coalescing_panda 5.0.9 → 5.1.3.beta.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 9b34aab2ab63066e86c9799e4e564129b1b30186
-  data.tar.gz: b486b6be2efcf0807da76b573cd7212b1fdd5d8d
+  metadata.gz: c5c88b9fcd0222696f789cd64db4c782ea171d0f
+  data.tar.gz: e0dabfcd2034e3859875e073a035672d65dbdea5
 SHA512:
-  metadata.gz: cba63bdaeb3f4255e354112f217fe80b134e5c28ed2ebffe931df625f1ff640960ae75510ee0b7018d697ae39ceaec246e63c6410409a43217f37753d956df02
-  data.tar.gz: 74735105c7609b9524c40f1b5b0122f937a18036ccdaae32ff16324b0f19d3f90d98d309120afc80ea12b6cf6eb3ecb50b5f00fde6c14c68987a3035ec10cd08
+  metadata.gz: 1c3721812b472072ee61d2b8760890033975a40cf3dbd79e6c69b034718572a6e631fee1b1cd0b75beddc71b7fecc947cbe68bacdf1c88dbfe3aafa3ada24daa
+  data.tar.gz: 1348d332f2651e084f1e458b834c3de5a2c7eb69586343fe602488e008daa3b3d295c31cc5287744e5d2e1a765dbfa30630475aa87885125de11a9deff2b4eca

data/app/controllers/coalescing_panda/oauth2_controller.rb

@@ -34,7 +34,7 @@ module CoalescingPanda
     private
 
     def oauth2_protocol
-      ENV['OAUTH_PROTOCOL'] || 'https'
+      ENV['OAUTH_PROTOCOL'] || (Rails.env.development? ? 'http' : 'https')
     end
 
     def retrieve_oauth_state

data/lib/coalescing_panda/controller_helpers.rb

@@ -1,51 +1,17 @@
 require 'browser'
+require_relative 'session_replacement'
 
 module CoalescingPanda
   module ControllerHelpers
     extend ActiveSupport::Concern
-
-    included do
-      alias_method :rails_session, :session
-
-      helper_method :encrypted_session_key, :current_session_data, :current_session
-      append_after_action :save_session, if: -> { @current_session && session_changed? }
-    end
-
-    class_methods do
-      def use_native_sessions
-        after_action do
-          rails_session['persistent_session_key'] = current_session.session_key if @current_session.present?
-        end
-      end
-    end
-
-    def current_session
-      @current_session ||= (CoalescingPanda::PersistentSession.find_by(session_key: session_key) if session_key)
-      @current_session ||= (CoalescingPanda::PersistentSession.create_from_launch(params, current_lti_account.id) if current_lti_account.present?)
-      @current_session
-    end
+    include SessionReplacement
 
     def current_lti_account
       @account ||= (CoalescingPanda::LtiAccount.find_by!(key: organization_key) if organization_key)
       @account ||= (CoalescingPanda::LtiAccount.find_by(id: organization_id) if organization_id)
       @account
     end
-
-    def current_session_data
-      current_session.data
-    end
-
-    def encrypted_session_key
-      msg_encryptor.encrypt_and_sign(current_session.session_key)
-    end
-
-    def save_session
-      current_session.try(:save)
-    end
-
-    def session_changed?
-      current_session.changed? && current_session.changes[:data].present?
-    end
+    def current_organization; current_lti_account; end
 
     def canvas_oauth2(*roles)
       return if have_session?
@@ -81,7 +47,7 @@ module CoalescingPanda
       client = Bearcat::Client.new(prefix: uri.prefix)
       state = SecureRandom.hex(32)
       OauthState.create! state_key: state, data: { key: params['oauth_consumer_key'], user_id: user_id, api_domain: uri.api_domain }
-      @canvas_url = client.auth_redirect_url(client_id, coalescing_panda.oauth2_redirect_url, { state: state })
+      @canvas_url = client.auth_redirect_url(client_id, resolve_coalescing_panda_url(:oauth2_redirect_url), { state: state })
 
       #delete the added params so the original oauth sig still works
       @lti_params = params.to_hash
@@ -92,7 +58,7 @@ module CoalescingPanda
 
     def refresh_token(uri, api_auth)
       refresh_client = Bearcat::Client.new(prefix: uri.prefix)
-      refresh_body = refresh_client.retrieve_token(@lti_account.oauth2_client_id, coalescing_panda.oauth2_redirect_url,
+      refresh_body = refresh_client.retrieve_token(@lti_account.oauth2_client_id, resolve_coalescing_panda_url(:oauth2_redirect_url),
         @lti_account.oauth2_client_key, api_auth.refresh_token, 'refresh_token')
       api_auth.update({ api_token: refresh_body['access_token'], expires_at: (Time.now + refresh_body['expires_in']) })
     end
@@ -191,14 +157,21 @@ module CoalescingPanda
       end
     end
 
