coalescing_panda 4.8.0.beta.1 → 5.0.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/app/assets/config/coalescing_panda/manifest.js +3 -0
  3. data/app/controllers/coalescing_panda/oauth2_controller.rb +2 -0
  4. data/app/models/coalescing_panda/persistent_session.rb +1 -1
  5. data/lib/coalescing_panda/controller_helpers.rb +12 -12
  6. data/lib/coalescing_panda/engine.rb +11 -0
  7. data/lib/coalescing_panda/version.rb +1 -1
  8. metadata +5 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 2890e7eb4eb1f91be53b1a0063850b01a19b6433cd4d58415a0077603ee90ca2
4
- data.tar.gz: c687e98abbe7ac80c96a28a07c9b5aa896a4d606e22f32912c78c55df0594bca
3
+ metadata.gz: 683daed32c44f738fe0747932f43a2be9ee00490ac44b6bbda7a0c5f2e513660
4
+ data.tar.gz: 893aca1614fee0eef49a1bf9eeb2f0b02de240df3168ae82940a0f102a7e6a30
5
5
  SHA512:
6
- metadata.gz: b1370a25a326aa117263653f4c5ad3e2c033923db39503f18b9d5e4a2676f379e34f6ee9b998c3234cf381ff0fe14a3ff9906c861f335e168f236f5f2b78b6c5
7
- data.tar.gz: 85014215aa9943baba3f7946a1459093ffff62e42b0a7f99e11ff2fa2c2c311c117e4be60c4ef22c5e7ab9c69bb3cd84f21e597a7c4125b0834e8a97f83e2125
6
+ metadata.gz: 5c1666f7c708b34cd1161e53fcc2346c5122fd847797d9d2ddb7e9887ddb30e4e54a8992fc50b7998bf15153f6fc3bd851a1542bf7b93e0de34fa3a5b7aff4ca
7
+ data.tar.gz: c385b2c0e634fa4edc0bef7c2f14f7b6c5c484e8c0cee109095aed1bc1fd57c91d742aa401e6f2ad85cf8aeb232c0dea60c9dbb4f149706edb24cd0713c7ae92
data/app/assets/config/coalescing_panda/manifest.js ADDED
@@ -0,0 +1,3 @@
1
+ //= link_tree ../../images
2
+ //= link_directory ../../javascripts/coalescing_panda/ .js
3
+ //= link_directory ../../stylesheets/coalescing_panda/ .css
data/app/controllers/coalescing_panda/oauth2_controller.rb CHANGED
@@ -7,6 +7,8 @@ module CoalescingPanda
7
7
  end
8
8
 
9
9
  def redirect
10
+ use_secure_headers_override(:allow_inline_scripts)
11
+
10
12
  if !params[:error] && retrieve_oauth_state
11
13
  lti_account = LtiAccount.find_by_key(@oauth_state.data[:key])
12
14
  client_id = lti_account.oauth2_client_id
data/app/models/coalescing_panda/persistent_session.rb CHANGED
@@ -10,7 +10,7 @@ module CoalescingPanda
10
10
 
11
11
  def self.create_from_launch(launch_params, account_id)
12
12
  session = PersistentSession.new(coalescing_panda_lti_account_id: account_id)
13
- session.data[:launch_params] = launch_params.to_unsafe_h
13
+ session.data[:launch_params] = launch_params.to_unsafe_h.with_indifferent_access
14
14
  session.data[:roles] = launch_params['roles'].split(',').map { |role|
15
15
  case role.downcase.strip
16
16
  when 'admin'
data/lib/coalescing_panda/controller_helpers.rb CHANGED
@@ -187,11 +187,11 @@ module CoalescingPanda
187
187
  end
188
188
 
189
189
  def organization_key
190
- params[:oauth_consumer_key] || current_session_data[:organization_key]
190
+ params[:oauth_consumer_key] || (current_session_data[:launch_params][:oauth_consumer_key] if @current_session)
191
191
  end
192
192
 
193
193
  def organization_id
194
- params[:organization_id]
194
+ params[:organization_id] || (current_session_data[:launch_params][:organization_id] if @current_session)
195
195
  end
196
196
 
197
197
  def session_key
@@ -218,26 +218,26 @@ module CoalescingPanda
218
218
  # nicely with webpack-dev-server live reloading (otherwise
219
219
  # you get an access error every time it tries to live reload).
220
220
 
