coalescing_panda 0.0.1

data/Rakefile

@@ -0,0 +1,28 @@
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+
+require 'rdoc/task'
+
+RDoc::Task.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'CoalescingPanda'
+  rdoc.options << '--line-numbers'
+  rdoc.rdoc_files.include('README.rdoc')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+APP_RAKEFILE = File.expand_path("../spec/dummy/Rakefile", __FILE__)
+load 'rails/tasks/engine.rake'
+
+
+
+Bundler::GemHelper.install_tasks
+
+require 'rspec/core/rake_task'
+
+RSpec::Core::RakeTask.new(:spec)
+
+task :default => :spec

data/app/assets/javascripts/coalescing_panda/application.js

@@ -0,0 +1,15 @@
+// This is a manifest file that'll be compiled into application.js, which will include all the files
+// listed below.
+//
+// Any JavaScript/Coffee file within this directory, lib/assets/javascripts, vendor/assets/javascripts,
+// or vendor/assets/javascripts of plugins, if any, can be referenced here using a relative path.
+//
+// It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the
+// compiled file.
+//
+// Read Sprockets README (https://github.com/sstephenson/sprockets#sprockets-directives) for details
+// about supported directives.
+//
+//= require jquery
+//= require jquery_ujs
+//= require_tree .

data/app/assets/javascripts/coalescing_panda/coalescing_panda/oauth2.js

@@ -0,0 +1,2 @@
+// Place all the behaviors and hooks related to the matching controller here.
+// All this logic will automatically be available in application.js.

data/app/assets/javascripts/coalescing_panda/oauth2.js.coffee

@@ -0,0 +1,8 @@
+$ ->
+  canvasAuth = (url) ->
+    newwindow = window.open(url, "name", "width=700,height=500")
+    newwindow.focus() if window.focus
+    false
+
+  $('#oauth_btn').bind 'click', (event) ->
+    canvasAuth($("input[name='canvas_oauth_url']").val())

data/app/assets/stylesheets/coalescing_panda/application.css

@@ -0,0 +1,13 @@
+/*
+ * This is a manifest file that'll be compiled into application.css, which will include all the files
+ * listed below.
+ *
+ * Any CSS and SCSS file within this directory, lib/assets/stylesheets, vendor/assets/stylesheets,
+ * or vendor/assets/stylesheets of plugins, if any, can be referenced here using a relative path.
+ *
+ * You're free to add application-wide styles to this file and they'll appear at the top of the
+ * compiled file, but it's generally better to create a new file per style scope.
+ *
+ *= require_self
+ *= require_tree .
+ */

data/app/assets/stylesheets/coalescing_panda/coalescing_panda/oauth2.css

@@ -0,0 +1,4 @@
+/*
+  Place all the styles related to the matching controller here.
+  They will automatically be included in application.css.
+*/

data/app/assets/stylesheets/coalescing_panda/oauth2.css

@@ -0,0 +1,4 @@
+/*
+  Place all the styles related to the matching controller here.
+  They will automatically be included in application.css.
+*/

data/app/controllers/coalescing_panda/application_controller.rb

@@ -0,0 +1,4 @@
+module CoalescingPanda
+  class ApplicationController < ActionController::Base
+  end
+end

data/app/controllers/coalescing_panda/lti_controller.rb

@@ -0,0 +1,32 @@
+require_dependency "coalescing_panda/application_controller"
+
+module CoalescingPanda
+  class LtiController < ApplicationController
+
+    def lti_config
+      lti_options = CoalescingPanda.lti_options
+      lti_nav = CoalescingPanda.lti_paths
+      platform = 'canvas.instructure.com'
+      host = "#{request.scheme}://#{request.host_with_port}"
+      tc = IMS::LTI::ToolConfig.new(:title => lti_options[:title], :launch_url => (lti_options[:launch_url])|| 'ABC')
+      tc.set_ext_param(platform, :domain, request.host)
+      tc.set_ext_param(platform, :privacy_level, 'public')
+      lti_nav.each do |k, v|
+        tc.set_ext_param(platform, "#{k.to_s}_navigation".to_sym, ext_params(v) )
+      end
+
+      #strip the launch url
+      xml = tc.to_xml.sub( /<blti:launch_url>.*<\/blti:launch_url>/, '') if lti_options[:launch_url].blank?
+      render :xml => xml
+    end
+
+    private
+
+    def ext_params(options)
+      url = options.delete(:url)
+      options[:url] = main_app.send(url+'_url')
+      options
+    end
+
+  end
+end

