mil-ims-lti 1.1.3

data/lib/ims/lti/request_validator.rb

@@ -0,0 +1,50 @@
+module IMS::LTI
+  # A mixin for OAuth request validation
+  module RequestValidator
+
+    attr_reader :oauth_signature_validator
+
+    # Validates and OAuth request using the OAuth Gem - https://github.com/oauth/oauth-ruby
+    #
+    # To validate the OAuth signatures you need to require the appropriate
+    # request proxy for your application. For example:
+    #
+    #    # For a sinatra app:
+    #    require 'oauth/request_proxy/rack_request'
+    #
+    #    # For a rails app:
+    #    require 'oauth/request_proxy/action_controller_request'
+    # @return [Bool] Whether the request was valid
+    def valid_request?(request, handle_error=true)
+      begin
+        @oauth_signature_validator = OAuth::Signature.build(request, :consumer_secret => @consumer_secret)
+        @oauth_signature_validator.verify() or raise OAuth::Unauthorized
+        true
+      rescue OAuth::Signature::UnknownSignatureMethod, OAuth::Unauthorized
+        if handle_error
+          false
+        else
+          raise $!
+        end
+      end
+    end
+
+    # Check whether the OAuth-signed request is valid and throw error if not
+    #
+    # @return [Bool] Whether the request was valid
+    def valid_request!(request)
+      valid_request?(request, false)
+    end
+
+    # convenience method for getting the oauth nonce from the request
+    def request_oauth_nonce
+      @oauth_signature_validator && @oauth_signature_validator.request.oauth_nonce
+    end
+
+    # convenience method for getting the oauth timestamp from the request
+    def request_oauth_timestamp
+      @oauth_signature_validator && @oauth_signature_validator.request.oauth_timestamp
+    end
+
+  end
+end

data/lib/ims/lti/tool_config.rb

@@ -0,0 +1,225 @@
+module IMS::LTI
+  # Class used to represent an LTI configuration
+  #
+  # It can create and read the Common Cartridge XML representation of LTI links
+  # as described here: http://www.imsglobal.org/LTI/v1p1pd/ltiIMGv1p1pd.html#_Toc309649689
+  #
+  # == Usage
+  # To generate an XML configuration:
+  #
+  #    # Create a config object and set some options
+  #    tc = IMS::LTI::ToolConfig.new(:title => "Example Sinatra Tool Provider", :launch_url => url)
+  #    tc.description = "This example LTI Tool Provider supports LIS Outcome pass-back."
+  #
+  #    # generate the XML
+  #    tc.to_xml
+  #
+  # Or to create a config object from an XML String:
+  #
+  #    tc = IMS::LTI::ToolConfig.create_from_xml(xml)
+  class ToolConfig
+    attr_reader :custom_params, :extensions
+
+    attr_accessor :title, :description, :launch_url, :secure_launch_url,
+                  :icon, :secure_icon, :cartridge_bundle, :cartridge_icon,
+                  :vendor_code, :vendor_name, :vendor_description, :vendor_url,
+                  :vendor_contact_email, :vendor_contact_name
+
+    # Create a new ToolConfig with the given options
+    #
+    # @param opts [Hash] The initial options for the ToolConfig
+    def initialize(opts={})
+      @custom_params = opts.delete("custom_params") || {}
+      @extensions = opts.delete("extensions") || {}
+
+      opts.each_pair do |key, val|
+        self.send("#{key}=", val) if self.respond_to?("#{key}=")
+      end
+    end
+
+    # Create a ToolConfig from the given XML
+    #
+    # @param xml [String]
+    def self.create_from_xml(xml)
+      tc = ToolConfig.new
+      tc.process_xml(xml)
+
+      tc
+    end
+
+    def set_custom_param(key, val)
