RubyGems - lti_skydrive - Versions diffs - 0.0.1 - Mend

lti_skydrive 0.0.1

Files changed (150) hide show

data/app/controllers/skydrive/launch_controller.rb ADDED Viewed

@@ -0,0 +1,152 @@
+require 'ims/lti'
+module Skydrive
+  class LaunchController < ApplicationController
+    include ActionController::Cookies
+    before_filter :ensure_authenticated_user, only: :skydrive_authorized
+    def tool_provider
+      require 'oauth/request_proxy/rack_request'
+      lti_key = LtiKey.where(key: params['oauth_consumer_key']).first
+      if lti_key
+        key = lti_key.key
+        secret = lti_key.secret
+      end
+      tp = IMS::LTI::ToolProvider.new(key, secret, params)
+      if !key
+        tp.lti_errorlog = "No consumer key"
+      elsif !secret
+        tp.lti_errorlog = "Consumer key wasn't recognized"
+      elsif !tp.valid_request?(request)
+        tp.lti_errorlog = "The OAuth signature was invalid"
+      elsif Time.now.utc.to_i - tp.request_oauth_timestamp.to_i > 120
+        tp.lti_errorlog = "Your request is too old."
+      end
+      #
+      ## this isn't actually checking anything like it should, just want people
+      ## implementing real tools to be aware they need to check the nonce
+      #if was_nonce_used_in_last_x_minutes?(@tp.request_oauth_nonce, 60)
+      #  register_error "Why are you reusing the nonce?"
+      #  return false
+      #end
+      #
+      ## save the launch parameters for use in later request
+      ##session['launch_params'] = @tp.to_params
+      #
+      #@username = @tp.username("Dude")
+      return tp
+    end
+    def basic_launch
+      tp = tool_provider
+      if tp.lti_errorlog
+        render text: tp.lti_errorlog, status: 400
+        return
+      end
+      email = tp.lis_person_contact_email_primary
+      unless email.present?
+        render text: "Missing email information"
+        return
+      end
+      unless client_domain = tp.get_custom_param('sharepoint_client_domain')
+        render text: "Missing sharepoint client domain", status: 400
+        return
+      end
+      user = User.where(email: email).first ||
+          User.create!(
+              name: tp.lis_person_name_full,
+              username: tp.user_id,
+              email: email
+          )
+      if user.token
+        user.token.update_attributes(client_domain: "#{client_domain}-my.sharepoint.com")
+      else
+        user.token = Token.create(client_domain: "#{client_domain}-my.sharepoint.com")
+      end
+      user.cleanup_api_keys
+      code = user.session_api_key(params).oauth_code
+      redirect_to "#{root_path}#/launch/#{code}"
+    end
+    def skydrive_authorized
+      skydrive_token = current_user.token
+      if skydrive_token && skydrive_token.requires_refresh?
+        results = skydrive_client.refresh_token(skydrive_token.refresh_token)
+        return render json: results if results.key? 'error'
+        skydrive_token.update_attributes(results)
+      end
+      if skydrive_token && skydrive_token.is_valid?
+        render json: {}, status: 201
+      else
+        code = current_user.api_keys.active.skydrive_oauth.create.oauth_code
+        auth_url = skydrive_client.oauth_authorize_redirect_uri(skydrive_redirect_uri, state: code)
+        render text: auth_url, status: 401
+      end
+    end
+    def microsoft_oauth
+      @current_user = ApiKey.trade_oauth_code_for_access_token(params['state']).user
+      results = skydrive_client.get_token(skydrive_redirect_uri, params['code'])
+      return render text: "#{results['error']} - #{results['error_description']}" if results.key? 'error'
+      results.merge!(personal_url: skydrive_client.get_user['PersonalUrl'])
+      @current_user.token.update_attributes(results)
+      redirect_to "#{root_path}#/oauth/callback"
+    end
+    def xml_config
+      # ie http://localhost:9393/config?sharepoint_client_domain=my_subdomain
+      host = request.scheme + "://" + request.host_with_port + "/"
+      if params['sharepoint_client_domain']
+        url = "#{request.protocol}#{request.host_with_port}#{launch_path}"
+        title = "Skydrive Pro"
+        tc = IMS::LTI::ToolConfig.new(:title => title, :launch_url => url)
+        tc.extend IMS::LTI::Extensions::Canvas::ToolConfig
+        tc.description = 'Allows you to pull in documents from Skydrive Pro to canvas'
+        tc.canvas_privacy_public!
+        tc.canvas_domain!(request.host)
+        tc.canvas_icon_url!("#{host}assets/skydrive/skydrive_icon.png")
+        tc.canvas_selector_dimensions!(700,600)
+        tc.canvas_text!(title)
+        tc.canvas_homework_submission!
+        #tc.canvas_editor_button!
+        #tc.canvas_resource_selection!
+        #tc.canvas_account_navigation!
+        #tc.canvas_course_navigation!
+        #tc.canvas_user_navigation!
+        tc.set_ext_param(
+            IMS::LTI::Extensions::Canvas::ToolConfig::PLATFORM, :custom_fields,
+            {sharepoint_client_domain: params['sharepoint_client_domain']})
+        render xml: tc.to_xml
+      else
+        render text: 'The sharepoint_client_domain is a required parameter.'
+      end
+    end
+    private
+    def skydrive_client
+      @skydrive_client ||= Client.new(SHAREPOINT.merge(client_domain: current_user.token.client_domain))
+    end
+    def skydrive_redirect_uri
+      @skydrive_redirect_uri ||= "#{request.protocol}#{request.host_with_port}#{microsoft_oauth_path}"
+    end
+  end
+end

data/app/controllers/skydrive/session_controller.rb ADDED Viewed

@@ -0,0 +1,12 @@
+module Skydrive
+  class SessionController < ApplicationController
+    def create
+      user = User.where("username = ? OR email = ?", params[:username_or_email], params[:username_or_email]).first
+      if user && user.authenticate(params[:password])
+        render json: user.session_api_key, status: 201
+      else
+        render json: {}, status: 401
+      end
+    end
+  end
+end

data/app/controllers/skydrive/users_controller.rb ADDED Viewed

@@ -0,0 +1,34 @@
+module Skydrive
+  class UsersController < ApplicationController
+    before_filter :ensure_authenticated_user, except: [:create]
+    # Returns list of users. This requires authorization
+    def index
+      render json: User.all
+    end
+    def show
+      if params[:id] == 'self'
+        render json: current_user
+      else
+        render json: User.find(params[:id])
+      end
+    end
+    def create
+      user = User.create(user_params)
+      if user.new_record?
+        render json: { errors: user.errors.messages }, status: 422
+      else
+        render json: user.session_api_key, status: 201
+      end
+    end
+    private
+    # Strong Parameters (Rails 4)
+    def user_params
+      params.require(:user).permit(:name, :username, :email, :password, :password_confirmation)
+    end
+  end
+end

data/app/helpers/skydrive/application_helper.rb ADDED Viewed

@@ -0,0 +1,4 @@
+module Skydrive
+  module ApplicationHelper
+  end
+end

data/app/helpers/skydrive/ember_helper.rb ADDED Viewed

@@ -0,0 +1,4 @@
+module Skydrive
+  module EmberHelper
+  end
+end

data/app/models/skydrive/api_key.rb ADDED Viewed

@@ -0,0 +1,47 @@
+module Skydrive
+  class ApiKey < ActiveRecord::Base
+    validates :scope, inclusion: { in: %w( session api skydrive_oauth) }
+    #before_create :generate_access_token, :set_expiry_date
+    before_create :generate_code, :set_expiry_date
+    belongs_to :user
+    scope :session,       -> { where(scope: 'session') }
+    scope :skydrive_oauth,-> { where(scope: 'skydrive_oauth') }
+    scope :api,           -> { where(scope: 'api') }
+    scope :active,        -> { where("expired_at >= ?", Time.now) }
+    scope :inactive,      -> { where("expired_at < ?", Time.now) }
+    def params
+      self.init_params ? JSON.parse(self.init_params) : {}
+    end
+    def accepted_extensions
+      extensions = params['ext_content_file_extensions']
+      extensions ? extensions.split(',') : nil
+    end
+    private
+    def set_expiry_date
+      self.expired_at = case self.scope
+                          when 'session'
+                            60.minutes.from_now
+                          when 'skydrive_oauth'
+                            30.minutes.from_now
+                          else
+                            #Unsupported token types will start expired
+                            Time.now
+                        end
+    end
+    def generate_code
+      self.oauth_code = SecureRandom.uuid
+    end
+    def self.trade_oauth_code_for_access_token(oauth_code)
+      api_key = ApiKey.active.where(oauth_code: oauth_code).first if oauth_code
+      api_key.update(access_token: SecureRandom.uuid, oauth_code: nil) if api_key
+      api_key
+    end
+  end
+end

data/app/models/skydrive/lti_key.rb ADDED Viewed

@@ -0,0 +1,10 @@
+module Skydrive
+  class LtiKey < ActiveRecord::Base
+    validates :key, presence: true, uniqueness: true
+    validates :secret, presence: true
+    def self.new_key
+      LtiKey.create(key: SecureRandom.uuid, secret: SecureRandom.hex)
+    end
+  end
+end

data/app/models/skydrive/token.rb ADDED Viewed

@@ -0,0 +1,14 @@
+module Skydrive
+  class Token < ActiveRecord::Base
+    validates :user_id, uniqueness: true
+    belongs_to :user
+    def requires_refresh?
+      !!self.not_before && self.not_before < Time.now
+    end
+    def is_valid?
+      !!self.access_token && self.expires_on && self.expires_on > Time.now
+    end
+  end
+end

data/app/models/skydrive/user.rb ADDED Viewed

@@ -0,0 +1,28 @@
+module Skydrive
+  class User < ActiveRecord::Base
+    include ActiveModel::ForbiddenAttributesProtection
+    has_many :api_keys
+    has_one :token
+    validates :email, presence: true, uniqueness: true
+    validates :username, presence: true, uniqueness: true
+    validates :name, presence: true
+    def session_api_key(params={})
+      ApiKey.create(
+        user_id: self.id,
+        scope: 'session',
+        init_params: params.to_json
+      )
+    end
+    def cleanup_api_keys
+      api_keys.inactive.each(&:destroy)
+    end
+    def valid_skydrive_token?
+      self.token && self.token.is_valid?
+    end
+  end
+end

data/app/serializers/api_key_serializer.rb ADDED Viewed

@@ -0,0 +1,5 @@
+module Skydrive
+  class ApiKeySerializer < ActiveModel::Serializer
+    attributes :id, :user_id, :access_token
+  end
+end

data/app/serializers/user_serializer.rb ADDED Viewed

@@ -0,0 +1,5 @@
+module Skydrive
+  class UserSerializer < ActiveModel::Serializer
+    attributes :id, :name, :username, :email
+  end
+end

data/app/views/layouts/skydrive/application.html.erb ADDED Viewed

@@ -0,0 +1,21 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+  <title>Sky Drive</title>
+	<meta http-equiv="Content-type" content="text/html; charset=utf-8">
+  <%= stylesheet_link_tag    "skydrive/stylesheets/font-awesome/font-awesome.min.css", media: "all" %>
+  <%= stylesheet_link_tag    "skydrive/stylesheets/normalize.css", media: "all" %>
+  <%= stylesheet_link_tag    "skydrive/stylesheets/app.css", media: "all" %>
+  <%= javascript_include_tag "skydrive/javascripts/vendor/jquery.js" %>
+  <%= javascript_include_tag "skydrive/javascripts/vendor/handlebars.js" %>
+  <%= javascript_include_tag "skydrive/javascripts/vendor/ember.js" %>
+  <%= csrf_meta_tags %>
+</head>
+<body>
+<%#= yield %>
+<script src="skydrive/javascripts/application.js"></script>
+</body>
+</html>

data/app/views/skydrive/ember/index.html.erb ADDED Viewed

@@ -0,0 +1,20 @@
+<!doctype html>
+<html lang="en">
+<head>
+	<meta http-equiv="Content-type" content="text/html; charset=utf-8">
+  <link rel="stylesheet" href="/assets/skydrive/font-awesome/font-awesome.min.css">
+  <link rel="stylesheet" href="/assets/skydrive/normalize.css">
+  <link rel="stylesheet" href="/assets/skydrive/app.css">
+  <script src="/assets/skydrive/vendor/jquery.js"></script>
+  <script src="/assets/skydrive/vendor/handlebars.js"></script>
+  <script src="/assets/skydrive/vendor/ember.js"></script>
+	<title>Sky Drive</title>
+</head>
+<body>
+  <script type="text/javascript" charset="utf-8">
+    window.ENV = <%= raw @env.to_json %>;
+  </script>
+  <script src="/assets/skydrive/application.js"></script>
+</body>
+</html>

data/config/initializers/sharepoint.rb ADDED Viewed

	@@ -0,0 +1 @@
1	+ SHAREPOINT = YAML.load(File.read("#{Rails.root}/config/sharepoint.yml"))[Rails.env].symbolize_keys

data/config/routes.rb ADDED Viewed

@@ -0,0 +1,24 @@
+Skydrive::Engine.routes.draw do
+  root "ember#index"
+  get 'health_check' => 'ember#health_check'
+  get '/download/file' => 'files#download', as: :download
+  scope "api/v1" do
+    resources :users, except: [:new, :edit]
+    get 'files(/*uri)' => 'files#index'
+    get 'skydrive_authorized' => 'launch#skydrive_authorized'
+  end
+  post 'session' => 'session#create'
+  #LTI launch paths
+  get 'launch' => 'launch#basic_launch', :as => :launch
+  post 'launch' => 'launch#basic_launch'
+  get 'backdoor' => 'launch#backdoor_launch'
+  get 'microsoft_oauth' => 'launch#microsoft_oauth'
+  get 'config' => 'launch#xml_config'
+  post 'oauth2/token' => 'api_keys#oauth2_token'
+end

