1v1/lti_1v1.rb +21 -0
- data/lib/atomic_lti_1v1/lti_1v1_middleware.rb +34 -0
- data/lib/atomic_lti_1v1/version.rb +3 -0
- data/lib/atomic_lti_1v1.rb +9 -0
- data/lib/tasks/atomic_lti_1v1_tasks.rake +4 -0
- metadata +98 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: 176fa5e170efd585a02c5b801a1a5eb129c442901fb50afa06d53759d6af3d04
|
4
|
+
data.tar.gz: 3a5bda879132e3edc8a7610d26ad5ab0ef1501e5037aa8c88cc8d78e5a7611bf
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 4288e2af09e0f2340604844a8327f1db353b1a19d9cc1262b0801367d5c357eb3152b58467b7467f0ed0c04aaa1b6d3fd94eef71e9e1fd6f4bb6b968e204b21c
|
7
|
+
data.tar.gz: be0b0f824080ed8c5658dfa8ff9d0ed1226385a8727cf3c8060d1d8765b331257e622bf77eae667fda24a2c2b880f04cf7dc78bfe931778f43b34fa388e1f847
|
data/MIT-LICENSE
ADDED
@@ -0,0 +1,20 @@
|
|
1
|
+
Copyright 2022 Nick Benoit
|
2
|
+
|
3
|
+
Permission is hereby granted, free of charge, to any person obtaining
|
4
|
+
a copy of this software and associated documentation files (the
|
5
|
+
"Software"), to deal in the Software without restriction, including
|
6
|
+
without limitation the rights to use, copy, modify, merge, publish,
|
7
|
+
distribute, sublicense, and/or sell copies of the Software, and to
|
8
|
+
permit persons to whom the Software is furnished to do so, subject to
|
9
|
+
the following conditions:
|
10
|
+
|
11
|
+
The above copyright notice and this permission notice shall be
|
12
|
+
included in all copies or substantial portions of the Software.
|
13
|
+
|
14
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
15
|
+
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
16
|
+
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
17
|
+
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
18
|
+
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
19
|
+
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
20
|
+
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
data/README.md
ADDED
@@ -0,0 +1,48 @@
|
|
1
|
+
# AtomicLti1v1
|
2
|
+
A middleware to validate LTI 1.1 requests. When a request is determined to be an lti launch, the middleware will validate the request. Upon a successful validation the `oauth_consumer_key` will be added to the rack environment here: `atomic.validated.oauth_consumer_key`.
|
3
|
+
|
4
|
+
## Usage
|
5
|
+
|
6
|
+
In another middleware, the validated oauth_consumer_key can be accessed like this:
|
7
|
+
```
|
8
|
+
|
9
|
+
def call(env)
|
10
|
+
env['atomic.validated.oauth_consumer_key'] # Validated oauth consumer key
|
11
|
+
|
12
|
+
```
|
13
|
+
|
14
|
+
In the rails app, the validated oauth_consumer_key can be accessed like this:
|
15
|
+
|
16
|
+
```
|
17
|
+
request.env["atomic.validated.oauth_consumer_key"]
|
18
|
+
```
|
19
|
+
|
20
|
+
|
21
|
+
## Installation
|
22
|
+
|
23
|
+
<!-- * Add to gemfile TODO should we pull in tag, or what?
|
24
|
+
|
25
|
+
`gem 'atomic_lti_1v1', git: '/Users/nickbenoit/Projects/atomic_lti_1v1'` -->
|
26
|
+
|
27
|
+
### Install migrations
|
28
|
+
|
29
|
+
```bash
|
30
|
+
bin/rails atomic_lti1v1:install:migrations
|
31
|
+
```
|
32
|
+
This will copy only previously uncopied migrations to your project.