-    def session_check
-      logger.warn 'session_check is deprecated. Functionality moved to lti_authorize.'
+    def valid_session?
+      return false unless current_session(create_missing: false)&.persisted?
+      true
+    rescue SessionNonceMismatch
+      false
     end
 
     private
 
-    def msg_encryptor
-      @crypt ||= ActiveSupport::MessageEncryptor.new(Rails.application.secrets.secret_key_base[0..31])
+    def find_or_create_session(key:)
+      if key == :create
+        CoalescingPanda::PersistentSession.create_from_launch(params, current_lti_account.id) if current_lti_account.present?
+      else
+        CoalescingPanda::PersistentSession.find_by(session_key: key)
+      end
     end
 
     def organization_key
@@ -209,51 +182,16 @@ module CoalescingPanda
       params[:organization_id] || (current_session_data[:launch_params][:organization_id] if @current_session)
     end
 
-    def session_key
-      if params[:encrypted_session_key]
-        return msg_encryptor.decrypt_and_verify(params[:encrypted_session_key])
-      end
-      params[:session_key] || session_key_header || rails_session['persistent_session_key']
+    # This is necessitated by a bug in Rails Engines where it isn't resolving the URL correctly
+    # when using coalescing_panda.xyz_url (The Engine Prefix is not included)
+    # I believe https://github.com/rails/rails/issues/34452 is the same issue
+    def resolve_coalescing_panda_url(key)
+      key = key.to_s[0...-4] if key.to_s.ends_with?('_url')
+      resolved_path = coalescing_panda.send(:"#{key}_path")
+      cpurl = coalescing_panda_url
+      cppath = URI.parse(cpurl).path
+      resolved_path = cppath + resolved_path unless resolved_path.starts_with?(cppath)
+      URI.join(cpurl, resolved_path)
     end
-
-    def session_key_header
-      if (match = request.headers['Authorization'].try(:match, /crypted_token=(.+)/))
-        msg_encryptor.decrypt_and_verify(match[1])
-      elsif (match = request.headers['Authorization'].try(:match, /token=(.+)/))
-        match[1]
-      end
-    end
-
-    # Redirect with the session key intact. In production,
-    # handle this by encrypting the session key.  That way if the
-    # url is logged anywhere, it will all be encrypted data.   In dev,
-    # just put it in the URL. Putting it in the URL
-    # is insecure, but is fine in development.
-    # Keeping it in the URL in development means that it plays
-    # nicely with webpack-dev-server live reloading (otherwise
-    # you get an access error every time it tries to live reload).
-
-    def redirect_with_session_to(path, id_or_resource = nil, redirect_params = {})
-      if Rails.env.development? || Rails.env.test?
-        redirect_development_mode(path, id_or_resource, redirect_params)
-      else
-        redirect_production_mode(path, id_or_resource, redirect_params)
-      end
-    end
-
-    def redirect_development_mode(path, id_or_resource = nil, redirect_params)
-      redirect_to send(path, id_or_resource, {
-          session_key: current_session.session_key,
-          organization_id: current_lti_account.id
-      }.merge(redirect_params))
-    end
-
-    def redirect_production_mode(path, id_or_resource = nil, redirect_params)
-      redirect_to send(path, id_or_resource, {
-          encrypted_session_key: encrypted_session_key,
-          organization_id: current_lti_account.id
-      }.merge(redirect_params))
-    end
-
   end
 end

data/lib/coalescing_panda/misc_helper.rb

@@ -4,9 +4,9 @@ module CoalescingPanda
 
     def self.to_boolean(v)
       if Rails.version < '5.0'
-        ActiveRecord::Type::Boolean.new.type_cast_from_user("0")
+        ActiveRecord::Type::Boolean.new.type_cast_from_user(v)
       else
-        ActiveRecord::Type::Boolean.new.deserialize('0')
+        ActiveRecord::Type::Boolean.new.deserialize(v)
       end
     end
   end

data/lib/coalescing_panda/secure_headers.rb

@@ -48,11 +48,6 @@ module CoalescingPanda
         end
       end
 
-      if CoalescingPanda.lti_options.has_key?(:allow_unsafe_eval) && CoalescingPanda.lti_options[:allow_unsafe_eval] == true
-        # For when code is returned from server and injected into dom.  Need to have unsafe-eval or it won't work.
-        csp_entry(:script_src, "'unsafe-eval'")
-      end
-
       # Detect and permit Sentry
       if defined?(Raven) && Raven.configuration.server.present?
         csp_entry(:connect_src, Raven.configuration.server)

