coalescing_panda 4.6.1 → 5.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 8efea91014e88f07f7bd39860db6072161db84af
-  data.tar.gz: 88cad27a86b4a93c67fdb4ff7302214d0dde080c
+SHA256:
+  metadata.gz: d645cd8c2b844e464a37181c7810119004db0d11f74fb1293e97d7230412e8b3
+  data.tar.gz: e2741818208ab1301551d47c9063d20ee9bbb0a58e6db63b164cc068b0c2c76a
 SHA512:
-  metadata.gz: 5af45f9fb9b3b3fa3765dd3236ce47eacf5b1cba2e5b4e38d3b6a63dd8e35c3d30d98f117c4511ffd16b291943fbe598a69618a461eb04c3c7fbca6cd7cae1c7
-  data.tar.gz: 981e1e48035e68adb3680859f591f91e9ab759ff1c92198a370af467942e3a8f75d7ea57200e9f4cd42b9054aa9b14244e16438c054a080010b435a2af9f89e3
+  metadata.gz: 6430b3b457aa5776cd8590228794fcb77537824dbec08356ae9a512bf268e357e9a0f7e0db900ffa33d1f261964b393443719aa4a407b61970b26b19e7f65ce7
+  data.tar.gz: 3a4853c0b20ffc72041e5157f5a0813a8c5e30c27648b23193fc9d94652adaeda01ded2ef829e6e70617d6a02a7e89841cd5615474d0c866242fc435ba0d3eca

data/app/models/coalescing_panda/persistent_session.rb

@@ -0,0 +1,38 @@
+module CoalescingPanda
+  class PersistentSession < ActiveRecord::Base
+    serialize :data, Hash
+    belongs_to :coalescing_panda_lti_account, :class_name => 'CoalescingPanda::LtiAccount'
+    validates :coalescing_panda_lti_account_id, presence: true
+
+    after_initialize do
+      self.session_key ||= SecureRandom.urlsafe_base64(60)
+    end
+
+    def self.create_from_launch(launch_params, account_id)
+      session = PersistentSession.new(coalescing_panda_lti_account_id: account_id)
+      session.data[:launch_params] = launch_params.to_unsafe_h.with_indifferent_access
+      session.data[:roles] = launch_params['roles'].split(',').map { |role|
+        case role.downcase.strip
+        when 'admin'
+          :admin
+        when 'urn:lti:instrole:ims/lis/administrator'
+          :admin
+        when 'learner'
+          :student
+        when 'instructor'
+          :teacher
+        when 'urn:lti:role:ims/lis/teachingassistant'
+          :ta
+        when 'contentdeveloper'
+          :designer
+        when 'urn:lti:instrole:ims/lis/observer'
+          :observer
+        else
+          :none
+        end
+      }.uniq
+      session.save!
+      session
+    end
+  end
+end

data/db/migrate/20200528224505_create_coalescing_panda_persistent_session.rb

@@ -0,0 +1,13 @@
+class CreateCoalescingPandaPersistentSession < ActiveRecord::Migration
+  def change
+    create_table :coalescing_panda_persistent_sessions do |t|
+      t.string :session_key
+      t.text :data
+      t.integer :coalescing_panda_lti_account_id
+
+      t.timestamps null: false
+    end
+    add_index :coalescing_panda_persistent_sessions, :session_key, unique: true
+    add_index :coalescing_panda_persistent_sessions, :coalescing_panda_lti_account_id, name: 'index_persistent_session_on_lti_account_id'
+  end
+end

data/lib/coalescing_panda/controller_helpers.rb

@@ -2,6 +2,33 @@ require 'browser'
 
 module CoalescingPanda
   module ControllerHelpers
+    def current_session
+      @current_session ||= CoalescingPanda::PersistentSession.find_by(session_key: session_key) if session_key
+      @current_session ||= CoalescingPanda::PersistentSession.create_from_launch(params, current_lti_account.id)
+      @current_session
+    end
+
+    def current_lti_account
+      @account ||= CoalescingPanda::LtiAccount.find_by!(key: organization_key) if organization_key
+      @account ||= CoalescingPanda::LtiAccount.find_by(id: organization_id) if organization_id
+      @account
+    end
+
+    def current_session_data
+      current_session.data
+    end
+
+    def encrypted_session_key
+      msg_encryptor.encrypt_and_sign(current_session.session_key)
+    end
+
+    def save_session
+      current_session.try(:save)
+    end
+
+    def session_changed?
+      current_session.changed? && current_session.changes[:data].present?
+    end
 
