lti_provider_engine 0.0.1

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright 2012 YOURNAME
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,145 @@
+# LtiProvider
+
+LtiProvider is a mountable engine for handling the LTI launch and exposing LTI
+parameters in your rails app.
+
+## Installation
+
+Add the gem to your `Gemfile` with the following line, and then `bundle install`
+
+```
+gem 'lti_provider_engine', :require => 'lti_provider'
+```
+
+Then, mount the engine to your app by adding this line to your `routes.rb` file
+
+```
+mount LtiProvider::Engine => "/"
+```
+
+Next, include the engine in your `ApplicationController`
+
+```
+class ApplicationController < ActionController::Base
+  include LtiProvider::LtiApplication
+  
+  ...
+end
+```
+
+After that, create `lti.yml` and `lti_xml.yml` files in your `config/` folder that looks something
+like this:
+
+**lti.yml**
+
+```
+default: &default
+  key: your_key
+  secret: your_secret
+  require_canvas: true
+
+development:
+  <<: *default
+
+test:
+  <<: *default
+
+production:
+  <<: *default
+```
+
+You'll need the values of `key` and `secret` when you configure your lti app on
+the tool consumer side.
+
+**lti_xml.yml**
+
+```
+default: &default
+  tool_title: 'Dummy App'
+  tool_description: 'A very handy dummy application for testing LtiProvider engine integration.'
+  tool_id: 'dummy'
+  privacy_level: 'public'
+  account_navigation:
+    text: 'Dummy'
+    visibility: 'admins'
+  course_navigation:
+    text: 'Dummy'
+    visibility: 'admins'
+
+development:
+  <<: *default
+
+test:
+  <<: *default
+
+production:
+  <<: *default
+```
+
+These values are used in the `/configure.xml` endpoint.
+
+Finally, run migrations:
+
+```
+bundle install
+bundle exec rake railties:install:migrations
+bundle exec rake db:migrate
+```
+
+This will create the `lti_provider_launches` table which stores parameters
+temporarily through a cookie test redirect.  It is transient data.  It can be
+accessed from your main application as LtiProvider::Launch
+
+## Usage
+
+The engine exposes a few urls from the mount point:
+
+  * `/cookie_test`
+  * `/consume_launch`
+  * `/launch`
+  * `/configure.xml`
+
+Mostly, you don't have to worry about these, they are used to route through the
+lti launch.  However, `/configure.xml` can be useful in configuring the app on
+the tool consumer side.  Right now it is hardcoded to 'Course Navigation' and
+'Account navigation' apps.
+
+The engine sets up a global `before_filter`, requiring your app to be launched
+through lti.  It handles receiving the request, verifying it, and exposing
+certain config variables sent with the launch parameters. Specifically, it
+exposes the following methods to your controllers:
+
+  * `canvas_url`
+  * `user_id`
+  * `current_course_id`
+  * `tool_consumer_instance_guid`
+  * `current_account_id`
+  * `course_launch?`
+  * `account_launch?`
+
+## Configuring the Tool Consumer
+
+You will need `key` and `secret` from your `lti.yml` file, and you can find
+configuration xml (or at least a starting point) at
+`<engine-mount-point>/configure.xml`
+
+## Example
+
+You can see and interact with an example of an app using this engine by looking
+at `spec/dummy`.  This is a full rails app which integrates the gem and has
+a simple index page that says 'Hello LTI' if the app is launched through LTI.
+
+## About LTI
+
+Interested in learning more about LTI? Here are some links to get you started:
+
+  * [Introduction to LTI](http://www.imsglobal.org/toolsinteroperability2.cfm)
+  * [1.1.1 Implementation Guide](http://www.imsglobal.org/LTI/v1p1p1/ltiIMGv1p1p1.html)
+
+## Contributing
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request

data/Rakefile

@@ -0,0 +1,28 @@
+#!/usr/bin/env rake
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+begin
+  require 'rdoc/task'
+rescue LoadError
+  require 'rdoc/rdoc'
+  require 'rake/rdoctask'
+  RDoc::Task = Rake::RDocTask
+end
+
+RDoc::Task.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'LtiProvider'
+  rdoc.options << '--line-numbers'
+  rdoc.rdoc_files.include('README.rdoc')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+APP_RAKEFILE = File.expand_path("../spec/dummy/Rakefile", __FILE__)
+load 'rails/tasks/engine.rake'
+
+Bundler::GemHelper.install_tasks
+
+task :default => :spec