+      @custom_params[key] = val
+    end
+
+    def get_custom_param(key)
+      @custom_params[key]
+    end
+
+    # Set the extension parameters for a specific vendor
+    #
+    # @param ext_key [String] The identifier for the vendor-specific parameters
+    # @param ext_params [Hash] The parameters, this is allowed to be two-levels deep
+    def set_ext_params(ext_key, ext_params)
+      raise ArgumentError unless ext_params.is_a?(Hash)
+      @extensions[ext_key] = ext_params
+    end
+
+    def get_ext_params(ext_key)
+      @extensions[ext_key]
+    end
+
+    def set_ext_param(ext_key, param_key, val)
+      @extensions[ext_key] ||= {}
+      @extensions[ext_key][param_key] = val
+    end
+
+    def get_ext_param(ext_key, param_key)
+      @extensions[ext_key] && @extensions[ext_key][param_key]
+    end
+
+    # Namespaces used for parsing configuration XML
+    LTI_NAMESPACES = {
+            "xmlns" => 'http://www.imsglobal.org/xsd/imslticc_v1p0',
+            "blti" => 'http://www.imsglobal.org/xsd/imsbasiclti_v1p0',
+            "lticm" => 'http://www.imsglobal.org/xsd/imslticm_v1p0',
+            "lticp" => 'http://www.imsglobal.org/xsd/imslticp_v1p0',
+    }
+
+    # Parse tool configuration data out of the Common Cartridge LTI link XML
+    def process_xml(xml)
+      doc = REXML::Document.new xml
+      if root = REXML::XPath.first(doc, 'xmlns:cartridge_basiclti_link')
+        @title = get_node_text(root, 'blti:title')
+        @description = get_node_text(root, 'blti:description')
+        @launch_url = get_node_text(root, 'blti:launch_url')
+        @secure_launch_url = get_node_text(root, 'blti:secure_launch_url')
+        @icon = get_node_text(root, 'blti:icon')
+        @secure_icon = get_node_text(root, 'blti:secure_icon')
+        @cartridge_bundle = get_node_att(root, 'xmlns:cartridge_bundle', 'identifierref')
+        @cartridge_icon = get_node_att(root, 'xmlns:cartridge_icon', 'identifierref')
+
+        if vendor = REXML::XPath.first(root, 'blti:vendor')
+          @vendor_code = get_node_text(vendor, 'lticp:code')
+          @vendor_description = get_node_text(vendor, 'lticp:description')
+          @vendor_name = get_node_text(vendor, 'lticp:name')
+          @vendor_url = get_node_text(vendor, 'lticp:url')
+          @vendor_contact_email = get_node_text(vendor, '//lticp:contact/lticp:email')
+          @vendor_contact_name = get_node_text(vendor, '//lticp:contact/lticp:name')
+        end
+
+        if custom = REXML::XPath.first(root, 'blti:custom', LTI_NAMESPACES)
+          set_properties(@custom_params, custom)
+        end
+
+        REXML::XPath.each(root, 'blti:extensions', LTI_NAMESPACES) do |vendor_ext_node|
+          platform = vendor_ext_node.attributes['platform']
+          properties = {}
+          set_properties(properties, vendor_ext_node)
+          REXML::XPath.each(vendor_ext_node, 'lticm:options', LTI_NAMESPACES) do |options_node|
+            opt_name = options_node.attributes['name']
+            options = {}
+            set_properties(options, options_node)
+            properties[opt_name] = options
+          end
+
+          self.set_ext_params(platform, properties)
+        end
+
+      end
+    end
+
+    # Generate XML from the current settings
+    def to_xml(opts = {})
+      raise IMS::LTI::InvalidLTIConfigError, "A launch url is required for an LTI configuration." unless self.launch_url || self.secure_launch_url
+
+      builder = Builder::XmlMarkup.new(:indent => opts[:indent] || 0)
+      builder.instruct!
+      builder.cartridge_basiclti_link("xmlns" => "http://www.imsglobal.org/xsd/imslticc_v1p0",
+                                      "xmlns:blti" => 'http://www.imsglobal.org/xsd/imsbasiclti_v1p0',
+                                      "xmlns:lticm" => 'http://www.imsglobal.org/xsd/imslticm_v1p0',
+                                      "xmlns:lticp" => 'http://www.imsglobal.org/xsd/imslticp_v1p0',
+                                      "xmlns:xsi" => "http://www.w3.org/2001/XMLSchema-instance",
+                                      "xsi:schemaLocation" => "http://www.imsglobal.org/xsd/imslticc_v1p0 http://www.imsglobal.org/xsd/lti/ltiv1p0/imslticc_v1p0.xsd http://www.imsglobal.org/xsd/imsbasiclti_v1p0 http://www.imsglobal.org/xsd/lti/ltiv1p0/imsbasiclti_v1p0p1.xsd http://www.imsglobal.org/xsd/imslticm_v1p0 http://www.imsglobal.org/xsd/lti/ltiv1p0/imslticm_v1p0.xsd http://www.imsglobal.org/xsd/imslticp_v1p0 http://www.imsglobal.org/xsd/lti/ltiv1p0/imslticp_v1p0.xsd"
+      ) do |blti_node|
+
+        %w{title description launch_url secure_launch_url}.each do |key|
+          blti_node.blti key.to_sym, self.send(key) if self.send(key)
+        end
+
+        vendor_keys = %w{name code description url}
+        if vendor_keys.any?{|k|self.send("vendor_#{k}")} || vendor_contact_email
+          blti_node.blti :vendor do |v_node|
+            vendor_keys.each do |key|
+              v_node.lticp key.to_sym, self.send("vendor_#{key}") if self.send("vendor_#{key}")
+            end
+            if vendor_contact_email
+              v_node.lticp :contact do |c_node|
+                c_node.lticp :name, vendor_contact_name
+                c_node.lticp :email, vendor_contact_email
+              end
+            end
+          end
+        end
+
+        if !@custom_params.empty?
+          blti_node.tag!("blti:custom") do |custom_node|
+            @custom_params.keys.sort.each do |key|
+              val = @custom_params[key]
+              custom_node.lticm :property, val, 'name' => key
+            end
+          end
+        end
+
+        if !@extensions.empty?
+          @extensions.keys.sort.each do |ext_platform|
+            ext_params = @extensions[ext_platform]
+            blti_node.blti(:extensions, :platform => ext_platform) do |ext_node|
+              ext_params.keys.sort.each do |key|
+                val = ext_params[key]
+                if val.is_a?(Hash)
+                  ext_node.lticm(:options, :name => key) do |type_node|
+                    val.keys.sort.each do |p_key|
+                      p_val = val[p_key]
+                      type_node.lticm :property, p_val, 'name' => p_key
+                    end
+                  end
+                else
+                  ext_node.lticm :property, val, 'name' => key
+                end
+              end
+            end
+          end
+        end
+
+        blti_node.cartridge_bundle(:identifierref => @cartridge_bundle) if @cartridge_bundle
+        blti_node.cartridge_icon(:identifierref => @cartridge_icon) if @cartridge_icon
+
+      end
+    end
+
+    private
+
+    def get_node_text(node, path)
+      if val = REXML::XPath.first(node, path, LTI_NAMESPACES)
+        val.text
+      else
+        nil
+      end
+    end
+
+    def get_node_att(node, path, att)
+      if val = REXML::XPath.first(node, path, LTI_NAMESPACES)
+        val.attributes[att]
+      else
+        nil
+      end
+    end
+
+    def set_properties(hash, node)
+      REXML::XPath.each(node, 'lticm:property', LTI_NAMESPACES) do |prop|
+        hash[prop.attributes['name']] = prop.text
+      end
+    end
+
+  end
+end

data/lib/ims/lti/tool_consumer.rb

@@ -0,0 +1,95 @@
+module IMS::LTI
+  # Class for implementing an LTI Tool Consumer
+  class ToolConsumer
+    include IMS::LTI::Extensions::Base
+    include IMS::LTI::LaunchParams
+    include IMS::LTI::RequestValidator
+
+    attr_accessor :consumer_key, :consumer_secret, :launch_url, :timestamp, :nonce
+
+    # Create a new ToolConsumer
+    #
+    # @param consumer_key [String] The OAuth consumer key
+    # @param consumer_secret [String] The OAuth consumer secret
+    # @param params [Hash] Set the launch parameters as described in LaunchParams
+    def initialize(consumer_key, consumer_secret, params={})
+      @consumer_key = consumer_key
+      @consumer_secret = consumer_secret
+      @custom_params = {}
+      @ext_params = {}
+      @non_spec_params = {}
+      @launch_url = params['launch_url']
+      process_params(params)
+    end
+    
+    def process_post_request(post_request)
+      request = extend_outcome_request(OutcomeRequest.new)
+      request.process_post_request(post_request)
+    end
+
+    # Set launch data from a ToolConfig
+    #
+    # @param config [ToolConfig]
+    def set_config(config)
+      @launch_url ||= config.secure_launch_url
+      @launch_url ||= config.launch_url
+      # any parameters already set will take priority
+      @custom_params = config.custom_params.merge(@custom_params)
+    end
+
+    # Check if the required parameters for a tool launch are set
+    def has_required_params?
+      @consumer_key && @consumer_secret && @resource_link_id && @launch_url
+    end
+
+    # Generate the launch data including the necessary OAuth information
+    #
+    #
+    def generate_launch_data
+      raise IMS::LTI::InvalidLTIConfigError, "Not all required params set for tool launch" unless has_required_params?
+
+      params = self.to_params
+      params['lti_version'] ||= 'LTI-1.0'
+      params['lti_message_type'] ||= 'basic-lti-launch-request'
+      uri = URI.parse(@launch_url)
+
+      if uri.port == uri.default_port
+        host = uri.host
+      else
+        host = "#{uri.host}:#{uri.port}"
+      end
+
+      consumer = OAuth::Consumer.new(@consumer_key, @consumer_secret, {
+              :site => "#{uri.scheme}://#{host}",
+              :signature_method => "HMAC-SHA1"
+      })
+
+      path = uri.path
+      path = '/' if path.empty?
+      if uri.query && uri.query != ''
+        CGI.parse(uri.query).each do |query_key, query_values|
+          unless params[query_key]
+            params[query_key] = query_values.first
+          end
+        end
+      end
+      options = {
+              :scheme => 'body',
+              :timestamp => @timestamp,
+              :nonce => @nonce
+      }
+      request = consumer.create_signed_request(:post, path, nil, options, params)
+
+      # the request is made by a html form in the user's browser, so we
+      # want to revert the escapage and return the hash of post parameters ready
+      # for embedding in a html view
+      hash = {}
+      request.body.split(/&/).each do |param|
+        key, val = param.split(/=/).map { |v| CGI.unescape(v) }
+        hash[key] = val
+      end
+      hash
+    end
+
+  end
+end

data/lib/ims/lti/tool_provider.rb

@@ -0,0 +1,197 @@
+module IMS::LTI
+
+  # Class for implementing an LTI Tool Provider
+  #
+  #     # Initialize TP object with OAuth creds and post parameters
+  #     provider = IMS::LTI::ToolProvider.new(consumer_key, consumer_secret, params)
+  #
+  #     # Verify OAuth signature by passing the request object
+  #     if provider.valid_request?(request)
+  #       # success
+  #     else
+  #       # handle invalid OAuth
+  #     end
+  #
+  #     if provider.outcome_service?
+  #       # ready for grade write-back
+  #     else
+  #       # normal tool launch without grade write-back
+  #     end
+  #
+  # If the tool was launch as an outcome service you can POST a score to the TC.
+  # The POST calls all return an OutcomeResponse object which can be used to
+  # handle the response appropriately.
+  #
+  #     # post the score to the TC, score should be a float >= 0.0 and <= 1.0
+  #     # this returns an OutcomeResponse object
+  #     response = provider.post_replace_result!(score)
+  #     if response.success?
+  #       # grade write worked
+  #     elsif response.processing?
+  #     elsif response.unsupported?
+  #     else
+  #       # failed
+  #     end
+
+  class ToolProvider
+    include IMS::LTI::Extensions::Base
+    include IMS::LTI::LaunchParams
+    include IMS::LTI::RequestValidator
+
+    # OAuth credentials
+    attr_accessor :consumer_key, :consumer_secret
+    # List of outcome requests made through this instance
+    attr_accessor :outcome_requests
+    # Message to be sent back to the ToolConsumer when the user returns
+    attr_accessor :lti_errormsg, :lti_errorlog, :lti_msg, :lti_log
+
+    # Create a new ToolProvider
+    #
+    # @param consumer_key [String] The OAuth consumer key
+    # @param consumer_secret [String] The OAuth consumer secret
+    # @param params [Hash] Set the launch parameters as described in LaunchParams
+    def initialize(consumer_key, consumer_secret, params={})
+      @consumer_key = consumer_key
+      @consumer_secret = consumer_secret
+      @custom_params = {}
+      @ext_params = {}
+      @non_spec_params = {}
+      @outcome_requests = []
+      process_params(params)
+    end
+
+    # Check whether the Launch Parameters have a role
+    def has_role?(role)
+      role = role.downcase
+      @roles && @roles.any?{|r| r.index(role)}
+    end
+
+    # Convenience method for checking if the user has 'learner' or 'student' role
+    def student?
