coalescing_panda 4.8.0.beta.1 → 5.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 2890e7eb4eb1f91be53b1a0063850b01a19b6433cd4d58415a0077603ee90ca2
4
- data.tar.gz: c687e98abbe7ac80c96a28a07c9b5aa896a4d606e22f32912c78c55df0594bca
3
+ metadata.gz: 683daed32c44f738fe0747932f43a2be9ee00490ac44b6bbda7a0c5f2e513660
4
+ data.tar.gz: 893aca1614fee0eef49a1bf9eeb2f0b02de240df3168ae82940a0f102a7e6a30
5
5
  SHA512:
6
- metadata.gz: b1370a25a326aa117263653f4c5ad3e2c033923db39503f18b9d5e4a2676f379e34f6ee9b998c3234cf381ff0fe14a3ff9906c861f335e168f236f5f2b78b6c5
7
- data.tar.gz: 85014215aa9943baba3f7946a1459093ffff62e42b0a7f99e11ff2fa2c2c311c117e4be60c4ef22c5e7ab9c69bb3cd84f21e597a7c4125b0834e8a97f83e2125
6
+ metadata.gz: 5c1666f7c708b34cd1161e53fcc2346c5122fd847797d9d2ddb7e9887ddb30e4e54a8992fc50b7998bf15153f6fc3bd851a1542bf7b93e0de34fa3a5b7aff4ca
7
+ data.tar.gz: c385b2c0e634fa4edc0bef7c2f14f7b6c5c484e8c0cee109095aed1bc1fd57c91d742aa401e6f2ad85cf8aeb232c0dea60c9dbb4f149706edb24cd0713c7ae92
@@ -0,0 +1,3 @@
1
+ //= link_tree ../../images
2
+ //= link_directory ../../javascripts/coalescing_panda/ .js
3
+ //= link_directory ../../stylesheets/coalescing_panda/ .css
@@ -7,6 +7,8 @@ module CoalescingPanda
7
7
  end
8
8
 
9
9
  def redirect
10
+ use_secure_headers_override(:allow_inline_scripts)
11
+
10
12
  if !params[:error] && retrieve_oauth_state
11
13
  lti_account = LtiAccount.find_by_key(@oauth_state.data[:key])
12
14
  client_id = lti_account.oauth2_client_id
@@ -10,7 +10,7 @@ module CoalescingPanda
10
10
 
11
11
  def self.create_from_launch(launch_params, account_id)
12
12
  session = PersistentSession.new(coalescing_panda_lti_account_id: account_id)
13
- session.data[:launch_params] = launch_params.to_unsafe_h
13
+ session.data[:launch_params] = launch_params.to_unsafe_h.with_indifferent_access
14
14
  session.data[:roles] = launch_params['roles'].split(',').map { |role|
15
15
  case role.downcase.strip
16
16
  when 'admin'
@@ -187,11 +187,11 @@ module CoalescingPanda
187
187
  end
188
188
 
189
189
  def organization_key
190
- params[:oauth_consumer_key] || current_session_data[:organization_key]
190
+ params[:oauth_consumer_key] || (current_session_data[:launch_params][:oauth_consumer_key] if @current_session)
191
191
  end
192
192
 
193
193
  def organization_id
194
- params[:organization_id]
194
+ params[:organization_id] || (current_session_data[:launch_params][:organization_id] if @current_session)
195
195
  end
196
196
 
197
197
  def session_key
@@ -218,26 +218,26 @@ module CoalescingPanda
218
218
  # nicely with webpack-dev-server live reloading (otherwise
219
219
  # you get an access error every time it tries to live reload).
220
220
 
221
- def redirect_with_session_to(path, id_or_model = nil, params = {})
222
- if Rails.env.development?
223
- redirect_development_mode(path, id_or_model, params)
221
+ def redirect_with_session_to(path, id_or_resource = nil, redirect_params = {})
222
+ if Rails.env.development? || Rails.env.test?
223
+ redirect_development_mode(path, id_or_resource, redirect_params)
224
224
  else
225
- redirect_production_mode(path, id_or_model, params)
225
+ redirect_production_mode(path, id_or_resource, redirect_params)
226
226
  end
227
227
  end
228
228
 
