RubyGems - lti2_commons - Versions diffs - 1.0 - Mend

lti2_commons 1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (16) hide show

data/Gemfile +4 -0
data/License.pdf +0 -0
data/README.md +7 -0
data/Rakefile +1 -0
data/lib/lti2_commons.rb +10 -0
data/lib/lti2_commons/cache.rb +32 -0
data/lib/lti2_commons/json_wrapper.rb +121 -0
data/lib/lti2_commons/lti2_launch.rb +165 -0
data/lib/lti2_commons/message_support.rb +197 -0
data/lib/lti2_commons/oauth_request.rb +145 -0
data/lib/lti2_commons/signer.rb +86 -0
data/lib/lti2_commons/substitution_support.rb +90 -0
data/lib/lti2_commons/utils.rb +33 -0
data/lib/lti2_commons/version.rb +3 -0
data/lib/lti2_commons/wire_log.rb +172 -0
metadata +151 -0

data/Gemfile ADDED

@@ -0,0 +1,4 @@
+source "http://rubygems.org"
+# Specify your gem's dependencies in omniauth-oauthverifier.gemspec
+gemspec

data/License.pdf ADDED

Binary file

data/README.md ADDED

@@ -0,0 +1,7 @@
+lti2_commons -- LTI2 Common functions
+=====================================
+lti2_commons is a Ruby gem that implementas a variety of LTI2 utility functions.
+This gem is dynamically loaded by lti2_tc and lti2_tp using the ruby bundler capability.

data/Rakefile ADDED

	@@ -0,0 +1 @@
1	+ require "bundler/gem_tasks"

data/lib/lti2_commons.rb ADDED

@@ -0,0 +1,10 @@
+require 'lti2_commons/cache'
+require 'lti2_commons/json_wrapper'
+require 'lti2_commons/message_support'
+require 'lti2_commons/oauth_request'
+require 'lti2_commons/signer'
+require 'lti2_commons/substitution_support'
+require 'lti2_commons/utils'
+require 'lti2_commons/version'
+require 'lti2_commons/wire_log'

data/lib/lti2_commons/cache.rb ADDED

@@ -0,0 +1,32 @@
+require "lrucache"
+module Lti2Commons
+  # Cache adapter.  This adapter wraps a simple LRUCache gem.
+  # A more scalable and cluster-friendly cache solution such as Redis or Memcache
+  # would probably be suitable in a production environment.
+  # This class is used to document the interface.  In this particular case
+  # the interface exactly matches the protocol of the supplied implementation.
+  # Consequently, this adapter is not really required.
+  class Cache
+      # create cache.
+      # @params options [Hash] Should include :ttl => <expiry_time>
+      def initialize(options)
+        @cache = LRUCache.new options
+      end
+      def clear
+        @cache.clear
+      end
+      def fetch(name)
+        @cache.fetch(name)
+      end
+      def store(name, value)
+        @cache.store(name, value)
+      end
+  end
+end

data/lib/lti2_commons/json_wrapper.rb ADDED

@@ -0,0 +1,121 @@
+require 'rubygems'
+require 'json'
+require 'jsonpath'
+module Lti2Commons
+  class JsonWrapper
+    attr_accessor :root
+    def initialize(json_str_or_obj)
+      @root = JsonPath.new('$').on(json_str_or_obj).first
+    end
+    def at(path)
+      JsonPath.new(path).on(@root)
+    end
+    # Deep copy through reserialization.  Only use to preserve immutability of source.
+    #
+    # @return [JsonObject] A full new version of self
+    def deep_copy
+      JsonWrapper.new(@root.to_json)
+    end
+    def each_leaf &block
+      JsonPath.new("$..*").on(@root).each { |node|
+        if node.is_a? String
+          yield node
+        end
+      }
+    end
+    def first_at(path)
+      at(path).first
+    end
+    # Does this node, possibly repeating, match all elements of the constraint_hash
+    #
+    # @params candidate [Hash/Array] node or Array of nodes to match
+    # @params constraint_hash [Hash] Hash of value to match
+    # @return [TreeNode] Either self or immediate child that matches constraint_hash
+    def get_matching_node candidate, constraint_hash
+      if candidate.is_a? Hash
+        return candidate if is_hash_intersect(candidate, constraint_hash)
+      elsif candidate.is_a? Array
+        for child in candidate
+          # are there extraneous keys in constraint_hash
+          return child if is_hash_intersect(child, constraint_hash)
+        end
+      end
+      nil
+    end
+    # Convenience method to find a particular node with matching attributes to constraint_hash
+    # and then return specific element of that node.
+    # e.g., search for 'path' within the 'resource_handler' with constraint_hash attributes.
+    #
+    # @params path [JsonPath] path to parent of candidate array of nodes
+    # @params constraint_hash [Hash] Hash of values which must match target
+    # @params return_path [JsonPath] Path of element within matching target
+    # @return [Object] result_path within matching node or nil
+    def search(path, constraint_hash, return_path)
+      candidate = JsonPath.new(path).on(@root)
+      candidate = get_matching_node candidate.first, constraint_hash
+      return nil unless candidate
+      JsonPath.new(return_path).on(candidate).first
+    end
+    # Convenience method to find a particular node with matching attributes to constraint_hash
+    # and then return specific element of that node.
+    # e.g., search for 'path' within the 'resource_handler' with constraint_hash attributes.
+    #
+    # @params path [JsonPath] path to parent of candidate array of nodes
+    # @params constraint_hash [Hash] Hash of values which must match target
+    # @params return_path [JsonPath] Path of element within matching target
+    # @return [Object] result_path within matching node or nil
+    def select(path, selector, value, return_path)
+      candidates = JsonPath.new(path).on(@root)
+      for candidate in candidates
+        selector_node = JsonPath.new(selector).on(candidate.first)
+        if selector_node.include? value
+          break
+        end
+      end
+      if candidate
+        JsonPath.new(return_path).on(candidate.first).first
+      else
+        nil
+      end
+    end
+    def substitute_text_in_all_nodes(token_prefix, token_suffix, hash)
+      self.each_leaf { |v|
+        substitute_template_values_from_hash v, token_prefix, token_suffix, hash }
+    end
+    def to_pretty_json
+      JSON.pretty_generate root
+    end
+    private
+    def is_hash_intersect target_hash, constraint_hash
+      # failed search if constraint_hash as invalid keys
+      return nil if (constraint_hash.keys - target_hash.keys).length > 0
+      target_hash.each_pair {|k,v|
+        if constraint_hash.has_key? k
+          return false unless v == constraint_hash[k]
+        end
+      }
+      true
+    end
+    def substitute_template_values_from_hash(source_string, prefix, suffix, hash)
+      hash.each { |k,v|
+        source_string.sub!(prefix+k+suffix, v) }
+    end
+  end
+end

