atomic_tenant 1.4.1 → 1.5.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 62aaa4fe481b26b696c0e6f441a16eb26377d402c764d85ce6e515d4b05fa89f
-  data.tar.gz: 6d92c3dc99883ad2a2648b9c311779c9ed364d578d1a1a87d717b269f00a2df3
+  metadata.gz: b96d3efc1008755065959ca9dbceff1b93296f11ea0289664119e3875d60a64d
+  data.tar.gz: 2c728035c438789a0c79bdde191392e1c7c6ae47464009a7533aaa963a11826b
 SHA512:
-  metadata.gz: 7fc4a3a440ea08f99dd22aec7f05005b5a514e22d7ae1805c0dbd7fbedafde9b6ba0fc2c446c41dfb4d6d74b0ad2c0a700f9a0deed994d9671202393dfaec561
-  data.tar.gz: 04ea249d9df9c4db70a206be70d838197950f4e7e38383be600049dd7c63da02242f64cef812ca8dac88f009b889b22bc0ea9ad4866f84ae6d2790404d22bf65
+  metadata.gz: 98ff0964945704bd35f93cb5a825df117b3722de817c57957c2668c54ded2e766cb715221b62180a1530eb46e1b23938a9b78093430396c5c16d729f54b6a9a3
+  data.tar.gz: 229e7facd2f8e460e2ccdbcc534274da1d6814871b4b6c402fc2ae89273fdb17db87c8b44f56ebc52446b3528925ddac1bcacf16fcaab4a0642e1c24b6aebfd2

data/lib/atomic_tenant/current_application_instance_middleware.rb

@@ -21,12 +21,18 @@ module AtomicTenant
         elsif env['atomic.validated.id_token'].present?
 
           custom_strategies = AtomicTenant.custom_strategies || []
+          custom_fallback_strategies = AtomicTenant.custom_fallback_strategies || []
           default_strategies = [
             AtomicTenant::DeploymentManager::PlatformGuidStrategy.new,
             AtomicTenant::DeploymentManager::ClientIdStrategy.new
           ]
 
-          deployment_manager = AtomicTenant::DeploymentManager::DeploymentManager.new(custom_strategies.concat(default_strategies))
+          deployment_manager = AtomicTenant::DeploymentManager::DeploymentManager.new([
+            *custom_strategies,
+            *default_strategies,
+            *custom_fallback_strategies
+          ])
+
           decoded_token = env['atomic.validated.decoded_id_token']
           iss = env['atomic.validated.decoded_id_token']['iss']
           deployment_id = env['atomic.validated.decoded_id_token'][AtomicLti::Definitions::DEPLOYMENT_ID]

data/lib/atomic_tenant/deployment_manager/abstract_auto_create_platform_guid_strategy.rb

