RubyGems - lti_skydrive - Versions diffs - 1.2.0 → 1.2.1 - Mend

lti_skydrive 1.2.0 → 1.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (30) hide show

checksums.yaml CHANGED Viewed

@@ -1,15 +1,7 @@
 ---
-!binary "U0hBMQ==":
-  metadata.gz: !binary |-
-    OWFmMTU0ZmUzNjQzOTljZWY5MjY2ODlmY2U1YWFjMDcyZTdjYjZjMg==
-  data.tar.gz: !binary |-
-    ZGUzNDk1ODEyMDE0ZTdmZmE3MTU3N2U1YmFmNmFjMzY5ZTkyNjFhOQ==
+SHA1:
+  metadata.gz: 0b86a8e829a9306ff1eb0bb4fd553470803fb2c1
+  data.tar.gz: 7edd66d2c89d2e532bdaf8f4d835e32a08b1017a
 SHA512:
-  metadata.gz: !binary |-
-    NWYxMmU3NzFhYWZiODYyY2NhZGNmZjVkMjhlNDUzNmQ5ZDM1MWEyZjJjNDE5
-    ZGFhOTJlZjE3NDdkMTM0MmZjZTcwZjNiNjA3OGQ5YzVlMGQzYmRkMjU1YzI4
-    MzhjMTMwMjQzYzAzMWFlMzU3ZDQ0NTY2YTU1NTEyNDI1YjAzYTA=
-  data.tar.gz: !binary |-
-    OTRiMmM4ZGNhMTljZDFiMTYzYjM2MWQ5YTIxM2I2NGQ0OWZhODY3OGUyNWNh
-    ZTZhNThiNDgxNWI0YjU4ZWUwZWZmYmM3OWU4NWI4MjgxYjkxMjkxZDgxZDcx
-    YTkzODJiYzI4Zjg0MTIwZmJjODQ1ZWI2MTY3YzkwNjFmNzViMzY=
+  metadata.gz: 256f3e439614ec9318abecb8f20bb4670849a640cb4007ff4a626e6f1ec9b3520e77f9b906c512ce6332635c647ad16eff69d44601c0ab267545676ec99b8323
+  data.tar.gz: c3a020f97b8d890d8aad9b2a7b9d18a0914493238401e8445a065ea2c9324920c654907b137d2d0b30560e29cf9a58c450240cdc4094baa56b94dc825662cda4

data/app/controllers/skydrive/application_controller.rb CHANGED Viewed

@@ -38,11 +38,7 @@ module Skydrive
     end
     def skydrive_client
-      @skydrive_client ||=
-          Client.new(SHAREPOINT.merge(
-                         personal_url: current_user.token.personal_url,
-                         token: current_user.token.access_token
-                     ))
+      @skydrive_client ||= current_user.skydrive_client
     end
   end
 end

data/app/controllers/skydrive/files_controller.rb CHANGED Viewed

@@ -1,4 +1,5 @@
 require 'open-uri'
+require 'mimemagic'
 module Skydrive
   class FilesController < ApplicationController
@@ -44,8 +45,14 @@ module Skydrive
       if api_key
         user = api_key.user
         uri = "#{user.token.personal_url}_api/Web/GetFileByServerRelativeUrl('#{params[:file].gsub(/ /, '%20')}')/$value"
-        puts "URI: #{uri}"
-        send_data open(uri, { "Authorization" => "Bearer #{user.token.access_token}"}, &:read)
+        send_data_options = {
+          filename: ::File.basename(params[:file]),
+          type: MimeMagic::by_extension(params[:file].match(/\.[a-z]+$/))
+        }
+        data = open(uri, { "Authorization" => "Bearer #{user.token.access_token}"}, &:read)
+        send_data(data, send_data_options)
       else
         render status: 401
       end