data/lib/lti2_commons/lti2_launch.rb ADDED

@@ -0,0 +1,165 @@
+require "rubygems"
+require 'lti2_commons/message_support'
+require 'lti2_commons/signer'
+require 'lti2_commons/substitution_support'
+include Lti2Commons::Signer
+include Lti2Commons::MessageSupport
+include Lti2Commons::SubstitutionSupport
+module Lti2Commons
+  module Core
+    def lti2_launch user, link, return_url
+        tool_proxy = link.resource.tool.get_tool_proxy
+        tool = link.resource.tool
+        tool_name = tool_proxy.first_at('tool_profile.product_instance.product_info.product_name.default_value')
+        raise "Tool #{tool_name} is currently disabled" unless tool.is_enabled
+        base_url = tool_proxy.select('tool_profile.base_url_choice',
+                "selector.applies_to", "MessageHandler", 'default_base_url')
+        resource_type = link.resource.resource_type
+        resource_handler_node = tool_proxy.search("tool_profile.resource_handler", {'resource_type' => resource_type}, "@")
+        resource_handler = JsonWrapper.new resource_handler_node
+        message = resource_handler.search("@..message", {'message_type' => 'basic-lti-launch-request'}, '@')
+        path = message['path']
+        tp_parameters = message['parameter']
+        service_endpoint = base_url + path
+        enrollment = Enrollment.where(:admin_user_id => user.id, :course_id => link.course.id).first
+        if enrollment
+          role = enrollment.role
+        else
+          role = user.role
+        end
+        tool_consumer_registry = Rails.application.config.tool_consumer_registry
+        parameters = {
+          'lti_version' => tool_proxy.first_at('lti_version'),
+          'lti_message_type' => 'basic-lti-launch-request',
+          'resource_link_id' => link.id.to_s,
+          'user_id' => user.id.to_s,
+          'roles' => role,
+          'launch_presentation_return_url' => "#{tool_consumer_registry.tc_deployment_url}#{return_url}",
+          # optional
+          'context_id' => link.course.id.to_s,
+        }
+        # add parameters from ToolProxy
+        for parameter in tp_parameters
+          name = parameter['name']
+          if parameter.has_key? 'fixed'
+            value = parameter['fixed']
+          elsif parameter.has_key? 'variable'
+            value = parameter['variable']
+          else
+            value = "[link-to-resolve]"
+          end
+          parameters[name] = value
+        end
+        # add parameters from Link
+        link_parameter_json = link.link_parameters
+        if link_parameter_json
+          link_parameters = JSON.parse link_parameter_json
+          parameters.merge! link_parameters
+        end
+        # auto-create result (if required) and add to reference to parameters
+        capabilities = resource_handler.first_at('message[0].enabled_capability')
+        if capabilities and capabilities.include? "Result.autocreate"
+          if link.grade_item_id
+            grade_result = GradeResult.where(:link_id => link.id, :admin_user_id => user.id).first
+            # TEST ONLY
+            # grade_result.delete if grade_result
+            # grade_result = nil
+            #
+            unless grade_result
+              grade_result = GradeResult.new
+              grade_result.link_id = link.id
+              grade_result.admin_user_id = user.id
+              grade_result.save
+            else
+              # note that a nil grade_result still let's us through
+              unless grade_result.result.nil?
+                raise "Grade result associated with this tool launch has already been filled in"
+              end
+            end
+          end
+        end
+        # perform variable substition on all parameters
+        resolver = Resolver.new
+        resolver.add_resolver("$User", user.method(:user_resolver))
+        resolver.add_resolver("$Person", user.method(:person_resolver))
+        course = Course.find(parameters['context_id'])
+        resolver.add_resolver("$CourseOffering", course.method(:course_resolver))
+        resolver.add_resolver("$Result", grade_result.method(:grade_result_resolver)) if grade_result
+        # and resolve and normalize
+        final_parameters = {}
+        parameters.each { |k,v|
+          # only apply substitution when the value looks like a candidate
+          if v =~ /^\$\w+\.\w/
+            resolved_value = resolver.resolve(v)
+          else
+            resolved_value = v
+          end
+          if known_lti2_parameters.include? k or deprecated_lti_parameters.include? k
+            final_parameters[k] = v
+          else
+            name = 'custom_' + k
+            lti1_name = slugify(name)
+            unless name == lti1_name
+              final_parameters[lti1_name] = resolved_value
+            end
+            final_parameters[name] = resolved_value
+          end
+        }
+        key = link.resource.tool.key
+        secret = link.resource.tool.secret
+        signed_request = Signer::create_signed_request service_endpoint, 'post', key, secret, final_parameters
+        puts "TC Signed Request: #{signed_request.signature_base_string}"
+        puts "before"
+        puts Rails.application.config.wire_log.inspect
+        puts "after"
+        body = MessageSupport::create_lti_message_body(service_endpoint, final_parameters, Rails.application.config.wire_log, "Lti Launch")
+        puts body
+        body
+    end
+    private
+    def deprecated_lti_parameters
+      ["context_title", "context_label", "resource_link_title", "resource_link_description",
+        "lis_person_name_given", "lis_person_name_family", "lis_person_name_full", "lis_person_contact_email_primary",
+        "user_image", "lis_person_sourcedid", "lis_course_offering_sourcedid", "lis_course_section_sourcedid",
+        "tool_consumer_instance_name", "tool_consumer_instance_description", "tool_consumer_instance_url", "tool_consumer_instance_contact_email"]
+    end
+    def known_lti2_parameters
+      ["lti_message_type", "lti_version", "user_id", "roles", "resource_link_id",
+        "context_id", "context_type",
+        "launch_presentation_locale", "launch_presentation_document_target", "launch_presentation_css_url",
+        "launch_presentation_width", "launch_presentation_height", "launch_presentation_return_url",
+        "reg_key", "reg_password", "tc_profile_url"]
+    end
+    def slugify name
+      result = ""
+      name.each_char { |c|
+        result << (c =~ /\w/ ? c.downcase : '_')
+      }
+      result
+    end
+  end
+end