data/config/sharepoint.yml.example ADDED Viewed

@@ -0,0 +1,17 @@
+defaults: &defaults
+  guid: 00000003-0000-0ff1-ce00-000000000000
+development:
+  <<: *defaults
+  client_id: 00a878a3-fde7-47a3-9c89-3c9912e6bb83
+  client_secret: MO2cbtapMB22kKEKqNsTDTVUN0vwS1vNjqaCG+NejaI=
+test:
+  <<: *defaults
+  client_id: 00a878a3-fde7-47a3-9c89-3c9912e6bb83
+  client_secret: MO2cbtapMB22kKEKqNsTDTVUN0vwS1vNjqaCG+NejaI=
+production:
+  <<: *defaults
+  client_id: 00a878a3-fde7-47a3-9c89-3c9912e6bb83
+  client_secret: MO2cbtapMB22kKEKqNsTDTVUN0vwS1vNjqaCG+NejaI=

data/db/migrate/20130710195807_create_users.rb ADDED Viewed

@@ -0,0 +1,11 @@
+class CreateUsers < ActiveRecord::Migration
+  def change
+    create_table :users do |t|
+      t.string :name
+      t.string :username
+      t.string :email
+      t.timestamps
+    end
+  end
+end

data/db/migrate/20130710195819_create_api_keys.rb ADDED Viewed

@@ -0,0 +1,15 @@
+class CreateApiKeys < ActiveRecord::Migration
+  def change
+    create_table :api_keys do |t|
+      t.integer :user_id
+      t.string :access_token
+      t.string :scope
+      t.string :oauth_code
+      t.datetime :expired_at
+      t.datetime :created_at
+    end
+    add_index :api_keys, :user_id
+    add_index :api_keys, :access_token
+    add_index :api_keys, :oauth_code
+  end
+end

data/db/migrate/20130722173006_add_skydrive_token_storage.rb ADDED Viewed

@@ -0,0 +1,15 @@
+class AddSkydriveTokenStorage < ActiveRecord::Migration
+  def change
+    create_table :skydrive_tokens do |t|
+      t.integer :user_id
+      t.string :token_type
+      t.string :access_token
+      t.integer :expires_in
+      t.string :refresh_token
+      t.datetime :not_before
+      t.datetime :expires_on
+      t.string :resource
+    end
+    add_index :skydrive_tokens, :user_id
+  end
+end

data/db/migrate/20130725183724_add_client_domain_to_skydrive_tokens.rb ADDED Viewed

@@ -0,0 +1,5 @@
+class AddClientDomainToSkydriveTokens < ActiveRecord::Migration
+  def change
+    add_column :skydrive_tokens, :client_domain, :string
+  end
+end

data/db/migrate/20130726170108_add_personal_url_to_skydrive_token.rb ADDED Viewed

@@ -0,0 +1,5 @@
+class AddPersonalUrlToSkydriveToken < ActiveRecord::Migration
+  def change
+    add_column :skydrive_tokens, :personal_url, :string
+  end
+end

data/db/migrate/20130730164700_add_init_params_to_api_key.rb ADDED Viewed

@@ -0,0 +1,5 @@
+class AddInitParamsToApiKey < ActiveRecord::Migration
+  def change
+    add_column :api_keys, :init_params, :text
+  end
+end

data/db/migrate/20130801181008_create_lti_keys.rb ADDED Viewed

@@ -0,0 +1,9 @@
+class CreateLtiKeys < ActiveRecord::Migration
+  def change
+    create_table :lti_keys do |t|
+      t.string :key
+      t.string :secret
+    end
+    add_index :lti_keys, :key
+  end
+end

data/db/migrate/20130802231147_change_skydrive_token_length.rb ADDED Viewed

@@ -0,0 +1,6 @@
+class ChangeSkydriveTokenLength < ActiveRecord::Migration
+  def change
+    change_column :skydrive_tokens, :access_token, :text
+    change_column :skydrive_tokens, :refresh_token, :text
+  end
+end

data/db/migrate/20140103221052_skydrive_namespace.rb ADDED Viewed

@@ -0,0 +1,13 @@
+class SkydriveNamespace < ActiveRecord::Migration
+  def self.up
+    rename_table :api_keys, :skydrive_api_keys
+    rename_table :lti_keys, :skydrive_lti_keys
+    rename_table :users, :skydrive_users
+  end
+  def self.down
+    rename_table :skydrive_api_keys, :api_keys
+    rename_table :skydrive_lti_keys, :lti_keys
+    rename_table :skydrive_users, :users
+  end
+end