data/app/controllers/skydrive/launch_controller.rb CHANGED Viewed

@@ -4,58 +4,45 @@ require 'ims/lti'
 module Skydrive
   ERROR_NO_API_KEY = "Unable to get an access token, your state is invalid"
-  ERROR_JSON_PARSE = "JSON::ParserError"
-  ERROR_SKY_DRIVE_API = "Skydrive::APIErrorException"
   class LaunchController < ApplicationController
     include ActionController::Cookies
     before_filter :ensure_authenticated_user, only: :skydrive_authorized
     def tool_provider
-      require 'oauth/request_proxy/rack_request'
+      @tool_provider ||= begin
+        require 'oauth/request_proxy/rack_request'
+        @account = Account.where(key: params['oauth_consumer_key']).first
-      @account = Account.where(key: params['oauth_consumer_key']).first
+        if @account
+          key = @account.key
+          secret = @account.secret
+        end
-      if @account
-        key = @account.key
-        secret = @account.secret
-      end
+        tp = IMS::LTI::ToolProvider.new(key, secret, params)
-      tp = IMS::LTI::ToolProvider.new(key, secret, params)
+        if !key
+          tp.lti_errorlog = "Invalid consumer key or secret"
+        elsif !secret
+          tp.lti_errorlog = "Consumer key wasn't recognized"
+        elsif !tp.valid_request?(request)
+          tp.lti_errorlog = "The OAuth signature was invalid"
+        elsif Time.now.utc.to_i - tp.request_oauth_timestamp.to_i > 120
+          tp.lti_errorlog = "Your request is too old"
+        end
-      if !key
-        tp.lti_errorlog = "Invalid consumer key or secret"
-      elsif !secret
-        tp.lti_errorlog = "Consumer key wasn't recognized"
-      elsif !tp.valid_request?(request)
-        tp.lti_errorlog = "The OAuth signature was invalid"
-      elsif Time.now.utc.to_i - tp.request_oauth_timestamp.to_i > 120
-        tp.lti_errorlog = "Your request is too old"
+        tp
       end
-      #
-      ## this isn't actually checking anything like it should, just want people
-      ## implementing real tools to be aware they need to check the nonce
-      #if was_nonce_used_in_last_x_minutes?(@tp.request_oauth_nonce, 60)
-      #  register_error "Why are you reusing the nonce?"
-      #  return false
-      #end
-      return tp
     end
     def basic_launch
       tp = tool_provider
       if tp.lti_errorlog
         render text: tp.lti_errorlog, status: 400, layout: "skydrive/error"
         return
       end
-      user_id = tp.get_custom_param('masquerading_user_id') || tp.user_id
-      is_masquerading = user_id == tp.get_custom_param('masquerading_user_id')
+      user_id = is_masquerading && tp.get_custom_param('masquerading_user_id') || tp.user_id
       name = is_masquerading ? 'masqueraded session' : tp.lis_person_name_full
       email = is_masquerading ? 'masqueraded session' : tp.lis_person_contact_email_primary
@@ -72,8 +59,6 @@ module Skydrive
         user.name = name
         user.save!
       end
-      user.ensure_token
       user.cleanup_api_keys
       code = user.session_api_key(params).oauth_code
@@ -81,17 +66,7 @@ module Skydrive
     end
     def skydrive_authorized
-      skydrive_token = current_user.token
-      if skydrive_token && skydrive_token.requires_refresh?
-        begin
-          skydrive_client.refresh_token = skydrive_token.refresh_token
-          skydrive_token.refresh!(skydrive_client)
-        rescue Skydrive::APIResponseErrorException => error
-          current_user.reset_token!
-        end
-      end
-      if skydrive_token && skydrive_token.is_valid?
+      if current_user.valid_skydrive_token?
         render json: {}, status: 201
       else
         code = current_user.api_keys.active.skydrive_oauth.create.oauth_code
@@ -102,19 +77,19 @@ module Skydrive
     def microsoft_oauth
       begin
         api_key = ApiKey.trade_oauth_code_for_access_token(params['state'])
-        raise RuntimeError, ERROR_NO_API_KEY unless api_key
+        raise OAuthStateException, ERROR_NO_API_KEY unless api_key
         @current_user = api_key.user
         skydrive_client.request_oauth_token(params['code'], microsoft_oauth_url)
         service = skydrive_client.get_my_files_service()
         current_user.token.resource = service["serviceResourceId"]
-        current_user.token.refresh!(skydrive_client)
+        current_user.token.refresh!
         personal_url = skydrive_client.get_personal_url(service["serviceEndpointUri"]).gsub(/\/Documents$/,'/')
         current_user.token.update_attribute(:personal_url, personal_url)
         redirect_to "#{root_path}oauth/callback"
-      rescue Exception => api_error
+      rescue APIResponseErrorException, JSON::ParserError, OAuthStateException => api_error
         launch_exception_handler api_error
       end
     end
@@ -164,5 +139,12 @@ module Skydrive
       render action: :launch_error, status: 400, layout: "skydrive/error"
     end
+    def is_masquerading
+      @is_masquerading ||= begin
+        m_user_id = tool_provider.get_custom_param('masquerading_user_id')
+        !m_user_id.blank? && m_user_id != '$Canvas.masqueradingUser.userId'
+      end
+    end
   end
 end

