omniauth-canvas 1.0.0 → 1.0.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 4c0c30e36d3e9b1c579d216e667b02ad46187a61
-  data.tar.gz: 5b6138bd38ebb022175315f85f5f9a5ad89d73ee
+  metadata.gz: bed487653d42c525284111c5b171b6720bd9c367
+  data.tar.gz: 9f3aee7c1fbeeb1a48f58eef249d55fc905a020b
 SHA512:
-  metadata.gz: 64f34e7d984274d65b291797ac430354c84a21e68112cf7a599efb0b8b1653dfab73f86a95641c7ae4e9c8e81e22efee15c8391accffb63c4819498c6c669fc4
-  data.tar.gz: 1fb3d8d74b34dc7053bb957bade9d1559971674261e8a6222643593e30275ac5f5841a39e8aa3af8c1f2c17f6dd332b142b61067cb8607765d13344df771592e
+  metadata.gz: 8b20a1efeb1f73cd0754169df20f9e32fb84791609e6a0c9558ad5a68d735d0bd84e1a5bafd9661b32f26c2bac569e82ae5a1bf9496fa2145858f5e5a32086d0
+  data.tar.gz: 4684457ad32efc0c4418974774a4e179d5947738cbe758ec2fe7f212437ab17441d7c3bea67d12e0c01994f36abf72632e1252064be65171651ada4ed5061eab

data/.hound.yml

@@ -0,0 +1,8 @@
+# reference: https://houndci.com/configuration
+
+fail_on_violations: true
+
+ruby:
+  enabled: true
+  config_file: .rubocop.yml
+

data/.rubocop.yml

@@ -130,6 +130,22 @@ Style/EachWithObject:
 Style/EmptyLiteral:
   Description: 'Prefer literals to Array.new/Hash.new/String.new.'
   StyleGuide: 'https://github.com/bbatsov/ruby-style-guide#literal-array-hash'
+  Enabled: true
+
+Style/EmptyLinesAroundBlockBody:
+  Description: "Keeps track of empty lines around block bodies."
+  Enabled: false
+
+Style/EmptyLinesAroundClassBody:
+  Description: "Keeps track of empty lines around class bodies."
+  Enabled: false
+
+Style/EmptyLinesAroundModuleBody:
+  Description: "Keeps track of empty lines around module bodies."
+  Enabled: false
+
+Style/EmptyLinesAroundMethodBody:
+  Description: "Keeps track of empty lines around method bodies."
   Enabled: false
 
 # Checks whether the source file has a utf-8 encoding comment or not

data/.travis.yml

@@ -0,0 +1,32 @@
+language: ruby
+sudo: required
+dist: trusty
+
+env:
+  - CXX=g++-4.8
+
+addons:
+  postgresql: "9.5"
+  apt:
+    sources:
+      - ubuntu-toolchain-r-test
+    packages:
+      - g++-4.8
+
+cache:
+  bundler: true
+
+branches:
+  only:
+  - master
+  - staging
+  - stable
+
+services:
+  - postgresql
+
+install:
+  - bundle install
+
+script:
+  - rspec

data/README.md

@@ -1,17 +1,20 @@
-# OmniAuth Canvas
+# OmniAuth Canvas [![Build Status](https://travis-ci.org/atomicjolt/omniauth-canvas.svg?branch=master)](https://travis-ci.org/atomicjolt/omniauth-canvas)
 Gem to authenticate with Instructure Canvas via OAuth2
 
 # Background
-OmniAuth Canvas grew out of the need to simplify the process of setting up LTI and connecting a user account on
-http://www.OpenTapestry.com to Instructure Canvas.
+OmniAuth Canvas grew out of the need to simplify the process of setting up LTI
+and connecting a user account on http://www.OpenTapestry.com to Instructure Canvas.
 
 # Setup
-Contact Instructure or your Canvas administrator to get an OAuth key and secret. By default omniauth-canvas will attempt to
-authenticate with http://canvas.instructure.com. 
+Contact Instructure or your Canvas administrator to get an OAuth key and secret.
+By default omniauth-canvas will attempt to authenticate with http://canvas.instructure.com.
 
-**NOTE**: you will need to set `env['rack.session']['oauth_site']` to the current Canvas instance that you wish to OAuth with. By default this is https://canvas.instructure.com
+**NOTE**: you will need to set `env['rack.session']['oauth_site']` to the current
+Canvas instance that you wish to OAuth with. By default this is https://canvas.instructure.com
 
-To dynamically set the canvas site url do one of the following.
+-- OR --
+
+to dynamically set the canvas site url do one of the following.
 
 ## Standard setup
 
@@ -33,7 +36,7 @@ config.omniauth :canvas, 'canvas_key', 'canvas_secret', :setup => lambda{|env|
 }
 ```
 
-## Alernative Setup
+## Alternative Setup
 
 In this setup, you do not have to set `env['rack.session']['oauth_site']`
 
@@ -47,7 +50,7 @@ Rails.application.config.middleware.use OmniAuth::Builder do
   }
 end
 ```
-  
+
 
 # Canvas Configuration
 
@@ -57,9 +60,76 @@ and secret in the Site Admin account of your Canvas install. There will be a
 consult the [Canvas OAuth Documentation](https://canvas.instructure.com/doc/api/file.oauth.html)
 
 
+# State
+
+In most cases your application will need to restore state after handling the OAuth process
+with Canvas. Since many applications that integrate with Canvas will be launched via the LTI
+protocol inside of an iframe sessions may not be available. To restore application state the
+omniauth-canvas gem uses the "state" parameter provided by the LTI proctocol. You will need
+to add the following code to your application to take advantage of this functionality:
+
+
+Add the following initializer in `config/initializers/omniauth.rb`:
+
+```ruby
+OmniAuth.config.before_request_phase do |env|
+  request = Rack::Request.new(env)
+  state = "#{SecureRandom.hex(24)}#{DateTime.now.to_i}"
+  OauthState.create!(state: state, payload: request.params.to_json)
+  env["omniauth.strategy"].options[:authorize_params].state = state
+
+  # Bye default omniauth will store all params in the session. The code above
+  # stores the values in the database so we remove the values from the session
+  # since the amount of data in the original params object will overflow the
+  # allowed cookie size
+  env["rack.session"].delete("omniauth.params")
+end
+```
+
+Add the following middleware to `lib/middlware/oauth_state_middleware.rb`:
+
+```ruby
+class OauthStateMiddleware
+  def initialize(app)
+    @app = app
+  end
+
+  def call(env)
+    request = Rack::Request.new(env)
+    if request.params["state"] && request.params["code"]
+      if oauth_state = OauthState.find_by(state: request.params["state"])
+        # Restore the param from before the OAuth dance
+        state_params = JSON.parse(oauth_state.payload) || {}
+        state_params.each do |key, value|
+          request.update_param(key, value)
+        end
+        application_instance = ApplicationInstance.find_by(lti_key: state_params["oauth_consumer_key"])
+        env["canvas.url"] = application_instance.lti_consumer_uri
+        oauth_state.destroy
+      else
+        raise OauthStateMiddlewareException, "Invalid state in OAuth callback"
+      end
+    end
+    @app.call(env)
+  end
+end
+
+class OauthStateMiddlewareException < RuntimeError
+end
+```
+
+
+Last, enable the middleware by adding the following to `config/application.rb`:
+
+```ruby
+# Middleware that can restore state after an OAuth request
+config.middleware.insert_before 0, "OauthStateMiddleware"
+```
+
+
 # License
 
-Copyright (C) 2012-2016 by Justin Ball and Atomic Jolt.
+Copyright (C) 2012-2017 by Justin Ball and Atomic Jolt.
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

data/lib/omniauth-canvas/version.rb

@@ -1,5 +1,5 @@
 module OmniAuth
   module Canvas
-    VERSION = "1.0.0".freeze
+    VERSION = "1.0.1".freeze
   end
 end

data/lib/omniauth/strategies/canvas.rb

@@ -3,6 +3,7 @@ require "omniauth-oauth2"
 module OmniAuth
   module Strategies
     class Canvas < OmniAuth::Strategies::OAuth2
+
       option :name, "canvas"
 
       option :client_options,
@@ -10,7 +11,9 @@ module OmniAuth
              authorize_url: "/login/oauth2/auth",
              token_url:     "/login/oauth2/token"
 
-      option :provider_ignores_state, false
+      # Canvas does use state but we want to control it rather than letting
+      # omniauth-oauth2 handle it.
+      option :provider_ignores_state, true
 
       option :token_params,
              parse: :json
@@ -46,7 +49,9 @@ module OmniAuth
         ""
       end
 
-      # Override authorize_params so that we can be deliberate about setting state if needed
+      # Override authorize_params so that we can be deliberate about the value for state
+      # and not use the session which is unavailable inside of an iframe for some
+      # browsers (ie Safari)
       def authorize_params
         # Only set state if it hasn't already been set
         options.authorize_params[:state] ||= SecureRandom.hex(24)
@@ -55,9 +60,9 @@ module OmniAuth
           @env ||= {}
           @env["rack.session"] ||= {}
         end
-        session["omniauth.state"] = params[:state]
         params
       end
+
     end
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: omniauth-canvas
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 1.0.1
 platform: ruby
 authors:
 - Justin Ball
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-01-07 00:00:00.000000000 Z
+date: 2017-01-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: omniauth
@@ -45,10 +45,12 @@ extensions: []
 extra_rdoc_files: []
 files:
 - ".gitignore"
+- ".hound.yml"
 - ".rspec"
 - ".rubocop.yml"
 - ".ruby-gemset"
 - ".ruby-version"
+- ".travis.yml"
 - Gemfile
 - Guardfile
 - README.md