|
33
|
+
|
34
|
+
|
35
|
+
### Add initializer
|
36
|
+
Create file `config/initializers/atomic_lti_1v1.rb`
|
37
|
+
Provide `secret_provider`
|
38
|
+
|
39
|
+
```ruby
|
40
|
+
# Lookup an lti_secret from an oauth_consumer_key
|
41
|
+
AtomicLti1v1.secret_provider = Proc.new do |oauth_consumer_key|
|
42
|
+
# If using most Atomic Jolt Apps, probably something like this
|
43
|
+
ApplicationInstance.find_by(lti_key: oauth_consumer_key)&.lti_secret
|
44
|
+
end
|
45
|
+
```
|
46
|
+
|
47
|
+
## License
|
48
|
+
The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
|
data/Rakefile
ADDED
@@ -0,0 +1,17 @@
|
|
1
|
+
module AtomicLti1v1
|
2
|
+
class Nonce < ApplicationRecord
|
3
|
+
def self.valid?(nonce)
|
4
|
+
create!(nonce: nonce)
|
5
|
+
true
|
6
|
+
rescue ActiveRecord::RecordNotUnique => e
|
7
|
+
Rails.logger.warn("Failed to create nonce: #{nonce}")
|
8
|
+
false
|
9
|
+
end
|
10
|
+
|
11
|
+
# Remove old nonces from db. Run this from a background task to
|
12
|
+
# clean the db of extraneous data.
|
13
|
+
def self.clean
|
14
|
+
delete_all(['created_at < ?', Time.now - 6.hours])
|
15
|
+
end
|
16
|
+
end
|
17
|
+
end
|
data/config/routes.rb
ADDED
@@ -0,0 +1,21 @@
|
|
1
|
+
module AtomicLti1v1
|
2
|
+
class Lti1v1
|
3
|
+
def self.is_lti_1v1?(request)
|
4
|
+
request.params['oauth_consumer_key'].present?
|
5
|
+
end
|
6
|
+
|
7
|
+
def self.valid_timestamp?(request)
|
8
|
+
# If timestamp is older than 5 minutes it's invalid
|
9
|
+
!(DateTime.strptime(request.params['oauth_timestamp'], '%s') < 5.minutes.ago)
|
10
|
+
end
|
11
|
+
|
12
|
+
def self.valid_lti_request?(request, lti_secret)
|
13
|
+
authenticator = IMS::LTI::Services::MessageAuthenticator.new(request.url, request.params,
|
14
|
+
lti_secret)
|
15
|
+
|
16
|
+
authenticator.valid_signature? &&
|
17
|
+
AtomicLti1v1::Nonce.valid?(request.params['oauth_nonce']) &&
|
18
|
+
valid_timestamp?(request)
|
19
|
+
end
|
20
|
+
end
|
21
|
+
end
|
@@ -0,0 +1,34 @@
|
|
1
|
+
require_relative 'lti_1v1'
|
2
|
+
module AtomicLti1v1
|
3
|
+
class Lti1v1Middleware
|
4
|
+
def initialize(app)
|
5
|
+
@app = app
|
6
|
+
end
|
7
|
+
|
8
|
+
def call(env)
|
9
|
+
request = Rack::Request.new(env)
|
10
|
+
if AtomicLti1v1::Lti1v1.is_lti_1v1?(request)
|
11
|
+
oauth_consumer_key = request.params['oauth_consumer_key']
|
12
|
+
|
13
|
+
lti_secret = nil
|
14
|
+
begin
|
15
|
+
lti_secret = AtomicLti1v1.secret_provider.call(oauth_consumer_key)
|
16
|
+
rescue StandardError => e
|
17
|
+
Rails.logger.error("Error looking up lti secret, #{e}")
|
18
|
+
ensure
|
19
|
+
if lti_secret.blank?