     def canvas_oauth2(*roles)
       return if have_session?
@@ -100,18 +127,19 @@ module CoalescingPanda
 
     def lti_authorize!(*roles)
       authorized = false
-      if @lti_account = params['oauth_consumer_key'] && LtiAccount.find_by_key(params['oauth_consumer_key'])
+      if (@lti_account = params['oauth_consumer_key'] && LtiAccount.find_by_key(params['oauth_consumer_key']))
         sanitized_params = sanitize_params
         authenticator = IMS::LTI::Services::MessageAuthenticator.new(request.original_url, sanitized_params, @lti_account.secret)
         authorized = authenticator.valid_signature?
       end
-      logger.info 'not authorized on tp valid request' if !authorized
+      logger.info 'not authorized on tp valid request' unless authorized
       authorized = authorized && (roles.count == 0 || (roles & lti_roles).count > 0)
-      logger.info 'not authorized on roles' if !authorized
+      logger.info 'not authorized on roles' unless authorized
       authorized = authorized && @lti_account.validate_nonce(params['oauth_nonce'], DateTime.strptime(params['oauth_timestamp'], '%s'))
-      logger.info 'not authorized on nonce' if !authorized
+      logger.info 'not authorized on nonce' unless authorized
       render :text => 'Invalid Credentials, please contact your Administrator.', :status => :unauthorized unless authorized
-      authorized = authorized && check_for_iframes_problem if authorized
+      # create session on first launch
+      current_session
       authorized
     end
 
@@ -136,26 +164,7 @@ module CoalescingPanda
     end
 
     def lti_roles
-      @lti_roles ||= params['roles'].split(',').map { |role|
-        case role.downcase.strip
-          when 'admin'
-            :admin
-          when 'urn:lti:instrole:ims/lis/administrator'
-            :admin
-          when 'learner'
-            :student
-          when 'instructor'
-            :teacher
-          when 'urn:lti:role:ims/lis/teachingassistant'
-            :ta
-          when 'contentdeveloper'
-            :designer
-          when 'urn:lti:instrole:ims/lis/observer'
-            :observer
-          else
-            :none
-        end
-      }.uniq
+      @lti_roles ||= current_session_data[:roles]
     end
 
     def canvas_environment
@@ -168,38 +177,68 @@ module CoalescingPanda
     end
 
     def session_check
-      logger.warn 'session_check is deprecated. Functionality moved to canvas_oauth2.'
+      logger.warn 'session_check is deprecated. Functionality moved to lti_authorize.'
     end
 
-    def check_for_iframes_problem
-      if cookies_need_iframe_fix?
-        fix_iframe_cookies
-        return false
-      end
+    private
+
+    def msg_encryptor
+      @crypt ||= ActiveSupport::MessageEncryptor.new(Rails.application.secrets.secret_key_base[0..31])
+    end
+
+    def organization_key
+      params[:oauth_consumer_key] || (current_session_data[:launch_params][:oauth_consumer_key] if @current_session)
+    end
+
+    def organization_id
+      params[:organization_id] || (current_session_data[:launch_params][:organization_id] if @current_session)
+    end
 
-      # For safari we may have been launched temporarily full-screen by canvas.  This allows us to set the session cookie.
-      # In this case, we should make sure the session cookie is fixed and redirect back to canvas to properly launch the embedded LTI.
-      if params[:platform_redirect_url]
-        session[:safari_cookie_fixed] = true
-        redirect_to params[:platform_redirect_url]
-        return false
+    def session_key
+      if params[:encrypted_session_key]
+        return msg_encryptor.decrypt_and_verify(params[:encrypted_session_key])
       end
-      true
+      params[:session_key] || session_key_header
     end
 
-    def cookies_need_iframe_fix?
-      @browser ||= Browser.new(request.user_agent)
-      @browser.safari? && !request.referrer&.include?('sessionless_launch') && !session[:safari_cookie_fixed]  && !params[:platform_redirect_url]
+    def session_key_header
+      if (match = request.headers['Authorization'].try(:match, /crypted_token=(.+)/))
+        msg_encryptor.decrypt_and_verify(match[1])
+      elsif (match = request.headers['Authorization'].try(:match, /token=(.+)/))
+        match[1]
+      end
     end
 
-    def fix_iframe_cookies
-      if params[:safari_cookie_fix].present?
-        session[:safari_cookie_fixed] = true
-        redirect_to params[:return_to]
+    # Redirect with the session key intact. In production,
+    # handle this by encrypting the session key.  That way if the
+    # url is logged anywhere, it will all be encrypted data.   In dev,
+    # just put it in the URL. Putting it in the URL
+    # is insecure, but is fine in development.
+    # Keeping it in the URL in development means that it plays
+    # nicely with webpack-dev-server live reloading (otherwise
+    # you get an access error every time it tries to live reload).
+
+    def redirect_with_session_to(path, id_or_resource = nil, redirect_params = {})
+      if Rails.env.development? || Rails.env.test?
+        redirect_development_mode(path, id_or_resource, redirect_params)
       else
-        render 'coalescing_panda/lti/iframe_cookie_fix', layout: false
+        redirect_production_mode(path, id_or_resource, redirect_params)
       end
     end
 
+    def redirect_development_mode(path, id_or_resource = nil, redirect_params)
+      redirect_to send(path, id_or_resource, {
+          session_key: current_session.session_key,
+          organization_id: current_lti_account.id
+      }.merge(redirect_params))
+    end
+
+    def redirect_production_mode(path, id_or_resource = nil, redirect_params)
+      redirect_to send(path, id_or_resource, {
+          encrypted_session_key: encrypted_session_key,
+          organization_id: current_lti_account.id
+      }.merge(redirect_params))
+    end
+
   end
 end

data/lib/coalescing_panda/engine.rb

@@ -1,3 +1,5 @@
+require 'secure_headers'
+
 module CoalescingPanda
   class Engine < ::Rails::Engine
     config.autoload_once_paths += Dir["#{config.root}/lib/**/"]
@@ -35,5 +37,53 @@ module CoalescingPanda
       end
     end
 
+    initializer :secure_headers do |app|
+      connect_src = %w('self')
+      script_src = %w('self')
+
+      if Rails.env.development?
+        # Allow webpack-dev-server to work
+        connect_src << "http://localhost:3035"
+        connect_src << "ws://localhost:3035"
+
+        # Allow stuff like rack-mini-profiler to work in development:
+        # https://github.com/MiniProfiler/rack-mini-profiler/issues/327
+        # DON'T ENABLE THIS FOR PRODUCTION!
+        script_src << "'unsafe-eval'"
+      elsif CoalescingPanda.lti_options.has_key?(:allow_unsafe_eval) && CoalescingPanda.lti_options[:allow_unsafe_eval] == true
+        # For when code is returned from server and injected into dom.  Need to have unsafe-eval or it won't work.
+        script_src << "'unsafe-eval'"
+      end
+
+      SecureHeaders::Configuration.default do |config|
+        # The default cookie headers aren't compatible with PandaPal cookies currently
+        config.cookies = { samesite: { none: true } }
+
+        if Rails.env.production?
+          config.cookies[:secure] = true
+        end
+
+        # Need to allow LTI iframes
+        config.x_frame_options = "ALLOWALL"
+
+        config.x_content_type_options = "nosniff"
+        config.x_xss_protection = "1; mode=block"
+        config.referrer_policy = %w(origin-when-cross-origin strict-origin-when-cross-origin)
+
+        config.csp = {
+            default_src: %w('self'),
+            script_src: script_src,
+            # Certain CSS-in-JS libraries inline the CSS, so we need to use unsafe-inline for them
+            style_src: %w('self' 'unsafe-inline' blob: https://fonts.googleapis.com),
+            font_src: %w('self' data: https://fonts.gstatic.com),
+            connect_src: connect_src,
+        }
+      end
+
+      SecureHeaders::Configuration.override(:safari_override) do |config|
+        config.cookies = SecureHeaders::OPT_OUT
+      end
+    end
+
   end
 end

data/lib/coalescing_panda/version.rb

@@ -1,3 +1,3 @@
 module CoalescingPanda
-  VERSION = '4.6.1'
+  VERSION = '5.0.0'
 end

data/spec/dummy/db/schema.rb

@@ -173,6 +173,17 @@ ActiveRecord::Schema.define(version: 20160830183155) do
 
   add_index "coalescing_panda_oauth_states", ["state_key"], name: "index_coalescing_panda_oauth_states_on_state_key", unique: true
 