data/lib/lti2_commons/message_support.rb ADDED

@@ -0,0 +1,197 @@
+require "rubygems"
+require "httparty"
+module Lti2Commons
+  # Module to support LTI 1 and 2 secure messaging.
+  # This messaging is documented in the LTI 2 Security Document
+  #
+  # LTI 2 defines two types of LTI secure messaging:
+  #   1. LTI Messages
+  #     This is the model used exclusively in LTI 1.
+  #     It is also used in LTI 2 for user-submitted actions such as LtiLaunch and ToolDeployment.
+  #
+  #     It works the following way:
+  #       1. LTI parameters are signed by OAuth.
+  #       2. The message is marshalled into an HTML Form with the params
+  #          specified in form fields.
+  #       3. The form is sent to the browser with a redirect.
+  #       4. An attached Javascript script 'auto-submits' the form.
+  #
+  #     This structure appears to the Tool Provider as a user submission with all user browser context
+  #     intact.
+  #
+  #   2. LTI Services
+  #     This is a standard REST web service with OAuth message security added.
+  #     In LTI 2.0 Services are only defined for Tool Provider --> Tool Consumer services;
+  #     such as, GetToolConsumerProfile, RegisterToolProxy, and LTI 2 Outcomes.
+  #     LTI 2.x will add Tool Consumer --> Tool Provider services using the same machinery.
+  #
+  module MessageSupport
+    # Convenience method signs and then invokes create_lti_message_from_signed_request
+    #
+    # @params launch_url [String] Launch url
+    # @params parameters [Hash] Full set of params for message
+    # @return [String] Post body ready for use
+    def create_lti_message_body(launch_url, parameters, wire_log=nil, title=nil)
+      result = create_message_header(launch_url)
+      result += create_message_body parameters
+      result += create_message_footer
+      if wire_log
+        wire_log.timestamp
+        wire_log.raw_log((title.nil?) ? "LtiMessage" : "LtiMessage: #{title}")
+        wire_log.raw_log "LaunchUrl: #{launch_url}"
+        wire_log.raw_log result.strip
+        wire_log.newline
+        wire_log.flush
+      end
+      result
+    end
+    # Creates an LTI Message (POST body) ready for redirecting to the launch_url.
+    # Note that the is_include_oauth_params option specifies that 'oauth_' params are
+    # included in the body.  This option should be false when sender is putting them in the
+    # HTTP Authorization header (now recommended).
+    #
+    # @param params [Hash] Full set of params for message (including OAuth provided params)
+    # @return [String] Post body ready for use
+    def create_lti_message_body_from_signed_request(signed_request, is_include_oauth_params=true)
+      result = create_message_header(signed_request.uri)
+      result += create_message_body signed_request.parameters, is_include_oauth_params
+      result += create_message_footer
+      result
+    end
+    # Invokes an LTI Service.
+    # This is fully-compliant REST request suitable for LTI server-to-server services.
+    #
+    # @param request [Request] Signed Request encapsulates everything needed for service.
+    def invoke_service(request, wire_log=nil, title=nil)
+      uri = request.uri.to_s
+      method = request.method.downcase
+      headers = {}
+      headers['Authorization'] = request.oauth_header
+      if ['post','put'].include? method
+        headers['Content-Type'] = request.content_type if request.content_type
+        headers['Content-Length'] = request.body.length.to_s if request.body
+      end
+      parameters = request.parameters
+      # need filtered params here
+      output_parameters = {}
+      (write_wirelog_header wire_log, title, request.method, uri, headers, request.parameters, request.body, output_parameters) if wire_log
+      full_uri = uri
+      full_uri += '?' unless uri.include? "?"
+      full_uri += '&' unless full_uri =~ /[?&]$/
+      output_parameters.each_pair do |key, value|
+        full_uri << '&' unless key == output_parameters.keys.first
+        full_uri << "#{URI.encode(key.to_s)}=#{URI.encode(output_parameters[key])}"
+      end
+      case request.method.downcase
+      when "get"
+        response = HTTParty.get full_uri, :headers => headers
+      when "post"
+        response = HTTParty.post full_uri, :body => request.body, :headers => headers
+      when "put"
+        response = HTTParty.put full_uri, :body => request.body, :headers => headers
+      when "delete"
+        response = HTTParty.delete full_uri, :headers => headers
+      end
+      wire_log.log_response response, title if wire_log
+      response
+    end
+    def invoke_unsigned_service uri, method, params={}, headers={}, data=nil, wire_log=nil, title=nil
+      full_uri = uri
+      full_uri += '?' unless uri.include? "?"
+      full_uri += '&' unless full_uri =~ /[?&]$/
+      params.each_pair do |key, value|
+        full_uri << '&' unless key == params.keys.first
+        full_uri << "#{URI.encode(key.to_s)}=#{URI.encode(params[key])}"
+      end
+      (write_wirelog_header wire_log, title, method, uri, headers, params, data, {}) if wire_log
+      case method
+      when "get"
+        response = HTTParty.get full_uri, :headers => headers, :timeout => 120
+      when "post"
+        response = HTTParty.post full_uri, :body => data, :headers => headers, :timeout => 120
+      when "put"
+        response = HTTParty.put full_uri, :body => data, :headers => headers, :timeout => 120
+      when "delete"
+        response = HTTParty.delete full_uri, :headers => headers, :timeout => 120
+      end
+      wire_log.log_response response, title if wire_log
+      response
+    end
+    private
+    def create_message_header(launch_url)
+      %Q{
+<div id="ltiLaunchFormSubmitArea">
+  <form action="#{launch_url}"
+    name="ltiLaunchForm" id="ltiLaunchForm" method="post"
+    encType="application/x-www-form-urlencoded"
+    target="_blank">
+}
+    end
+    def create_message_body(params, is_include_oauth_params=true)
+      result = ""
+      params.each_pair do |k,v|
+        if is_include_oauth_params || ! (k =~ /^oauth_/)
+          result +=
+            %Q{      <input type="hidden" name="#{k}" value="#{v}"/>\n}
+        end
+      end
+      result
+    end
+    def create_message_footer
+      %Q{  </form>
+</div>
+<script language="javascript">
+  document.ltiLaunchForm.submit();
+</script>
+      }
+    end
+    def set_http_headers(http, request)
+      http.headers['Authorization'] = request.oauth_header
+      http.headers['Content-Type'] = request.content_type if request.content_type
+      http.headers['Content-Length'] = request.body.length if request.body
+    end
+    def write_wirelog_header wire_log, title, method, uri, headers={}, parameters={}, body=nil, output_parameters={}
+      wire_log.timestamp
+      wire_log.raw_log((title.nil?) ? "LtiService" : "LtiService: #{title}")
+      wire_log.raw_log "#{method.upcase} #{uri}"
+      unless headers.blank?
+        wire_log.raw_log "Headers:"
+        headers.each { |k,v| wire_log.raw_log "#{k}: #{v}" }
+      end
+      parameters.each { |k,v| output_parameters[k] = v unless k =~ /^oauth_/ }
+      if output_parameters.length > 0
+        wire_log.raw_log "Parameters:"
+        output_parameters.each { |k,v| wire_log.raw_log "#{k}: #{v}" }
+      end
+      if body
+        wire_log.raw_log "Body:"
+        wire_log.raw_log body
+      end
+      wire_log.newline
+      wire_log.flush
+    end
+  end
+end