@@ -0,0 +1,124 @@
+require 'uri'
+
+module AtomicTenant
+  module DeploymentManager
+    class AbstractAutoCreatePlatformGuidStrategy < DeploymentManagerStrategy
+      TRUSTED_ISSUERS = [
+        %r|^https://canvas\.instructure\.com$|,
+        %r|^https://[a-z0-9.-]+\.brightspace\.com$|,
+        %r|^https://blackboard\.com$|,
+      ].freeze
+
+      def name
+        raise NotImplementedError, "Subclasses must implement #name"
+      end
+
+      def call(decoded_id_token:)
+        issuer = decoded_id_token["iss"]
+        platform_guid = decoded_id_token.dig(AtomicLti::Definitions::TOOL_PLATFORM_CLAIM, "guid")
+        target_link_uri = decoded_id_token[AtomicLti::Definitions::TARGET_LINK_URI_CLAIM]
+
+        if !platform_guid.present? || !target_link_uri.present?
+          return AtomicTenant::DeploymentManager::DeploymentStrategyResult.new()
+        end
+
+        uri = URI.parse(target_link_uri)
+        application_key = uri.host&.split('.')&.first
+        return AtomicTenant::DeploymentManager::DeploymentStrategyResult.new() if !application_key.present?
+
+        app = Application.find_by(key: application_key)
+        return AtomicTenant::DeploymentManager::DeploymentStrategyResult.new() if app.nil?
+
+        if !TRUSTED_ISSUERS.any? { |pattern| issuer.match?(pattern) }
+          existing_app_instance_count = AtomicTenant::LtiDeployment
+            .joins(:application_instance)
+            .where(
+              iss: issuer,
+              application_instances: { application_id: app.id },
+            ).distinct.count(:application_instance_id)
+
+          if existing_app_instance_count >= AtomicTenant.untrusted_iss_tenant_limit
+            raise AtomicTenant::Exceptions::OnboardingException, "The issuer #{issuer} has reached the limit of #{AtomicTenant.untrusted_iss_tenant_limit} unique tenants for the application #{application_key}."
+          end
+        end
+
+        site_url = extract_site_url(decoded_id_token)
+
+        app_inst = find_application_instance(app, site_url, issuer, platform_guid)
+        app_inst ||= maybe_create_application_instance(app, site_url, issuer, platform_guid)
+        pin = pin_platform_guid(issuer, platform_guid, app.id, app_inst.id)
+        AtomicTenant::DeploymentManager::DeploymentStrategyResult.new(application_instance_id: pin.application_instance_id)
+      end
+
+      private
+
+      def find_application_instance(current_application, site_url, issuer, platform_guid)
+        raise NotImplementedError, "Subclasses must implement #find_application_instance"
+      end
+
+      def create_application_instance(app, site_url, issuer, platform_guid)
+        raise NotImplementedError, "Subclasses must implement #create_application_instance"
+      end
+
+      def maybe_create_application_instance(app, site_url, issuer, platform_guid)
+        ActiveRecord::Base.transaction do
+          create_application_instance(app, site_url, issuer, platform_guid)
+        rescue ActiveRecord::RecordNotUnique
+          # If we get a RecordNotUnique error, it means another process created the instance concurrently.
+          find_application_instance(app, site_url, issuer, platform_guid)
+        end
+      end
+
+      # Pin platform guid, handling concurrent launches both trying to pin the same
+      # platform guid at the same time.
+      def pin_platform_guid(iss, platform_guid, application_id, application_instance_id)
+        begin
+          AtomicTenant::PinnedPlatformGuid.create!(
+            iss:,
+            platform_guid:,
+            application_id:,
+            application_instance_id:,
+          )
+        rescue ActiveRecord::RecordNotUnique
+          AtomicTenant::PinnedPlatformGuid.find_by!(
+            iss:,
+            platform_guid:,
+            application_id:,
+            application_instance_id:,
+          )
+        end
+      end
+
+      def extract_site_url(decoded_id_token)
+        platform_claim = decoded_id_token[AtomicLti::Definitions::TOOL_PLATFORM_CLAIM]
+        product_family_code = platform_claim["product_family_code"]
+
+        if product_family_code == "canvas"
+          canvas_domain = decoded_id_token.dig(AtomicLti::Definitions::CUSTOM_CLAIM, "canvas_api_domain")
+          if canvas_domain.blank?
+            raise AtomicTenant::Exceptions::OnboardingException, "Missing canvas_api_domain claim from canvas launch"
+          end
+
+          ensure_https(canvas_domain)
+        elsif product_family_code == "BlackboardLearn"
+          blackboard_url = platform_claim["url"]
+
+          if blackboard_url.blank?
+            raise AtomicTenant::Exceptions::OnboardingException, "Missing url in platform claim from blackboard launch"
+          end
+
+          ensure_https(blackboard_url)
+        else
+          decoded_id_token["iss"]
+        end
+      end
+
+      def ensure_https(url)
+        return nil if url.blank?
+
+        url = "https://#{url}" unless url.start_with?("http")
+        url.gsub("http://", "https://")
+      end
+    end
+  end
+end

data/lib/atomic_tenant/deployment_manager/deployment_manager.rb

@@ -1,72 +1,69 @@
 module AtomicTenant
 
   module DeploymentManager
-      class DeploymentStrategyResult
-        attr_accessor :application_instance_id
-        attr_accessor :details
-
-        def initialize(application_instance_id: nil, details: nil)
-          @application_instance_id = application_instance_id
-          @details = details
-        end
+    class DeploymentStrategyResult
+      attr_accessor :application_instance_id, :details
 
+      def initialize(application_instance_id: nil, details: nil)
+        @application_instance_id = application_instance_id
+        @details = details
       end
 
-      class DeploymentManagerStrategy
-        def name; end
-        def call(decoded_id_token:); end
-      end
-
+    end
 
+    class DeploymentManagerStrategy
+      def name; end
+      def call(decoded_id_token:); end
+    end
 
     # Associate deployment
     class DeploymentManager
 
-        def initialize(strageties)
-            @strageties = strageties || []
-        end
-
-        def link_deployment_id(decoded_id_token:)
-          deployment_id = decoded_id_token[AtomicLti::Definitions::DEPLOYMENT_ID]
-          iss = decoded_id_token["iss"]
-
-          results = @strageties.flat_map do |strategy|
-            begin
-              [{name: strategy.name, result: strategy.call(decoded_id_token: decoded_id_token)}]
-            rescue StandardError => e
-               Rails.logger.error("Error in lti deployment linking strategy: #{strategy.name}, #{e}")
-              []
-            end
-          end
+      def initialize(strageties)
+        @strageties = strageties || []
+      end
 
-          Rails.logger.debug("Linking Results: #{results}")
+      def link_deployment_id(decoded_id_token:)
+        deployment_id = decoded_id_token[AtomicLti::Definitions::DEPLOYMENT_ID]
+        iss = decoded_id_token["iss"]
 
-          matched = results.filter { |r| r[:result].application_instance_id.present? }
+        to_link = nil
+        strategy_name = nil
 
-          to_link = if matched.size == 1
-                      matched.first[:result]
-                    elsif matched.size > 1
-                      matched.first[:result]
-                      Rails.logger.info("Colliding strategies, Linking iss / deployment id: #{iss} / #{deployment_id} to application instance: #{to_link.application_instance_id}, all results: #{results}")
+        @strageties.each do |strategy|
+          result = strategy.call(decoded_id_token: decoded_id_token)
+          if result.application_instance_id.present?
+            to_link = result
+            strategy_name = strategy.name
+            break
+          end
+        rescue StandardError => e
+          Rails.logger.error("Error in lti deployment linking strategy: #{strategy.name}, #{e}")
+        end
 
-                    else
-                      raise AtomicTenant::Exceptions::UnableToLinkDeploymentError
-                    end
+        raise AtomicTenant::Exceptions::UnableToLinkDeploymentError if to_link.nil?
 
-          Rails.logger.info("Linking iss / deployment id: #{iss} / #{deployment_id} to application instance: #{to_link.application_instance_id}")
+        Rails.logger.info(
+          "Linking iss / deployment id: #{iss} / #{deployment_id} to application instance: " \
+          "#{to_link.application_instance_id} using strategy: #{strategy_name}"
+        )
 
-          associate_deployment(iss: iss, deployment_id: deployment_id,application_instance_id: to_link.application_instance_id)
-        end
+        associate_deployment(
+          iss: iss,
+          deployment_id: deployment_id,
+          application_instance_id: to_link.application_instance_id
+        )
+      end
 
-        private
+      private
 
-        def associate_deployment(iss:, deployment_id:, application_instance_id:)
-          AtomicTenant::LtiDeployment.create!(
-            iss: iss,
-            deployment_id: deployment_id,
-            application_instance_id: application_instance_id
-          )
-        end
+      def associate_deployment(iss:, deployment_id:, application_instance_id:)
+        AtomicTenant::LtiDeployment.create!(
+          iss: iss,
+          deployment_id: deployment_id,
+          application_instance_id: application_instance_id
+        )
+      end
     end
   end
 end

data/lib/atomic_tenant/exceptions.rb

@@ -10,5 +10,6 @@ module AtomicTenant
     class InvalidTenantKeyError < StandardError; end
     class TenantNotFoundError < StandardError; end
     class TenantNotSet < StandardError; end
+    class OnboardingException < StandardError; end
   end
 end

data/lib/atomic_tenant/version.rb

@@ -1,3 +1,3 @@
 module AtomicTenant
-  VERSION = '1.4.1'
+  VERSION = "1.5.1".freeze
 end

data/lib/atomic_tenant.rb

@@ -3,6 +3,7 @@ require 'atomic_tenant/deployment_manager/deployment_manager'
 require 'atomic_tenant/deployment_manager/platform_guid_strategy'
 require 'atomic_tenant/deployment_manager/client_id_strategy'
 require 'atomic_tenant/deployment_manager/deployment_manager_strategy'
+require 'atomic_tenant/deployment_manager/abstract_auto_create_platform_guid_strategy'
 require 'atomic_tenant/engine'
 require 'atomic_tenant/current_application_instance_middleware'
 require 'atomic_tenant/tenant_switching'
@@ -12,6 +13,9 @@ require 'atomic_tenant/active_job'
 
 module AtomicTenant
   mattr_accessor :custom_strategies
+  mattr_accessor :custom_fallback_strategies
+
+  mattr_accessor :untrusted_iss_tenant_limit, default: 100
 
   mattr_accessor :jwt_secret
   mattr_accessor :jwt_aud

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: atomic_tenant
 version: !ruby/object:Gem::Version
-  version: 1.4.1
+  version: 1.5.1
 platform: ruby
 authors:
 - Nick Benoit
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2025-01-29 00:00:00.000000000 Z
+date: 2025-11-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: atomic_lti
@@ -56,14 +56,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.0'
+        version: '3.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.0'
+        version: '3.0'
 description: Description of AtomicTenant.
 email:
 - nick.benoit@atomicjolt.com
@@ -87,6 +87,7 @@ files:
 - lib/atomic_tenant/active_job.rb
 - lib/atomic_tenant/canvas_content_migration.rb
 - lib/atomic_tenant/current_application_instance_middleware.rb
+- lib/atomic_tenant/deployment_manager/abstract_auto_create_platform_guid_strategy.rb
 - lib/atomic_tenant/deployment_manager/client_id_strategy.rb
 - lib/atomic_tenant/deployment_manager/deployment_manager.rb
 - lib/atomic_tenant/deployment_manager/deployment_manager_strategy.rb