data/lib/coalescing_panda/session_replacement.rb

@@ -0,0 +1,196 @@
+module CoalescingPanda
+  class SessionNonceMismatch < StandardError; end
+
+  module SessionReplacement
+    extend ActiveSupport::Concern
+
+    included do
+      helper_method :link_nonce, :current_session, :current_session_data
+      helper_method :link_with_session_to, :url_with_session, :session_url_for
+
+      prepend_around_action :monkeypatch_flash
+      prepend_around_action :auto_save_session
+    end
+
+    class_methods do
+      def link_nonce_type(value = :not_given)
+        if value == :not_given
+          @link_nonce_type || superclass.try(:link_nonce_type) || :nonce
+        else
+          @link_nonce_type = value
+        end
+      end
+
+      def session_expiration_period_minutes
+        superclass.try(:session_expiration_period_minutes) || 15
+      end
+    end
+
+    def save_session
+      current_session.try(:save)
+    end
+
+    def current_session(create_missing: true)
+      return @current_session if @current_session.present?
+
+      if params[:session_token]
+        payload = JSON.parse(session_cryptor.decrypt_and_verify(params[:session_token])).with_indifferent_access
+        matched_session = find_or_create_session(key: payload[:session_key])
+        if matched_session.present?
+          if payload[:token_type] == 'nonce' && matched_session.data[:link_nonce] == payload[:nonce]
+            @current_session = matched_session
+            @current_session.data[:link_nonce] = nil
+          elsif payload[:token_type] == 'fixed_ip' && matched_session.data[:remote_ip] == request.remote_ip &&
+            DateTime.parse(matched_session.data[:last_ip_token_requested]) > session_expiration_period_minutes.minutes.ago
+            @current_session = matched_session
+          elsif payload[:token_type] == 'expiring' && DateTime.parse(matched_session.data[:last_token_requested]) > session_expiration_period_minutes.minutes.ago
+            @current_session = matched_session
+          end
+        end
+        raise SessionNonceMismatch, "Session Not Found" unless @current_session.present?
+      elsif (session_key = params[:session_key] || session_key_header || flash[:session_key] || session[:session_key]).present?
+        @current_session = find_or_create_session(key: session_key)
+      end
+
+      @current_session ||= find_or_create_session(key: :create) if create_missing
+
+      @current_session
+    end
+
+    def current_session_data
+      current_session.data
+    end
+
+    def session_changed?
+      current_session.changed? && current_session.changes[:data].present?
+    end
+
+    def forbid_access_if_lacking_session
+      render plain: 'You should do an LTI Tool Launch.', status: :unauthorized unless valid_session?
+    end
+
+    def verify_authenticity_token
+      # No need to check CSRF when no cookies were sent. This fixes CSRF failures in Browsers
+      # that restrict Cookie setting within an IFrame.
+      return unless request.cookies.keys.length > 0
+      super
+    end
+
+    # Redirect with the session key intact. In production,
+    # handle this by adding a one-time use encrypted token to the URL.
+    # Keeping it in the URL in development means that it plays
+    # nicely with webpack-dev-server live reloading (otherwise
+    # you get an access error everytime it tries to live reload).
+
+    def redirect_with_session_to(*args)
+      redirect_to url_with_session(*args)
+    end
+
+    def link_with_session_to(*args)
+      helpers.link_to url_with_session(*args)
+    end
+
+    def session_url_for(*args)
+      url_for(build_session_url_params(*args))
+    end
+
+    def url_with_session(location, *args, route_context: self, **kwargs)
+      route_context.send(location, *build_session_url_params(*args, **kwargs))
+    end
+
+    def link_nonce(type: link_nonce_type)
+      type = instance_exec(&type) if type.is_a?(Proc)
+      type = type.to_s
+
+      @cached_link_nonces ||= {}
+      @cached_link_nonces[type] ||= begin
+        payload = {
+          token_type: type,
+          session_key: current_session.session_key,
+          organization_id: current_organization.id,
+        }
+
+        if type == 'nonce'
+          current_session_data[:link_nonce] = SecureRandom.hex
+          payload.merge!(nonce: current_session_data[:link_nonce])
+        elsif type == 'fixed_ip'
+          current_session_data[:remote_ip] ||= request.remote_ip
+          current_session_data[:last_ip_token_requested] = DateTime.now.iso8601
+        elsif type == 'expiring'
+          current_session_data[:last_token_requested] = DateTime.now.iso8601
+        else
+          raise StandardError, "Unsupported link_nonce_type: '#{type}'"
+        end
+
+        session_cryptor.encrypt_and_sign(payload.to_json)
+      end
+    end
+
+    def link_nonce_type
+      self.class.link_nonce_type
+    end
+
+    def session_expiration_period_minutes
+      self.session_expiration_period_minutes
+    end
+
+    private
+
+    def session_cryptor
+      secret_key_base = Rails.application.try(:secret_key_base) || Rails.application.secrets.secret_key_base
+      @session_cryptor ||= ActiveSupport::MessageEncryptor.new(secret_key_base[0..31])
+    end
+
+    def session_key_header
+      if match = request.headers['Authorization'].try(:match, /token=(.+)/)
+        match[1]
+      end
+    end
+
+    def build_session_url_params(*args, nonce_type: link_nonce_type, **kwargs)
+      if args[-1].is_a?(Hash)
+        args[-1] = args[-1].dup
+      else
+        args.push({})
+      end
+
+      if Rails.env.development?
+        args[-1].merge!(
+          session_key: current_session.session_key,
+          organization_id: current_organization.id,
+        )
+      else
+        args[-1].merge!(
+          session_token: link_nonce(type: nonce_type),
+          organization_id: current_organization.id,
+        )
+      end
+
+      args[-1].merge!(kwargs)
+      args
+    end
+
+    def auto_save_session
+      yield if block_given?
+      save_session if @current_session && session_changed?
+    end
+
+    def monkeypatch_flash
+      if valid_session? && (value = current_session_data['flashes']).present?
+        flashes = value["flashes"]
+        if discard = value["discard"]
+          flashes.except!(*discard)
+        end
+        flash.replace(flashes)
+        flash.discard()
+      end
+
+      yield
+
+      if @current_session.present?
+        current_session_data['flashes'] = flash.to_session_value
+        flash.discard()
+      end
+    end
+  end
+end

