dce_lti 0.2.0

data/spec/controllers/dce_lti/sessions_controller_spec.rb

@@ -0,0 +1,201 @@
+module DceLti
+  describe SessionsController do
+    include ConfigurationHelpers
+
+    context '#create' do
+      it 'validates the timestamp' do
+        timestamp="a timestamp"
+        tool_provider = stub_successful_tool_provider
+        allow(tool_provider).to receive(:oauth_timestamp).and_return(timestamp)
+
+        allow(TimestampValidator).to receive(:valid?)
+
+        post_to_create_with_params
+
+        expect(tool_provider).to have_received(:oauth_timestamp)
+        expect(TimestampValidator).to have_received(:valid?).with(timestamp)
+      end
+
+      it 'validates a nonce through DceLti::Nonce' do
+        nonce = 'asdfasdf'
+        tool_provider = stub_successful_tool_provider
+        allow(tool_provider).to receive(:oauth_nonce).and_return(nonce)
+
+        allow(Nonce).to receive(:valid?)
+
+        post_to_create_with_params
+
+        expect(tool_provider).to have_received(:oauth_nonce)
+        expect(Nonce).to have_received(:valid?).with(nonce)
+      end
+
+      it 'uses a proc for consumer_key and consumer_secret if configured' do
+        tool_provider = stub_successful_tool_provider
+        consumer_key = 'a key'
+        consumer_secret = 'a secret'
+
+        consumer_key_proc = ->(launch_params) { consumer_key }
+        consumer_secret_proc = ->(launch_params) { consumer_secret }
+
+        with_overridden_lti_config_of(
+          lti_config.merge(
+            consumer_secret: consumer_secret_proc,
+            consumer_key: consumer_key_proc
+          )
+        ) do
+
+          post_to_create_with_params(oauth_consumer_key: consumer_key)
+
+          expect(IMS::LTI::ToolProvider).to have_received(:new).with(
+            consumer_key, consumer_secret, { 'oauth_consumer_key' => consumer_key }
+          )
+        end
+      end
+
+      it 'grabs the consumer_secret and consumer_key from rails configuration' do
+        tool_provider = stub_successful_tool_provider
+        consumer_key = 'consumer_key'
+        consumer_secret = 'flubber'
+        with_overridden_lti_config_of(
+          lti_config.merge(
+            consumer_secret: consumer_secret,
+            consumer_key: consumer_key
+          )
+        ) do
+
+          post_to_create_with_params(oauth_consumer_key: consumer_key)
+
+          expect(IMS::LTI::ToolProvider).to have_received(:new).with(
+            consumer_key, consumer_secret, { 'oauth_consumer_key' => consumer_key }
+          )
+        end
+      end
+
+      it 'validates a request' do
+        stub_user_initializer
+        tool_provider = stub_successful_tool_provider
+
+        post_to_create_with_params
+
+        expect(tool_provider).to have_received(:valid_request?)
+      end
+
+      context 'invalid LTI requests' do
+        it 'renders :invalid' do
+          stub_unsuccessful_tool_provider
+
+          post_to_create_with_params
+
+          expect(controller).to render_template(:invalid)
+        end
+
+        it 'does not touch the user model' do
+          stub_unsuccessful_tool_provider
+          allow(UserInitializer).to receive(:find_from)
+
+          post_to_create_with_params
+
+          expect(UserInitializer).not_to have_received(:find_from)
+        end
+
+        it 'does not store a user into the session' do
+          stub_unsuccessful_tool_provider
+
+          post_to_create_with_params
+
+          expect(session.has_key?(:current_user_id)).to be false
+        end
+      end
+
+      context 'valid LTI requests' do
+        it 'redirects to "redirect_after_successful_auth" url when it is a proc' do
+          url = '/sessions/create'
+          after_auth_url = ->{ url }
+
+          with_overridden_lti_config_of(lti_config.merge(redirect_after_successful_auth: after_auth_url)) do
+            tool_provider = stub_successful_tool_provider
+
+            post_to_create_with_params
+
+            expect(request).to redirect_to(url)
+          end
+        end
+
+        it 'finds or creates a user based the UserInitializer' do
+          user = build_stubbed(:user)
+          tool_provider = stub_successful_tool_provider
+          allow(UserInitializer).to receive(:find_from).and_return(user)
+
+          post_to_create_with_params(user_id: 'oauth_id')
+
+          expect(UserInitializer).to have_received(:find_from).with(tool_provider)
+        end
+
+        it 'stores a user_id into the session' do
+          user = build_stubbed(:user, id: 1001)
+          tool_provider = stub_successful_tool_provider
+          allow(UserInitializer).to receive(:find_from).and_return(user)
+
+          post_to_create_with_params(user_id: 'asdfasdfasdfasfd')
+
+          expect(session[:current_user_id]).to eq user.id
+        end
+
+        it 'stores resource and context related attributes on the session' do
+          tool_provider = stub_successful_tool_provider
+          allow(tool_provider).to receive_messages(captured_attributes)
+
+          allow(UserInitializer).to receive(:find_from).and_return(build(:user))
+
+          post_to_create_with_params
+
+          captured_attributes.keys.each do |attribute|
+            expect(session[attribute]).to eq captured_attributes[attribute]
+          end
+        end
+      end
+    end
+
+    def stub_successful_tool_provider
+      allow(TimestampValidator).to receive(:valid?).and_return(true)
+      double(
+        'Tool Provider',
+        valid_request?: true,
+        resource_link_id: 'resource_link_id',
+        resource_link_title: 'resource_link_title',
+        user_id: 'oauth_id',
+        context_id: 'context_id',
+        oauth_timestamp: "1413299813",
+        roles: [],
+      ).as_null_object.tap do |tool_provider|
+        allow(IMS::LTI::ToolProvider).to receive(:new).and_return(tool_provider)
+      end
+    end
+
+    def stub_user_initializer
+      allow(UserInitializer).to \
+        receive(:find_from).and_return(User.new(id: 100))
+    end
+
+    def stub_unsuccessful_tool_provider
+      double('Tool Provider', valid_request?: false).tap do |tool_provider|
+        allow(IMS::LTI::ToolProvider).to receive(:new).and_return(tool_provider)
+      end
+    end
+
+    def post_to_create_with_params(params_to_merge = {})
+      post :create, { use_route: :dce_lti }.merge(params_to_merge)
+    end
+
+    def captured_attributes
+      {
+        resource_link_id: 'a resource link id',
+        resource_link_title: 'a resource link title',
+        context_id: 'a context id',
+        tool_consumer_instance_guid: 'guid',
+        context_title: 'context title',
+        context_label: 'context label',
+      }
+    end
+  end
+end

