coalescing_panda 5.0.0.beta.2 → 5.0.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b23ff734783865921d2c6b6b1513a444f409a9b3b8e223cdb22181bd6a10b436
-  data.tar.gz: cb79054a936298ec5af8ce5fa2c75c852cfca4806349241bec1acb3e1a5d102e
+  metadata.gz: '0191513dcb57ac4c2146d650ff1b6d03af0cc52ac7aa7f62571b74f018ec3906'
+  data.tar.gz: 1f938c10ebea3510455f6e0f077bb531fc7eca49086df42792ab0ab23f96f6fd
 SHA512:
-  metadata.gz: d2f03495f78ec52dc05044806a0753f47eece4ae109c60d69d9d41fa8a90c287413657615765b50209a28a22ab0d64489aec3977a47411d4f5255a2e7101f85a
-  data.tar.gz: 255676120a18eb0ce8b7302246e66972b1cb4718e6d0359050649f507e400ca77f88f576ad85edbd16133b2790f1a611c9ac84c2989df73626e80a81d01f2ab6
+  metadata.gz: 75ffaa346308463f9beb170800fafa30a6303613a52e8c7ce527efee418369e0ae4a94ef7f2dbb1ef12b5a5f8a7d43ef33b59114064ee4eb63fca72cc3843305
+  data.tar.gz: bb268446450390d6af368149529ca6f23e34596155dc2151fcf5ee8cc2d604d25eb575cee4627b039894a8f8f439a52f6c8e959f4b8e0ff53979fe56128c1240

data/app/assets/config/coalescing_panda/manifest.js

@@ -0,0 +1,3 @@
+//= link_tree ../../images
+//= link_directory ../../javascripts/coalescing_panda/ .js
+//= link_directory ../../stylesheets/coalescing_panda/ .css

data/app/controllers/coalescing_panda/lti_controller.rb

@@ -17,7 +17,7 @@ module CoalescingPanda
       lti_nav[:account][:text] = params[:account_navigation_label] if params[:account_navigation_label].present?
       platform = 'canvas.instructure.com'
       host = "#{request.scheme}://#{request.host_with_port}"
-      tc = IMS::LTI::Services::ToolConfig.new(:title => lti_options[:title], :launch_url => ("#{host}#{lti_options[:launch_route]}") || 'ABC')
+      tc = IMS::LTI::ToolConfig.new(:title => lti_options[:title], :launch_url => ("#{host}#{lti_options[:launch_route]}") || 'ABC')
       tc.set_ext_param(platform, :domain, request.host)
       tc.set_ext_param(platform, :privacy_level, 'public')
       tc.set_custom_param(:custom_canvas_role, '$Canvas.membership.roles')

data/app/controllers/coalescing_panda/oauth2_controller.rb

@@ -7,6 +7,8 @@ module CoalescingPanda
     end
 
     def redirect
+      use_secure_headers_override(:allow_inline_scripts)
+
       if !params[:error] && retrieve_oauth_state
         lti_account = LtiAccount.find_by_key(@oauth_state.data[:key])
         client_id = lti_account.oauth2_client_id

data/app/models/coalescing_panda/json_with_indifferent_access.rb

@@ -0,0 +1,13 @@
+module CoalescingPanda
+  class JSONWithIndifferentAccess
+    def self.load(str)
+      return nil unless str.present?
+      parsed = JSON.parse(str)
+      parsed.is_a?(Hash) ? HashWithIndifferentAccess.new(parsed) : parsed
+    end
+
+    def self.dump(obj)
+      JSON.dump(obj)
+    end
+  end
+end

data/app/models/coalescing_panda/persistent_session.rb

@@ -1,10 +1,11 @@
 module CoalescingPanda
   class PersistentSession < ActiveRecord::Base
-    serialize :data, Hash
+    serialize :data, JSONWithIndifferentAccess
     belongs_to :coalescing_panda_lti_account, :class_name => 'CoalescingPanda::LtiAccount'
     validates :coalescing_panda_lti_account_id, presence: true
 
     after_initialize do
+      self.data ||= {}
       self.session_key ||= SecureRandom.urlsafe_base64(60)
     end
 

data/lib/coalescing_panda/controller_helpers.rb

@@ -2,15 +2,32 @@ require 'browser'
 