data/lib/coalescing_panda/version.rb

@@ -1,3 +1,3 @@
 module CoalescingPanda
-  VERSION = '5.0.9'
+  VERSION = '5.1.3.beta.2'
 end

data/spec/controllers/coalescing_panda/oauth2_controller_spec.rb

@@ -11,7 +11,7 @@ describe CoalescingPanda::Oauth2Controller, :type => :controller do
       Bearcat::Client.any_instance.stub(retrieve_token: { 'access_token' => 'token', 'refresh_token' => 'token', 'expires_in' => 3600 })
       session[:state] = 'test'
       CoalescingPanda::OauthState.create!(state_key: session[:state], data: { key: account.key, user_id: user.id, api_domain: 'foo.com' })
-      get :redirect, {user_id: user.id, api_domain: 'foo.com', code: 'bar', key: account.key, state: 'test'}
+      get :redirect, params: {user_id: user.id, api_domain: 'foo.com', code: 'bar', key: account.key, state: 'test'}
       auth = CoalescingPanda::CanvasApiAuth.find_by_user_id_and_api_domain(user.id, 'foo.com')
       auth.should_not == nil
       expect(auth.api_token).to eql 'token'
@@ -20,7 +20,7 @@ describe CoalescingPanda::Oauth2Controller, :type => :controller do
     end
 
     it "doesn't create a token in the db" do
-      get :redirect, {error: 'your face'}
+      get :redirect, params: {error: 'your face'}
       CoalescingPanda::CanvasApiAuth.all.count.should == 0
     end
   end

data/spec/models/coalescing_panda/canvas_api_auth_spec.rb

@@ -1,10 +1,10 @@
 require 'spec_helper'
 
-describe CoalescingPanda::CanvasApiAuth do
+describe CoalescingPanda::CanvasApiAuth, type: :model do
 
   it { should validate_uniqueness_of(:user_id).scoped_to(:api_domain)}
   it { should validate_presence_of(:user_id)}
-  it {should validate_presence_of(:api_domain)}
+  it { should validate_presence_of(:api_domain)}
 
   describe '#expired?' do
     let(:auth) { FactoryGirl.create :canvas_api_auth }

data/spec/spec_helper.rb

@@ -24,6 +24,13 @@ SimpleCov.start
 
 ActiveRecord::Migration.check_pending! if defined?(ActiveRecord::Migration)
 