+  create_table "coalescing_panda_persistent_sessions", force: :cascade do |t|
+    t.string   "session_key"
+    t.text     "data"
+    t.integer  "coalescing_panda_lti_account_id"
+    t.datetime "created_at",                      null: false
+    t.datetime "updated_at",                      null: false
+  end
+
+  add_index "coalescing_panda_persistent_sessions", ["coalescing_panda_lti_account_id"], name: "index_persistent_session_on_lti_account_id", using: :btree
+  add_index "coalescing_panda_persistent_sessions", ["session_key"], name: "index_coalescing_panda_persistent_sessions_on_session_key", unique: true, using: :btree
+
   create_table "coalescing_panda_sections", force: :cascade do |t|
     t.integer  "coalescing_panda_course_id", null: false
     t.string   "name"

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: coalescing_panda
 version: !ruby/object:Gem::Version
-  version: 4.6.1
+  version: 5.0.0
 platform: ruby
 authors:
 - Nathan Mills
@@ -10,48 +10,48 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-02-19 00:00:00.000000000 Z
+date: 2020-06-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 4.2.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 4.2.1
 - !ruby/object:Gem::Dependency
   name: bearcat
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 1.3.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 1.3.0
 - !ruby/object:Gem::Dependency
   name: browser
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
@@ -72,308 +72,322 @@ dependencies:
   name: ims-lti
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: 2.1.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: 2.1.0
 - !ruby/object:Gem::Dependency
   name: haml-rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: sass-rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '3.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '3.2'
 - !ruby/object:Gem::Dependency
   name: jquery-rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: coffee-rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: p3p
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: delayed_job_active_record
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: open_uri_redirections
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: oauth
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 0.5.4
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 0.5.4
 - !ruby/object:Gem::Dependency
   name: rubyzip
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: 1.0.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: 1.0.0
+- !ruby/object:Gem::Dependency
+  name: secure_headers
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '6.3'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '6.3'
 - !ruby/object:Gem::Dependency
   name: zip-zip
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: sqlite3
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: rspec-rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: factory_girl_rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: shoulda-matchers
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: nokogiri
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: pry
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: webmock
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: lol_dba
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: database_cleaner
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 description: 
@@ -385,154 +399,156 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- Rakefile
+- app/assets/images/bootstrap/glyphicons-halflings-white.png
+- app/assets/images/bootstrap/glyphicons-halflings.png
+- app/assets/javascripts/coalescing_panda/application.js
+- app/assets/javascripts/coalescing_panda/canvas_batch.js.coffee
+- app/assets/javascripts/coalescing_panda/oauth2.js.coffee
+- app/assets/stylesheets/coalescing_panda/application.css.scss
+- app/assets/stylesheets/coalescing_panda/launch.css.scss
+- app/assets/stylesheets/coalescing_panda/progress.css.scss
+- app/controllers/coalescing_panda/application_controller.rb