data/app/controllers/coalescing_panda/oauth2_controller.rb

@@ -0,0 +1,34 @@
+require_dependency "coalescing_panda/application_controller"
+
+module CoalescingPanda
+  class Oauth2Controller < ApplicationController
+
+    def oauth2
+    end
+
+    def redirect
+      unless params[:error]
+        lti_account = LtiAccount.find_by_key(params[:key])
+        client_id = lti_account.oauth2_client_id
+        client_key = lti_account.oauth2_client_key
+        user_id = params[:user_id]
+        api_domain = params[:api_domain]
+        client = Bearcat::Client.new(prefix: oauth2_protocol+'://'+api_domain)
+        token = client.retrieve_token(client_id, coalescing_panda.oauth2_redirect_url, client_key, params['code'])
+        CanvasApiAuth.where('user_id = ? and api_domain = ?', user_id, api_domain).first_or_create do |auth|
+          auth.api_token = token
+          auth.user_id = user_id
+          auth.api_domain = api_domain
+        end
+      end
+    end
+
+
+    private
+
+    def oauth2_protocol
+      ENV['OAUTH_PROTOCOL'] || 'https'
+    end
+
+  end
+end

data/app/models/coalescing_panda/canvas_api_auth.rb

@@ -0,0 +1,6 @@
+module CoalescingPanda
+  class CanvasApiAuth < ActiveRecord::Base
+    validates :user_id, :api_domain, presence: true
+    validates :user_id, uniqueness: {scope: :api_domain}
+  end
+end

data/app/models/coalescing_panda/lti_account.rb

@@ -0,0 +1,23 @@
+module CoalescingPanda
+  class LtiAccount < ActiveRecord::Base
+    validates :name, :key, uniqueness: true
+    validates :name, :key, :secret, presence: true
+    has_many :coalescing_panda_lti_nonces,
+             :foreign_key => :coalescing_panda_lti_account_id,
+             :class_name => 'CoalescingPanda::LtiNonce'
+
+    def validate_nonce(nonce, timestamp)
+      cleanup_nonce
+      if timestamp > 15.minutes.ago
+        coalescing_panda_lti_nonces.create(nonce:nonce, timestamp:timestamp).persisted?
+      end
+    end
+
+    private
+
+    def cleanup_nonce
+      coalescing_panda_lti_nonces.where('timestamp > ?', 15.minutes.ago).delete_all
+    end
+
+  end
+end

data/app/models/coalescing_panda/lti_nonce.rb

@@ -0,0 +1,12 @@
+module CoalescingPanda
+  class LtiNonce < ActiveRecord::Base
+    validates :coalescing_panda_lti_account, :nonce, :timestamp, :presence => true
+    validates :nonce, uniqueness: {scope: :coalescing_panda_lti_account}
+    belongs_to :coalescing_panda_lti_account, :class_name => 'CoalescingPanda::LtiAccount'
+  end
+
+  def cleanup
+    CoalescingPanda::LtiNonce.where("coalescing_panda_lti_account_id = ? AND timestamp < ?", b.coalescing_panda_lti_account.id, 15.minutes.ago )
+  end
+
+end

data/app/views/coalescing_panda/oauth2/oauth2.html.haml

@@ -0,0 +1,10 @@
+%input{type: 'hidden', value: "#{@canvas_url}", name: :canvas_oauth_url}
+%form.oauth2
+  %h2 Canvas Authentication Required
+  %button.btn-canvas#oauth_btn Authenticate
+
+%form{id: 'lti_form', action: "#{request.original_url}", method: 'post'}
+  - @lti_params.each do |k,v|
+    %input{:type =>"hidden", :value=>"#{v}", :name=>"#{k}"}
+
+= javascript_include_tag "coalescing_panda/oauth2"

data/app/views/coalescing_panda/oauth2/redirect.html.haml

@@ -0,0 +1,5 @@
+:javascript
+    $(document).ready( function() {
+      window.opener.document.forms["lti_form"].submit();
+      window.close();
+    } );

data/app/views/layouts/coalescing_panda/application.html.erb

@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>CoalescingPanda</title>
+  <%= stylesheet_link_tag    "coalescing_panda/application", media: "all" %>
+  <%= javascript_include_tag "coalescing_panda/application" %>
+  <%= csrf_meta_tags %>
+</head>
+<body>
+
+<%= yield %>
+
+</body>
+</html>

data/config/routes.rb

@@ -0,0 +1,4 @@
+CoalescingPanda::Engine.routes.draw do
+  get '/oauth2/redirect' => 'oauth2#redirect'
+  get '/config' => 'lti#lti_config'
+end

data/db/migrate/20131114150001_create_coalescing_panda_canvas_api_auths.rb

@@ -0,0 +1,10 @@
+class CreateCoalescingPandaCanvasApiAuths < ActiveRecord::Migration
+  def change
+    create_table :coalescing_panda_canvas_api_auths do |t|
+      t.string :user_id
+      t.string :api_domain
+      t.string :api_token
+      t.timestamps
+    end
+  end
+end

data/db/migrate/20131118211442_create_coalescing_panda_lti_accounts.rb

@@ -0,0 +1,14 @@
+class CreateCoalescingPandaLtiAccounts < ActiveRecord::Migration
+  def change
+    create_table :coalescing_panda_lti_accounts do |t|
+      t.string :name
+      t.string :key
+      t.string :secret
+      t.string :oauth2_client_id
+      t.string :oauth2_client_key
+
+
+      t.timestamps
+    end
+  end
+end

data/db/migrate/20131119165343_create_coalescing_panda_lti_nonces.rb

@@ -0,0 +1,9 @@
+class CreateCoalescingPandaLtiNonces < ActiveRecord::Migration
+  def change
+    create_table :coalescing_panda_lti_nonces do |t|
+      t.belongs_to :coalescing_panda_lti_account
+      t.string :nonce
+      t.datetime :timestamp
+    end
+  end
+end

data/lib/coalescing_panda/controller_helpers.rb

@@ -0,0 +1,61 @@
+module CoalescingPanda
+  module ControllerHelpers
+
+    def canvas_oauth2
+      user_id = params['user_id']
+      api_domain = params['custom_canvas_api_domain']
+
+      if token = CanvasApiAuth.where('user_id = ? and api_domain = ?', user_id, api_domain).pluck(:api_token).first
+        @client = Bearcat::Client.new(token: token, prefix: ENV['OAUTH_PROTOCOL']+'://'+api_domain)
+      else
+        client_id = ENV['OAUTH_CLIENT_ID']
+        client = Bearcat::Client.new(prefix: 'http://'+api_domain)
+        @lti_params = params.to_hash
+        @canvas_url = client.auth_redirect_url(client_id,
+                                               coalescing_panda.oauth2_redirect_url({key: params['oauth_consumer_key'],
+                                               user_id: user_id, api_domain: api_domain}))
+        #delete the added params so the original oauth sig still works
+        @lti_params.delete('action')
+        @lti_params.delete('controller')
+        render 'coalescing_panda/oauth2/oauth2'
+      end
+    end
+
+    def lti_authorize!(*roles)
+      authorized = false
+      if @lti_account = params['oauth_consumer_key'] && LtiAccount.find_by_key(params['oauth_consumer_key'])
+        @tp = IMS::LTI::ToolProvider.new(@lti_account.key, @lti_account.secret, params)
+        authorized = @tp.valid_request?(request)
+      end
+      authorized = authorized && (roles == 0 || (roles && lti_roles).count > 1)
+      authorized = authorized && @lti_account.validate_nonce(params['oauth_nonce'], DateTime.strptime(params['oauth_timestamp'],'%s'))
+      if !authorized
+        render :text => 'Invalid Credentials, please contact your Administrator.', :status => :unauthorized
+      end
+    end
+
+    def lti_roles
+        @lti_roles ||= params['roles'].split(',').map { |role|
+          case role.downcase.strip
+            when 'admin'
+              :admin
+            when 'urn:lti:instrole:ims/lis/administrator'
+              :admin
+            when 'learner'
+              :student
+            when 'instructor'
+              :teacher
+            when 'urn:lti:role:ims/lis/teachingassistant'
+              :ta
+            when 'contentdeveloper'
+              :designer
+            when 'urn:lti:instrole:ims/lis/observer'
+              :observer
+            else
+              :none
+          end
+        }.uniq
+    end
+
+  end
+end