data/lib/lti2_commons/oauth_request.rb ADDED

@@ -0,0 +1,145 @@
+require 'oauth/request_proxy/base'
+module OAuth
+  module OAuthProxy
+    # RequestProxy for Hashes to facilitate simpler signature creation.
+    # Usage:
+    #   request = OAuth::RequestProxy.proxy \
+    #      "method" => "iq",
+    #      "uri"    => [from, to] * "&",
+    #      "parameters" => {
+    #        "oauth_consumer_key"     => oauth_consumer_key,
+    #        "oauth_token"            => oauth_token,
+    #        "oauth_signature_method" => "HMAC-SHA1"
+    #      }
+    #
+    #   signature = OAuth::Signature.sign \
+    #     request,
+    #     :consumer_secret => oauth_consumer_secret,
+    #     :token_secret    => oauth_token_secret,
+    class OAuthRequest < OAuth::RequestProxy::Base
+      proxies Hash
+      attr_accessor :body, :content_type
+      def self.collect_rack_parameters(rack_request)
+        parameters = HashWithIndifferentAccess.new
+        parameters.merge!(rack_request.query_parameters)
+        parameters.merge!(self.parse_authorization_header(rack_request.headers['HTTP_AUTHORIZATION']))
+        content_type = rack_request.headers['CONTENT_TYPE']
+        if content_type == "application/x-www-form-urlencoded"
+          parameters.merge!(rack_request.request_parameters)
+        end
+        parameters
+      end
+      def self.create_from_rack_request(rack_request)
+        parameters = self.collect_rack_parameters rack_request
+        result = OAuth::OAuthProxy::OAuthRequest.new \
+          "method" => rack_request.method,
+          "uri" => rack_request.url,
+          "parameters" => parameters
+        rack_request.body.rewind
+        result.body = rack_request.body.read
+        rack_request.body.rewind
+        result
+      end
+      def self.parse_authorization_header(authorization_header)
+        result = {}
+        if authorization_header =~ /^OAuth/
+          authorization_header[6..-1].split(',').inject({}) do |h,part|
+            parts = part.split('=')
+            name = parts[0].strip.intern
+            value = parts[1..-1].join('=').strip
+            value.gsub!(/\A['"]+|['"]+\Z/, "")
+            result[name] = Rack::Utils.unescape(value)
+          end
+        end
+        result
+      end
+      def parameters
+        @request["parameters"]
+      end
+      def method
+        @request["method"]
+      end
+      def normalized_uri
+        super
+      rescue
+        # if this is a non-standard URI, it may not parse properly
+        # in that case, assume that it's already been normalized
+        uri
+      end
+      def uri
+        @request["uri"]
+      end
+      # Creates the value of an OAuth body hash
+      #
+      # @param launch_url [String] Content to be body signed
+      # @return [String] Signature base string (useful for debugging signature problems)
+      def compute_oauth_body_hash content
+        Base64.encode64(Digest::SHA1.digest content.chomp).gsub(/\n/,'')
+      end
+      # A shallow+1 copy
+      def copy
+        result = OAuth::OAuthProxy::OAuthRequest.new \
+          "method" => self.method.dup,
+          "uri" => self.uri.dup,
+          "parameters" => self.parameters.dup
+        result.body = self.body.dup if self.body
+        result
+      end
+      def is_timestamp_expired?(timestampString)
+        timestamp = Time.at(timestampString.to_i)
+        now = Time::now
+        (now - timestamp).abs > 300.seconds
+      end
+      # Validates and OAuth request using the OAuth Gem - https://github.com/oauth/oauth-ruby
+      #
+      # @return [Bool] Whether the request was valid
+      def verify_signature?(secret, nonce_cache, is_handle_error_not_raise_exception=true, ignore_timestamp_and_nonce=false)
+        test_request = self.copy
+        test_signature = test_request.sign :consumer_secret => secret
+        begin
+          unless self.oauth_signature == test_signature
+            # puts "Secret: #{secret}"
+            puts "Verify_signature--send_signature: #{self.oauth_signature}  test_signature: #{test_signature}"
+            puts "Verify signature_base_string: #{self.signature_base_string}"
+            raise 'Invalid signature'
+          end
+          unless ignore_timestamp_and_nonce
+            raise 'Timestamp expired' if is_timestamp_expired? self.oauth_timestamp
+            raise 'Duplicate nonce to one already received' if nonce_cache.fetch self.oauth_nonce
+          end
+          nonce_cache.store self.oauth_nonce, "<who-cares>"
+          # check body-signing if oaut_body_signature
+          if self.body and self.parameters.has_key? 'oauth_body_hash'
+            raise 'Invalid signature of message body' unless compute_oauth_body_hash(self.body) == self.parameters['oauth_body_hash']
+          end
+          true
+        rescue Exception => e
+          # Utils::log(e.message)
+          if is_handle_error_not_raise_exception
+            false
+          else
+            raise e.message
+          end
+        end
+      end
+    end
+  end
+end

