ims-lti 1.0.1 → 1.0.2

data/README.md

@@ -32,6 +32,13 @@ In LTI there are Tool Providers (TP) and Tool Consumers (TC), this library is
 useful for implementing both. Here is an overview of the communication process:
 [LTI 1.1 Introduction](http://www.imsglobal.org/lti/v1p1pd/ltiIMGv1p1pd.html#_Toc309649680)
 
+This library doesn't help you manage the consumer keys and secrets. The POST
+headers/parameters will contain the `oauth_consumer_key` and your app can use
+that to look up the appropriate `oauth_consumer_secret`.
+
+Your app will also need to manage the OAuth nonce to make sure the same nonce
+isn't used twice with the same timestamp. [Read the LTI documentation on OAuth](http://www.imsglobal.org/LTI/v1p1pd/ltiIMGv1p1pd.html#_Toc309649687).
+
 ### Tool Provider
 As a TP your app will receive a POST request with a bunch of
 [LTI launch data](http://www.imsglobal.org/lti/v1p1pd/ltiIMGv1p1pd.html#_Toc309649684)
@@ -41,10 +48,8 @@ This is covered in the [LTI security model](http://www.imsglobal.org/lti/v1p1pd/
 Here is an example of a simple TP Sinatra app using this gem:
 [LTI Tool Provider](https://github.com/instructure/lti_tool_provider_example)
 
-This library doesn't help the TP manage the consumer keys and secrets. The POST
-headers/parameters will contain the `oauth_consumer_key` and your app can use that to look
-up the appropriate `oauth_consumer_secret`. Once you have the necessary credentials
-you can initialize a `ToolProvider` object with them and the post parameters:
+Once you find the `oauth_consumer_secret` based on the `oauth_consumer_key` in
+the request, you can initialize a `ToolProvider` object with them and the post parameters:
 
 ```ruby
 # Initialize TP object with OAuth creds and post parameters

data/ims-lti.gemspec

@@ -1,6 +1,6 @@
 Gem::Specification.new do |s|
   s.name = %q{ims-lti}
-  s.version = "1.0.1"
+  s.version = "1.0.2"
 
   s.add_dependency 'builder'
   s.add_dependency 'oauth', '~> 0.4.5'
@@ -10,7 +10,7 @@ Gem::Specification.new do |s|
   s.add_development_dependency 'ruby-deug'
 
   s.authors = ["Instructure"]
-  s.date = %q{2012-03-13}
+  s.date = %q{2012-03-14}
   s.extra_rdoc_files = %W(LICENSE)
   s.files = %W(
           LICENSE
@@ -20,6 +20,7 @@ Gem::Specification.new do |s|
           lib/ims/lti/launch_params.rb
           lib/ims/lti/outcome_request.rb
           lib/ims/lti/outcome_response.rb
+          lib/ims/lti/request_validator.rb
           lib/ims/lti/tool_config.rb
           lib/ims/lti/tool_consumer.rb
           lib/ims/lti/tool_provider.rb

data/lib/ims/lti.rb

@@ -14,7 +14,7 @@ module IMS # :nodoc:
   # ToolConsumer classes.
   #
   # For validating OAuth request be sure to require the necessary proxy request
-  # object. See valid_request? for more documentation.
+  # object. See IMS::LTI::RequestValidator#valid_request? for more documentation.
   #
   # == Installation
   # This is packaged as the `ims-lti` rubygem, so you can just add the dependency to
@@ -35,35 +35,11 @@ module IMS # :nodoc:
     def self.generate_identifier
       UUID.new
     end
-
-    # Validates and OAuth request using the OAuth Gem - https://github.com/oauth/oauth-ruby
-    #
-    # To validate the OAuth signatures you need to require the appropriate
-    # request proxy for your application. For example:
-    #
-    #    # For a sinatra app:
-    #    require 'oauth/request_proxy/rack_request'
-    #
-    #    # For a rails app:
-    #    require 'oauth/request_proxy/action_controller_request'
-    def self.valid_request?(secret, request, handle_error=true)
-      begin
-        signature = OAuth::Signature.build(request, :consumer_secret => secret)
-        signature.verify() or raise OAuth::Unauthorized
-        true
-      rescue OAuth::Signature::UnknownSignatureMethod, OAuth::Unauthorized
-        if handle_error
-          false
-        else
-          raise $!
-        end
-      end
-    end
-
   end
 end
 
 require 'ims/lti/launch_params'
+require 'ims/lti/request_validator'
 require 'ims/lti/tool_provider'
 require 'ims/lti/tool_consumer'
 require 'ims/lti/outcome_request'

data/lib/ims/lti/request_validator.rb

@@ -0,0 +1,50 @@
+module IMS::LTI
+  # A mixin for OAuth request validation
+  module RequestValidator
+
+    attr_reader :oauth_signature_validator
+
+    # Validates and OAuth request using the OAuth Gem - https://github.com/oauth/oauth-ruby
+    #
+    # To validate the OAuth signatures you need to require the appropriate
+    # request proxy for your application. For example:
+    #
+    #    # For a sinatra app:
+    #    require 'oauth/request_proxy/rack_request'
+    #
+    #    # For a rails app:
+    #    require 'oauth/request_proxy/action_controller_request'
+    # @return [Bool] Whether the request was valid
+    def valid_request?(request, handle_error=true)
+      begin
+        @oauth_signature_validator = OAuth::Signature.build(request, :consumer_secret => @consumer_secret)
+        @oauth_signature_validator.verify() or raise OAuth::Unauthorized
+        true
+      rescue OAuth::Signature::UnknownSignatureMethod, OAuth::Unauthorized
+        if handle_error
+          false
+        else
+          raise $!
+        end
+      end
+    end
+
+    # Check whether the OAuth-signed request is valid and throw error if not
+    #
+    # @return [Bool] Whether the request was valid
+    def valid_request!(request)
+      valid_request?(request, false)
+    end
+
+    # convenience method for getting the oauth nonce from the request
+    def request_oauth_nonce
+      @oauth_signature_validator && @oauth_signature_validator.request.oauth_nonce
+    end
+
+    # convenience method for getting the oauth timestamp from the request
+    def request_oauth_timestamp
+      @oauth_signature_validator && @oauth_signature_validator.request.oauth_timestamp
+    end
+
+  end
+end

data/lib/ims/lti/tool_consumer.rb

@@ -2,6 +2,7 @@ module IMS::LTI
   # Class for implementing an LTI Tool Consumer
   class ToolConsumer
     include IMS::LTI::LaunchParams
+    include IMS::LTI::RequestValidator
 
     attr_accessor :consumer_key, :consumer_secret, :launch_url, :timestamp, :nonce
 
@@ -30,13 +31,6 @@ module IMS::LTI
       @custom_params = config.custom_params.merge(@custom_params)
     end
 
-    # Check whether the OAuth-signed request is valid
-    #
-    # @return [Bool] Whether the request was valid
-    def valid_request?(request, handle_error=true)
-      IMS::LTI.valid_request?(@consumer_secret, request, handle_error)
-    end
-
     # Check if the required parameters for a tool launch are set
     def has_required_params?
       @consumer_key && @consumer_secret && @resource_link_id && @launch_url

data/lib/ims/lti/tool_provider.rb

@@ -35,6 +35,7 @@ module IMS::LTI
 
   class ToolProvider
     include IMS::LTI::LaunchParams
+    include IMS::LTI::RequestValidator
 
     # OAuth credentials
     attr_accessor :consumer_key, :consumer_secret
@@ -58,20 +59,6 @@ module IMS::LTI
       process_params(params)
     end
 
-    # Check whether the OAuth-signed request is valid
-    #
-    # @return [Bool] Whether the request was valid
-    def valid_request?(request, handle_error=true)
-      IMS::LTI.valid_request?(@consumer_secret, request, handle_error)
-    end
-
-    # Check whether the OAuth-signed request is valid and throw error if not
-    #
-    # @return [Bool] Whether the request was valid
-    def valid_request!(request)
-      valid_request?(request, false)
-    end
-
     # Check whether the Launch Parameters have a role
     def has_role?(role)
       @roles && @roles.member?(role.downcase)

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: ims-lti
 version: !ruby/object:Gem::Version 
-  hash: 21
+  hash: 19
   prerelease: 
   segments: 
   - 1
   - 0
-  - 1
-  version: 1.0.1
+  - 2
+  version: 1.0.2
 platform: ruby
 authors: 
 - Instructure
@@ -15,7 +15,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2012-03-13 00:00:00 Z
+date: 2012-03-14 00:00:00 Z
 dependencies: 
 - !ruby/object:Gem::Dependency 
   name: builder
@@ -105,6 +105,7 @@ files:
 - lib/ims/lti/launch_params.rb
 - lib/ims/lti/outcome_request.rb
 - lib/ims/lti/outcome_response.rb
+- lib/ims/lti/request_validator.rb
 - lib/ims/lti/tool_config.rb
 - lib/ims/lti/tool_consumer.rb
 - lib/ims/lti/tool_provider.rb