+      has_role?('learner') || has_role?('student')
+    end
+
+    # Convenience method for checking if the user has 'instructor' or 'faculty' or 'staff' role
+    def instructor?
+      has_role?('instructor') || has_role?('faculty') || has_role?('staff')
+    end
+
+    # Convenience method for checking if the user has 'contentdeveloper' role
+    def content_developer?
+      has_role?('ContentDeveloper')
+    end
+
+    # Convenience method for checking if the user has 'Member' role
+    def member?
+      has_role?('Member')
+    end
+
+    # Convenience method for checking if the user has 'Manager' role
+    def manager?
+      has_role?('Manager')
+    end
+
+    # Convenience method for checking if the user has 'Mentor' role
+    def mentor?
+      has_role?('Mentor')
+    end
+
+    # Convenience method for checking if the user has 'administrator' role
+    def admin?
+      has_role?('administrator')
+    end
+
+    # Convenience method for checking if the user has 'TeachingAssistant' role
+    def ta?
+      has_role?('TeachingAssistant')
+    end
+    
+    # Check if the request was an LTI Launch Request
+    def launch_request?
+      lti_message_type == 'basic-lti-launch-request'
+    end
+
+    # Check if the Tool Launch expects an Outcome Result
+    def outcome_service?
+      !!(lis_outcome_service_url && lis_result_sourcedid)
+    end
+
+    # Return the full, given, or family name if set
+    def username(default=nil)
+      lis_person_name_given || lis_person_name_family || lis_person_name_full || default
+    end
+
+    # POSTs the given score to the Tool Consumer with a replaceResult
+    #
+    # Creates a new OutcomeRequest object and stores it in @outcome_requests
+    #
+    # @return [OutcomeResponse] the response from the Tool Consumer
+    def post_replace_result!(score)
+      new_request.post_replace_result!(score)
+    end
+
+    # POSTs a delete request to the Tool Consumer
+    #
+    # Creates a new OutcomeRequest object and stores it in @outcome_requests
+    #
+    # @return [OutcomeResponse] the response from the Tool Consumer
+    def post_delete_result!
+      new_request.post_delete_result!
+    end
+
+    # POSTs the given score to the Tool Consumer with a replaceResult, the
+    # returned OutcomeResponse will have the score
+    #
+    # Creates a new OutcomeRequest object and stores it in @outcome_requests
+    #
+    # @return [OutcomeResponse] the response from the Tool Consumer
+    def post_read_result!
+      new_request.post_read_result!
+    end
+
+    # Returns the most recent OutcomeRequest
+    def last_outcome_request
+      @outcome_requests.last
+    end
+
+    # Convenience method for whether the last OutcomeRequest was successful
+    def last_outcome_success?
+      last_outcome_request && last_outcome_request.outcome_post_successful?
+    end
+
+    # If the Tool Consumer sent a URL for the user to return to this will add
+    # any set messages to the URL.
+    #
+    # Example:
+    #
+    #    tc = IMS::LTI::tc.new
+    #    tc.launch_presentation_return_url = "http://example.com/return"
+    #    tc.lti_msg = "hi there"
+    #    tc.lti_errorlog = "error happens"
+    #
+    #    tc.build_return_url # => "http://example.com/return?lti_msg=hi%20there&lti_errorlog=error%20happens"
+    def build_return_url
+      return nil unless launch_presentation_return_url
+      messages = []
+      %w{lti_errormsg lti_errorlog lti_msg lti_log}.each do |m|
+        if message = self.send(m)
+          messages << "#{m}=#{URI.escape(message)}"
+        end
+      end
+      q_string = messages.any? ? ("?" + messages.join("&")) : ''
+      launch_presentation_return_url + q_string
+    end
+
+    private
+
+    def new_request
+      @outcome_requests << OutcomeRequest.new(:consumer_key => @consumer_key,
+                         :consumer_secret => @consumer_secret,
+                         :lis_outcome_service_url => lis_outcome_service_url,
+                         :lis_result_sourcedid =>lis_result_sourcedid)
+      
+      extend_outcome_request(@outcome_requests.last)
+    end
+    
+  end
+end