canvas_lti_third_party_cookies 0.3.3 → 1.0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +115 -42
- data/Rakefile +2 -0
- data/app/assets/images/canvas_lti_third_party_cookies/cookies.svg +581 -0
- data/app/assets/javascripts/canvas_lti_third_party_cookies/relaunch_on_login.js +77 -0
- data/app/assets/stylesheets/canvas_lti_third_party_cookies/relaunch_on_login.css +52 -0
- data/app/controllers/concerns/canvas_lti_third_party_cookies/relaunch_on_login.rb +84 -0
- data/app/views/canvas_lti_third_party_cookies/_cookie_message.erb +11 -0
- data/app/views/canvas_lti_third_party_cookies/relaunch_on_login.erb +49 -0
- data/lib/canvas_lti_third_party_cookies/engine.rb +18 -0
- data/lib/canvas_lti_third_party_cookies/version.rb +1 -1
- metadata +42 -17
- data/app/controllers/concerns/canvas_lti_third_party_cookies/safari_launch.rb +0 -76
- data/app/views/canvas_lti_third_party_cookies/full_window_launch.erb +0 -80
- data/app/views/canvas_lti_third_party_cookies/request_storage_access.erb +0 -115
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 153e4d2eaa313e523dcfbab4139c2ea938a0969261d7c69ec15bb3028c2ab506
|
4
|
+
data.tar.gz: 1b0808375ebfeb54e896183db7a769b40f32475d503a184af43300629da6f732
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 186d3c0358b1f72fceee476b794ee3f87332e111a4cdfc5295fd6a4d529f8ceac8770cf9aaf3f57c9b0207aba66b9d98ac1b4e22ab9f83b7e6ead6a8fa539da7
|
7
|
+
data.tar.gz: 5cc9890e6df93bcf9cd824617758070ee69ff53428de2bf1c69f0e8f44b89fe50f4309322ca211a961d3adfea90e393eab6d6fd03bad1517e879a5fb9e82df4b
|
data/README.md
CHANGED
@@ -1,70 +1,143 @@
|
|
1
1
|
# canvas_lti_third_party_cookies
|
2
2
|
|
3
|
-
Safari blocks all 3rd-party cookies by default, which breaks LTI tools that rely on setting cookies when launched in an iframe. Instead,
|
4
|
-
See this article for a detailed explanation: https://community.canvaslms.com/t5/Developers-Group/Safari-13-1-and-LTI-Integration/ba-p/273051
|
3
|
+
Safari blocks all 3rd-party cookies by default, which breaks LTI tools that rely on setting cookies when launched in an iframe. Other browsers will soon follow suit. Instead, Safari exposes a new API for getting user-permitted access to set cookies from an iframe, which unfortunately doesn't completely work for LTI use cases.
|
4
|
+
See this article for a detailed explanation of the Storage Access API and previous attempts to launch LTI tools in Safari: https://community.canvaslms.com/t5/Developers-Group/Safari-13-1-and-LTI-Integration/ba-p/273051
|
5
5
|
|
6
|
-
|
7
|
-
which is responsible for some parts of this cookie dance, including launching the tool in a full-window 1st-party context, and providing a
|
8
|
-
redirect url for the relaunch after the full-window launch is complete.
|
6
|
+
The current workaround that this gem implements is to relaunch the tool in a new tab, new window, or popup window, where it can set first-party cookies to its heart's content. The relaunch occurs during the login request, so the tool is entirely in control, and no other parts of the LTI launch flow are modified.
|
9
7
|
|
10
|
-
|
11
|
-
|
8
|
+
## Installation
|
9
|
+
Add this line to your application's Gemfile:
|
12
10
|
|
13
|
-
|
11
|
+
```ruby
|
12
|
+
# Set 3rd party cookies in Safari
|
13
|
+
gem 'canvas_lti_third_party_cookies'
|
14
|
+
```
|
15
|
+
|
16
|
+
And then execute:
|
17
|
+
```bash
|
18
|
+
$ bundle install
|
19
|
+
```
|
14
20
|
|
15
|
-
|
16
|
-
|
21
|
+
Since this gem includes some static assets (JS, CSS, images), you will need to make sure
|
22
|
+
that your application runs the `rake assets:precompile` task at some point during its
|
23
|
+
build process. Most Rails applications will be running that already, either directly or
|
24
|
+
as part of the `rake webpacker:compile` task.
|
17
25
|
|
18
|
-
|
19
|
-
|
20
|
-
* the `launch_params` parameter is optional, and should contain
|
21
|
-
all needed query parameters that the tool requires to launch.
|
22
|
-
* the `launch_data` parameter is optional, and should contain
|
23
|
-
all needed form data that the tool requires to launch.
|
26
|
+
Neglecting to precompile assets will result in runtime errors when users try to launch
|
27
|
+
your LTI tool.
|
24
28
|
|
25
|
-
|
29
|
+
## Usage
|
26
30
|
|
31
|
+
Choose the Rails controller action that's used to handle tool authentication requests.
|
32
|
+
Set the before_action callback below to run on that action, and pass the data needed.
|
33
|
+
|
34
|
+
* `redirect_url` (required): the authorization redirect URL to continue the login flow
|
35
|
+
* `redirect_data` (required): all form data required for the authorization redirect, which
|
36
|
+
the previous login render call should have included in a form tag.
|
37
|
+
* `window_type`: (optional) Set to `:new_window` to open the tool in a
|
38
|
+
new tab or window, or to `:popup` to open in a popup window.
|
39
|
+
Defaults to `:new_window`.
|
40
|
+
* `width`: (optional) The width the popup window should be, in px. User
|
41
|
+
has the discretion to ignore this. Only valid with window_type: popup.