data/app/models/skydrive/token.rb CHANGED Viewed

@@ -4,16 +4,16 @@ module Skydrive
     belongs_to :user
     def requires_refresh?
-      !!self.not_before && self.not_before < Time.now
+      !!(self.not_before && !self.not_before.is_a?(Time) && self.not_before < Time.now)
     end
     def is_valid?
       !!self.access_token && self.expires_on && self.expires_on > Time.now
     end
-    def refresh!(client)
+    def refresh!
       results = {}
-      results = client.refresh_token(resource: resource)
+      results = self.user.skydrive_client.update_api_tokens(resource: resource, refresh_token: refresh_token, token: access_token)
       if results.key? 'access_token'
         attrs = ['token_type', 'expires_in', 'expires_on', 'not_before', 'resource', 'access_token', 'refresh_token']
         update_attributes(results.reject{|a| !attrs.include?(a)})

data/app/models/skydrive/user.rb CHANGED Viewed

@@ -2,6 +2,9 @@ module Skydrive
   class User < ActiveRecord::Base
     include ActiveModel::ForbiddenAttributesProtection
+    after_initialize :ensure_token
+    after_initialize :cleanup_api_keys
     has_many :api_keys
     has_one :token
     belongs_to :account
@@ -26,6 +29,14 @@ module Skydrive
     end
     def ensure_token
+      if self.token
+        begin
+          self.token.refresh! if self.token.requires_refresh?
+        rescue Skydrive::APIResponseErrorException, JSON::ParserError => error
+          self.reset_token!
+        end
+      end
       self.token = self.create_token unless self.token
     end
@@ -34,12 +45,10 @@ module Skydrive
       ensure_token
     end
-    # Convenience method
-    def onedrive_client
-      @onedrive_client ||=
+    def skydrive_client
+      @skydrive_client ||=
           Client.new(SHAREPOINT.merge(
-                         personal_url: self.token.personal_url,
-                         token: self.token.access_token
+                          user_token: self.token
                      ))
     end
   end

data/config/database.yml ADDED Viewed

@@ -0,0 +1,12 @@
+development: &default
+  adapter: postgresql
+  encoding: unicode
+  database: lti_skydrive
+  host: localhost
+  pool: 5
+  username: canvas
+test:
+  <<: *default
+  database: lti_skydrive_test

data/lib/skydrive.rb CHANGED Viewed

@@ -1,6 +1,24 @@
 require "skydrive/engine"
 module Skydrive
+  class OAuthStateException < RuntimeError
+  end
+  class APIErrorException < RuntimeError
+  end
+  class APIResponseErrorException < RuntimeError
+    attr_reader :response, :code, :description
+    def initialize(response)
+      @response = response
+      @code = response['error']
+      @description = response['error_description']
+      super("#{@code}: #{@description}\n#{response}")
+    end
+  end
   class << self
     attr_accessor :logger
   end