+- app/controllers/coalescing_panda/canvas_batches_controller.rb
+- app/controllers/coalescing_panda/lti_controller.rb
+- app/controllers/coalescing_panda/oauth2_controller.rb
+- app/helpers/coalescing_panda/canvas_batches_helper.rb
+- app/models/coalescing_panda/assignment.rb
 - app/models/coalescing_panda/assignment_group.rb
-- app/models/coalescing_panda/group_membership.rb
-- app/models/coalescing_panda/enrollment.rb
+- app/models/coalescing_panda/canvas_api_auth.rb
 - app/models/coalescing_panda/canvas_batch.rb
-- app/models/coalescing_panda/assignment.rb
+- app/models/coalescing_panda/course.rb
+- app/models/coalescing_panda/enrollment.rb
 - app/models/coalescing_panda/group.rb
-- app/models/coalescing_panda/session.rb
-- app/models/coalescing_panda/section.rb
-- app/models/coalescing_panda/term.rb
+- app/models/coalescing_panda/group_category.rb
+- app/models/coalescing_panda/group_membership.rb
+- app/models/coalescing_panda/lti_account.rb
+- app/models/coalescing_panda/lti_nonce.rb
 - app/models/coalescing_panda/oauth_state.rb
+- app/models/coalescing_panda/persistent_session.rb
+- app/models/coalescing_panda/section.rb
+- app/models/coalescing_panda/session.rb
 - app/models/coalescing_panda/submission.rb
-- app/models/coalescing_panda/canvas_api_auth.rb
+- app/models/coalescing_panda/term.rb
+- app/models/coalescing_panda/user.rb
 - app/models/coalescing_panda/workers/account_miner.rb
-- app/models/coalescing_panda/workers/provisioning_miner.rb
 - app/models/coalescing_panda/workers/course_miner.rb
-- app/models/coalescing_panda/lti_nonce.rb
-- app/models/coalescing_panda/course.rb
-- app/models/coalescing_panda/lti_account.rb
-- app/models/coalescing_panda/user.rb
-- app/models/coalescing_panda/group_category.rb
+- app/models/coalescing_panda/workers/provisioning_miner.rb
 - app/models/concerns/single_table_polymorphic.rb
-- app/controllers/coalescing_panda/oauth2_controller.rb
-- app/controllers/coalescing_panda/application_controller.rb
-- app/controllers/coalescing_panda/lti_controller.rb
-- app/controllers/coalescing_panda/canvas_batches_controller.rb
+- app/views/coalescing_panda/canvas_batches/_canvas_batch.html.haml
+- app/views/coalescing_panda/canvas_batches/_canvas_batch_flash.html.haml
+- app/views/coalescing_panda/launch.html.haml
+- app/views/coalescing_panda/lti/iframe_cookie_fix.html.erb
 - app/views/coalescing_panda/oauth2/oauth2.html.haml
 - app/views/coalescing_panda/oauth2/redirect.html.haml
-- app/views/coalescing_panda/launch.html.haml
 - app/views/coalescing_panda/styleguide/styleguide.html
-- app/views/coalescing_panda/lti/iframe_cookie_fix.html.erb
-- app/views/coalescing_panda/canvas_batches/_canvas_batch.html.haml
-- app/views/coalescing_panda/canvas_batches/_canvas_batch_flash.html.haml
 - app/views/layouts/coalescing_panda/application.html.erb
-- app/assets/images/bootstrap/glyphicons-halflings.png
-- app/assets/images/bootstrap/glyphicons-halflings-white.png
-- app/assets/javascripts/coalescing_panda/oauth2.js.coffee
-- app/assets/javascripts/coalescing_panda/application.js
-- app/assets/javascripts/coalescing_panda/canvas_batch.js.coffee
-- app/assets/stylesheets/coalescing_panda/progress.css.scss
-- app/assets/stylesheets/coalescing_panda/application.css.scss
-- app/assets/stylesheets/coalescing_panda/launch.css.scss
-- app/helpers/coalescing_panda/canvas_batches_helper.rb
 - config/routes.rb
 - config/styleguide.yml
-- db/migrate/20141120151432_create_coalescing_panda_sections.rb
-- db/migrate/20150602205257_add_option_to_canvas_batches.rb
-- db/migrate/20150811140030_add_fields_to_users.rb
+- db/migrate/20131114150001_create_coalescing_panda_canvas_api_auths.rb
 - db/migrate/20131118211442_create_coalescing_panda_lti_accounts.rb
-- db/migrate/20150506192717_add_assignment_group_id_to_assignments.rb
-- db/migrate/20160830183155_create_coalescing_panda_oauth_states.rb
+- db/migrate/20131119165343_create_coalescing_panda_lti_nonces.rb
+- db/migrate/20140904223159_create_coalescing_panda_sessions.rb
+- db/migrate/20141119225319_create_coalescing_panda_terms.rb
+- db/migrate/20141119225721_create_coalescing_panda_courses.rb
+- db/migrate/20141120151432_create_coalescing_panda_sections.rb
+- db/migrate/20141120151940_create_coalescing_panda_assignments.rb
+- db/migrate/20141120152458_create_coalescing_panda_users.rb
 - db/migrate/20141120152546_create_coalescing_panda_submissions.rb
+- db/migrate/20141120153135_create_coalescing_panda_enrollments.rb
+- db/migrate/20141121174846_create_coalescing_panda_canvas_batches.rb
+- db/migrate/20141124160857_create_delayed_jobs.rb
 - db/migrate/20141208221740_add_submission_types_to_assignments.rb
-- db/migrate/20150709192717_add_leader_id_to_groups.rb
+- db/migrate/20150106175418_add_group_category_id_to_assignment.rb
+- db/migrate/20150106180131_add_published_to_assignments.rb
+- db/migrate/20150107205405_create_coalescing_panda_groups.rb
 - db/migrate/20150107205413_create_coalescing_panda_group_memberships.rb
-- db/migrate/20141120152458_create_coalescing_panda_users.rb
-- db/migrate/20141121174846_create_coalescing_panda_canvas_batches.rb
-- db/migrate/20150708192717_add_group_moderator_to_group_memberships.rb
 - db/migrate/20150210180516_add_context_to_canvas_batch.rb
-- db/migrate/20141120151940_create_coalescing_panda_assignments.rb
-- db/migrate/20140904223159_create_coalescing_panda_sessions.rb
 - db/migrate/20150506183335_create_coalescing_panda_assignment_groups.rb
-- db/migrate/20141120153135_create_coalescing_panda_enrollments.rb
-- db/migrate/20150107205405_create_coalescing_panda_groups.rb
-- db/migrate/20141119225721_create_coalescing_panda_courses.rb
-- db/migrate/20141124160857_create_delayed_jobs.rb
-- db/migrate/20131119165343_create_coalescing_panda_lti_nonces.rb
-- db/migrate/20150106180131_add_published_to_assignments.rb
+- db/migrate/20150506192717_add_assignment_group_id_to_assignments.rb
 - db/migrate/20150526144713_add_account_to_canvas_batches.rb
-- db/migrate/20150106175418_add_group_category_id_to_assignment.rb
+- db/migrate/20150602205257_add_option_to_canvas_batches.rb
+- db/migrate/20150708192717_add_group_moderator_to_group_memberships.rb
+- db/migrate/20150709192717_add_leader_id_to_groups.rb
 - db/migrate/20150714205405_create_coalescing_panda_group_categories.rb
+- db/migrate/20150811140030_add_fields_to_users.rb
 - db/migrate/20151209155923_add_refresh_settings_to_canvas_api_auth.rb
-- db/migrate/20131114150001_create_coalescing_panda_canvas_api_auths.rb
-- db/migrate/20141119225319_create_coalescing_panda_terms.rb
-- lib/tasks/coalescing_panda_tasks.rake
+- db/migrate/20160830183155_create_coalescing_panda_oauth_states.rb
+- db/migrate/20200528224505_create_coalescing_panda_persistent_session.rb
 - lib/coalescing_panda.rb
-- lib/coalescing_panda/controller_helpers.rb
 - lib/coalescing_panda/bearcat_uri.rb
+- lib/coalescing_panda/controller_helpers.rb
 - lib/coalescing_panda/engine.rb
-- lib/coalescing_panda/version.rb
 - lib/coalescing_panda/route_helpers.rb
-- Rakefile
-- spec/spec_helper.rb
-- spec/dummy/app/models/account.rb
-- spec/dummy/app/models/course.rb
-- spec/dummy/app/controllers/application_controller.rb
-- spec/dummy/app/views/layouts/application.html.erb
+- lib/coalescing_panda/version.rb
+- lib/tasks/coalescing_panda_tasks.rake
+- spec/controllers/coalescing_panda/canvas_batches_controller_spec.rb
+- spec/controllers/coalescing_panda/lti_controller_spec.rb
+- spec/controllers/coalescing_panda/oauth2_controller_spec.rb
+- spec/dummy/README.rdoc
+- spec/dummy/Rakefile
 - spec/dummy/app/assets/javascripts/application.js
 - spec/dummy/app/assets/stylesheets/application.css
+- spec/dummy/app/controllers/application_controller.rb
 - spec/dummy/app/helpers/application_helper.rb
-- spec/dummy/bin/rake
+- spec/dummy/app/models/account.rb
+- spec/dummy/app/models/course.rb
+- spec/dummy/app/views/layouts/application.html.erb
 - spec/dummy/bin/bundle
 - spec/dummy/bin/rails
-- spec/dummy/config/routes.rb
-- spec/dummy/config/locales/en.yml
-- spec/dummy/config/environments/production.rb
-- spec/dummy/config/environments/development.rb
-- spec/dummy/config/environments/test.rb