 module CoalescingPanda
   module ControllerHelpers
+    extend ActiveSupport::Concern
+
+    included do
+      alias_method :rails_session, :session
+
+      helper_method :encrypted_session_key, :current_session_data, :current_session
+      append_after_action :save_session, if: -> { @current_session && session_changed? }
+    end
+
+    class_methods do
+      def use_native_sessions
+        after_action do
+          rails_session['persistent_session_key'] = current_session.session_key if @current_session.present?
+        end
+      end
+    end
+
     def current_session
-      @current_session ||= CoalescingPanda::PersistentSession.find_by(session_key: session_key) if session_key
-      @current_session ||= CoalescingPanda::PersistentSession.create_from_launch(params, current_lti_account.id)
+      @current_session ||= (CoalescingPanda::PersistentSession.find_by(session_key: session_key) if session_key)
+      @current_session ||= (CoalescingPanda::PersistentSession.create_from_launch(params, current_lti_account.id) if current_lti_account.present?)
       @current_session
     end
 
     def current_lti_account
-      @account ||= CoalescingPanda::LtiAccount.find_by!(key: organization_key) if organization_key
-      @account ||= CoalescingPanda::LtiAccount.find_by(id: organization_id) if organization_id
+      @account ||= (CoalescingPanda::LtiAccount.find_by!(key: organization_key) if organization_key)
+      @account ||= (CoalescingPanda::LtiAccount.find_by(id: organization_id) if organization_id)
       @account
     end
 
@@ -83,42 +100,42 @@ module CoalescingPanda
     end
 
     def check_refresh_token
-      return unless session['uri'] && session['user_id'] && session['oauth_consumer_key']
-      uri = BearcatUri.new(session['uri'])
-      api_auth = CanvasApiAuth.find_by(user_id: session['user_id'], api_domain: uri.api_domain)
-      @lti_account = LtiAccount.find_by(key: session['oauth_consumer_key'])
+      return unless current_session_data['uri'] && current_session_data['user_id'] && current_session_data['oauth_consumer_key']
+      uri = BearcatUri.new(current_session_data['uri'])
+      api_auth = CanvasApiAuth.find_by(user_id: current_session_data['user_id'], api_domain: uri.api_domain)
+      @lti_account = LtiAccount.find_by(key: current_session_data['oauth_consumer_key'])
       return if @lti_account.nil? || api_auth.nil? # Not all tools use oauth
 
       refresh_token(uri, api_auth) if api_auth.expired?
     rescue Footrest::HttpError::BadRequest
-      render_oauth2_page uri, session['user_id']
+      render_oauth2_page uri, current_session_data['user_id']
     end
 
     def set_session(launch_presentation_return_url)
-      session['user_id'] = params['user_id']
-      session['uri'] = launch_presentation_return_url
-      session['lis_person_sourcedid'] = params['lis_person_sourcedid']
-      session['oauth_consumer_key'] = params['oauth_consumer_key']
-      session['custom_canvas_account_id'] = params['custom_canvas_account_id']
+      current_session_data['user_id'] = params['user_id']
+      current_session_data['uri'] = launch_presentation_return_url
+      current_session_data['lis_person_sourcedid'] = params['lis_person_sourcedid']
+      current_session_data['oauth_consumer_key'] = params['oauth_consumer_key']
+      current_session_data['custom_canvas_account_id'] = params['custom_canvas_account_id']
     end
 
     def have_session?
-      if params['tool_consumer_instance_guid'] && session['user_id'] != params['user_id']
+      if params['tool_consumer_instance_guid'] && current_session_data['user_id'] != params['user_id']
         reset_session
         logger.info("resetting session params")
-        session['user_id'] = params['user_id']
+        current_session_data['user_id'] = params['user_id']
       end
 
-      if (session['user_id'] && session['uri'])
-        uri = BearcatUri.new(session['uri'])
-        api_auth = CanvasApiAuth.find_by('user_id = ? and api_domain = ?', session['user_id'], uri.api_domain)
+      if (current_session_data['user_id'] && current_session_data['uri'])
+        uri = BearcatUri.new(current_session_data['uri'])
+        api_auth = CanvasApiAuth.find_by('user_id = ? and api_domain = ?', current_session_data['user_id'], uri.api_domain)
         if api_auth && !api_auth.expired?
           @client = Bearcat::Client.new(token: api_auth.api_token, prefix: uri.prefix)
           @client.user_profile 'self'
         end
       end
 
-      @lti_account = LtiAccount.find_by_key(session['oauth_consumer_key']) if session['oauth_consumer_key']
+      @lti_account = LtiAccount.find_by_key(current_session_data['oauth_consumer_key']) if current_session_data['oauth_consumer_key']
 