data/lib/skydrive/client.rb CHANGED Viewed

@@ -7,28 +7,29 @@ require 'skydrive/raven_logger'
 module Skydrive
-  class APIErrorException < RuntimeError
-  end
-  class APIResponseErrorException < RuntimeError
-    attr_reader :response, :code, :description
-    def initialize(response)
-      @response = response
-      @code = response['error']
-      @description = response['error_description']
-      super("#{@code}: #{@description}\n#{response}")
-    end
-  end
   class Client
     include ActionView::Helpers::NumberHelper
-    attr_accessor :client_id, :client_secret, :guid, :personal_url, :token, :refresh_token
+    attr_accessor :client_id, :client_secret, :guid, :user_token
     def initialize(options = {})
       options.each do |key, val|
         self.send("#{key}=", val) if self.respond_to?("#{key}=")
       end
+      RestClient.log = Skydrive.logger
+    end
+    def personal_url
+      user_token.personal_url
+    end
+    def token
+      user_token.access_token
+    end
+    def refresh_token
+      user_token.refresh_token
     end
     # URL used to authorize this app for a sharepoint tenant
@@ -59,8 +60,8 @@ module Skydrive
       RestClient.post endpoint, options do |response, request, result|
         log_restclient_response(response, request, result)
         results = format_results(parse_api_response(response))
-        self.token = results['access_token']
-        self.refresh_token = results['refresh_token']
+        self.user_token.access_token = results['access_token']
+        self.user_token.refresh_token = results['refresh_token']
         results
       end
     end
@@ -71,23 +72,25 @@ module Skydrive
     end
     def get_personal_url(service_endpoint_uri)
-      self.personal_url = api_call("#{service_endpoint_uri}/files/root/weburl", {'Accept' => nil})['value']
+      self.user_token.personal_url = api_call("#{service_endpoint_uri}/files/root/weburl", {'Accept' => nil})['value']
     end
-    def refresh_token(params)
+    def update_api_tokens(params)
       endpoint = 'https://login.windows.net/common/oauth2/token'
       options = {
           client_id: client_id,
           client_secret: client_secret,
           grant_type: 'refresh_token',
-          refresh_token: @refresh_token
+          refresh_token: self.user_token.refresh_token
       }.merge(params)
+      Rails.logger.info("#{refresh_token} | #{params[:refresh_token]} | #{options[:refresh_token]}")
       RestClient.post endpoint, options do |response, request, result|
         log_restclient_response(response, request, result)
         results = format_results(parse_api_response(response))
-        self.token = results['access_token']
-        self.refresh_token = results['refresh_token']
+        self.user_token.access_token = results['access_token']
+        self.user_token.refresh_token = results['refresh_token']
         results
       end
     end
@@ -168,49 +171,16 @@ module Skydrive
     end
     def api_call(url, headers = {})
-      begin
+      url.gsub!("https:/i", "https://i")
+      uri = URI.escape(url)
-        url.gsub!("https:/i", "https://i")
-        uri = URI.escape(url)
+      headers['Authorization'] = "Bearer #{self.user_token.access_token}" unless headers.has_key? 'Authorization'
+      headers['Accept'] = "application/json; odata=verbose" unless headers.has_key? 'Accept'
-        headers['Authorization'] = "Bearer #{token}" unless headers.has_key? 'Authorization'
-        headers['Accept'] = "application/json; odata=verbose" unless headers.has_key? 'Accept'
-        c = Curl::Easy.new(uri) do |http|
-          headers.each {|k,v| http.headers[k] = v if v }
-        end
-        headers = []
-        buffer = ""
-        c.on_body { |data|
-          buffer << data
-          data.size
-        }
-        c.on_header { |data|