229
- def redirect_development_mode(path, id_or_model = nil, params)
230
- redirect_to send(path, id_or_model, {
229
+ def redirect_development_mode(path, id_or_resource = nil, redirect_params)
230
+ redirect_to send(path, id_or_resource, {
231
231
  session_key: current_session.session_key,
232
232
  organization_id: current_lti_account.id
233
- }.merge(params))
233
+ }.merge(redirect_params))
234
234
  end
235
235
 
236
- def redirect_production_mode(path, id_or_model = nil, params)
237
- redirect_to send(path, id_or_model, {
236
+ def redirect_production_mode(path, id_or_resource = nil, redirect_params)
237
+ redirect_to send(path, id_or_resource, {
238
238
  encrypted_session_key: encrypted_session_key,
239
239
  organization_id: current_lti_account.id
240
- }.merge(params))
240
+ }.merge(redirect_params))
241
241
  end
242
242
 
243
243
  end
@@ -25,6 +25,10 @@ module CoalescingPanda
25
25
  end
26
26
  end
27
27
 
28
+ initializer 'coalescing_panda.assets' do |app|
29
+ app.config.assets.precompile << 'coalescing_panda/manifest.js'
30
+ end
31
+
28
32
  initializer 'cloaescing_panda.route_helper' do |route|
29
33
  ActionDispatch::Routing::Mapper.send :include, CoalescingPanda::RouteHelpers
30
34
  end
@@ -50,6 +54,9 @@ module CoalescingPanda
50
54
  # https://github.com/MiniProfiler/rack-mini-profiler/issues/327
51
55
  # DON'T ENABLE THIS FOR PRODUCTION!
52
56
  script_src << "'unsafe-eval'"
57
+ elsif CoalescingPanda.lti_options.has_key?(:allow_unsafe_eval) && CoalescingPanda.lti_options[:allow_unsafe_eval] == true
58
+ # For when code is returned from server and injected into dom. Need to have unsafe-eval or it won't work.
59
+ script_src << "'unsafe-eval'"
53
60
  end
54
61
 
55
62
  SecureHeaders::Configuration.default do |config|
@@ -80,6 +87,10 @@ module CoalescingPanda
80
87
  SecureHeaders::Configuration.override(:safari_override) do |config|
81
88
  config.cookies = SecureHeaders::OPT_OUT
82
89
  end
90
+
91
+ SecureHeaders::Configuration.override(:allow_inline_scripts) do |config|
92
+ config.csp[:script_src] << "'unsafe-inline'"
93
+ end
83
94
  end
84
95
 
85
96
  end
@@ -1,3 +1,3 @@
1
1
  module CoalescingPanda
2
- VERSION = '4.8.0.beta.1'
2
+ VERSION = '5.0.2'
3
3
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: coalescing_panda
3
3
  version: !ruby/object:Gem::Version
4
- version: 4.8.0.beta.1
4
+ version: 5.0.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Nathan Mills
@@ -10,7 +10,7 @@ authors:
10
10
  autorequire:
11
11
  bindir: bin
12
12
  cert_chain: []
13
- date: 2020-06-02 00:00:00.000000000 Z
13
+ date: 2020-07-27 00:00:00.000000000 Z
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
16
16
  name: rails
@@ -400,6 +400,7 @@ extensions: []
400
400
  extra_rdoc_files: []
401
401
  files:
402
402
  - Rakefile
403
+ - app/assets/config/coalescing_panda/manifest.js
403
404
  - app/assets/images/bootstrap/glyphicons-halflings-white.png
404
405
  - app/assets/images/bootstrap/glyphicons-halflings.png
405
406
  - app/assets/javascripts/coalescing_panda/application.js
@@ -563,9 +564,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
563
564
  version: '0'
564
565
  required_rubygems_version: !ruby/object:Gem::Requirement
565
566
  requirements:
566
- - - ">"
567
+ - - ">="
567
568
  - !ruby/object:Gem::Version
568
- version: 1.3.1
569
+ version: '0'
569
570
  requirements: []
570
571
  rubygems_version: 3.1.2
571
572
  signing_key: