coalescing_panda 1.1.0 → 1.1.3

checksums.yaml

@@ -0,0 +1,15 @@
+---
+!binary "U0hBMQ==":
+  metadata.gz: !binary |-
+    MWZiYzEwOTYzYTc4YmZjMjEyZGEyZjIzNTAxZGUwZTAwYjhmYTRhYw==
+  data.tar.gz: !binary |-
+    NDU1YTg3MmNlNWE1YjQxZTgwZjliNDc4MmU5ODVlNjEzNTAyNWZjNw==
+SHA512:
+  metadata.gz: !binary |-
+    N2MxNGJlNzI0ODAzMWE3ZGQwYjExYWMyZWY2Mjg2NmRhNjNmY2IwNjg0ODU0
+    MTk2YjY0NzdlMmQ3NmEwOWIzOGYwYjY4MTBkNTY2NGIyOWMyOTljZTkzNmQy
+    ZWI1MzFhNzdjYjA1YmJmYjJkZTBhZmU2OTA3MTFjNDViNDRmNWQ=
+  data.tar.gz: !binary |-
+    MGMzMTE4ZDkwOTIzNjAyZjYxYWE5MDZkOTFiOTY0MWFhMzhiMzkzZDM4NDgx
+    MTE2NWRlYWE5Yjc1YjdmNjZhY2UxZDE1YTBlMGZmOWNkYTk4OTJjYjM0YjM0
+    MjVhMzI1NTYwODUyZmJiMDM4OTJkYjNmNTg2NjlhMTA4YzJiOTE=

data/app/controllers/coalescing_panda/lti_controller.rb

@@ -36,6 +36,11 @@ module CoalescingPanda
       render 'coalescing_panda/launch'
     end
 
+    def start_session
+      session['started'] = true
+      redirect_to CGI::unescape(params['referer'])
+    end
+
     private
 
     def setting_name(name)

data/app/controllers/coalescing_panda/oauth2_controller.rb

@@ -7,7 +7,7 @@ module CoalescingPanda
     end
 
     def redirect
-      unless params[:error]
+      if !params[:error] && valid_state_token
         lti_account = LtiAccount.find_by_key(params[:key])
         client_id = lti_account.oauth2_client_id
         client_key = lti_account.oauth2_client_key
@@ -30,5 +30,9 @@ module CoalescingPanda
       ENV['OAUTH_PROTOCOL'] || 'https'
     end
 
+    def valid_state_token
+      return false unless params['state'].present? && session['state'].present?
+      params['state'] == session['state']
+    end
   end
 end

data/config/routes.rb

@@ -3,4 +3,5 @@ CoalescingPanda::Engine.routes.draw do
   get '/config' => 'lti#lti_config'
   get '/launch' => 'lti#launch'
   get '/styleguide' => 'lti#styleguide'
+  get '/start_session' => 'lti#start_session', as: :start_session
 end

data/lib/coalescing_panda/controller_helpers.rb

@@ -19,10 +19,10 @@ module CoalescingPanda
         elsif @lti_account = params['oauth_consumer_key'] && LtiAccount.find_by_key(params['oauth_consumer_key'])
           client_id = @lti_account.oauth2_client_id
           client = Bearcat::Client.new(prefix: scheme+api_domain)
-
+          session['state'] = SecureRandom.hex(32)
           @canvas_url = client.auth_redirect_url(client_id,
                                                  coalescing_panda.oauth2_redirect_url({key: params['oauth_consumer_key'],
-                                                                                       user_id: user_id, api_domain: api_domain}))
+                                                                                       user_id: user_id, api_domain: api_domain, state: session['state']}))
           #delete the added params so the original oauth sig still works
           @lti_params.delete('action')
           @lti_params.delete('controller')
@@ -32,11 +32,12 @@ module CoalescingPanda
     end
 
     def have_session?
-      #if this is a new lti launch flush the session
-      if params['tool_consumer_instance_guid']
+      if params['tool_consumer_instance_guid'] && session['user_id'] != params['user_id']
         reset_session
         logger.info("resetting session params")
+        session['user_id'] = params['user_id']
       end
+
       if (session['user_id'] && session['uri'])
         uri = URI.parse(session['uri'])
         api_domain = uri.host

data/lib/coalescing_panda/version.rb

@@ -1,3 +1,3 @@
 module CoalescingPanda
-  VERSION = '1.1.0'
+  VERSION = '1.1.3'
 end