data/lib/lti2_commons/signer.rb ADDED

@@ -0,0 +1,86 @@
+require "rubygems"
+require "uri"
+require "oauth"
+require File.expand_path('../../../lib/lti2_commons/oauth_request', __FILE__)
+class Symbol
+  # monkey patch needed for OAuth library running in Ruby 1.8.7
+  def downcase
+    self.to_s.downcase.to_sym
+  end
+end
+module Lti2Commons
+  module Signer
+    # Creates an OAuth signed request using the OAuth Gem - https://github.com/oauth/oauth-ruby
+    #
+    # @param launch_url [String]  Endpoint of service to be launched
+    # @param http_method [String] Http method ('get', 'post', 'put', 'delete')
+    # @param consumer_key [String] OAuth consumer key
+    # @param consumer_secret [String] OAuth consumer secret
+    # @param params [Hash] Non-auth parameters or oauth parameter default values
+    #        oauth_timestamp => defaults to current time
+    #        oauth_nonce => defaults to random number
+    #        oauth_signature_method => defaults to HMAC-SHA1 (also RSA-SHA1 supported)
+    # @param body [String] Body content.  Usually would include this for body-signing of non form-encoded data.
+    # @param content_type [String] HTTP CONTENT-TYPE header; defaults: 'application/x-www-form-urlencoded'
+    # @return [Request] Signed request
+    def create_signed_request(launch_url, http_method, consumer_key, consumer_secret, params={},
+                              body=nil, content_type=nil)
+      params['oauth_consumer_key'] = consumer_key
+      params['oauth_nonce'] = (rand*10E12).to_i.to_s unless params.has_key? 'oauth_nonce'
+      params['oauth_signature_method'] = "HMAC-SHA1" unless params.has_key? 'oauth_signature_method'
+      params['oauth_timestamp'] = Time.now.to_i.to_s unless params.has_key? 'oauth_timestamp'
+      params['oauth_version'] = '1.0' unless params.has_key? 'oauth_version'
+      content_type = "application/x-www-form-urlencoded" unless content_type
+      uri = URI.parse(launch_url)
+      # prepare path
+      path = uri.path
+      path = '/' if path.empty?
+      # flatten in query string arrays
+      if uri.query && uri.query != ''
+        CGI.parse(uri.query).each do |query_key, query_values|
+          unless params[query_key]
+            params[query_key] = query_values.first
+          end
+        end
+      end
+      unless content_type == 'application/x-www-form-urlencoded'
+        params['oauth_body_hash'] = compute_oauth_body_hash body if body
+      end
+      request = OAuth::OAuthProxy::OAuthRequest.new \
+                      "method" => http_method.to_s.upcase,
+                      "uri" => uri,
+                      "parameters" => params
+      request.body = body
+      request.content_type = content_type
+      request.sign! :consumer_secret => consumer_secret
+      # puts "Sender secret: #{consumer_secret}"
+      request
+    end
+    private
+    # Creates the value of an OAuth body hash
+    #
+    # @param launch_url [String] Content to be body signed
+    # @return [String] Signature base string (useful for debugging signature problems)
+    def compute_oauth_body_hash content
+      Base64.encode64(Digest::SHA1.digest content.chomp).gsub(/\n/,'')
+    end
+  end
+end