data/app/controllers/lti_provider/application_controller.rb

@@ -0,0 +1,5 @@
+module LtiProvider
+  class ApplicationController < ActionController::Base
+    include LtiProvider::LtiApplication
+  end
+end

data/app/controllers/lti_provider/lti_controller.rb

@@ -0,0 +1,61 @@
+require 'oauth/request_proxy/rack_request'
+
+module LtiProvider
+  class LtiController < ApplicationController
+    skip_before_filter :require_lti_launch
+
+    def launch
+      provider = IMS::LTI::ToolProvider.new(params['oauth_consumer_key'], LtiProvider::Config.secret, params)
+      launch = Launch.initialize_from_request(provider, request)
+
+      if !launch.valid_provider?
+        msg = "#{launch.lti_errormsg} Please be sure you are launching this tool from the link provided in Canvas."
+        return show_error msg
+      elsif launch.save
+        session[:cookie_test] = true
+        redirect_to cookie_test_path(nonce: launch.nonce)
+      else
+        return show_error "Unable to launch #{LtiProvider::XmlConfig.tool_name}. Please check your External Tools configuration and try again."
+      end
+    end
+
+    def cookie_test
+      if session[:cookie_test]
+        # success!!! we've got a session!
+        consume_launch
+      else
+        render
+      end
+    end
+
+    def consume_launch
+      launch = Launch.where("created_at > ?", 5.minutes.ago).find_by_nonce(params[:nonce])
+
+      if launch
+        [:account_id, :course_name, :course_id, :canvas_url, :tool_consumer_instance_guid,
+         :user_id, :user_name, :user_roles, :user_avatar_url].each do |attribute|
+          session[attribute] = launch.public_send(attribute)
+        end
+
+        launch.destroy
+
+        redirect_to main_app.root_path
+      else
+        return show_error "The tool was not launched successfully. Please try again."
+      end
+    end
+
+    def configure
+      respond_to do |format|
+        format.xml do
+          render xml: Launch.xml_config(lti_launch_url)
+        end
+      end
+    end
+
+    protected
+      def show_error(message)
+        render text: message
+      end
+  end
+end