|
42
|
+
Defaults to 800px.
|
43
|
+
* `height`: (optional) The height the popup window should be, in px. User
|
44
|
+
has the discretion to ignore this. Only valid with window_type: popup.
|
45
|
+
Defaults to 600px.
|
46
|
+
|
47
|
+
example:
|
27
48
|
```ruby
|
28
|
-
include CanvasLtiThirdPartyCookies::
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
49
|
+
include CanvasLtiThirdPartyCookies::RelaunchOnLogin
|
50
|
+
...
|
51
|
+
def login
|
52
|
+
state, nonce = create_and_cache_state # handled elsewhere
|
53
|
+
redirect_url = 'http://canvas.instructure.com/api/lti/authorize_redirect'
|
54
|
+
# this data is part of the OIDC Launch Flow as defined here:
|
55
|
+
# https://www.imsglobal.org/spec/security/v1p0/#step-2-authentication-request
|
56
|
+
redirect_data = {
|
57
|
+
scope: 'openid',
|
58
|
+
response_type: 'id_token',
|
59
|
+
response_mode: 'form_post',
|
60
|
+
prompt: 'none',
|
61
|
+
redirect_uri: tool_launch_url, # defined elsewhere
|
62
|
+
client_id: params.require(:client_id),
|
63
|
+
login_hint: params.require(:login_hint),
|
64
|
+
lti_message_hint: params.require(:lti_message_hint),
|
65
|
+
state: state,
|
66
|
+
nonce: nonce
|
67
|
+
}
|
68
|
+
|
69
|
+
relaunch_on_login(redirect_url, redirect_data)
|
70
|
+
end
|
33
71
|
```
|
34
72
|
|
35
|
-
|
36
|
-
launches, see the comments in `app/controllers/concerns/canvas_lti_third_party_cookies/safari_launch.rb`.
|
73
|
+
## Local Development
|
37
74
|
|
38
|
-
|
39
|
-
|
75
|
+
To make changes and test them locally, it's possible to install this gem in a local
|
76
|
+
LTI tool installation.
|
40
77
|
|
41
|
-
|
42
|
-
|
43
|
-
|
78
|
+
1. In your tool's Gemfile, add `, path: './cookies'` to the line for this gem.
|
79
|
+
2. In your tool's docker-compose.override.yml, add a new volume to link this gem's
|
80
|
+
folder to the `./cookies` path. It should look like this:
|
81
|
+
```
|
82
|
+
volumes:
|
83
|
+
- ./path/to/lti_third_party_cookies:/usr/src/app/cookies
|
84
|
+
```
|
85
|
+
3. `bundle install` again.
|
44
86
|
|
45
|
-
|
46
|
-
|
87
|
+
The same process is possible with non-docker-compose apps, just directly point to the
|
88
|
+
gem's folder from your tool's Gemfile.
|
47
89
|
|
48
|
-
|
49
|
-
|
50
|
-
|
90
|
+
## Testing
|
91
|
+
|
92
|
+
### Ruby Tests
|
93
|
+
|
94
|
+
The ruby tests use `minitest`, which comes bundled with rails. To run them locally:
|
95
|
+
```
|
96
|
+
rails test
|
51
97
|
```
|
52
98
|
|
53
|
-
|
54
|
-
```
|
55
|
-
|
99
|
+
There is a Docker setup for running tests that's used for CI. To run them in Docker locally:
|
100
|
+
```
|
101
|
+
docker build -f test/Dockerfile.ruby -t ruby-test .
|
102
|
+
docker run --rm ruby-test rails test
|
56
103
|
```
|
57
104
|
|
58
|
-
|
105
|
+
### Javascript Tests
|
59
106
|
|
60
|
-
|
61
|
-
$ rails test
|
107
|
+
The JS tests are self-contained in the `test/javascripts` folder. To run them locally:
|
62
108
|
```
|
109
|
+
cd test/javascripts
|
110
|
+
yarn install
|
111
|
+
yarn test
|
112
|
+
```
|
113
|
+
|
114
|
+
There is a Docker setup for running tests that's used for CI. To run them in Docker locally:
|
115
|
+
```
|
116
|
+
docker build -f test/Dockerfile.node -t node-test .
|
117
|
+
docker run --rm node-test yarn test
|
118
|
+
```
|
119
|
+
|
120
|
+
## i18n
|
121
|
+
|
122
|
+
All user-facing strings in this gem are localized and translated into the languages that
|
123
|
+
Canvas supports. Any time that any strings are changed, you should make sure this is run:
|
124
|
+
```
|
125
|
+
rake app:i18nliner:dump
|
126
|
+
```
|
127
|
+
Then, add `config/locales/generated/en.yml` to your commit.
|
128
|
+
|
129
|
+
After making changes to `en.yml`, you will need to push these changes to the
|
130
|
+
`instructure-translations` S3 bucket so that the translators can update other locales.
|
131
|
+
TODO: the script or Jenkins job to actually push to S3.
|
132
|
+
|
133
|
+
Once translators have finished updating other locales, they will notify you, and you can
|
134
|
+
pull down the new locale files into `config/locales`, and commit and push them.
|
135
|
+
TODO: the script or Jenkins job to pull from S3.
|
63
136
|
|
64
137
|
## Publishing New Versions
|
65
138
|
|
66
139
|
1. Bump the version in `lib/canvas_lti_third_party_cookies/version.rb`.
|
67
|
-
2.
|
68
|
-
3.
|
140
|
+
2. `rake install`
|
141
|
+
3. Commit, push, and merge that change.
|
69
142
|
4. `gem push pkg/canvas_lti_third_party_cookies-<version>.gem`
|
70
143
|
- note that this will only work if you have access
|