data/lib/lti2_commons/substitution_support.rb ADDED

@@ -0,0 +1,90 @@
+module Lti2Commons
+  module SubstitutionSupport
+    # Resolver resolves values by name from a variety of object sources.
+    # It's useful for variable substitution.
+    #
+    # The supported object sources are:
+    #   Hash      ::= value by key
+    #   Proc      ::= single-argument block evaluation
+    #   Method    ::= single-argument method obect evaluation
+    #   Resolver  ::= a nested resolver.  useful for scoping resolvers;
+    #                 i.e. a constant, global inner resolver, but a one-time outer-resolver
+    #   Object    ::= value by dynamic instrospection of any object's accessor
+    #
+    #   See the accompanying tester for numerous examples
+    class Resolver
+      attr_accessor :resolvers
+      def initialize
+        @resolver_hash = Hash.new
+      end
+      # Add some type of resolver object_source to the Resolver
+      #
+      # @param key [String] A dotted name with the leading zone indicating the object category
+      # @param resolver [ObjectSource] a raw object_source for resolving
+      # @returns [String] value.  If no resolution, return the incoming name
+      def add_resolver key, resolver
+        unless resolver.is_a? Resolver
+          key_sym = key.to_sym
+        else
+          # Resolvers themselves should always be generic
+          key_sym = :*
+        end
+        unless @resolver_hash.has_key? key_sym
+          @resolver_hash[key_sym] = []
+        end
+        @resolver_hash[key_sym] << resolver
+      end
+      def resolve(full_name)
+        zones = full_name.split('.')
+        category = zones[0].to_sym
+        name = zones[1..-1].join('.')
+        # Find any hits within category
+        @resolver_hash.each_pair {|k, v|
+          if k == category
+            result = resolve_by_category full_name, name, v
+            return result if result
+          end
+        }
+        # Find any hits in global category
+        resolvers = @resolver_hash[:*]
+        result = resolve_by_category full_name, name, resolvers if resolvers
+        return result if result
+        return full_name
+      end
+      def to_s
+        "Resolver for [#{@resolver_hash.keys}]"
+      end
+      private
+      def resolve_by_category(full_name, name, resolvers)
+        for resolver in resolvers
+          if resolver.is_a? Hash
+            value = resolver[name]
+          elsif resolver.is_a? Proc
+            value = resolver.call(name)
+          elsif resolver.is_a? Method
+            value = resolver.call(name)
+          elsif resolver.is_a? Resolver
+            value = resolver.resolve(full_name)
+          elsif resolver.is_a? Object
+            value = resolver.send(name)
+          end
+          return value if value
+        end
+        nil
+      end
+    end
+  end
+end

data/lib/lti2_commons/utils.rb ADDED

@@ -0,0 +1,33 @@
+module Lti2Commons
+  require 'digest'
+  require 'uuid'
+  module Utils
+    def is_hash_intersect node, constraint_hash
+      # failed search if constraint_hash as invalid keys
+      return nil if (constraint_hash.keys - node.keys).length > 0
+      node.each_pair {|k,v|
+        if constraint_hash.has_key? k
+          return false unless v == constraint_hash[k]
+        end
+      }
+      true
+    end
+    def hash_to_query_string(hash)
+      hash.keys.inject('') do |query_string, key|
+        query_string << "&" unless key == hash.keys.first
+        query_string << "#{URI.encode(key.to_s)}=#{CGI.escape(hash[key])}"
+      end
+    end
+    def log(msg)
+      # puts msg
+    end
+    def substitute_template_values_from_hash(source_string, prefix, suffix, hash)
+      hash.each { |k,v| source_string.sub!(prefix+k+suffix, v) }
+    end
+  end
+end

data/lib/lti2_commons/version.rb ADDED

@@ -0,0 +1,3 @@
+module Lti2Commons
+  VERSION = "0.0.7"
+end

data/lib/lti2_commons/wire_log.rb ADDED

@@ -0,0 +1,172 @@
+require "stringio"
+module Lti2Commons
+  module WireLogSupport
+    class WireLog
+      STATUS_CODES = {
+        100 => "Continue",
+        101 => "Switching Protocols",
+        102 => "Processing",
+        200 => "OK",
+        201 => "Created",
+        202 => "Accepted",
+        203 => "Non-Authoritative Information",
+        204 => "No Content",
+        205 => "Reset Content",
+        206 => "Partial Content",
+        207 => "Multi-Status",
+        226 => "IM Used",
+        300 => "Multiple Choices",
+        301 => "Moved Permanently",
+        302 => "Found",
+        303 => "See Other",
+        304 => "Not Modified",
+        305 => "Use Proxy",
+        307 => "Temporary Redirect",
+        400 => "Bad Request",
+        401 => "Unauthorized",
+        402 => "Payment Required",
+        403 => "Forbidden",
+        404 => "Not Found",
+        405 => "Method Not Allowed",
+        406 => "Not Acceptable",
+        407 => "Proxy Authentication Required",
+        408 => "Request Timeout",
+        409 => "Conflict",
+        410 => "Gone",
+        411 => "Length Required",
+        412 => "Precondition Failed",
+        413 => "Request Entity Too Large",
+        414 => "Request-URI Too Long",
+        415 => "Unsupported Media Type",
+        416 => "Requested Range Not Satisfiable",
+        417 => "Expectation Failed",
+        422 => "Unprocessable Entity",
+        423 => "Locked",
+        424 => "Failed Dependency",
+        426 => "Upgrade Required",
+        500 => "Internal Server Error",
+        501 => "Not Implemented",
+        502 => "Bad Gateway",
+        503 => "Service Unavailable",
+        504 => "Gateway Timeout",
+        505 => "HTTP Version Not Supported",
+        507 => "Insufficient Storage",
+        510 => "Not Extended"
+      }
+      attr_accessor :is_logging, :output_file_name
+      def initialize wire_log_name, output_file, is_html_output=true
+        @output_file_name = output_file
+        is_logging = true
+        @wire_log_name = wire_log_name
+        @log_buffer = nil
+        @is_html_output = is_html_output
+      end
+      def clear_log
+        output_file = File.open(@output_file_name, "a+")
+        output_file.truncate(0)
+        output_file.close
+      end
+      def flush options={}
+        output_file = File.open(@output_file_name, "a+")
+        @log_buffer.rewind
+        buffer = @log_buffer.read
+        if @is_html_output
+          oldbuffer = buffer.dup
+          buffer = ""
+          oldbuffer.each_char { |c|
+            if c == '<'
+              buffer << "&lt;"
+            elsif c == '>'
+              buffer << "&gt;"
+            else
+              buffer << c
+            end
+          }
+        end
+        if options.has_key? :css_class
+          css_class = options[:css_class]
+        else
+          css_class = "#{@wire_log_name}"
+        end
+        output_file.puts("<div class=\"#{css_class}\"><pre>") if @is_html_output
+        output_file.write(buffer)
+        output_file.puts("\n</div></pre>") if @is_html_output
+        output_file.close
+        @log_buffer = nil
+      end
+      def log s
+        timestamp
+        raw_log "#{s}"
+        flush
+      end
+      def log_response response, title=nil
+        timestamp
+        raw_log(title.nil? ? "Response" : "Response: #{title}")
+        raw_log "Status: #{response.code} #{STATUS_CODES[response.code]}"
+        headers = response.headers
+        unless headers.blank?
+          raw_log "Headers:"
+          headers.each { |k,v| raw_log "#{k}: #{v}" if k.downcase =~ /^content/ }