-          headers << data
-          data.size
-        }
-        c.perform
-        result = parse_api_response(buffer)
-      rescue Exception => error
-        pid = generate_pid
-        headerOutput = c.headers.map {|k,v| "#{k}: #{v}"}.join("\n[#{pid}] - ")
-        backtrace_output = error.backtrace.join("\n[#{pid}] - ")
-        buffer_output = buffer.split("\n").join("\n[#{pid}] - ")
-        Skydrive.logger.error("[#{pid}] SKYDRIVE ERROR: #{error.class.to_s} ◊ #{error}")
-        Skydrive.logger.info("[#{pid}] SKYDRIVE BACKTRACE: \n[#{pid}] - #{backtrace_output}")
-        Skydrive.logger.info("[#{pid}] SKYDRIVE REQUEST: #{uri.to_s}")
-        Skydrive.logger.info("[#{pid}] SKYDRIVE REQUEST HEADERS:\n[#{pid}] - #{headerOutput}")
-        Skydrive.logger.info("[#{pid}] SKYDRIVE RESPONSE HEADERS:\n[#{pid}] - #{headers.join('  - ')}")
-        Skydrive.logger.info("[#{pid}] SKYDRIVE RESPONSE BODY:\n[#{pid}] - #{buffer_output}");
-        Skydrive.logger.info("[#{pid}] END --\n");
-        RavenLogger.capture_exception(error)
-        raise error
+      result = RestClient.get uri, headers do |response, request, result|
+        log_restclient_response(response, request, result)
+        parse_api_response(response)
       end
       result["d"] || result
     end
@@ -221,17 +191,49 @@ module Skydrive
     private
     def log_restclient_response(response, request, result)
-      pid = generate_pid
-      Skydrive.logger.info("[#{pid}] SKYDRIVE REQUEST: #{request.url}")
-      Skydrive.logger.info("[#{pid}] SKYDRIVE REQUEST PAYLOAD: #{request.payload}")
-      headerOutput = request.headers.values.join("\n  - ")
-      Skydrive.logger.info("[#{pid}] SKYDRIVE REQUEST HEADERS:\n  - #{headerOutput}")
-      Skydrive.logger.info("[#{pid}] SKYDRIVE RESPONSE CODE: #{result.code}")
-      Skydrive.logger.info("[#{pid}] SKYDRIVE RESPONSE BODY:\n#{response}")
+      response = format_log_lines response.split("\n")
+      request_headers = format_key_value_log_lines request.headers.merge(request.processed_headers)
+      response_headers = format_key_value_log_lines result.each_header
+      payload = request.args[:payload] || (request.payload && request.payload.empty? && request.payload) || '--No Payload!!--'
+      Skydrive.logger.info(%Q|
+==========================================================================
+========= BEGIN SKYDRIVE RestClient Response log [#{current_pid}] ========
+      Method:   #{request.method}
+      Endpoint: #{request.url}
+      Headers: #{request_headers}
+      Payload: #{payload}
+      Response Code: #{result.code}
+      Response Headers: #{response_headers}
+      Response Body: #{response}
+      Caller: #{format_log_lines caller}
+========= END SKYDRIVE RestClient Response log [#{current_pid}] =========
+=========================================================================|)
+    end
+    def format_key_value_log_lines(lines)
+      format_log_lines lines.map {|k, v| "$#{k} => '#{v}'"}
+    end
+    def format_log_lines(lines)
+      space = "\n          "
+      "#{space}#{lines.join(space)}"
+    end
+    def log_error(error)
+      RavenLogger.capture_exception(error)
+      Skydrive.logger.error(%Q|
+==========================================================================
+========= BEGIN SKYDRIVE ERROR [#{current_pid}] ==========================
+      Error: #{error}
+      Class: #{error.class.to_s}
+      Caller: #{format_log_lines  caller}
+========= END SKYDRIVE ERROR [#{current_pid}] ============================
+==========================================================================|)
     end
-    def generate_pid
-      (0...8).map { (65 + rand(26)).chr }.join
+    def current_pid
+      @pid ||= (0...8).map { (65 + rand(26)).chr }.join
     end
     def parse_api_response(body)