+Shoulda::Matchers.configure do |config|
+  config.integrate do |with|
+    with.test_framework :rspec
+    with.library :rails
+  end
+end
+
 # This file was generated by the `rails generate rspec:install` command. Conventionally, all
 # specs live under a `spec` directory, which RSpec adds to the `$LOAD_PATH`.
 # The generated `.rspec` file contains `--require spec_helper` which will cause this

metadata

@@ -1,57 +1,57 @@
 --- !ruby/object:Gem::Specification
 name: coalescing_panda
 version: !ruby/object:Gem::Version
-  version: 5.0.9
+  version: 5.1.3.beta.2
 platform: ruby
 authors:
 - Nathan Mills
 - Cody Tanner
 - Jake Sorce
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-09-08 00:00:00.000000000 Z
+date: 2020-10-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: 4.2.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: 4.2.1
 - !ruby/object:Gem::Dependency
   name: bearcat
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 1.3.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 1.3.0
 - !ruby/object:Gem::Dependency
   name: browser
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
@@ -72,331 +72,331 @@ dependencies:
   name: ims-lti
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 1.2.0
-    - - <
+    - - "<"
       - !ruby/object:Gem::Version
         version: '2.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 1.2.0
-    - - <
+    - - "<"
       - !ruby/object:Gem::Version
         version: '2.0'
 - !ruby/object:Gem::Dependency
   name: haml-rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: sass-rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '3.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '3.2'
 - !ruby/object:Gem::Dependency
   name: jquery-rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: coffee-rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: p3p
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: delayed_job_active_record
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: open_uri_redirections
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: oauth
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 0.5.4
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 0.5.4
 - !ruby/object:Gem::Dependency
   name: rubyzip
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: 1.0.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: 1.0.0
 - !ruby/object:Gem::Dependency
   name: secure_headers
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '6.3'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '6.3'
 - !ruby/object:Gem::Dependency
   name: zip-zip
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: sqlite3
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: rspec-rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: factory_girl_rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: shoulda-matchers
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: nokogiri
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: pry
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: webmock
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: lol_dba
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: database_cleaner
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-description: 
+description:
 email:
 - nathanm@instructure.com
 - ctanner@instructure.com
@@ -405,181 +405,182 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- Rakefile
+- app/assets/config/coalescing_panda/manifest.js
+- app/assets/images/bootstrap/glyphicons-halflings-white.png
+- app/assets/images/bootstrap/glyphicons-halflings.png
+- app/assets/javascripts/coalescing_panda/application.js
+- app/assets/javascripts/coalescing_panda/canvas_batch.js.coffee
+- app/assets/javascripts/coalescing_panda/oauth2.js.coffee
+- app/assets/stylesheets/coalescing_panda/application.css.scss
+- app/assets/stylesheets/coalescing_panda/launch.css.scss
+- app/assets/stylesheets/coalescing_panda/progress.css.scss
+- app/controllers/coalescing_panda/application_controller.rb
+- app/controllers/coalescing_panda/canvas_batches_controller.rb
+- app/controllers/coalescing_panda/lti_controller.rb
+- app/controllers/coalescing_panda/oauth2_controller.rb
+- app/helpers/coalescing_panda/canvas_batches_helper.rb
+- app/models/coalescing_panda/assignment.rb
 - app/models/coalescing_panda/assignment_group.rb
-- app/models/coalescing_panda/group_membership.rb
-- app/models/coalescing_panda/enrollment.rb
+- app/models/coalescing_panda/canvas_api_auth.rb
 - app/models/coalescing_panda/canvas_batch.rb
-- app/models/coalescing_panda/assignment.rb
+- app/models/coalescing_panda/course.rb
+- app/models/coalescing_panda/enrollment.rb
 - app/models/coalescing_panda/group.rb
-- app/models/coalescing_panda/session.rb
-- app/models/coalescing_panda/section.rb
-- app/models/coalescing_panda/term.rb
+- app/models/coalescing_panda/group_category.rb
+- app/models/coalescing_panda/group_membership.rb
+- app/models/coalescing_panda/json_with_indifferent_access.rb
+- app/models/coalescing_panda/lti_account.rb
+- app/models/coalescing_panda/lti_nonce.rb
 - app/models/coalescing_panda/oauth_state.rb
+- app/models/coalescing_panda/persistent_session.rb
+- app/models/coalescing_panda/section.rb
+- app/models/coalescing_panda/session.rb
 - app/models/coalescing_panda/submission.rb
-- app/models/coalescing_panda/canvas_api_auth.rb
+- app/models/coalescing_panda/term.rb
+- app/models/coalescing_panda/user.rb
 - app/models/coalescing_panda/workers/account_miner.rb
-- app/models/coalescing_panda/workers/provisioning_miner.rb
 - app/models/coalescing_panda/workers/course_miner.rb
-- app/models/coalescing_panda/lti_nonce.rb
-- app/models/coalescing_panda/course.rb
-- app/models/coalescing_panda/persistent_session.rb
-- app/models/coalescing_panda/lti_account.rb
-- app/models/coalescing_panda/json_with_indifferent_access.rb
-- app/models/coalescing_panda/user.rb
-- app/models/coalescing_panda/group_category.rb
+- app/models/coalescing_panda/workers/provisioning_miner.rb
 - app/models/concerns/single_table_polymorphic.rb
-- app/controllers/coalescing_panda/oauth2_controller.rb
-- app/controllers/coalescing_panda/application_controller.rb
-- app/controllers/coalescing_panda/lti_controller.rb
-- app/controllers/coalescing_panda/canvas_batches_controller.rb
+- app/views/coalescing_panda/canvas_batches/_canvas_batch.html.haml
+- app/views/coalescing_panda/canvas_batches/_canvas_batch_flash.html.haml
+- app/views/coalescing_panda/launch.html.haml
+- app/views/coalescing_panda/lti/iframe_cookie_fix.html.erb
 - app/views/coalescing_panda/oauth2/oauth2.html.haml
 - app/views/coalescing_panda/oauth2/redirect.html.haml
-- app/views/coalescing_panda/launch.html.haml
 - app/views/coalescing_panda/styleguide/styleguide.html
-- app/views/coalescing_panda/lti/iframe_cookie_fix.html.erb
-- app/views/coalescing_panda/canvas_batches/_canvas_batch.html.haml
-- app/views/coalescing_panda/canvas_batches/_canvas_batch_flash.html.haml
 - app/views/layouts/coalescing_panda/application.html.erb
-- app/assets/config/coalescing_panda/manifest.js
-- app/assets/images/bootstrap/glyphicons-halflings.png
-- app/assets/images/bootstrap/glyphicons-halflings-white.png
-- app/assets/javascripts/coalescing_panda/oauth2.js.coffee
-- app/assets/javascripts/coalescing_panda/application.js
-- app/assets/javascripts/coalescing_panda/canvas_batch.js.coffee
-- app/assets/stylesheets/coalescing_panda/progress.css.scss
-- app/assets/stylesheets/coalescing_panda/application.css.scss
-- app/assets/stylesheets/coalescing_panda/launch.css.scss
-- app/helpers/coalescing_panda/canvas_batches_helper.rb
 - config/routes.rb
 - config/styleguide.yml
-- db/migrate/20141120151432_create_coalescing_panda_sections.rb
-- db/migrate/20150602205257_add_option_to_canvas_batches.rb
-- db/migrate/20150811140030_add_fields_to_users.rb
+- db/migrate/20131114150001_create_coalescing_panda_canvas_api_auths.rb
 - db/migrate/20131118211442_create_coalescing_panda_lti_accounts.rb
-- db/migrate/20150506192717_add_assignment_group_id_to_assignments.rb
-- db/migrate/20160830183155_create_coalescing_panda_oauth_states.rb
+- db/migrate/20131119165343_create_coalescing_panda_lti_nonces.rb
+- db/migrate/20140904223159_create_coalescing_panda_sessions.rb
+- db/migrate/20141119225319_create_coalescing_panda_terms.rb
+- db/migrate/20141119225721_create_coalescing_panda_courses.rb
+- db/migrate/20141120151432_create_coalescing_panda_sections.rb
+- db/migrate/20141120151940_create_coalescing_panda_assignments.rb
+- db/migrate/20141120152458_create_coalescing_panda_users.rb
 - db/migrate/20141120152546_create_coalescing_panda_submissions.rb
+- db/migrate/20141120153135_create_coalescing_panda_enrollments.rb
+- db/migrate/20141121174846_create_coalescing_panda_canvas_batches.rb
+- db/migrate/20141124160857_create_delayed_jobs.rb
 - db/migrate/20141208221740_add_submission_types_to_assignments.rb
-- db/migrate/20150709192717_add_leader_id_to_groups.rb
+- db/migrate/20150106175418_add_group_category_id_to_assignment.rb
+- db/migrate/20150106180131_add_published_to_assignments.rb
+- db/migrate/20150107205405_create_coalescing_panda_groups.rb
 - db/migrate/20150107205413_create_coalescing_panda_group_memberships.rb
-- db/migrate/20141120152458_create_coalescing_panda_users.rb
-- db/migrate/20141121174846_create_coalescing_panda_canvas_batches.rb
-- db/migrate/20150708192717_add_group_moderator_to_group_memberships.rb
 - db/migrate/20150210180516_add_context_to_canvas_batch.rb
-- db/migrate/20141120151940_create_coalescing_panda_assignments.rb
-- db/migrate/20140904223159_create_coalescing_panda_sessions.rb
 - db/migrate/20150506183335_create_coalescing_panda_assignment_groups.rb
-- db/migrate/20141120153135_create_coalescing_panda_enrollments.rb
-- db/migrate/20150107205405_create_coalescing_panda_groups.rb
-- db/migrate/20141119225721_create_coalescing_panda_courses.rb
-- db/migrate/20200528224505_create_coalescing_panda_persistent_session.rb
-- db/migrate/20141124160857_create_delayed_jobs.rb
-- db/migrate/20131119165343_create_coalescing_panda_lti_nonces.rb
-- db/migrate/20150106180131_add_published_to_assignments.rb
+- db/migrate/20150506192717_add_assignment_group_id_to_assignments.rb
 - db/migrate/20150526144713_add_account_to_canvas_batches.rb
-- db/migrate/20150106175418_add_group_category_id_to_assignment.rb
+- db/migrate/20150602205257_add_option_to_canvas_batches.rb
+- db/migrate/20150708192717_add_group_moderator_to_group_memberships.rb
+- db/migrate/20150709192717_add_leader_id_to_groups.rb
 - db/migrate/20150714205405_create_coalescing_panda_group_categories.rb
+- db/migrate/20150811140030_add_fields_to_users.rb
 - db/migrate/20151209155923_add_refresh_settings_to_canvas_api_auth.rb
-- db/migrate/20131114150001_create_coalescing_panda_canvas_api_auths.rb
-- db/migrate/20141119225319_create_coalescing_panda_terms.rb
-- lib/tasks/coalescing_panda_tasks.rake
+- db/migrate/20160830183155_create_coalescing_panda_oauth_states.rb
+- db/migrate/20200528224505_create_coalescing_panda_persistent_session.rb
 - lib/coalescing_panda.rb
-- lib/coalescing_panda/controller_helpers.rb
 - lib/coalescing_panda/bearcat_uri.rb
-- lib/coalescing_panda/misc_helper.rb
+- lib/coalescing_panda/controller_helpers.rb
 - lib/coalescing_panda/engine.rb
+- lib/coalescing_panda/misc_helper.rb
+- lib/coalescing_panda/route_helpers.rb
 - lib/coalescing_panda/secure_headers.rb
+- lib/coalescing_panda/session_replacement.rb
 - lib/coalescing_panda/version.rb
-- lib/coalescing_panda/route_helpers.rb
-- Rakefile
-- spec/spec_helper.rb
-- spec/dummy/app/models/account.rb
-- spec/dummy/app/models/course.rb
-- spec/dummy/app/controllers/application_controller.rb
-- spec/dummy/app/views/layouts/application.html.erb
+- lib/tasks/coalescing_panda_tasks.rake
+- spec/controllers/coalescing_panda/canvas_batches_controller_spec.rb
+- spec/controllers/coalescing_panda/lti_controller_spec.rb
+- spec/controllers/coalescing_panda/oauth2_controller_spec.rb
+- spec/dummy/README.rdoc
+- spec/dummy/Rakefile
 - spec/dummy/app/assets/javascripts/application.js
 - spec/dummy/app/assets/stylesheets/application.css
+- spec/dummy/app/controllers/application_controller.rb
 - spec/dummy/app/helpers/application_helper.rb
-- spec/dummy/bin/rake
+- spec/dummy/app/models/account.rb
+- spec/dummy/app/models/course.rb
+- spec/dummy/app/views/layouts/application.html.erb
 - spec/dummy/bin/bundle
 - spec/dummy/bin/rails
-- spec/dummy/config/routes.rb
-- spec/dummy/config/locales/en.yml
-- spec/dummy/config/environments/production.rb
-- spec/dummy/config/environments/development.rb
-- spec/dummy/config/environments/test.rb
-- spec/dummy/config/environment.rb
+- spec/dummy/bin/rake
+- spec/dummy/config.ru
 - spec/dummy/config/application.rb
-- spec/dummy/config/database.yml
 - spec/dummy/config/boot.rb
-- spec/dummy/config/initializers/lti_initializer.rb
+- spec/dummy/config/database.yml
+- spec/dummy/config/environment.rb
+- spec/dummy/config/environments/development.rb
+- spec/dummy/config/environments/production.rb
+- spec/dummy/config/environments/test.rb
 - spec/dummy/config/initializers/backtrace_silencers.rb
-- spec/dummy/config/initializers/mime_types.rb
 - spec/dummy/config/initializers/filter_parameter_logging.rb
+- spec/dummy/config/initializers/inflections.rb
+- spec/dummy/config/initializers/lti_initializer.rb
+- spec/dummy/config/initializers/mime_types.rb
+- spec/dummy/config/initializers/secret_token.rb
 - spec/dummy/config/initializers/session_store.rb
 - spec/dummy/config/initializers/wrap_parameters.rb
-- spec/dummy/config/initializers/secret_token.rb
-- spec/dummy/config/initializers/inflections.rb
-- spec/dummy/config.ru
-- spec/dummy/Rakefile
-- spec/dummy/public/favicon.ico
+- spec/dummy/config/locales/en.yml
+- spec/dummy/config/routes.rb
+- spec/dummy/db/schema.rb
+- spec/dummy/public/404.html
 - spec/dummy/public/422.html
 - spec/dummy/public/500.html
-- spec/dummy/public/404.html
-- spec/dummy/db/schema.rb
-- spec/dummy/README.rdoc
-- spec/models/coalescing_panda/enrollment_spec.rb
-- spec/models/coalescing_panda/section_spec.rb
-- spec/models/coalescing_panda/lti_nonce_spec.rb
-- spec/models/coalescing_panda/lti_account_spec.rb
-- spec/models/coalescing_panda/canvas_batch_spec.rb
-- spec/models/coalescing_panda/term_spec.rb
-- spec/models/coalescing_panda/assignment_spec.rb
-- spec/models/coalescing_panda/submission_spec.rb
-- spec/models/coalescing_panda/assignment_group_spec.rb
-- spec/models/coalescing_panda/group_spec.rb
-- spec/models/coalescing_panda/workers/account_miner_spec.rb
-- spec/models/coalescing_panda/workers/course_miner_spec.rb
-- spec/models/coalescing_panda/canvas_api_auth_spec.rb
-- spec/models/coalescing_panda/group_membership_spec.rb
-- spec/models/coalescing_panda/user_spec.rb
-- spec/models/coalescing_panda/course_spec.rb
-- spec/factories/courses.rb
-- spec/factories/submissions.rb
+- spec/dummy/public/favicon.ico
+- spec/factories/accounts.rb
 - spec/factories/assignment_groups.rb
 - spec/factories/assignments.rb
 - spec/factories/canvas_api_auths.rb
-- spec/factories/enrollments.rb
 - spec/factories/canvas_batches.rb
+- spec/factories/courses.rb
+- spec/factories/enrollments.rb
 - spec/factories/sections.rb
-- spec/factories/accounts.rb
-- spec/factories/users.rb
+- spec/factories/submissions.rb
 - spec/factories/terms.rb
-- spec/controllers/coalescing_panda/canvas_batches_controller_spec.rb
-- spec/controllers/coalescing_panda/oauth2_controller_spec.rb
-- spec/controllers/coalescing_panda/lti_controller_spec.rb
+- spec/factories/users.rb
+- spec/models/coalescing_panda/assignment_group_spec.rb
+- spec/models/coalescing_panda/assignment_spec.rb
+- spec/models/coalescing_panda/canvas_api_auth_spec.rb
+- spec/models/coalescing_panda/canvas_batch_spec.rb
+- spec/models/coalescing_panda/course_spec.rb
+- spec/models/coalescing_panda/enrollment_spec.rb
+- spec/models/coalescing_panda/group_membership_spec.rb
+- spec/models/coalescing_panda/group_spec.rb
+- spec/models/coalescing_panda/lti_account_spec.rb
+- spec/models/coalescing_panda/lti_nonce_spec.rb
+- spec/models/coalescing_panda/section_spec.rb
+- spec/models/coalescing_panda/submission_spec.rb
+- spec/models/coalescing_panda/term_spec.rb
+- spec/models/coalescing_panda/user_spec.rb
+- spec/models/coalescing_panda/workers/account_miner_spec.rb
+- spec/models/coalescing_panda/workers/course_miner_spec.rb
 - spec/rails_helper.rb
+- spec/spec_helper.rb
 homepage: http://www.instructure.com
 licenses: []
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">"
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.3.1
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.0.14
-signing_key: 
+rubyforge_project:
+rubygems_version: 2.6.14.4
+signing_key:
 specification_version: 4
 summary: Canvas LTI and OAUTH2 mountable engine
 test_files: