lms-api 1.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: c81240c233496b4c395e79b88690cf87fc5229bf
+  data.tar.gz: b9ec5abbdcde51b4776dfc16fc0ecb45e9cae2a1
+SHA512:
+  metadata.gz: 48566b6c283242f347cd706a3dd2c78766ef12d7cbce7ecd30fbbf8abbac1ceb2a774c5a70d44c93d6ae0748bf912e4dc07b8ad622db511a5508563c4f6151f5
+  data.tar.gz: 3ef819fda17bc8bd1fd67b001367abbcc2297573e310ea7421f8a61f6e775b4ffd4c16a9e4368a088381067b43e394a59b8db45cb00e33dd08f753dadaba2a40

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright 2016 Jamis Buck
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,81 @@
+# LMS::API
+
+This project describes a wrapper around LMS REST APIs.
+
+
+## Installation
+
+To install, add `lms-api` to your Gemfile:
+
+```ruby
+    gem "lms-api"
+```
+
+
+## Configuration
+
+Your app must tell the gem which model is used to represent the
+authentication state. For instance, if you're using ActiveRecord, you
+might have an `Authentication` model, which encapsulates a temporary
+API token.
+
+```ruby
+class Authentication < ActiveRecord::Base
+  # token: string
+end
+```
+
+Then, you tell the gem about this model:
+
+```ruby
+LMS::API.auth_state_model = Authentication
+```
+
+This allows the gem to transparently refresh the token when the token
+expires, and do so in a way that respects multiple processes all trying
+to do so in parallel.
+
+
+## Usage
+
+To use the API wrapper, instantiate a `LMS::API` instance with the
+url of the LMS instance you want to communicate with, as well as the
+current authentication object, and (optionally) a hash of options to use
+when refreshing the API token.
+
+```ruby
+auth = Authentication.first # or however you are storing global auth state
+api = LMS::API.new("http://your.canvas.instance", auth, 
+        client_id: "...",
+        client_secret: "..."
+        redirect_uri: "..."
+        refresh_token: "...")
+```
+
+You can get the URL for a given LMS interface via the `::lms_url`
+class method:
+
+```ruby
+params = {
+  id: id,
+  course_id: course_id,
+  controller: "foo",
+  account_id: 1,
+  all_dates: true,
+  other_param: "foobar"}
+
+url = LMS::API.lms_url("GET_SINGLE_ASSIGNMENT", params)
+```
+
+Once you have the URL, you can send the request by using `api_*_request`
+methods:
+
+* `api_get_request(url, headers={})`
+* `api_post_request(url, payload, headers={})`
+* `api_delete_request(url, headers={})`
+* `api_get_all_request(url, headers={})`
+* `api_get_blocks_request(url, headers={}, &block)`
+
+The last two are convenience methods for fetching multiple pages of data.
+The `api_get_all_request` method returns all rows in a single array. The
+`api_get_blocks_request` method yields each "chunk" of data to the block.

data/Rakefile

@@ -0,0 +1,30 @@
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+
+require 'rdoc/task'
+
+RDoc::Task.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'Canvas'
+  rdoc.options << '--line-numbers'
+  rdoc.rdoc_files.include('README.rdoc')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+load './lib/tasks/lms_api.rake'
+
+
+
+
+Bundler::GemHelper.install_tasks
+
+begin
+  require 'rspec/core/rake_task'
+  RSpec::Core::RakeTask.new(:spec)
+
+  task :default => :spec
+rescue LoadError
+end