       !!@client
     rescue Footrest::HttpError::Unauthorized
@@ -129,8 +146,8 @@ module CoalescingPanda
       authorized = false
       if (@lti_account = params['oauth_consumer_key'] && LtiAccount.find_by_key(params['oauth_consumer_key']))
         sanitized_params = sanitize_params
-        authenticator = IMS::LTI::Services::MessageAuthenticator.new(request.original_url, sanitized_params, @lti_account.secret)
-        authorized = authenticator.valid_signature?
+        @tp = IMS::LTI::ToolProvider.new(@lti_account.key, @lti_account.secret, sanitized_params)
+        authorized = @tp.valid_request?(request)
       end
       logger.info 'not authorized on tp valid request' unless authorized
       authorized = authorized && (roles.count == 0 || (roles & lti_roles).count > 0)
@@ -198,7 +215,7 @@ module CoalescingPanda
       if params[:encrypted_session_key]
         return msg_encryptor.decrypt_and_verify(params[:encrypted_session_key])
       end
-      params[:session_key] || session_key_header
+      params[:session_key] || session_key_header || rails_session['persistent_session_key']
     end
 
     def session_key_header
@@ -218,26 +235,26 @@ module CoalescingPanda
     # nicely with webpack-dev-server live reloading (otherwise
     # you get an access error every time it tries to live reload).
 
-    def redirect_with_session_to(path, id_or_resource = nil, params = {})
-      if Rails.env.development?
-        redirect_development_mode(path, id_or_resource, params)
+    def redirect_with_session_to(path, id_or_resource = nil, redirect_params = {})
+      if Rails.env.development? || Rails.env.test?
+        redirect_development_mode(path, id_or_resource, redirect_params)
       else
-        redirect_production_mode(path, id_or_resource, params)
+        redirect_production_mode(path, id_or_resource, redirect_params)
       end
     end
 
-    def redirect_development_mode(path, id_or_resource = nil, params)
+    def redirect_development_mode(path, id_or_resource = nil, redirect_params)
       redirect_to send(path, id_or_resource, {
           session_key: current_session.session_key,
           organization_id: current_lti_account.id
-      }.merge(params))
+      }.merge(redirect_params))
     end
 
-    def redirect_production_mode(path, id_or_resource = nil, params)
+    def redirect_production_mode(path, id_or_resource = nil, redirect_params)
       redirect_to send(path, id_or_resource, {
           encrypted_session_key: encrypted_session_key,
           organization_id: current_lti_account.id
-      }.merge(params))
+      }.merge(redirect_params))
     end
 
   end

data/lib/coalescing_panda/engine.rb

@@ -25,6 +25,10 @@ module CoalescingPanda
       end
     end
 
+    initializer 'coalescing_panda.assets' do |app|
+      app.config.assets.precompile << 'coalescing_panda/manifest.js'
+    end
+
     initializer 'cloaescing_panda.route_helper' do |route|
       ActionDispatch::Routing::Mapper.send :include, CoalescingPanda::RouteHelpers
     end
@@ -83,6 +87,10 @@ module CoalescingPanda
       SecureHeaders::Configuration.override(:safari_override) do |config|
         config.cookies = SecureHeaders::OPT_OUT
       end
+
+      SecureHeaders::Configuration.override(:allow_inline_scripts) do |config|
+        config.csp[:script_src] << "'unsafe-inline'"
+      end
     end
 
   end

data/lib/coalescing_panda/version.rb

@@ -1,3 +1,3 @@
 module CoalescingPanda
-  VERSION = '5.0.0.beta.2'
+  VERSION = '5.0.4'
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: coalescing_panda
 version: !ruby/object:Gem::Version
-  version: 5.0.0.beta.2
+  version: 5.0.4
 platform: ruby
 authors:
 - Nathan Mills
@@ -10,7 +10,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-06-04 00:00:00.000000000 Z
+date: 2020-07-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -72,16 +72,22 @@ dependencies:
   name: ims-lti
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.1.0
+        version: 1.2.0
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.2.0
+    - - "<"
       - !ruby/object:Gem::Version
-        version: 2.1.0
+        version: '2.0'
 - !ruby/object:Gem::Dependency
   name: haml-rails
   requirement: !ruby/object:Gem::Requirement
@@ -400,6 +406,7 @@ extensions: []
 extra_rdoc_files: []
 files:
 - Rakefile
+- app/assets/config/coalescing_panda/manifest.js
 - app/assets/images/bootstrap/glyphicons-halflings-white.png
 - app/assets/images/bootstrap/glyphicons-halflings.png
 - app/assets/javascripts/coalescing_panda/application.js
@@ -422,6 +429,7 @@ files:
 - app/models/coalescing_panda/group.rb
 - app/models/coalescing_panda/group_category.rb
 - app/models/coalescing_panda/group_membership.rb
+- app/models/coalescing_panda/json_with_indifferent_access.rb
 - app/models/coalescing_panda/lti_account.rb
 - app/models/coalescing_panda/lti_nonce.rb
 - app/models/coalescing_panda/oauth_state.rb
@@ -563,9 +571,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">"
+  - - ">="
     - !ruby/object:Gem::Version
-      version: 1.3.1
+      version: '0'
 requirements: []
 rubygems_version: 3.1.2
 signing_key: