canvas-embed 0.1.5 → 0.1.7

data/example/tmp/pids/server.pid

@@ -1 +1 @@
-32082
+92342

data/lib/canvas/embed/version.rb

@@ -2,6 +2,6 @@
 
 module Canvas
   module Embed
-    VERSION = '0.1.5'
+    VERSION = '0.1.7'
   end
 end

data/lib/canvas/embed.rb

@@ -8,7 +8,7 @@ require 'base64'
 module Canvas
   class InvalidScopeError < StandardError 
   end
-  module Embeds
+  module Embed
     module_function 
     # Public: Generate a token granting access to a scoped set of your data in Canvas
     #
@@ -17,7 +17,7 @@ module Canvas
     # expiration_seconds - Optional Integer, how long the token should be valid for
     # user_id - Optional String, identifier for the user, used in logging in Canvas.
     #
-    def generate_token(private_key, scopes, expiration_seconds = 3600, user_id = nil)
+    def generate_embed_token(private_key, scopes, expiration_seconds = 3600, user_id = nil)
       if !scopes.is_a?(Hash)
         raise InvalidScopeError.new("Invalid scope #{scopes} type #{scopes.class}")
       end
@@ -40,5 +40,33 @@ module Canvas
       # strict for no newlines
       Base64.strict_encode64(token)
     end
+
+    # Public: Generate a token allowing one of your users to login to your account or sub-account
+    #
+    # private_key - String, signing key obtained from Canvas
+    # email - String, the email of the user to login. This should match a user or invite in one of your accounts.
+    # expiration_seconds - Optional Integer, how long the token should be valid for. Default to 10 minutes.
+    # user_id - Optional String, identifier for the user, used in logging in Canvas.
+    #
+    def generate_login_token(private_key, email, expiration_seconds = 600, user_id = nil)
+      # token consists of an id and the signing key
+      key_id, key = private_key.split('.')
+      # transform signing key hex into bytes
+      key_bytes = [key].pack('H*')
+      secret_box = RbNaCl::SecretBox.new(key_bytes)
+      nonce = RbNaCl::Random.random_bytes(secret_box.nonce_bytes)
+      exp = Time.now.to_i + expiration_seconds
+      message = { 'email' => email, 'exp' => exp }
+      if user_id != nil
+        message['userId'] = user_id
+      end
+      ciphertext = secret_box.encrypt(nonce, message.to_json)
+      # transform bytes into hex
+      unpacked_message = ciphertext.unpack1('H*')
+      unpacked_nonce = nonce.unpack1('H*')
+      token = { 'message' => unpacked_message, 'nonce' => unpacked_nonce, 'keyId' => key_id }.to_json
+      # strict for no newlines
+      Base64.strict_encode64(token)
+    end
   end
 end

data/spec/canvas/embed_spec.rb

@@ -17,9 +17,9 @@ RSpec.describe Canvas::Embed do
     key = RbNaCl::Random.random_bytes(RbNaCl::SecretBox.key_bytes)
     unpacked_key = "emk_ZRzQbE9d.#{key.unpack1('H*')}"
 
-    original_message = { 'team' => 'canvas' }
+    scopes = { 'team' => 'canvas' }
 
-    token = Canvas::Embeds.generate_token(unpacked_key, original_message)
+    token = Canvas::Embed.generate_embed_token(unpacked_key, scopes)
     expect(token).not_to be nil
 
     decoded = JSON.parse(Base64.decode64(token))
@@ -43,15 +43,15 @@ RSpec.describe Canvas::Embed do
   it 'rejects non-hash' do
     key = RbNaCl::Random.random_bytes(RbNaCl::SecretBox.key_bytes)
     unpacked_key = "emk_ZRzQbE9d.#{key.unpack1('H*')}"
-    original_message = "'team': 'canvas'"
-    expect { Canvas::Embeds.generate_token(unpacked_key, original_message) }.to raise_error(Canvas::InvalidScopeError)
+    scopes = "'team': 'canvas'"
+    expect { Canvas::Embed.generate_embed_token(unpacked_key, scopes) }.to raise_error(Canvas::InvalidScopeError)
   end
 
   it 'accepts custom expiration and userId' do
     key = RbNaCl::Random.random_bytes(RbNaCl::SecretBox.key_bytes)
     unpacked_key = "emk_ZRzQbE9d.#{key.unpack1('H*')}"
-    original_message = { 'team' => 'canvas' }
-    token = Canvas::Embeds.generate_token(unpacked_key, original_message, 7200, "cus_abc123")
+    scopes = { 'team' => 'canvas' }
+    token = Canvas::Embed.generate_embed_token(unpacked_key, scopes, 7200, "cus_abc123")
     expect(token).not_to be nil
     decoded = JSON.parse(Base64.decode64(token))
     expect(decoded['keyId']).to eq('emk_ZRzQbE9d')
@@ -68,4 +68,25 @@ RSpec.describe Canvas::Embed do
     expect(context['exp']).to eq(Time.now.to_i + 7200)
     expect(context['userId']).to eq("cus_abc123")
   end
+
+  it 'generates login token' do
+    key = RbNaCl::Random.random_bytes(RbNaCl::SecretBox.key_bytes)
+    unpacked_key = "emk_ZRzQbE9d.#{key.unpack1('H*')}"
+    token = Canvas::Embed.generate_login_token(unpacked_key, "will@cooldata.com", 300)
+    expect(token).not_to be nil
+    decoded = JSON.parse(Base64.decode64(token))
+    expect(decoded['keyId']).to eq('emk_ZRzQbE9d')
+
+    message_hex = decoded['message']
+    nonce_hex = decoded['nonce']
+    nonce = [nonce_hex].pack('H*')
+    message = [message_hex].pack('H*')
+
+    secret_box = RbNaCl::SecretBox.new(key)
+    decrypted_message = secret_box.decrypt(nonce, message)
+    context = JSON.parse(decrypted_message)
+
+    expect(context['exp']).to eq(Time.now.to_i + 300)
+    expect(context['email']).to eq("will@cooldata.com")
+  end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: canvas-embed
 version: !ruby/object:Gem::Version
-  version: 0.1.5
+  version: 0.1.7
 platform: ruby
 authors:
 - Will Pride
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-11-07 00:00:00.000000000 Z
+date: 2023-11-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rbnacl
@@ -377,6 +377,7 @@ files:
 - example/tmp/cache/bootsnap/compile-cache-iseq/25/83a34761c8af44
 - example/tmp/cache/bootsnap/compile-cache-iseq/25/8bebc5d597430c
 - example/tmp/cache/bootsnap/compile-cache-iseq/26/0cfcf73cdf6304
+- example/tmp/cache/bootsnap/compile-cache-iseq/26/420cf4a622d71b
 - example/tmp/cache/bootsnap/compile-cache-iseq/26/6ddb4fa0c38419
 - example/tmp/cache/bootsnap/compile-cache-iseq/26/81cc0a2d59e201
 - example/tmp/cache/bootsnap/compile-cache-iseq/26/9b8998000f6bed
@@ -1414,6 +1415,7 @@ files:
 - example/tmp/cache/bootsnap/compile-cache-iseq/b2/7702d3d8709e10
 - example/tmp/cache/bootsnap/compile-cache-iseq/b2/bcfc7147918ee9
 - example/tmp/cache/bootsnap/compile-cache-iseq/b2/c3b52c4862931e
+- example/tmp/cache/bootsnap/compile-cache-iseq/b2/d451a148d6d303
 - example/tmp/cache/bootsnap/compile-cache-iseq/b3/08f99db6a2f454
 - example/tmp/cache/bootsnap/compile-cache-iseq/b3/2928ee05dee54a
 - example/tmp/cache/bootsnap/compile-cache-iseq/b3/5e2f2005224107
@@ -1689,6 +1691,7 @@ files:
 - example/tmp/cache/bootsnap/compile-cache-iseq/d8/7cf9cd6b97ce3e
 - example/tmp/cache/bootsnap/compile-cache-iseq/d8/8e9b55d3c27632
 - example/tmp/cache/bootsnap/compile-cache-iseq/d8/d4be612eb65cc7
+- example/tmp/cache/bootsnap/compile-cache-iseq/d8/fff5874ac0039e
 - example/tmp/cache/bootsnap/compile-cache-iseq/d9/00dae66024922b
 - example/tmp/cache/bootsnap/compile-cache-iseq/d9/4752982ff62455
 - example/tmp/cache/bootsnap/compile-cache-iseq/d9/57d00f31fb9cc2
@@ -1901,6 +1904,7 @@ files:
 - example/tmp/cache/bootsnap/compile-cache-iseq/f3/037a60ada5b445
 - example/tmp/cache/bootsnap/compile-cache-iseq/f3/04fcc413cfa4df
 - example/tmp/cache/bootsnap/compile-cache-iseq/f3/16cbd38ad66198
+- example/tmp/cache/bootsnap/compile-cache-iseq/f3/1d1f40f0899932
 - example/tmp/cache/bootsnap/compile-cache-iseq/f3/34717834a094e6
 - example/tmp/cache/bootsnap/compile-cache-iseq/f4/0e93d368e5e2fb
 - example/tmp/cache/bootsnap/compile-cache-iseq/f4/33d0950fc0ca80
@@ -2010,6 +2014,8 @@ files:
 - example/tmp/restart.txt
 - lib/canvas/embed.rb
 - lib/canvas/embed/version.rb
+- pkg/canvas-embed-0.1.5.gem
+- pkg/canvas-embed-0.1.6.gem
 - sig/canvas/embed.rbs
 - spec/canvas/embed_spec.rb
 - spec/spec_helper.rb