coalescing_panda 1.1.19 → 1.1.20

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: c75e8de95fa810c06fd6d5aae148e9615407138b
-  data.tar.gz: 0c92d8dc721cb8c70acc9a81ff87d7912d04401b
+SHA256:
+  metadata.gz: 62ef7c3a4a82f51ecf725ebd9f79df58c72602ad18d3b7ab26ab3bf05edc3590
+  data.tar.gz: 3ac60e603838204bd38208569b280c06c00165f49d70c59e944d5849835eee26
 SHA512:
-  metadata.gz: af5ae093f34d1c25d6d63aa45af92457ea5cbfad473e219746003846fea6b3fb8bc933c3ecb227a519bdf611a57e47dc50aa8d3d5804764b170d52eabb7e6ff7
-  data.tar.gz: cef65f5c040fd6a58e10e8f8aa5c0e72ef3d37cc74d2a5a35ea278eadfc0c00741bce577600b1e55603cde0a934f21b10908a7c1fb4bdddc538fb917926e46bc
+  metadata.gz: 41a58d09537d538182234f1adff14c5c072b2039036990c2b4a132790976a1d011ff124afe212d97c525c53ba27cd13dab1efccdc3c9c583e6ddc6f4c94b6491
+  data.tar.gz: 5cd7905c28a7222bf455cd6a1cf8b6b0de2fbfc83984c641511f523aa9c321f01159e8e6d967f16505c84a4e71f1d4feb85f582f9cf8f817823be7026202652b

data/app/views/coalescing_panda/lti/iframe_cookie_fix.html.erb

@@ -0,0 +1,8 @@
+<script>
+ const mainWindow = window.parent;
+ var url = window.location.href;
+ mainWindow.postMessage({
+     messageType: "requestFullWindowLaunch",
+     data: url
+ }, '*');
+</script>

data/lib/coalescing_panda/controller_helpers.rb

@@ -1,3 +1,5 @@
+require 'browser'
+
 module CoalescingPanda
   module ControllerHelpers
     require 'useragent'
@@ -59,8 +61,11 @@ module CoalescingPanda
     def lti_authorize!(*roles)
       authorized = false
       if @lti_account = params['oauth_consumer_key'] && LtiAccount.find_by_key(params['oauth_consumer_key'])
+        sanitized_params = sanitize_params
+        authenticator = IMS::LTI::Services::MessageAuthenticator.new(request.original_url, sanitized_params, @lti_account.secret)
+        authorized = authenticator.valid_signature?
         @tp = IMS::LTI::ToolProvider.new(@lti_account.key, @lti_account.secret, params)
-        authorized = @tp.valid_request?(request)
+        authorized = authorized && @tp.valid_request?(request)
       end
       logger.info 'not authorized on tp valid request' if !authorized
       authorized = authorized && (roles.count == 0 || (roles & lti_roles).count > 0)
@@ -70,9 +75,22 @@ module CoalescingPanda
       if !authorized
         render :text => 'Invalid Credentials, please contact your Administrator.', :status => :unauthorized
       end
+      authorized = authorized && check_for_iframes_problem if authorized
       authorized
     end
 
+    # code for method taken from panda_pal v 4.0.8
+    # used for safari workaround
+    def sanitize_params
+      sanitized_params = request.request_parameters
+      # These params come over with a safari-workaround launch.  The authenticator doesn't like them, so clean them out.
+      safe_unexpected_params = ["full_win_launch_requested", "platform_redirect_url"]
+      safe_unexpected_params.each do |p|
+        sanitized_params.delete(p)
+      end
+      sanitized_params
+    end
+
     def lti_editor_button_response(return_type, return_params)
       valid_return_types = [:image_url, :iframe, :url]
       raise "invalid editor button return type #{return_type}" unless valid_return_types.include?(return_type)
@@ -114,19 +132,34 @@ module CoalescingPanda
     end
 
     def session_check
-      user_agent = UserAgent.parse(request.user_agent) # Uses useragent gem!
-      if user_agent.browser == 'Safari' # we apply the fix..
-        return if session[:safari_cookie_fixed] # it is already fixed.. continue
-        if params[:safari_cookie_fix].present? # we should be top window and able to set cookies.. so fix the issue :)
-          session[:safari_cookie_fixed] = true
-          redirect_to params[:return_to]
-        else
-          # Redirect the top frame to your server..
-          query = params.to_query
-          render :text => "<script>var referrer = document.referrer; top.window.location='?safari_cookie_fix=true&return_to='.concat(encodeURI(referrer));</script>"
-        end
-      end
+            logger.warn 'session_check is deprecated. Functionality moved to canvas_oauth2.'
     end
 
+    def check_for_iframes_problem
+      if cookies_need_iframe_fix?
+        fix_iframe_cookies
+        return false
+      end
+      # For safari we may have been launched temporarily full-screen by canvas.  This allows us to set the session cookie.
+      # In this case, we should make sure the session cookie is fixed and redirect back to canvas to properly launch the embedded LTI.
+      if params[:platform_redirect_url]
+        session[:safari_cookie_fixed] = true
+        redirect_to params[:platform_redirect_url]
+        return false
+      end
+      true
+    end
+    def cookies_need_iframe_fix?
+      @browser ||= Browser.new(request.user_agent)
+      @browser.safari? && !request.referrer.include?('sessionless_launch') && !session[:safari_cookie_fixed]  && !params[:platform_redirect_url]
+    end
+    def fix_iframe_cookies
+      if params[:safari_cookie_fix].present?
+        session[:safari_cookie_fixed] = true
+        redirect_to params[:return_to]
+      else
+        render 'coalescing_panda/lti/iframe_cookie_fix', layout: false
+      end
+    end
   end
 end

data/lib/coalescing_panda/version.rb

@@ -1,3 +1,3 @@
 module CoalescingPanda
-  VERSION = '1.1.19'
+  VERSION = '1.1.20'
 end

metadata

@@ -1,41 +1,41 @@
 --- !ruby/object:Gem::Specification
 name: coalescing_panda
 version: !ruby/object:Gem::Version
-  version: 1.1.19
+  version: 1.1.20
 platform: ruby
 authors:
 - Nathan Mills
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-06-09 00:00:00.000000000 Z
+date: 2020-04-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 4.0.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 4.0.1
 - !ruby/object:Gem::Dependency
   name: bearcat
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 0.9.20
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 0.9.20
 - !ruby/object:Gem::Dependency
@@ -56,210 +56,224 @@ dependencies:
   name: ims-lti
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: haml-rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: sass-rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 4.0.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 4.0.0
 - !ruby/object:Gem::Dependency
   name: jquery-rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: coffee-rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 4.0.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 4.0.0
 - !ruby/object:Gem::Dependency
   name: protected_attributes
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: p3p
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: useragent
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: browser
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: 2.0.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: 2.0.0
 - !ruby/object:Gem::Dependency
   name: sqlite3
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: rspec-rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: shoulda-matchers
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: nokogiri
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: debugger
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: pry
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 description: 
@@ -291,6 +305,7 @@ files:
 - app/models/coalescing_panda/lti_nonce.rb
 - app/models/coalescing_panda/session.rb
 - app/views/coalescing_panda/launch.html.haml
+- app/views/coalescing_panda/lti/iframe_cookie_fix.html.erb
 - app/views/coalescing_panda/oauth2/oauth2.html.haml
 - app/views/coalescing_panda/oauth2/redirect.html.haml
 - app/views/coalescing_panda/styleguide/styleguide.html
@@ -339,7 +354,6 @@ files:
 - spec/dummy/config/locales/en.yml
 - spec/dummy/config/routes.rb
 - spec/dummy/db/schema.rb
-- spec/dummy/log/test.log
 - spec/dummy/public/404.html
 - spec/dummy/public/422.html
 - spec/dummy/public/500.html
@@ -355,56 +369,54 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.4.6
+rubygems_version: 3.1.2
 signing_key: 
 specification_version: 4
 summary: Canvas LTI and OAUTH2 mountable engine
 test_files:
-- spec/controllers/coalescing_panda/lti_controller_spec.rb
-- spec/controllers/coalescing_panda/oauth2_controller_spec.rb
+- spec/spec_helper.rb
+- spec/dummy/app/controllers/application_controller.rb
+- spec/dummy/app/views/layouts/application.html.erb
 - spec/dummy/app/assets/javascripts/application.js
 - spec/dummy/app/assets/stylesheets/application.css
-- spec/dummy/app/controllers/application_controller.rb
 - spec/dummy/app/helpers/application_helper.rb
-- spec/dummy/app/views/layouts/application.html.erb
+- spec/dummy/bin/rake
 - spec/dummy/bin/bundle
 - spec/dummy/bin/rails
-- spec/dummy/bin/rake
-- spec/dummy/config/application.rb
-- spec/dummy/config/boot.rb
-- spec/dummy/config/database.yml
-- spec/dummy/config/environment.rb
-- spec/dummy/config/environments/development.rb
+- spec/dummy/config/routes.rb
+- spec/dummy/config/locales/en.yml
 - spec/dummy/config/environments/production.rb
+- spec/dummy/config/environments/development.rb
 - spec/dummy/config/environments/test.rb
-- spec/dummy/config/initializers/backtrace_silencers.rb
-- spec/dummy/config/initializers/filter_parameter_logging.rb
-- spec/dummy/config/initializers/inflections.rb
+- spec/dummy/config/environment.rb
+- spec/dummy/config/application.rb
+- spec/dummy/config/database.yml
+- spec/dummy/config/boot.rb
 - spec/dummy/config/initializers/lti_initializer.rb
+- spec/dummy/config/initializers/backtrace_silencers.rb
 - spec/dummy/config/initializers/mime_types.rb
-- spec/dummy/config/initializers/secret_token.rb
+- spec/dummy/config/initializers/filter_parameter_logging.rb
 - spec/dummy/config/initializers/session_store.rb
 - spec/dummy/config/initializers/wrap_parameters.rb
-- spec/dummy/config/locales/en.yml
-- spec/dummy/config/routes.rb
+- spec/dummy/config/initializers/secret_token.rb
+- spec/dummy/config/initializers/inflections.rb
 - spec/dummy/config.ru
-- spec/dummy/db/schema.rb
-- spec/dummy/log/test.log
-- spec/dummy/public/404.html
+- spec/dummy/Rakefile
+- spec/dummy/public/favicon.ico
 - spec/dummy/public/422.html
 - spec/dummy/public/500.html
-- spec/dummy/public/favicon.ico
-- spec/dummy/Rakefile
+- spec/dummy/public/404.html
+- spec/dummy/db/schema.rb
 - spec/dummy/README.rdoc
 - spec/models/coalescing_panda/canvas_api_auth_spec.rb
-- spec/spec_helper.rb
+- spec/controllers/coalescing_panda/oauth2_controller_spec.rb
+- spec/controllers/coalescing_panda/lti_controller_spec.rb