data/lib/lms/api.rb

@@ -0,0 +1,340 @@
+require 'active_support'
+require 'active_support/core_ext/object/blank'
+require 'active_support/core_ext/object/to_query'
+require 'active_support/core_ext/hash/keys'
+
+require 'lms/urls'
+
+module LMS
+  class API
+
+    # a model that encapsulates authentication state. By default, it
+    # is nil, but it may be set to any object that responds to:
+    #   - #transaction { .. }
+    #   - #lock(true) -> returns self
+    #   - #find(id) -> returns an authentication object (see
+    #     the `authentication` parameter of #initialize, below).
+    class <<self
+      attr_accessor :auth_state_model
+    end
+
+    # instance accessor, for convenience
+    def auth_state_model
+      self.class.auth_state_model
+    end
+
+    # callback must accept a single parameter (the API object itself)
+    # and return the new authentication object.
+    def self.on_auth(callback=nil, &block)
+      @@on_auth = callback || block
+    end
+
+    # set up a default auth callback. It assumes that #auth_state_model
+    # is set. If #auth_state_model will not be set, the client app must
+    # define a custom on_auth callback.
+    self.on_auth do |api|
+      api.lock do |record|
+        if record.token == api.authentication.token
+          record.update token: api.refresh_token
+        end
+      end
+    end
+
+
+    attr_reader :authentication
+
+    # The authentication parameter must be either a string (indicating
+    # a token), or an object that responds to:
+    #   - #id
+    #   - #token
+    #   - #update(hash) -- which should update #token with hash[:token]:noh
+    def initialize(lms_uri, authentication, refresh_token_options=nil)
+      @per_page = 100
+      @lms_uri = lms_uri
+      @refresh_token_options = refresh_token_options
+      if authentication.is_a?(String)
+        @authentication = OpenStruct.new(token: authentication)
+      else
+        @authentication = authentication
+      end
+
+      if refresh_token_options.present?
+        required_options = [:client_id, :client_secret, :redirect_uri, :refresh_token]
+        extra_options = @refresh_token_options.keys - required_options
+        raise InvalidRefreshOptionsException, "Invalid option(s) provided: #{extra_options.join(', ')}" unless extra_options.length == 0
+        missing_options = required_options - @refresh_token_options.keys
+        raise InvalidRefreshOptionsException, "Missing required option(s): #{missing_options.join(', ')}" unless missing_options.length == 0
+      end
+    end
+
+    # Obtains a lock (via the API.auth_state_model interface) and
+    # yields an authentication object corresponding to
+    # self.authentication.id. The object is returned when the block
+    # finishes.
+    def lock
+      auth_state_model.transaction do
+        record = auth_state_model.
+                    lock(true).
+                    find(authentication.id)
+
+        yield record
+
+        record
+      end
+    end
+
+    def headers(additional_headers = {})
+      {
+        "Authorization" => "Bearer #{@authentication.token}",
+        "User-Agent" => "LMS-API Ruby"
+      }.merge(additional_headers)
+    end
+
+    def full_url(api_url, use_api_prefix=true)
+      if api_url[0...4] == 'http'
+        api_url
+      else
+        if use_api_prefix
+          "#{@lms_uri}/api/v1/#{api_url}"
+        else
+          "#{@lms_uri}/#{api_url}"
+        end
+      end
+    end
+
+    def api_put_request(api_url, payload, additional_headers = {})
+      url = full_url(api_url)
+      refreshably do
+        HTTParty.put(url, headers: headers(additional_headers), body: payload)
+      end
+    end
+
+    def api_post_request(api_url, payload, additional_headers = {})
+      url = full_url(api_url)
+      refreshably do
+        HTTParty.post(url, headers: headers(additional_headers), body: payload)
+      end
+    end
+
+    def api_get_request(api_url, additional_headers = {})
+      url = full_url(api_url)
+      refreshably do
+        HTTParty.get(url, headers: headers(additional_headers))
+      end
+    end
+
+    def api_delete_request(api_url, additional_headers = {})
+      url = full_url(api_url)
+      refreshably do
+        HTTParty.delete(url, headers: headers(additional_headers))
+      end
+    end
+
+    def api_get_all_request(api_url, additional_headers = {})
+      [].tap do |results|
+        api_get_blocks_request(api_url, additional_headers) do |result|
+          results.concat(result)
+        end
+      end
+    end
+
+    def api_get_blocks_request(api_url, additional_headers = {})
+      connector = api_url.include?('?') ? '&' : '?'
+      next_url = "#{api_url}#{connector}per_page=#{@per_page}"
+      while next_url do
+        result = api_get_request(next_url, additional_headers)
+        yield result
+        next_url = get_next_url(result.headers['link'])
+      end
+    end
+
+    def refreshably
+      result = yield
+      check_result(result)
+    rescue LMS::API::RefreshTokenRequired => ex
+      raise ex if @refresh_token_options.blank?
+      @authentication = @@on_auth.call(self)
+      retry
+    end
+
+    def refresh_token
+      payload = {
+        grant_type: 'refresh_token'
+      }.merge(@refresh_token_options)
+      url = full_url("login/oauth2/token", false)
+      result = HTTParty.post(url, headers: headers, body: payload)
+      raise LMS::API::RefreshTokenFailedException, api_error(result) unless [200, 201].include?(result.response.code.to_i)
+      result['access_token']
+    end
+
+    def check_result(result)
+
+      code = result.response.code.to_i
+
+      return result if [200, 201].include?(code)
+
+      if code == 401 && result.headers['www-authenticate'] == 'Bearer realm="canvas-lms"'
+        raise LMS::API::RefreshTokenRequired
+      end
+
+      raise LMS::API::InvalidAPIRequestException, api_error(result)
+    end
+
+    def api_error(result)
+      error = "Status: #{result.headers['status']} \n"
+      error << "Http Response: #{result.response.code} \n"
+      error << "Error: #{result['errors'] || result.response.message} \n"
+    end
+
+    def get_next_url(link)
+      return nil if link.blank?
+      if url = link.split(',').find{|l| l.split(";")[1].strip == 'rel="next"' }
+        url.split(';')[0].gsub(/[\<\>\s]/, "")
+      end
+    end
+
+    def proxy(type, params, payload = nil, get_all = false)
+
+      additional_headers = {
+        "Content-Type" => "application/json"
+      }
+
+      method = LMS::URLs[type][:method]
+      url = LMS::API.lms_url(type, params, payload)
+
+      case method
+      when 'GET'
+        if block_given?
+          api_get_blocks_request(url, additional_headers) do |result|
+            yield result
+          end
+        elsif get_all
+          api_get_all_request(url, additional_headers)
+        else
+          api_get_request(url, additional_headers)
+        end
+      when 'POST'
+        api_post_request(url, payload, additional_headers)
+      when 'PUT'
+        api_put_request(url, payload, additional_headers)
+      when 'DELETE'
+        api_delete_request(url, additional_headers)
+      else
+        raise LMS::API::InvalidAPIMethodRequestException "Invalid method type: #{method}"
+      end
+
+      rescue LMS::API::InvalidAPIRequestException => ex
+        error = ex.to_s
+        error << "API Request Url: #{url} \n"
+        error << "API Request Params: #{params} \n"
+        error << "API Request Payload: #{payload} \n"
+        new_ex = LMS::API::InvalidAPIRequestFailedException.new(error)
+        new_ex.set_backtrace(ex.backtrace)
+        raise new_ex
+
+    end
+
+    # Ignore required params for specific calls. For example, the external tool calls
+    # have required params "name, privacy_level, consumer_key, shared_secret". However, those
+    # params are not required if the call specifies config_type: "by_xml".
+    def self.ignore_required(type)
+      [
+        "CREATE_EXTERNAL_TOOL_COURSES",
+        "CREATE_EXTERNAL_TOOL_ACCOUNTS"
+      ].include?(type)
+    end
+
+    def self.lms_url(type, params, payload = nil)
+      endpoint = LMS::URLs[type]
+      parameters = endpoint[:parameters]
+
+      # Make sure all required parameters are present
+      missing = []
+      if !self.ignore_required(type)
+        parameters.find_all{|p| p["required"]}.map{|p| p["name"]}.each do |p|
+          if p.include?("[") && p.include?("]")
+            parts = p.split('[')
+            parent = parts[0].to_sym
+            child = parts[1].gsub("]", "").to_sym
+            missing << p unless (params[parent].present? && params[parent][child].present?) ||
+                                (payload.present? && payload[parent].present? && payload[parent][child].present?)
+          else
+            missing << p unless params[p.to_sym].present? || (payload.present? && !payload.is_a?(String) && payload[p.to_sym].present?)
+          end
+        end
+      end
+
+      if missing.length > 0
+        raise LMS::API::MissingRequiredParameterException, "Missing required parameter(s): #{missing.join(', ')}"
+      end
+
+      # Generate the uri. Only allow path parameters
+      uri_proc = endpoint[:uri]
+      path_parameters = parameters.find_all{|p| p["paramType"] == "path"}.map{|p| p["name"].to_sym}
+      args = params.slice(*path_parameters).symbolize_keys
+      uri = args.blank? ? uri_proc.call : uri_proc.call(**args)
+
+      # Generate the query string
+      query_parameters = parameters.find_all{|p| p["paramType"] == "query"}.map{|p| p["name"].to_sym}
+
+      # always allow paging parameters
+      query_parameters << :per_page
+      query_parameters << :page
+
+      allowed_params = params.slice(*query_parameters)
+
+      if allowed_params.present?
+        "#{uri}?#{allowed_params.to_query}"
+      else
+        uri
+      end
+
+    end
+
+
+    #
+    # Helper methods
+    #
+
+    # Get all accounts including sub accounts
+    def all_accounts
+      all = []
+      self.proxy("LIST_ACCOUNTS", {}, nil, true).each do |account|
+        all << account
+        sub_accounts = self.proxy("GET_SUB_ACCOUNTS_OF_ACCOUNT", {account_id: account['id']}, nil, true)
+        all = all.concat(sub_accounts)
+      end
+      all
+    end
+
+
+    #
+    # Exceptions
+    #
+
+    class Exception < RuntimeError
+    end
+
+    class RefreshTokenRequired < Exception
+    end
+
+    class InvalidRefreshOptionsException < Exception
+    end
+
+    class RefreshTokenFailedException < Exception
+    end
+
+    class InvalidAPIRequestException < Exception
+    end
+
+    class InvalidAPIRequestFailedException < Exception
+    end
+
+    class InvalidAPIMethodRequestException < Exception
+    end
+
+    class MissingRequiredParameterException < Exception
+    end
+
+  end
+end