lti_provider_engine 0.0.1

data/lib/lti_provider.rb

@@ -0,0 +1,20 @@
+require 'ostruct'
+
+require 'ims'
+
+require "lti_provider/config"
+require "lti_provider/lti_application"
+require 'lti_provider/lti_config'
+require 'lti_provider/lti_xml_config'
+require "lti_provider/xml_config"
+
+module LtiProvider
+  mattr_accessor :app_root
+
+  def self.setup
+    yield self
+  end
+end
+
+require "lti_provider/engine"
+

data/lib/lti_provider/config.rb

@@ -0,0 +1 @@
+LtiProvider::Config = OpenStruct.new

data/lib/lti_provider/engine.rb

@@ -0,0 +1,19 @@
+module LtiProvider
+  class Engine < ::Rails::Engine
+    isolate_namespace LtiProvider
+
+    initializer "lti_provider.load_app_instance_data" do |app|
+      LtiProvider.setup do |config|
+        config.app_root = app.root
+      end
+    end
+
+    initializer "lti_provider.lti_config" do |app|
+      LtiProvider::LtiConfig.setup!
+    end
+
+    initializer "lti_provider.lti_xml_config" do |app|
+      LtiProvider::LtiXmlConfig.setup!
+    end
+  end
+end

data/lib/lti_provider/lti_application.rb

@@ -0,0 +1,56 @@
+module LtiProvider
+  module LtiApplication
+    extend ActiveSupport::Concern
+
+    module ClassMethods
+    end
+
+    included do
+      before_filter :require_lti_launch
+    end
+
+    protected
+    def require_lti_launch
+      if canvas_url.blank? || user_id.blank?
+        reset_session
+        prompt_for_launch
+      end
+    end
+
+    def prompt_for_launch
+      render text: 'Please launch this tool from Canvas and then try again.'
+    end
+
+    def canvas_url
+      session[:canvas_url]
+    end
+
+    def user_id
+      session[:user_id]
+    end
+
+    def current_course_id
+      session[:course_id]
+    end
+
+    def tool_consumer_instance_guid
+      session[:tool_consumer_instance_guid]
+    end
+
+    def course_launch?
+      current_course_id.present?
+    end
+
+    def current_account_id
+      session[:account_id]
+    end
+
+    def account_launch?
+      current_account_id.present?
+    end
+
+    def not_acceptable
+      render text: "Unable to process request", status: 406
+    end
+  end
+end

data/lib/lti_provider/lti_config.rb

@@ -0,0 +1,28 @@
+module LtiProvider
+  module LtiConfig
+    def self.load_config
+      YAML::load(File.open(config_file))[Rails.env]
+    end
+
+    def self.config_file
+      LtiProvider.app_root.join('config/lti.yml')
+    end
+
+    def self.setup!
+      config = LtiProvider::Config
+      if File.exists?(config_file)
+        Rails.logger.info "Initializing LTI key and secret using configuration in #{config_file}"
+        load_config.each do |k,v|
+          config.send("#{k}=", v)
+        end
+      elsif ENV['LTI_KEY'].present? && ENV['LTI_SECRET'].present?
+        Rails.logger.info "Initializing LTI key and secret using environment vars LTI_KEY and LTI_SECRET"
+        config.key = ENV['LTI_KEY']
+        config.secret = ENV['LTI_SECRET']
+        config.require_canvas = !!ENV['LTI_REQUIRE_CANVAS']
+      else
+        raise "Warning: LTI key and secret not configured for #{Rails.env})."
+      end
+    end
+  end
+end

data/lib/lti_provider/lti_xml_config.rb

@@ -0,0 +1,23 @@
+module LtiProvider
+  module LtiXmlConfig
+    def self.load_config
+      YAML::load(File.open(config_file))[Rails.env]
+    end
+
+    def self.config_file
+      LtiProvider.app_root.join('config/lti_xml.yml')
+    end
+
+    def self.setup!
+      config = LtiProvider::XmlConfig
+      if File.exists?(config_file)
+        Rails.logger.info "Initializing LTI XML config using configuration in #{config_file}"
+        load_config.each do |k,v|
+          config.send("#{k}=", v)
+        end
+      else
+        raise "Warning: LTI XML config not configured for #{Rails.env})."
+      end
+    end
+  end
+end

data/lib/lti_provider/version.rb

@@ -0,0 +1,3 @@
+module LtiProvider
+  VERSION = "0.0.1"
+end

data/lib/lti_provider/xml_config.rb

@@ -0,0 +1 @@
+LtiProvider::XmlConfig = OpenStruct.new

data/lib/tasks/lti_provider_tasks.rake

@@ -0,0 +1,4 @@
+# desc "Explaining what the task does"
+# task :lti_provider do
+#   # Task goes here
+# end