metadata

@@ -1,20 +1,18 @@
 --- !ruby/object:Gem::Specification
 name: coalescing_panda
 version: !ruby/object:Gem::Version
-  version: 1.1.0
-  prerelease: 
+  version: 1.1.3
 platform: ruby
 authors:
 - Nathan Mills
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-04-03 00:00:00.000000000 Z
+date: 2014-05-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
@@ -22,7 +20,6 @@ dependencies:
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
@@ -30,7 +27,6 @@ dependencies:
 - !ruby/object:Gem::Dependency
   name: bearcat
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
@@ -38,7 +34,6 @@ dependencies:
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
@@ -46,7 +41,6 @@ dependencies:
 - !ruby/object:Gem::Dependency
   name: macaddr
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - '='
       - !ruby/object:Gem::Version
@@ -54,7 +48,6 @@ dependencies:
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - '='
       - !ruby/object:Gem::Version
@@ -62,7 +55,6 @@ dependencies:
 - !ruby/object:Gem::Dependency
   name: ims-lti
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
@@ -70,7 +62,6 @@ dependencies:
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
@@ -78,7 +69,6 @@ dependencies:
 - !ruby/object:Gem::Dependency
   name: haml-rails
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
@@ -86,7 +76,6 @@ dependencies:
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
@@ -94,7 +83,6 @@ dependencies:
 - !ruby/object:Gem::Dependency
   name: sass-rails
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
@@ -102,7 +90,6 @@ dependencies:
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
@@ -110,7 +97,6 @@ dependencies:
 - !ruby/object:Gem::Dependency
   name: jquery-rails
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
@@ -118,7 +104,6 @@ dependencies:
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
@@ -126,7 +111,6 @@ dependencies:
 - !ruby/object:Gem::Dependency
   name: coffee-rails
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
@@ -134,15 +118,27 @@ dependencies:
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
         version: 4.0.0
+- !ruby/object:Gem::Dependency
+  name: protected_attributes
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: sqlite3
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
@@ -150,7 +146,6 @@ dependencies:
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
@@ -158,7 +153,6 @@ dependencies:
 - !ruby/object:Gem::Dependency
   name: rspec-rails
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
@@ -166,7 +160,6 @@ dependencies:
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
@@ -174,7 +167,6 @@ dependencies:
 - !ruby/object:Gem::Dependency
   name: shoulda-matchers
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
@@ -182,7 +174,6 @@ dependencies:
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
@@ -190,7 +181,6 @@ dependencies:
 - !ruby/object:Gem::Dependency
   name: nokogiri
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
@@ -198,7 +188,6 @@ dependencies:
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
@@ -206,7 +195,6 @@ dependencies:
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
@@ -214,7 +202,6 @@ dependencies:
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
@@ -222,7 +209,6 @@ dependencies:
 - !ruby/object:Gem::Dependency
   name: debugger
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
@@ -230,7 +216,20 @@ dependencies:
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: pry
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
@@ -242,6 +241,7 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- Rakefile
 - app/assets/images/bootstrap/glyphicons-halflings-white.png
 - app/assets/images/bootstrap/glyphicons-halflings.png
 - app/assets/javascripts/bootstrap/bootstrap-datepicker.js
@@ -271,15 +271,16 @@ files:
 - db/migrate/20131114150001_create_coalescing_panda_canvas_api_auths.rb
 - db/migrate/20131118211442_create_coalescing_panda_lti_accounts.rb
 - db/migrate/20131119165343_create_coalescing_panda_lti_nonces.rb
+- lib/coalescing_panda.rb
 - lib/coalescing_panda/controller_helpers.rb
 - lib/coalescing_panda/engine.rb
 - lib/coalescing_panda/route_helpers.rb
 - lib/coalescing_panda/version.rb
-- lib/coalescing_panda.rb
 - lib/tasks/coalescing_panda_tasks.rake
-- Rakefile
 - spec/controllers/coalescing_panda/lti_controller_spec.rb
 - spec/controllers/coalescing_panda/oauth2_controller_spec.rb
+- spec/dummy/README.rdoc
+- spec/dummy/Rakefile
 - spec/dummy/app/assets/javascripts/application.js
 - spec/dummy/app/assets/stylesheets/application.css
 - spec/dummy/app/controllers/application_controller.rb
@@ -288,6 +289,7 @@ files:
 - spec/dummy/bin/bundle
 - spec/dummy/bin/rails
 - spec/dummy/bin/rake
+- spec/dummy/config.ru
 - spec/dummy/config/application.rb
 - spec/dummy/config/boot.rb
 - spec/dummy/config/database.yml
@@ -305,39 +307,35 @@ files:
 - spec/dummy/config/initializers/wrap_parameters.rb
 - spec/dummy/config/locales/en.yml
 - spec/dummy/config/routes.rb
-- spec/dummy/config.ru
 - spec/dummy/db/schema.rb
 - spec/dummy/public/404.html
 - spec/dummy/public/422.html
 - spec/dummy/public/500.html
 - spec/dummy/public/favicon.ico
-- spec/dummy/Rakefile
-- spec/dummy/README.rdoc
 - spec/models/coalescing_panda/canvas_api_auth_spec.rb
 - spec/spec_helper.rb
 homepage: http://www.instructure.com
 licenses: []
+metadata: {}
 post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
   - - ! '>='
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
   - - ! '>='
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 1.8.23
+rubygems_version: 2.2.2
 signing_key: 
-specification_version: 3
+specification_version: 4
 summary: Canvas LTI and OAUTH2 mountable engine
 test_files:
 - spec/controllers/coalescing_panda/lti_controller_spec.rb