|
20
|
+
Rails.logger.warn("No lti secret found for oauth_consumer_key: #{oauth_consumer_key}")
|
21
|
+
end
|
22
|
+
end
|
23
|
+
|
24
|
+
if lti_secret.present? && AtomicLti1v1::Lti1v1.valid_lti_request?(request, lti_secret)
|
25
|
+
env['atomic.validated.oauth_consumer_key'] = oauth_consumer_key
|
26
|
+
elsif lti_secret.present? && !AtomicLti1v1::Lti1v1.valid_lti_request?(request, lti_secret)
|
27
|
+
raise AtomicLti1v1::LtiValidationFailed, "Validation failed for oauth_consumer_key: #{oauth_consumer_key}"
|
28
|
+
end
|
29
|
+
end
|
30
|
+
|
31
|
+
@app.call(env)
|
32
|
+
end
|
33
|
+
end
|
34
|
+
end
|
metadata
ADDED
@@ -0,0 +1,98 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: atomic_lti_1v1
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 1.0.1
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Nick Benoit
|
8
|
+
autorequire:
|
9
|
+
bindir: bin
|
10
|
+
cert_chain: []
|
11
|
+
date: 2023-06-02 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: rspec
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - ">="
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '0'
|
20
|
+
type: :development
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - ">="
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: '0'
|
27
|
+
- !ruby/object:Gem::Dependency
|
28
|
+
name: ims-lti
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
30
|
+
requirements:
|
31
|
+
- - "~>"
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: 2.3.3
|
34
|
+
type: :runtime
|
35
|
+
prerelease: false
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
37
|
+
requirements:
|
38
|
+
- - "~>"
|
39
|
+
- !ruby/object:Gem::Version
|
40
|
+
version: 2.3.3
|
41
|
+
- !ruby/object:Gem::Dependency
|
42
|
+
name: rails
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
44
|
+
requirements:
|
45
|
+
- - ">="
|
46
|
+
- !ruby/object:Gem::Version
|
47
|
+
version: 6.1.3
|
48
|
+
type: :runtime
|
49
|
+
prerelease: false
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
51
|
+
requirements:
|
52
|
+
- - ">="
|
53
|
+
- !ruby/object:Gem::Version
|
54
|
+
version: 6.1.3
|
55
|
+
description: Rack middleware to handle validating Lti 1.1 requests
|
56
|
+
email:
|
57
|
+
- nick.benoit@atomicjolt.com
|
58
|
+
executables: []
|
59
|
+
extensions: []
|
60
|
+
extra_rdoc_files: []
|
61
|
+
files:
|
62
|
+
- MIT-LICENSE
|
63
|
+
- README.md
|
64
|
+
- Rakefile
|
65
|
+
- app/models/atomic_lti1v1/nonce.rb
|
66
|
+
- app/models/atomic_lti_1v1/application_record.rb
|
67
|
+
- config/routes.rb
|
68
|
+
- db/migrate/20220507041217_create_atomic_lti1v1_nonces.rb
|
69
|
+
- lib/atomic_lti_1v1.rb
|
70
|
+
- lib/atomic_lti_1v1/engine.rb
|
71
|
+
- lib/atomic_lti_1v1/lti_1v1.rb
|
72
|
+
- lib/atomic_lti_1v1/lti_1v1_middleware.rb
|
73
|
+
- lib/atomic_lti_1v1/version.rb
|
74
|
+
- lib/tasks/atomic_lti_1v1_tasks.rake
|
75
|
+
homepage: https://github.com/atomicjolt/atomic_lti_1v1
|
76
|
+
licenses:
|
77
|
+
- MIT
|
78
|
+
metadata: {}
|
79
|
+
post_install_message:
|
80
|
+
rdoc_options: []
|
81
|
+
require_paths:
|
82
|
+
- lib
|
83
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
84
|
+
requirements:
|
85
|
+
- - ">="
|
86
|
+
- !ruby/object:Gem::Version
|
87
|
+
version: '0'
|
88
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
89
|
+
requirements:
|
90
|
+
- - ">="
|
91
|
+
- !ruby/object:Gem::Version
|
92
|
+
version: '0'
|
93
|
+
requirements: []
|
94
|
+
rubygems_version: 3.1.2
|
95
|
+
signing_key:
|
96
|
+
specification_version: 4
|
97
|
+
summary: Rack middleware to handle validating Lti 1.1 requests
|
98
|
+
test_files: []
|