data/spec/controllers/lti_provider/lti_controller_spec.rb

@@ -0,0 +1,141 @@
+require 'spec_helper'
+
+describe LtiProvider::LtiController do
+  let(:user_id) { "1" }
+  let(:parameters) {
+    {
+      'launch_url' => "http://#{request.host}",
+      'custom_canvas_user_id' => user_id,
+      'launch_presentation_return_url' => "http://test.canvas",
+
+      'lti_version' => 'LTI-1p0',
+      'lti_message_type' => 'basic-lti-launch-request',
+      'action' => 'launch',
+      'controller' => 'lti_provider/lti'
+    }
+  }
+
+  def create_consumer(key, secret)
+    consumer = IMS::LTI::ToolConsumer.new(key, secret, parameters)
+    consumer.resource_link_id = 'abc'
+    consumer
+  end
+
+  def post_lti_request!(key, secret)
+    consumer = create_consumer(key, secret)
+
+    # the oauth rack request proxy doesn't know to strip the 'action' and
+    # 'controller' parameters, so we need to stub them here so the request also
+    # gets signed with them
+    consumer.stubs(:to_params).returns(parameters)
+
+    data = consumer.generate_launch_data
+    request.env['RAW_POST_DATA'] = data.to_query
+    request.env['CONTENT_TYPE'] = 'application/x-www-form-urlencoded'
+    request.env['HTTP_REFERER'] = 'http://test.canvas/external_tools/1'
+
+    post :launch, data.merge(use_route: :lti_provider)
+  end
+
+  describe "GET cookie_test" do
+    context "when successful" do
+      it "proceeds to oauth" do
+        controller.session[:cookie_test] = true
+        controller.should_receive(:consume_launch)
+        get :cookie_test, use_route: :lti_provider
+      end
+    end
+
+    context "when failed" do
+      it "renders a message" do
+        get :cookie_test, use_route: :lti_provider
+        response.should render_template('cookie_test')
+      end
+    end
+  end
+
+  describe "POST launch" do
+    context "with a valid key" do
+      before do
+        post_lti_request!(LtiProvider::Config.key, LtiProvider::Config.secret)
+      end
+
+      it "performs a cookie test and passes along the nonce" do
+        response.redirect_url.should include(lti_provider.cookie_test_url(nonce: '', host: request.host))
+      end
+
+      it "saves the launch record" do
+        LtiProvider::Launch.first.user_id.should == user_id
+      end
+    end
+
+    context "without a key" do
+      it "renders an error message" do
+        post_lti_request!('', '')
+        response.body.should match "Consumer key not provided."
+      end
+    end
+
+    context "with an invalid secret" do
+      it "renders an error message" do
+        post_lti_request!(LtiProvider::Config.key, 'invalid')
+        response.body.should match "The OAuth signature was invalid."
+      end
+    end
+  end
+
+  describe "consume_launch" do
+    let!(:launch) do
+      LtiProvider::Launch.create!({
+        canvas_url: 'http://canvas',
+        nonce:  'abcd',
+        provider_params: {
+          'custom_canvas_course_id' => 1,
+          'custom_canvas_user_id' => 2,
+          'tool_consumer_instance_guid' => '123abc'
+        }
+      },
+      without_protection: true)
+    end
+
+    describe "a successful launch" do
+      it "sets the session params" do
+        get :consume_launch, nonce: 'abcd', use_route: :lti_provider
+        session[:course_id].should == 1
+        session[:user_id].should == 2
+        session[:canvas_url].should == 'http://canvas'
+        session[:tool_consumer_instance_guid].should == '123abc'
+      end
+
+      it "destroys the launch" do
+        get :consume_launch, nonce: 'abcd', use_route: :lti_provider
+        LtiProvider::Launch.count.should == 0
+      end
+    end
+
+    describe "an expired nonce" do
+      before do
+        launch.update_attribute(:created_at, 10.minutes.ago)
+      end
+
+      it "shows an error" do
+        get :consume_launch, nonce: 'abcd', use_route: :lti_provider
+        response.body.should =~ /not launched successfully/
+      end
+    end
+
+    describe "a failed launch" do
+      it "shows an error" do
+        get :consume_launch, nonce: 'invalid', use_route: :lti_provider
+        response.body.should =~ /not launched successfully/
+      end
+    end
+  end
+
+  describe "configure.xml" do
+    it "should succeed" do
+      get :configure, format: :xml, use_route: :lti_provider
+      response.should be_success
+    end
+  end
+end

data/spec/dummy/Rakefile

@@ -0,0 +1,7 @@
+#!/usr/bin/env rake
+# Add your own tasks in files placed in lib/tasks ending in .rake,
+# for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
+
+require File.expand_path('../config/application', __FILE__)
+
+Dummy::Application.load_tasks

data/spec/dummy/app/controllers/application_controller.rb

@@ -0,0 +1,5 @@
+class ApplicationController < ActionController::Base
+  include LtiProvider::LtiApplication
+  
+  protect_from_forgery
+end