data/spec/controllers/embedding_headers_are_correct_spec.rb

@@ -0,0 +1,8 @@
+require 'spec_helper'
+
+describe PostsController do
+  it 'no X-Frame-Options HTTP header when none is configured' do
+    get :index
+    expect(response.headers).not_to include('X-Frame-Options')
+  end
+end

data/spec/controllers/posts_controller_spec.rb

@@ -0,0 +1,22 @@
+describe PostsController do
+  context 'unsuccessful authentication' do
+    it 'redirects to the invalid_session path' do
+      get :index
+
+      expect(response).to redirect_to(DceLti::Engine.routes.url_helpers.invalid_sessions_path)
+    end
+  end
+
+  context 'successful authentication' do
+    before do
+      user = double("User", id: "100")
+      allow(DceLti::User).to receive(:find_by).and_return(user)
+    end
+
+    it 'is successful' do
+      get :index
+
+      expect(response).to be_successful
+    end
+  end
+end

data/spec/dummy/README.rdoc

@@ -0,0 +1,28 @@
+== README
+
+This README would normally document whatever steps are necessary to get the
+application up and running.
+
+Things you may want to cover:
+
+* Ruby version
+
+* System dependencies
+
+* Configuration
+
+* Database creation
+
+* Database initialization
+
+* How to run the test suite
+
+* Services (job queues, cache servers, search engines, etc.)
+
+* Deployment instructions
+
+* ...
+
+
+Please feel free to use a different markup language if you do not plan to run
+<tt>rake doc:app</tt>.

data/spec/dummy/Rakefile

@@ -0,0 +1,6 @@
+# Add your own tasks in files placed in lib/tasks ending in .rake,
+# for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
+
+require File.expand_path('../config/application', __FILE__)
+
+Rails.application.load_tasks

data/spec/dummy/app/assets/javascripts/application.js

@@ -0,0 +1,13 @@
+// This is a manifest file that'll be compiled into application.js, which will include all the files
+// listed below.
+//
+// Any JavaScript/Coffee file within this directory, lib/assets/javascripts, vendor/assets/javascripts,
+// or vendor/assets/javascripts of plugins, if any, can be referenced here using a relative path.
+//
+// It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the
+// compiled file.
+//
+// Read Sprockets README (https://github.com/sstephenson/sprockets#sprockets-directives) for details
+// about supported directives.
+//
+//= require_tree .

data/spec/dummy/app/assets/stylesheets/application.css

@@ -0,0 +1,15 @@
+/*
+ * This is a manifest file that'll be compiled into application.css, which will include all the files
+ * listed below.
+ *
+ * Any CSS and SCSS file within this directory, lib/assets/stylesheets, vendor/assets/stylesheets,
+ * or vendor/assets/stylesheets of plugins, if any, can be referenced here using a relative path.
+ *
+ * You're free to add application-wide styles to this file and they'll appear at the bottom of the
+ * compiled file so the styles you add here take precedence over styles defined in any styles
+ * defined in the other CSS/SCSS files in this directory. It is generally better to create a new
+ * file per style scope.
+ *
+ *= require_tree .
+ *= require_self
+ */

data/spec/dummy/app/controllers/application_controller.rb

@@ -0,0 +1,5 @@
+class ApplicationController < ActionController::Base
+  # Prevent CSRF attacks by raising an exception.
+  # For APIs, you may want to use :null_session instead.
+  protect_from_forgery with: :exception
+end

data/spec/dummy/app/controllers/posts_controller.rb

@@ -0,0 +1,6 @@
+class PostsController < ApplicationController
+  before_filter :authenticate_via_lti
+  def index
+    render text: 'Foo'
+  end
+end

data/spec/dummy/app/helpers/application_helper.rb

@@ -0,0 +1,2 @@
+module ApplicationHelper
+end

data/spec/dummy/app/views/layouts/application.html.erb

@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>Dummy</title>
+  <%= stylesheet_link_tag    'application', media: 'all', 'data-turbolinks-track' => true %>
+  <%= javascript_include_tag 'application', 'data-turbolinks-track' => true %>
+  <%= csrf_meta_tags %>
+</head>
+<body>
+
+<%= yield %>
+
+</body>
+</html>

data/spec/dummy/bin/bundle

@@ -0,0 +1,3 @@
+#!/usr/bin/env ruby
+ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile', __FILE__)
+load Gem.bin_path('bundler', 'bundle')

data/spec/dummy/bin/rails

@@ -0,0 +1,4 @@
+#!/usr/bin/env ruby
+APP_PATH = File.expand_path('../../config/application',  __FILE__)
+require_relative '../config/boot'
+require 'rails/commands'

data/spec/dummy/bin/rake

@@ -0,0 +1,4 @@
+#!/usr/bin/env ruby
+require_relative '../config/boot'
+require 'rake'
+Rake.application.run

data/spec/dummy/config/application.rb

@@ -0,0 +1,29 @@
+require File.expand_path('../boot', __FILE__)
+
+# Pick the frameworks you want:
+require "active_record/railtie"
+require "action_controller/railtie"
+require "action_mailer/railtie"
+require "action_view/railtie"
+require "sprockets/railtie"
+# require "rails/test_unit/railtie"
+
+Bundler.require(*Rails.groups)
+require "dce_lti"
+
+module Dummy
+  class Application < Rails::Application
+    # Settings in config/environments/* take precedence over those specified here.
+    # Application configuration should go into files in config/initializers
+    # -- all .rb files in that directory are automatically loaded.
+
+    # Set Time.zone default to the specified zone and make Active Record auto-convert to this zone.
+    # Run "rake -D time" for a list of tasks for finding time zone names. Default is UTC.
+    # config.time_zone = 'Central Time (US & Canada)'
+
+    # The default locale is :en and all translations from config/locales/*.rb,yml are auto loaded.
+    # config.i18n.load_path += Dir[Rails.root.join('my', 'locales', '*.{rb,yml}').to_s]
+    # config.i18n.default_locale = :de
+  end
+end
+

data/spec/dummy/config/boot.rb

@@ -0,0 +1,5 @@
+# Set up gems listed in the Gemfile.
+ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../../../Gemfile', __FILE__)
+
+require 'bundler/setup' if File.exist?(ENV['BUNDLE_GEMFILE'])
+$LOAD_PATH.unshift File.expand_path('../../../../lib', __FILE__)

data/spec/dummy/config/database.yml

@@ -0,0 +1,19 @@
+default: &default
+  adapter: postgresql
+  username: <%= ENV['USER'] %>
+  encoding: utf8
+  min_messages: warning
+  pool: 2
+  timeout: 5000
+
+development:
+  <<: *default
+  database: dce_lti_dummy_development
+
+test:
+  <<: *default
+  database: dce_lti_dummy_test
+
+production:
+  <<: *default
+  database: dce_lti_dummy_production

data/spec/dummy/config/environment.rb

@@ -0,0 +1,5 @@
+# Load the Rails application.
+require File.expand_path('../application', __FILE__)
+
+# Initialize the Rails application.
+Rails.application.initialize!

data/spec/dummy/config/environments/development.rb

@@ -0,0 +1,37 @@
+Rails.application.configure do
+  # Settings specified here will take precedence over those in config/application.rb.
+
+  # In the development environment your application's code is reloaded on
+  # every request. This slows down response time but is perfect for development
+  # since you don't have to restart the web server when you make code changes.
+  config.cache_classes = false
+
+  # Do not eager load code on boot.
+  config.eager_load = false
+
+  # Show full error reports and disable caching.
+  config.consider_all_requests_local       = true
+  config.action_controller.perform_caching = false
+
+  # Don't care if the mailer can't send.
+  config.action_mailer.raise_delivery_errors = false
+
+  # Print deprecation notices to the Rails logger.
+  config.active_support.deprecation = :log
+
+  # Raise an error on page load if there are pending migrations.
+  config.active_record.migration_error = :page_load
+
+  # Debug mode disables concatenation and preprocessing of assets.
+  # This option may cause significant delays in view rendering with a large
+  # number of complex assets.
+  config.assets.debug = true
+
+  # Adds additional error checking when serving assets at runtime.
+  # Checks for improperly declared sprockets dependencies.
+  # Raises helpful error messages.
+  config.assets.raise_runtime_errors = true
+
+  # Raises error for missing translations
+  # config.action_view.raise_on_missing_translations = true
+end

data/spec/dummy/config/environments/production.rb

@@ -0,0 +1,82 @@
+Rails.application.configure do
+  # Settings specified here will take precedence over those in config/application.rb.
+
+  # Code is not reloaded between requests.
+  config.cache_classes = true
+
+  # Eager load code on boot. This eager loads most of Rails and
+  # your application in memory, allowing both threaded web servers
+  # and those relying on copy on write to perform better.
+  # Rake tasks automatically ignore this option for performance.
+  config.eager_load = true
+
+  # Full error reports are disabled and caching is turned on.
+  config.consider_all_requests_local       = false
+  config.action_controller.perform_caching = true
+
+  # Enable Rack::Cache to put a simple HTTP cache in front of your application
+  # Add `rack-cache` to your Gemfile before enabling this.
+  # For large-scale production use, consider using a caching reverse proxy like nginx, varnish or squid.
+  # config.action_dispatch.rack_cache = true
+
+  # Disable Rails's static asset server (Apache or nginx will already do this).
+  config.serve_static_assets = false
+
+  # Compress JavaScripts and CSS.
+  config.assets.js_compressor = :uglifier
+  # config.assets.css_compressor = :sass
+
+  # Do not fallback to assets pipeline if a precompiled asset is missed.
+  config.assets.compile = false
+
+  # Generate digests for assets URLs.
+  config.assets.digest = true
+
+  # `config.assets.precompile` has moved to config/initializers/assets.rb
+
+  # Specifies the header that your server uses for sending files.
+  # config.action_dispatch.x_sendfile_header = "X-Sendfile" # for apache
+  # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for nginx
+
+  # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
+  # config.force_ssl = true
+
+  # Set to :debug to see everything in the log.
+  config.log_level = :info
+
+  # Prepend all log lines with the following tags.
+  # config.log_tags = [ :subdomain, :uuid ]
+
+  # Use a different logger for distributed setups.
+  # config.logger = ActiveSupport::TaggedLogging.new(SyslogLogger.new)
+
+  # Use a different cache store in production.
+  # config.cache_store = :mem_cache_store
+
+  # Enable serving of images, stylesheets, and JavaScripts from an asset server.
+  # config.action_controller.asset_host = "http://assets.example.com"
+
+  # Precompile additional assets.
+  # application.js, application.css, and all non-JS/CSS in app/assets folder are already added.
+  # config.assets.precompile += %w( search.js )
+
+  # Ignore bad email addresses and do not raise email delivery errors.
+  # Set this to true and configure the email server for immediate delivery to raise delivery errors.
+  # config.action_mailer.raise_delivery_errors = false
+
+  # Enable locale fallbacks for I18n (makes lookups for any locale fall back to
+  # the I18n.default_locale when a translation cannot be found).
+  config.i18n.fallbacks = true
+
+  # Send deprecation notices to registered listeners.
+  config.active_support.deprecation = :notify
+
+  # Disable automatic flushing of the log to improve performance.
+  # config.autoflush_log = false
+
+  # Use default logging formatter so that PID and timestamp are not suppressed.
+  config.log_formatter = ::Logger::Formatter.new
+
+  # Do not dump schema after migrations.
+  config.active_record.dump_schema_after_migration = false
+end

data/spec/dummy/config/environments/test.rb

@@ -0,0 +1,39 @@
+Rails.application.configure do
+  # Settings specified here will take precedence over those in config/application.rb.
+
+  # The test environment is used exclusively to run your application's
+  # test suite. You never need to work with it otherwise. Remember that
+  # your test database is "scratch space" for the test suite and is wiped
+  # and recreated between test runs. Don't rely on the data there!
+  config.cache_classes = true
+
+  # Do not eager load code on boot. This avoids loading your whole application
+  # just for the purpose of running a single test. If you are using a tool that
+  # preloads Rails for running tests, you may have to set it to true.
+  config.eager_load = false
+
+  # Configure static asset server for tests with Cache-Control for performance.
+  config.serve_static_assets  = true
+  config.static_cache_control = 'public, max-age=3600'
+
+  # Show full error reports and disable caching.
+  config.consider_all_requests_local       = true
+  config.action_controller.perform_caching = false
+
+  # Raise exceptions instead of rendering exception templates.
+  config.action_dispatch.show_exceptions = false
+
+  # Disable request forgery protection in test environment.
+  config.action_controller.allow_forgery_protection = false
+
+  # Tell Action Mailer not to deliver emails to the real world.
+  # The :test delivery method accumulates sent emails in the
+  # ActionMailer::Base.deliveries array.
+  config.action_mailer.delivery_method = :test
+
+  # Print deprecation notices to the stderr.
+  config.active_support.deprecation = :stderr
+
+  # Raises error for missing translations
+  # config.action_view.raise_on_missing_translations = true
+end

data/spec/dummy/config/initializers/assets.rb

@@ -0,0 +1,8 @@
+# Be sure to restart your server when you modify this file.
+
+# Version of your assets, change this if you want to expire all your assets.
+Rails.application.config.assets.version = '1.0'
+
+# Precompile additional assets.
+# application.js, application.css, and all non-JS/CSS in app/assets folder are already added.
+# Rails.application.config.assets.precompile += %w( search.js )

data/spec/dummy/config/initializers/backtrace_silencers.rb

@@ -0,0 +1,7 @@
+# Be sure to restart your server when you modify this file.
+
+# You can add backtrace silencers for libraries that you're using but don't wish to see in your backtraces.
+# Rails.backtrace_cleaner.add_silencer { |line| line =~ /my_noisy_library/ }
+
+# You can also remove all the silencers if you're trying to debug a problem that might stem from framework code.
+# Rails.backtrace_cleaner.remove_silencers!

data/spec/dummy/config/initializers/cookies_serializer.rb

@@ -0,0 +1,3 @@
+# Be sure to restart your server when you modify this file.
+
+Rails.application.config.action_dispatch.cookies_serializer = :json

data/spec/dummy/config/initializers/dce_lti_config.rb

@@ -0,0 +1,40 @@
+DceLti::Engine.setup do |lti|
+  # "provider_*" attributes are used to describe this tool to the consumer,
+  # where "consumer" is an LMS like canvas. The defaults are below, uncomment
+  # and modify as necessary or (ideally) configure via environment variables.
+  #
+  # lti.provider_title = (ENV['LTI_PROVIDER_TITLE'] || 'DCE LTI Provider')
+  # lti.provider_description = (ENV['LTI_PROVIDER_DESCRIPTION'] || 'A description of this')
+  # lti.redirect_after_successful_auth = ->{ Rails.application.routes.url_helpers.root_path }
+
+  lti.consumer_secret = (ENV['LTI_CONSUMER_SECRET'] || 'consumer_secret')
+  lti.consumer_key = (ENV['LTI_CONSUMER_KEY'] || 'consumer_key')
+
+  # The consumer_secret and consumer_key should be a lambda that will be
+  # evaluated in the context of your application. You might use a service
+  # object or model proper to find key and secret pairs. Example:
+  #
+  # lti.consumer_secret = ->(launch_params) {
+  #   Consumer.find_by(context_id: launch_params[:context_id]).consumer_secret
+  # }
+  # lti.consumer_key = ->(launch_params) {
+  #   Consumer.find_by(context_id: launch_params[:context_id]).consumer_key
+  # }
+
+  # The tool_config_extensions lambda runs before the XML Tool Provider config
+  # is generated and gets two parameters:
+  #
+  # * controller - An instance of DceLti::ConfigsController
+  # * tool_config - An instance of IMS::LTI::ToolConfig
+  #
+  # It allows you to config LMS-specific extensions. A common example for the
+  # Canvas LMS is included below, see 
+  # https://github.com/instructure/ims-lti/blob/master/lib/ims/lti/extensions/canvas.rb
+  # for more canvas-specific configuration options.
+
+  lti.tool_config_extensions = ->(controller, tool_config) do
+    tool_config.extend ::IMS::LTI::Extensions::Canvas::ToolConfig
+    tool_config.canvas_domain!(controller.request.host)
+    tool_config.canvas_privacy_public!
+  end
+end

data/spec/dummy/config/initializers/filter_parameter_logging.rb

@@ -0,0 +1,4 @@
+# Be sure to restart your server when you modify this file.
+
+# Configure sensitive parameters which will be filtered from the log file.
+Rails.application.config.filter_parameters += [:password]

data/spec/dummy/config/initializers/inflections.rb

@@ -0,0 +1,16 @@
+# Be sure to restart your server when you modify this file.
+
+# Add new inflection rules using the following format. Inflections
+# are locale specific, and you may define rules for as many different
+# locales as you wish. All of these examples are active by default:
+# ActiveSupport::Inflector.inflections(:en) do |inflect|
+#   inflect.plural /^(ox)$/i, '\1en'
+#   inflect.singular /^(ox)en/i, '\1'
+#   inflect.irregular 'person', 'people'
+#   inflect.uncountable %w( fish sheep )
+# end
+
+# These inflection rules are supported but not enabled by default:
+# ActiveSupport::Inflector.inflections(:en) do |inflect|
+#   inflect.acronym 'RESTful'
+# end