data/lib/coalescing_panda/engine.rb

@@ -0,0 +1,17 @@
+module CoalescingPanda
+  class Engine < ::Rails::Engine
+    config.autoload_paths += Dir["#{config.root}/lib/**/"]
+    isolate_namespace CoalescingPanda
+
+    initializer 'coalescing_panda.app_controller' do |app|
+      OAUTH_10_SUPPORT = true
+      ActiveSupport.on_load(:action_controller) do
+        include CoalescingPanda::ControllerHelpers
+      end
+    end
+
+    initializer 'cloaescing_panda.route_helper' do |route|
+      ActionDispatch::Routing::Mapper.send :include, CoalescingPanda::RouteHelpers
+    end
+  end
+end

data/lib/coalescing_panda/route_helpers.rb

@@ -0,0 +1,28 @@
+module CoalescingPanda
+  module RouteHelpers
+    def lti_nav(nav, *rest, &block)
+      base_path = Rails.application.routes.named_routes[:coalescing_panda].path.spec
+      raise LtiNavigationInUse.new('CoalescingPanda must be mounted before defining lti_nav routes') if base_path.blank?
+      valid_options = [:course, :user, :account, :editor, :external_tool]
+      if rest.empty? && nav.is_a?(Hash)
+        options = nav
+        nav, to = options.find {|name, _value| valid_options.include? name}
+        options[:to] = to
+        options.delete(nav)
+      else
+        options = rest.pop || {}
+      end
+      lti_options = options.delete(:lti_options) || {}
+      path = "#{base_path}/#{nav.to_s}"
+      lti_options[:url] = path.split('/').reject(&:empty?).join('_')
+      CoalescingPanda::lti_navigation(nav, lti_options)
+      post path, options, &block
+    end
+
+    def lti_mount(app, options = nil)
+      CoalescingPanda.lti_options = options && options.delete(:lti_options)
+      mount(app, options)
+    end
+
+  end
+end

data/lib/coalescing_panda/version.rb

@@ -0,0 +1,3 @@
+module CoalescingPanda
+  VERSION = "0.0.1"
+end

data/lib/coalescing_panda.rb

@@ -0,0 +1,31 @@
+require "coalescing_panda/engine" if defined?(Rails)
+require 'ims/lti'
+require 'bearcat'
+require 'oauth/request_proxy/rack_request'
+
+module CoalescingPanda
+  class LtiNavigationInUse < StandardError;end
+  class NotMounted < StandardError;end
+
+  @@lti_navigation = {}
+  @@lti_options
+
+  def self.lti_options= lti_options
+    @@lti_options = lti_options
+  end
+
+  def self.lti_options
+    @@lti_options.deep_dup
+  end
+
+  def self.lti_navigation(navigation, options)
+    raise LtiNavigationInUse.new("#{navigation} can only be defined once") if @@lti_navigation.has_key?(navigation)
+    @@lti_navigation[navigation] = options
+  end
+
+  def self.lti_paths
+    @@lti_navigation.deep_dup
+  end
+
+end
+

data/lib/tasks/coalescing_panda_tasks.rake

@@ -0,0 +1,4 @@
+# desc "Explaining what the task does"
+# task :coalescing_panda do
+#   # Task goes here
+# end

data/spec/controllers/coalescing_panda/lti_controller_spec.rb

@@ -0,0 +1,42 @@
+require 'spec_helper'
+
+describe CoalescingPanda::LtiController do
+  routes { CoalescingPanda::Engine.routes }
+
+  describe '#lti_config' do
+
+    it 'generates lti xml config'do
+      controller.main_app.stub(:test_action_url) {'foo'}
+      get(:lti_config)
+      xml = Nokogiri::XML(response.body)
+      xml.at_xpath('//blti:title').text.should == 'LTI Tool'
+      xml.at_xpath('//lticm:property[@name="domain"]').text.should_not == nil
+      xml.at_xpath('//lticm:property[@name="privacy_level"]').text.should == 'public'
+    end
+
+    it 'generates lti nav config' do
+      controller.main_app.stub(:test_action_url) {'foo'}
+      CoalescingPanda.lti_navigation(:account, {
+        url: 'test_action',
+        text: 'My Title',
+        enabled: false
+      })
+      get(:lti_config)
+      xml = Nokogiri::XML(response.body)
+      account_nav = xml.at_xpath('//lticm:options[@name="account_navigation"]')
+      account_nav.at_xpath('lticm:property[@name="enabled"]').text.should == 'false'
+      account_nav.at_xpath('lticm:property[@name="text"]').text.should == 'My Title'
+      account_nav.at_xpath('lticm:property[@name="url"]').text.should == 'foo'
+    end
+
+  end
+
+
+  it 'get the url, from the action string' do
+    controller.main_app.stub(:test_action_url) {'foo'}
+    options = controller.send(:ext_params, {url:'test_action'})
+    options[:url].should == 'foo'
+  end
+
+
+end

data/spec/controllers/coalescing_panda/oauth2_controller_spec.rb

@@ -0,0 +1,22 @@
+require 'spec_helper'
+
+describe CoalescingPanda::Oauth2Controller do
+  routes { CoalescingPanda::Engine.routes }
+
+  describe "#redirect" do
+    it 'creates a token in the db' do
+      ENV['OAUTH_PROTOCOL'] = 'http'
+      Bearcat::Client.any_instance.stub(retrieve_token: 'foobar')
+      get :redirect, {user_id: 1, api_domain:'foo.com', code:'bar'}
+      auth = CoalescingPanda::CanvasApiAuth.find_by_user_id_and_api_domain(1, 'foo.com')
+      auth.should_not == nil
+    end
+
+    it "doesn't create a token in the db" do
+      get :redirect, {error: 'your face'}
+      CoalescingPanda::CanvasApiAuth.all.count.should == 0
+    end
+
+  end
+
+end

data/spec/dummy/README.rdoc

@@ -0,0 +1,28 @@
+== README
+
+This README would normally document whatever steps are necessary to get the
+application up and running.
+
+Things you may want to cover:
+
+* Ruby version
+
+* System dependencies
+
+* Configuration
+
+* Database creation
+
+* Database initialization
+
+* How to run the test suite
+
+* Services (job queues, cache servers, search engines, etc.)
+
+* Deployment instructions
+
+* ...
+
+
+Please feel free to use a different markup language if you do not plan to run
+<tt>rake doc:app</tt>.

data/spec/dummy/Rakefile

@@ -0,0 +1,6 @@
+# Add your own tasks in files placed in lib/tasks ending in .rake,
+# for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
+
+require File.expand_path('../config/application', __FILE__)
+
+Dummy::Application.load_tasks

data/spec/dummy/app/assets/javascripts/application.js

@@ -0,0 +1,13 @@
+// This is a manifest file that'll be compiled into application.js, which will include all the files
+// listed below.
+//
+// Any JavaScript/Coffee file within this directory, lib/assets/javascripts, vendor/assets/javascripts,
+// or vendor/assets/javascripts of plugins, if any, can be referenced here using a relative path.
+//
+// It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the
+// compiled file.
+//
+// Read Sprockets README (https://github.com/sstephenson/sprockets#sprockets-directives) for details
+// about supported directives.
+//
+//= require_tree .

data/spec/dummy/app/assets/stylesheets/application.css

@@ -0,0 +1,13 @@
+/*
+ * This is a manifest file that'll be compiled into application.css, which will include all the files
+ * listed below.
+ *
+ * Any CSS and SCSS file within this directory, lib/assets/stylesheets, vendor/assets/stylesheets,
+ * or vendor/assets/stylesheets of plugins, if any, can be referenced here using a relative path.
+ *
+ * You're free to add application-wide styles to this file and they'll appear at the top of the
+ * compiled file, but it's generally better to create a new file per style scope.
+ *
+ *= require_self
+ *= require_tree .
+ */

data/spec/dummy/app/controllers/application_controller.rb

@@ -0,0 +1,5 @@
+class ApplicationController < ActionController::Base
+  # Prevent CSRF attacks by raising an exception.
+  # For APIs, you may want to use :null_session instead.
+  protect_from_forgery with: :exception
+end

data/spec/dummy/app/helpers/application_helper.rb

@@ -0,0 +1,2 @@
+module ApplicationHelper
+end

data/spec/dummy/app/views/layouts/application.html.erb

@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>Dummy</title>
+  <%= stylesheet_link_tag    "application", media: "all", "data-turbolinks-track" => true %>
+  <%= javascript_include_tag "application", "data-turbolinks-track" => true %>
+  <%= csrf_meta_tags %>
+</head>
+<body>
+
+<%= yield %>
+
+</body>
+</html>

data/spec/dummy/bin/bundle

@@ -0,0 +1,3 @@
+#!/usr/bin/env ruby
+ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile', __FILE__)
+load Gem.bin_path('bundler', 'bundle')

data/spec/dummy/bin/rails

@@ -0,0 +1,4 @@
+#!/usr/bin/env ruby
+APP_PATH = File.expand_path('../../config/application',  __FILE__)
+require_relative '../config/boot'
+require 'rails/commands'

data/spec/dummy/bin/rake

@@ -0,0 +1,4 @@
+#!/usr/bin/env ruby
+require_relative '../config/boot'
+require 'rake'
+Rake.application.run

data/spec/dummy/config/application.rb

@@ -0,0 +1,23 @@
+require File.expand_path('../boot', __FILE__)
+
+require 'rails/all'
+
+Bundler.require(*Rails.groups)
+require "coalescing_panda"
+
+module Dummy
+  class Application < Rails::Application
+    # Settings in config/environments/* take precedence over those specified here.
+    # Application configuration should go into files in config/initializers
+    # -- all .rb files in that directory are automatically loaded.
+
+    # Set Time.zone default to the specified zone and make Active Record auto-convert to this zone.
+    # Run "rake -D time" for a list of tasks for finding time zone names. Default is UTC.
+    # config.time_zone = 'Central Time (US & Canada)'
+
+    # The default locale is :en and all translations from config/locales/*.rb,yml are auto loaded.
+    # config.i18n.load_path += Dir[Rails.root.join('my', 'locales', '*.{rb,yml}').to_s]
+    # config.i18n.default_locale = :de
+  end
+end
+

data/spec/dummy/config/boot.rb

@@ -0,0 +1,5 @@
+# Set up gems listed in the Gemfile.
+ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../../../Gemfile', __FILE__)
+
+require 'bundler/setup' if File.exists?(ENV['BUNDLE_GEMFILE'])
+$LOAD_PATH.unshift File.expand_path('../../../../lib', __FILE__)