data/spec/dummy/app/controllers/welcome_controller.rb

@@ -0,0 +1,5 @@
+class WelcomeController < ApplicationController
+  def index
+    render text: "Hello LTI"
+  end
+end

data/spec/dummy/config.ru

@@ -0,0 +1,4 @@
+# This file is used by Rack-based servers to start the application.
+
+require ::File.expand_path('../config/environment',  __FILE__)
+run Dummy::Application

data/spec/dummy/config/application.rb

@@ -0,0 +1,58 @@
+require File.expand_path('../boot', __FILE__)
+
+require 'rails/all'
+
+Bundler.require
+require 'lti_provider'
+
+module Dummy
+  class Application < Rails::Application
+    # Settings in config/environments/* take precedence over those specified here.
+    # Application configuration should go into files in config/initializers
+    # -- all .rb files in that directory are automatically loaded.
+
+    # Custom directories with classes and modules you want to be autoloadable.
+    # config.autoload_paths += %W(#{config.root}/extras)
+
+    # Only load the plugins named here, in the order given (default is alphabetical).
+    # :all can be used as a placeholder for all plugins not explicitly named.
+    # config.plugins = [ :exception_notification, :ssl_requirement, :all ]
+
+    # Activate observers that should always be running.
+    # config.active_record.observers = :cacher, :garbage_collector, :forum_observer
+
+    # Set Time.zone default to the specified zone and make Active Record auto-convert to this zone.
+    # Run "rake -D time" for a list of tasks for finding time zone names. Default is UTC.
+    # config.time_zone = 'Central Time (US & Canada)'
+
+    # The default locale is :en and all translations from config/locales/*.rb,yml are auto loaded.
+    # config.i18n.load_path += Dir[Rails.root.join('my', 'locales', '*.{rb,yml}').to_s]
+    # config.i18n.default_locale = :de
+
+    # Configure the default encoding used in templates for Ruby 1.9.
+    config.encoding = "utf-8"
+
+    # Configure sensitive parameters which will be filtered from the log file.
+    config.filter_parameters += [:password]
+
+    # Enable escaping HTML in JSON.
+    config.active_support.escape_html_entities_in_json = true
+
+    # Use SQL instead of Active Record's schema dumper when creating the database.
+    # This is necessary if your schema can't be completely dumped by the schema dumper,
+    # like if you have constraints or database-specific column types
+    # config.active_record.schema_format = :sql
+
+    # Enforce whitelist mode for mass assignment.
+    # This will create an empty whitelist of attributes available for mass-assignment for all models
+    # in your app. As such, your models will need to explicitly whitelist or blacklist accessible
+    # parameters by using an attr_accessible or attr_protected declaration.
+    config.active_record.whitelist_attributes = true
+
+    # Enable the asset pipeline
+    config.assets.enabled = true
+
+    # Version of your assets, change this if you want to expire all your assets
+    config.assets.version = '1.0'
+  end
+end

data/spec/dummy/config/boot.rb

@@ -0,0 +1,10 @@
+require 'rubygems'
+gemfile = File.expand_path('../../../../Gemfile', __FILE__)
+
+if File.exist?(gemfile)
+  ENV['BUNDLE_GEMFILE'] = gemfile
+  require 'bundler'
+  Bundler.setup
+end
+
+$:.unshift File.expand_path('../../../../lib', __FILE__)

data/spec/dummy/config/cucumber.yml

@@ -0,0 +1,8 @@
+<%
+rerun = File.file?('rerun.txt') ? IO.read('rerun.txt') : ""
+rerun_opts = rerun.to_s.strip.empty? ? "--format #{ENV['CUCUMBER_FORMAT'] || 'progress'} features" : "--format #{ENV['CUCUMBER_FORMAT'] || 'pretty'} #{rerun}"
+std_opts = "--format #{ENV['CUCUMBER_FORMAT'] || 'pretty'} --strict --tags ~@wip"
+%>
+default: <%= std_opts %> features
+wip: --tags @wip:3 --wip features
+rerun: <%= rerun_opts %> --format rerun --out rerun.txt --strict --tags ~@wip

data/spec/dummy/config/database.yml

@@ -0,0 +1,25 @@
+# SQLite version 3.x
+#   gem install sqlite3
+#
+#   Ensure the SQLite 3 gem is defined in your Gemfile
+#   gem 'sqlite3'
+development:
+  adapter: sqlite3
+  database: db/development.sqlite3
+  pool: 5
+  timeout: 5000
+
+# Warning: The database defined as "test" will be erased and
+# re-generated from your development database when you run "rake".
+# Do not set this db to the same as development or production.
+test:
+  adapter: sqlite3
+  database: db/test.sqlite3
+  pool: 5
+  timeout: 5000
+
+production:
+  adapter: sqlite3
+  database: db/production.sqlite3
+  pool: 5
+  timeout: 5000