-- spec/dummy/config/environment.rb
+- spec/dummy/bin/rake
+- spec/dummy/config.ru
 - spec/dummy/config/application.rb
-- spec/dummy/config/database.yml
 - spec/dummy/config/boot.rb
-- spec/dummy/config/initializers/lti_initializer.rb
+- spec/dummy/config/database.yml
+- spec/dummy/config/environment.rb
+- spec/dummy/config/environments/development.rb
+- spec/dummy/config/environments/production.rb
+- spec/dummy/config/environments/test.rb
 - spec/dummy/config/initializers/backtrace_silencers.rb
-- spec/dummy/config/initializers/mime_types.rb
 - spec/dummy/config/initializers/filter_parameter_logging.rb
+- spec/dummy/config/initializers/inflections.rb
+- spec/dummy/config/initializers/lti_initializer.rb
+- spec/dummy/config/initializers/mime_types.rb
+- spec/dummy/config/initializers/secret_token.rb
 - spec/dummy/config/initializers/session_store.rb
 - spec/dummy/config/initializers/wrap_parameters.rb
-- spec/dummy/config/initializers/secret_token.rb
-- spec/dummy/config/initializers/inflections.rb
-- spec/dummy/config.ru
-- spec/dummy/Rakefile
-- spec/dummy/public/favicon.ico
+- spec/dummy/config/locales/en.yml
+- spec/dummy/config/routes.rb
+- spec/dummy/db/schema.rb
+- spec/dummy/public/404.html
 - spec/dummy/public/422.html
 - spec/dummy/public/500.html
-- spec/dummy/public/404.html
-- spec/dummy/db/schema.rb
-- spec/dummy/README.rdoc
-- spec/models/coalescing_panda/enrollment_spec.rb
-- spec/models/coalescing_panda/section_spec.rb
-- spec/models/coalescing_panda/lti_nonce_spec.rb
-- spec/models/coalescing_panda/lti_account_spec.rb
-- spec/models/coalescing_panda/canvas_batch_spec.rb
-- spec/models/coalescing_panda/term_spec.rb
-- spec/models/coalescing_panda/assignment_spec.rb
-- spec/models/coalescing_panda/submission_spec.rb
-- spec/models/coalescing_panda/assignment_group_spec.rb
-- spec/models/coalescing_panda/group_spec.rb
-- spec/models/coalescing_panda/workers/account_miner_spec.rb
-- spec/models/coalescing_panda/workers/course_miner_spec.rb
-- spec/models/coalescing_panda/canvas_api_auth_spec.rb
-- spec/models/coalescing_panda/group_membership_spec.rb
-- spec/models/coalescing_panda/user_spec.rb
-- spec/models/coalescing_panda/course_spec.rb
-- spec/factories/courses.rb
-- spec/factories/submissions.rb
+- spec/dummy/public/favicon.ico
+- spec/factories/accounts.rb
 - spec/factories/assignment_groups.rb
 - spec/factories/assignments.rb
 - spec/factories/canvas_api_auths.rb
-- spec/factories/enrollments.rb
 - spec/factories/canvas_batches.rb
+- spec/factories/courses.rb
+- spec/factories/enrollments.rb
 - spec/factories/sections.rb
-- spec/factories/accounts.rb
-- spec/factories/users.rb
+- spec/factories/submissions.rb
 - spec/factories/terms.rb
-- spec/controllers/coalescing_panda/canvas_batches_controller_spec.rb
-- spec/controllers/coalescing_panda/oauth2_controller_spec.rb
-- spec/controllers/coalescing_panda/lti_controller_spec.rb
+- spec/factories/users.rb
+- spec/models/coalescing_panda/assignment_group_spec.rb
+- spec/models/coalescing_panda/assignment_spec.rb
+- spec/models/coalescing_panda/canvas_api_auth_spec.rb
+- spec/models/coalescing_panda/canvas_batch_spec.rb
+- spec/models/coalescing_panda/course_spec.rb
+- spec/models/coalescing_panda/enrollment_spec.rb
+- spec/models/coalescing_panda/group_membership_spec.rb
+- spec/models/coalescing_panda/group_spec.rb
+- spec/models/coalescing_panda/lti_account_spec.rb
+- spec/models/coalescing_panda/lti_nonce_spec.rb
+- spec/models/coalescing_panda/section_spec.rb
+- spec/models/coalescing_panda/submission_spec.rb
+- spec/models/coalescing_panda/term_spec.rb
+- spec/models/coalescing_panda/user_spec.rb
+- spec/models/coalescing_panda/workers/account_miner_spec.rb
+- spec/models/coalescing_panda/workers/course_miner_spec.rb
 - spec/rails_helper.rb
+- spec/spec_helper.rb
 homepage: http://www.instructure.com
 licenses: []
 metadata: {}
@@ -542,17 +558,16 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.0.14
+rubygems_version: 3.1.2
 signing_key: 
 specification_version: 4
 summary: Canvas LTI and OAUTH2 mountable engine