221
- def redirect_with_session_to(path, id_or_model = nil, params = {})
222
- if Rails.env.development?
223
- redirect_development_mode(path, id_or_model, params)
221
+ def redirect_with_session_to(path, id_or_resource = nil, redirect_params = {})
222
+ if Rails.env.development? || Rails.env.test?
223
+ redirect_development_mode(path, id_or_resource, redirect_params)
224
224
  else
225
- redirect_production_mode(path, id_or_model, params)
225
+ redirect_production_mode(path, id_or_resource, redirect_params)
226
226
  end
227
227
  end
228
228
 
229
- def redirect_development_mode(path, id_or_model = nil, params)
230
- redirect_to send(path, id_or_model, {
229
+ def redirect_development_mode(path, id_or_resource = nil, redirect_params)
230
+ redirect_to send(path, id_or_resource, {
231
231
  session_key: current_session.session_key,
232
232
  organization_id: current_lti_account.id
233
- }.merge(params))
233
+ }.merge(redirect_params))
234
234
  end
235
235
 
236
- def redirect_production_mode(path, id_or_model = nil, params)
237
- redirect_to send(path, id_or_model, {
236
+ def redirect_production_mode(path, id_or_resource = nil, redirect_params)
237
+ redirect_to send(path, id_or_resource, {
238
238
  encrypted_session_key: encrypted_session_key,
239
239
  organization_id: current_lti_account.id
240
- }.merge(params))
240
+ }.merge(redirect_params))
241
241
  end
242
242
 
243
243
  end
data/lib/coalescing_panda/engine.rb CHANGED
@@ -25,6 +25,10 @@ module CoalescingPanda
25
25
  end
26
26
  end
27
27
 
28
+ initializer 'coalescing_panda.assets' do |app|
29
+ app.config.assets.precompile << 'coalescing_panda/manifest.js'
30
+ end
31
+
28
32
  initializer 'cloaescing_panda.route_helper' do |route|
29
33
  ActionDispatch::Routing::Mapper.send :include, CoalescingPanda::RouteHelpers
30
34
  end
@@ -50,6 +54,9 @@ module CoalescingPanda
50
54
  # https://github.com/MiniProfiler/rack-mini-profiler/issues/327
51
55
  # DON'T ENABLE THIS FOR PRODUCTION!
52
56
  script_src << "'unsafe-eval'"
57
+ elsif CoalescingPanda.lti_options.has_key?(:allow_unsafe_eval) && CoalescingPanda.lti_options[:allow_unsafe_eval] == true
58
+ # For when code is returned from server and injected into dom. Need to have unsafe-eval or it won't work.
59
+ script_src << "'unsafe-eval'"
53
60
  end
54
61
 
55
62
  SecureHeaders::Configuration.default do |config|
@@ -80,6 +87,10 @@ module CoalescingPanda
80
87
  SecureHeaders::Configuration.override(:safari_override) do |config|
81
88
  config.cookies = SecureHeaders::OPT_OUT
82
89
  end
90
+
91
+ SecureHeaders::Configuration.override(:allow_inline_scripts) do |config|
92
+ config.csp[:script_src] << "'unsafe-inline'"
93
+ end
83
94
  end
84
95
 
85
96
  end
data/lib/coalescing_panda/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module CoalescingPanda
2
- VERSION = '4.8.0.beta.1'
2
+ VERSION = '5.0.2'
3
3
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: coalescing_panda
3
3
  version: !ruby/object:Gem::Version
4
- version: 4.8.0.beta.1
4
+ version: 5.0.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Nathan Mills
@@ -10,7 +10,7 @@ authors:
10
10
  autorequire:
11
11
  bindir: bin
12
12
  cert_chain: []
13
- date: 2020-06-02 00:00:00.000000000 Z
13
+ date: 2020-07-27 00:00:00.000000000 Z
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
16
16
  name: rails
@@ -400,6 +400,7 @@ extensions: []
400
400
  extra_rdoc_files: []
401
401
  files:
402
402
  - Rakefile
403
+ - app/assets/config/coalescing_panda/manifest.js
403
404
  - app/assets/images/bootstrap/glyphicons-halflings-white.png
404
405
  - app/assets/images/bootstrap/glyphicons-halflings.png
405
406
  - app/assets/javascripts/coalescing_panda/application.js
@@ -563,9 +564,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
563
564
  version: '0'
564
565
  required_rubygems_version: !ruby/object:Gem::Requirement
565
566
  requirements:
566
- - - ">"
567
+ - - ">="
567
568
  - !ruby/object:Gem::Version
568
- version: 1.3.1
569
+ version: '0'
569
570
  requirements: []
570
571
  rubygems_version: 3.1.2
571
572
  signing_key: