omniauth-canvas 1.0.0 → 1.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 4c0c30e36d3e9b1c579d216e667b02ad46187a61
4
- data.tar.gz: 5b6138bd38ebb022175315f85f5f9a5ad89d73ee
3
+ metadata.gz: bed487653d42c525284111c5b171b6720bd9c367
4
+ data.tar.gz: 9f3aee7c1fbeeb1a48f58eef249d55fc905a020b
5
5
  SHA512:
6
- metadata.gz: 64f34e7d984274d65b291797ac430354c84a21e68112cf7a599efb0b8b1653dfab73f86a95641c7ae4e9c8e81e22efee15c8391accffb63c4819498c6c669fc4
7
- data.tar.gz: 1fb3d8d74b34dc7053bb957bade9d1559971674261e8a6222643593e30275ac5f5841a39e8aa3af8c1f2c17f6dd332b142b61067cb8607765d13344df771592e
6
+ metadata.gz: 8b20a1efeb1f73cd0754169df20f9e32fb84791609e6a0c9558ad5a68d735d0bd84e1a5bafd9661b32f26c2bac569e82ae5a1bf9496fa2145858f5e5a32086d0
7
+ data.tar.gz: 4684457ad32efc0c4418974774a4e179d5947738cbe758ec2fe7f212437ab17441d7c3bea67d12e0c01994f36abf72632e1252064be65171651ada4ed5061eab
data/.hound.yml ADDED
@@ -0,0 +1,8 @@
1
+ # reference: https://houndci.com/configuration
2
+
3
+ fail_on_violations: true
4
+
5
+ ruby:
6
+ enabled: true
7
+ config_file: .rubocop.yml
8
+
data/.rubocop.yml CHANGED
@@ -130,6 +130,22 @@ Style/EachWithObject:
130
130
  Style/EmptyLiteral:
131
131
  Description: 'Prefer literals to Array.new/Hash.new/String.new.'
132
132
  StyleGuide: 'https://github.com/bbatsov/ruby-style-guide#literal-array-hash'
133
+ Enabled: true
134
+
135
+ Style/EmptyLinesAroundBlockBody:
136
+ Description: "Keeps track of empty lines around block bodies."
137
+ Enabled: false
138
+
139
+ Style/EmptyLinesAroundClassBody:
140
+ Description: "Keeps track of empty lines around class bodies."
141
+ Enabled: false
142
+
143
+ Style/EmptyLinesAroundModuleBody:
144
+ Description: "Keeps track of empty lines around module bodies."
145
+ Enabled: false
146
+
147
+ Style/EmptyLinesAroundMethodBody:
148
+ Description: "Keeps track of empty lines around method bodies."
133
149
  Enabled: false
134
150
 
135
151
  # Checks whether the source file has a utf-8 encoding comment or not
data/.travis.yml ADDED
@@ -0,0 +1,32 @@
1
+ language: ruby
2
+ sudo: required
3
+ dist: trusty
4
+
5
+ env:
6
+ - CXX=g++-4.8
7
+
8
+ addons:
9
+ postgresql: "9.5"
10
+ apt:
11
+ sources:
12
+ - ubuntu-toolchain-r-test
13
+ packages:
14
+ - g++-4.8
15
+
16
+ cache:
17
+ bundler: true
18
+
19
+ branches:
20
+ only:
21
+ - master
22
+ - staging
23
+ - stable
24
+
25
+ services:
26
+ - postgresql
27
+
28
+ install:
29
+ - bundle install
30
+
31
+ script:
32
+ - rspec
data/README.md CHANGED
@@ -1,17 +1,20 @@
1
- # OmniAuth Canvas
1
+ # OmniAuth Canvas [![Build Status](https://travis-ci.org/atomicjolt/omniauth-canvas.svg?branch=master)](https://travis-ci.org/atomicjolt/omniauth-canvas)
2
2
  Gem to authenticate with Instructure Canvas via OAuth2
3
3
 