+        end
+        if response.body
+          # the following is expensive so do only when needed
+          if is_logging
+            raw_log "Body:"
+          end
+          begin
+            json_obj = JSON.load(response.body)
+            raw_log JSON.pretty_generate json_obj
+          rescue
+            raw_log "#{response.body}"
+          end
+        end
+        newline
+        flush :css_class => "#{@wire_log_name}Response"
+      end
+      def newline
+        raw_log "\n"
+      end
+      def log_buffer
+        # put in the css header if file doesn't exist
+        unless File.size? @output_file_name
+          @output_file = File.open @output_file_name, "a"
+          @output_file.puts '<link rel="stylesheet" type="text/css" href="wirelog.css" />'
+          @output_file.puts ""
+          @output_file.close
+        end
+        unless @log_buffer
+          @log_buffer = StringIO.new
+        end
+        @log_buffer
+      end
+      def raw_log s
+        @log_buffer = log_buffer
+        @log_buffer.puts(s)
+      end
+      def timestamp
+        raw_log(Time.new)
+      end
+    end
+  end
+end

metadata ADDED

@@ -0,0 +1,151 @@
+--- !ruby/object:Gem::Specification
+name: lti2_commons
+version: !ruby/object:Gem::Version
+  hash: 15
+  prerelease:
+  segments:
+  - 1
+  - 0
+  version: "1.0"
+platform: ruby
+authors:
+- John Tibbetts
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2013-01-16 00:00:00 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: oauth
+  prerelease: false
+  requirement: &id001 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        hash: 5
+        segments:
+        - 0
+        - 4
+        - 5
+        version: 0.4.5
+  type: :runtime
+  version_requirements: *id001
+- !ruby/object:Gem::Dependency
+  name: omniauth
+  prerelease: false
+  requirement: &id002 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        hash: 15
+        segments:
+        - 1
+        - 0
+        version: "1.0"
+  type: :runtime
+  version_requirements: *id002
+- !ruby/object:Gem::Dependency
+  name: curb
+  prerelease: false
+  requirement: &id003 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        hash: 3
+        segments:
+        - 0
+        version: "0"
+  type: :runtime
+  version_requirements: *id003
+- !ruby/object:Gem::Dependency
+  name: httparty
+  prerelease: false
+  requirement: &id004 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        hash: 3
+        segments:
+        - 0
+        version: "0"
+  type: :runtime
+  version_requirements: *id004
+- !ruby/object:Gem::Dependency
+  name: lrucache
+  prerelease: false
+  requirement: &id005 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        hash: 3
+        segments:
+        - 0
+        version: "0"
+  type: :runtime
+  version_requirements: *id005
+description: LTI common utilities
+email:
+- jtibbetts@kinexis.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/lti2_commons/cache.rb
+- lib/lti2_commons/json_wrapper.rb
+- lib/lti2_commons/lti2_launch.rb
+- lib/lti2_commons/message_support.rb
+- lib/lti2_commons/oauth_request.rb
+- lib/lti2_commons/signer.rb
+- lib/lti2_commons/substitution_support.rb
+- lib/lti2_commons/utils.rb
+- lib/lti2_commons/version.rb
+- lib/lti2_commons/wire_log.rb
+- lib/lti2_commons.rb
+- Gemfile
+- License.pdf
+- Rakefile
+- README.md
+homepage:
+licenses: []
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      hash: 3
+      segments:
+      - 0
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      hash: 3
+      segments:
+      - 0
+      version: "0"
+requirements: []
+rubyforge_project:
+rubygems_version: 1.8.24
+signing_key:
+specification_version: 3
+summary: LTI common utilities
+test_files: []