data/app/models/lti_provider/launch.rb

@@ -0,0 +1,105 @@
+require 'uri'
+
+module LtiProvider
+  class Launch < ActiveRecord::Base
+    validates :canvas_url, :provider_params, :nonce, presence: true
+
+    attr_accessor :lti_errormsg
+
+    serialize :provider_params
+
+    def self.initialize_from_request(provider, request)
+      launch = new
+
+      launch.validate_provider(provider, request)
+
+      launch.provider_params = provider.to_params
+      launch.canvas_url      = launch.api_endpoint(provider)
+      launch.nonce           = launch.provider_params['oauth_nonce']
+
+      launch
+    end
+
+    def self.xml_config(lti_launch_url)
+      tc = IMS::LTI::ToolConfig.new({
+        launch_url: lti_launch_url,
+        title: LtiProvider::XmlConfig.tool_title,
+        description: LtiProvider::XmlConfig.tool_description
+      })
+
+      tc.extend IMS::LTI::Extensions::Canvas::ToolConfig
+      platform = IMS::LTI::Extensions::Canvas::ToolConfig::PLATFORM
+
+      privacy_level = LtiProvider::XmlConfig.privacy_level || "public"
+      tc.send("canvas_privacy_#{privacy_level}!")
+
+      if LtiProvider::XmlConfig.tool_id
+        tc.set_ext_param(platform, :tool_id, LtiProvider::XmlConfig.tool_id)
+      end
+
+      if LtiProvider::XmlConfig.course_navigation
+        tc.canvas_course_navigation!(LtiProvider::XmlConfig.course_navigation.symbolize_keys)
+      end
+
+      if LtiProvider::XmlConfig.account_navigation
+        tc.canvas_account_navigation!(LtiProvider::XmlConfig.account_navigation.symbolize_keys)
+      end
+
+      if LtiProvider::XmlConfig.user_navigation
+        tc.canvas_user_navigation!(LtiProvider::XmlConfig.user_navigation.symbolize_keys)
+      end
+
+      if LtiProvider::XmlConfig.environments
+        tc.set_ext_param(platform, :environments, LtiProvider::XmlConfig.environments.symbolize_keys)
+      end
+
+      tc.to_xml(:indent => 2)
+    end
+
+    {
+      'context_label'                  => :course_name,
+      'custom_canvas_account_id'       => :account_id,
+      'custom_canvas_course_id'        => :course_id,
+      'custom_canvas_user_id'          => :user_id,
+      'lis_person_name_full'           => :user_name,
+      'roles'                          => :user_roles,
+      'tool_consumer_instance_guid'    => :tool_consumer_instance_guid,
+      'user_image'                     => :user_avatar_url
+    }.each do |provider_param, method_name|
+      define_method(method_name) { provider_params[provider_param] }
+    end
+
+    def valid_provider?
+      !!@valid_provider
+    end
+
+    def validate_provider(provider, request)
+      self.lti_errormsg =
+        if provider.consumer_key.blank?
+          "Consumer key not provided."
+        elsif provider.consumer_secret.blank?
+          "Consumer secret not configured on provider."
+        elsif !provider.valid_request?(request)
+          "The OAuth signature was invalid."
+        elsif oauth_timestamp_too_old?(provider.request_oauth_timestamp)
+          "Your request is too old."
+        end
+
+      @valid_provider = self.lti_errormsg.blank?
+    end
+
+    def api_endpoint(provider)
+      if provider.launch_presentation_return_url
+        uri = URI.parse(provider.launch_presentation_return_url)
+        domain = "#{uri.scheme}://#{uri.host}"
+        domain += ":#{uri.port}" unless uri.port.nil? || [80, 443].include?(uri.port.to_i)
+        return domain
+      end
+    end
+
+    private
+    def oauth_timestamp_too_old?(timestamp)
+      Time.now.utc.to_i - timestamp.to_i > 1.hour.to_i
+    end
+  end
+end

data/app/views/layouts/lti_provider/application.html.erb

@@ -0,0 +1,12 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>LtiProvider</title>
+  <%= csrf_meta_tags %>
+</head>
+<body>
+
+<%= yield %>
+
+</body>
+</html>

data/app/views/lti_provider/lti/cookie_test.html.erb

@@ -0,0 +1,4 @@
+<p>
+  It appears your browser is blocking cookies.  You can try
+  <%= link_to "launching the tool in a new window", consume_launch_url(nonce: params[:nonce]), target: '_blank' %>.
+</p>

data/config/lti.yml.example

@@ -0,0 +1,13 @@
+default: &default
+  key: 12345
+  secret: secret
+  require_canvas: true
+
+development:
+  <<: *default
+
+test:
+  <<: *default
+
+production:
+  <<: *default

data/config/lti_xml.yml.example

@@ -0,0 +1,22 @@
+default: &default
+  tool_title: 'Dummy App'
+  tool_description: 'A very handy dummy application for testing LtiProvider engine integration.'
+  tool_id: 'dummy'
+
+  # default: 'public'
+  privacy_level: 'public' 
+
+  # url defaults to lti_launch_url, but can be overridden in each of these
+  course_navigation:
+    text: 'Dummy'
+    visibility: 'admins'
+  # account_navigation and user_navigation are also available with similar options
+
+development:
+  <<: *default
+
+test:
+  <<: *default
+
+production:
+  <<: *default

data/config/routes.rb

@@ -0,0 +1,6 @@
+LtiProvider::Engine.routes.draw do
+  match "/cookie_test", to: "lti#cookie_test", as: "cookie_test"
+  match "/consume_launch", to: "lti#consume_launch", as: "consume_launch"
+  match "/launch", to: "lti#launch", as: "lti_launch"
+  match "/configure(.:format)", to: "lti#configure", as: "lti_configure"
+end

data/db/migrate/20130319050003_create_lti_provider_launches.rb

@@ -0,0 +1,11 @@
+class CreateLtiProviderLaunches < ActiveRecord::Migration
+  def change
+    create_table "lti_provider_launches", :force => true do |t|
+      t.string   "canvas_url"
+      t.string   "nonce"
+      t.text     "provider_params"
+
+      t.timestamps
+    end
+  end
+end