4
4
  # Background
5
- OmniAuth Canvas grew out of the need to simplify the process of setting up LTI and connecting a user account on
6
- http://www.OpenTapestry.com to Instructure Canvas.
5
+ OmniAuth Canvas grew out of the need to simplify the process of setting up LTI
6
+ and connecting a user account on http://www.OpenTapestry.com to Instructure Canvas.
7
7
 
8
8
  # Setup
9
- Contact Instructure or your Canvas administrator to get an OAuth key and secret. By default omniauth-canvas will attempt to
10
- authenticate with http://canvas.instructure.com.
9
+ Contact Instructure or your Canvas administrator to get an OAuth key and secret.
10
+ By default omniauth-canvas will attempt to authenticate with http://canvas.instructure.com.
11
11
 
12
- **NOTE**: you will need to set `env['rack.session']['oauth_site']` to the current Canvas instance that you wish to OAuth with. By default this is https://canvas.instructure.com
12
+ **NOTE**: you will need to set `env['rack.session']['oauth_site']` to the current
13
+ Canvas instance that you wish to OAuth with. By default this is https://canvas.instructure.com
13
14
 
14
- To dynamically set the canvas site url do one of the following.
15
+ -- OR --
16
+
17
+ to dynamically set the canvas site url do one of the following.
15
18
 
16
19
  ## Standard setup
17
20
 
@@ -33,7 +36,7 @@ config.omniauth :canvas, 'canvas_key', 'canvas_secret', :setup => lambda{|env|
33
36
  }
34
37
  ```
35
38
 
36
- ## Alernative Setup
39
+ ## Alternative Setup
37
40
 
38
41
  In this setup, you do not have to set `env['rack.session']['oauth_site']`
39
42
 
@@ -47,7 +50,7 @@ Rails.application.config.middleware.use OmniAuth::Builder do
47
50
  }
48
51
  end
49
52
  ```
50
-
53
+
51
54
 
52
55
  # Canvas Configuration
53
56
 
@@ -57,9 +60,76 @@ and secret in the Site Admin account of your Canvas install. There will be a
57
60
  consult the [Canvas OAuth Documentation](https://canvas.instructure.com/doc/api/file.oauth.html)
58
61
 
59
62
 
63
+ # State
64
+
65
+ In most cases your application will need to restore state after handling the OAuth process
66
+ with Canvas. Since many applications that integrate with Canvas will be launched via the LTI
67
+ protocol inside of an iframe sessions may not be available. To restore application state the
68
+ omniauth-canvas gem uses the "state" parameter provided by the LTI proctocol. You will need
69
+ to add the following code to your application to take advantage of this functionality:
70
+
71
+
72
+ Add the following initializer in `config/initializers/omniauth.rb`:
73
+
74
+ ```ruby
75
+ OmniAuth.config.before_request_phase do |env|
76
+ request = Rack::Request.new(env)
77
+ state = "#{SecureRandom.hex(24)}#{DateTime.now.to_i}"
78
+ OauthState.create!(state: state, payload: request.params.to_json)
79
+ env["omniauth.strategy"].options[:authorize_params].state = state
80
+
81
+ # Bye default omniauth will store all params in the session. The code above
82
+ # stores the values in the database so we remove the values from the session
83
+ # since the amount of data in the original params object will overflow the
84
+ # allowed cookie size
85
+ env["rack.session"].delete("omniauth.params")
86
+ end
87
+ ```
88
+
89
+ Add the following middleware to `lib/middlware/oauth_state_middleware.rb`:
90
+
91
+ ```ruby
92
+ class OauthStateMiddleware
93
+ def initialize(app)
94
+ @app = app
95
+ end
96
+
97
+ def call(env)
98
+ request = Rack::Request.new(env)
99
+ if request.params["state"] && request.params["code"]
100
+ if oauth_state = OauthState.find_by(state: request.params["state"])
101
+ # Restore the param from before the OAuth dance
102
+ state_params = JSON.parse(oauth_state.payload) || {}
103
+ state_params.each do |key, value|
104
+ request.update_param(key, value)
105
+ end
106
+ application_instance = ApplicationInstance.find_by(lti_key: state_params["oauth_consumer_key"])
107
+ env["canvas.url"] = application_instance.lti_consumer_uri
108
+ oauth_state.destroy
109
+ else
110
+ raise OauthStateMiddlewareException, "Invalid state in OAuth callback"
111
+ end
112
+ end
113
+ @app.call(env)
114
+ end
115
+ end
116
+
117
+ class OauthStateMiddlewareException < RuntimeError
118
+ end
119
+ ```
120
+
121
+
122
+ Last, enable the middleware by adding the following to `config/application.rb`:
123
+
124
+ ```ruby
125
+ # Middleware that can restore state after an OAuth request
126
+ config.middleware.insert_before 0, "OauthStateMiddleware"
127
+ ```
128
+
129
+
60
130
  # License
61
131
 
62
- Copyright (C) 2012-2016 by Justin Ball and Atomic Jolt.
132
+ Copyright (C) 2012-2017 by Justin Ball and Atomic Jolt.
63
133
 
64
134
  Permission is hereby granted, free of charge, to any person obtaining a copy
65
135
  of this software and associated documentation files (the "Software"), to deal
@@ -1,5 +1,5 @@
1
1
  module OmniAuth
2
2
  module Canvas
3
- VERSION = "1.0.0".freeze
3
+ VERSION = "1.0.1".freeze
4
4
  end
5
5
  end
@@ -3,6 +3,7 @@ require "omniauth-oauth2"
3
3
  module OmniAuth
4
4
  module Strategies
5
5
  class Canvas < OmniAuth::Strategies::OAuth2
6
+
6
7
  option :name, "canvas"
7
8
 
8
9
  option :client_options,
@@ -10,7 +11,9 @@ module OmniAuth
10
11
  authorize_url: "/login/oauth2/auth",
11
12
  token_url: "/login/oauth2/token"
12
13
 
13
- option :provider_ignores_state, false
14
+ # Canvas does use state but we want to control it rather than letting
15
+ # omniauth-oauth2 handle it.
16
+ option :provider_ignores_state, true
14
17
 
15
18
  option :token_params,
16
19
  parse: :json
@@ -46,7 +49,9 @@ module OmniAuth
46
49
  ""
47
50
  end
48
51
 
49
- # Override authorize_params so that we can be deliberate about setting state if needed
52
+ # Override authorize_params so that we can be deliberate about the value for state
53
+ # and not use the session which is unavailable inside of an iframe for some
54
+ # browsers (ie Safari)
50
55
  def authorize_params
51
56
  # Only set state if it hasn't already been set
52
57
  options.authorize_params[:state] ||= SecureRandom.hex(24)
@@ -55,9 +60,9 @@ module OmniAuth
55
60
  @env ||= {}
56
61
  @env["rack.session"] ||= {}
57
62
  end
58
- session["omniauth.state"] = params[:state]
59
63
  params
60
64
  end
65
+
61
66
  end
62
67
  end
63
68
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: omniauth-canvas
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.0
4
+ version: 1.0.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Justin Ball
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2017-01-07 00:00:00.000000000 Z
11
+ date: 2017-01-20 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: omniauth
@@ -45,10 +45,12 @@ extensions: []
45
45
  extra_rdoc_files: []
46
46
  files:
47
47
  - ".gitignore"
48
+ - ".hound.yml"
48
49
  - ".rspec"
49
50
  - ".rubocop.yml"
50
51
  - ".ruby-gemset"
51
52
  - ".ruby-version"
53
+ - ".travis.yml"
52
54
  - Gemfile
53
55
  - Guardfile
54
56
  - README.md