RubyGems - omniauth-canvas - Versions diffs - 1.0.0 → 1.0.1 - Mend

omniauth-canvas 1.0.0 → 1.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

checksums.yaml +4 -4
data/.hound.yml +8 -0
data/.rubocop.yml +16 -0
data/.travis.yml +32 -0
data/README.md +80 -10
data/lib/omniauth-canvas/version.rb +1 -1
data/lib/omniauth/strategies/canvas.rb +8 -3
metadata +4 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 4c0c30e36d3e9b1c579d216e667b02ad46187a61
-  data.tar.gz: 5b6138bd38ebb022175315f85f5f9a5ad89d73ee
+  metadata.gz: bed487653d42c525284111c5b171b6720bd9c367
+  data.tar.gz: 9f3aee7c1fbeeb1a48f58eef249d55fc905a020b
 SHA512:
-  metadata.gz: 64f34e7d984274d65b291797ac430354c84a21e68112cf7a599efb0b8b1653dfab73f86a95641c7ae4e9c8e81e22efee15c8391accffb63c4819498c6c669fc4
-  data.tar.gz: 1fb3d8d74b34dc7053bb957bade9d1559971674261e8a6222643593e30275ac5f5841a39e8aa3af8c1f2c17f6dd332b142b61067cb8607765d13344df771592e
+  metadata.gz: 8b20a1efeb1f73cd0754169df20f9e32fb84791609e6a0c9558ad5a68d735d0bd84e1a5bafd9661b32f26c2bac569e82ae5a1bf9496fa2145858f5e5a32086d0
+  data.tar.gz: 4684457ad32efc0c4418974774a4e179d5947738cbe758ec2fe7f212437ab17441d7c3bea67d12e0c01994f36abf72632e1252064be65171651ada4ed5061eab

data/.hound.yml ADDED Viewed

@@ -0,0 +1,8 @@
+# reference: https://houndci.com/configuration
+fail_on_violations: true
+ruby:
+  enabled: true
+  config_file: .rubocop.yml

data/.rubocop.yml CHANGED Viewed

@@ -130,6 +130,22 @@ Style/EachWithObject:
 Style/EmptyLiteral:
   Description: 'Prefer literals to Array.new/Hash.new/String.new.'
   StyleGuide: 'https://github.com/bbatsov/ruby-style-guide#literal-array-hash'
+  Enabled: true
+Style/EmptyLinesAroundBlockBody:
+  Description: "Keeps track of empty lines around block bodies."
+  Enabled: false
+Style/EmptyLinesAroundClassBody:
+  Description: "Keeps track of empty lines around class bodies."
+  Enabled: false
+Style/EmptyLinesAroundModuleBody:
+  Description: "Keeps track of empty lines around module bodies."
+  Enabled: false
+Style/EmptyLinesAroundMethodBody:
+  Description: "Keeps track of empty lines around method bodies."
   Enabled: false
 # Checks whether the source file has a utf-8 encoding comment or not

data/.travis.yml ADDED Viewed

@@ -0,0 +1,32 @@
+language: ruby
+sudo: required
+dist: trusty
+env:
+  - CXX=g++-4.8
+addons:
+  postgresql: "9.5"
+  apt:
+    sources:
+      - ubuntu-toolchain-r-test
+    packages:
+      - g++-4.8
+cache:
+  bundler: true
+branches:
+  only:
+  - master
+  - staging
+  - stable
+services:
+  - postgresql
+install:
+  - bundle install
+script:
+  - rspec

data/README.md CHANGED Viewed

@@ -1,17 +1,20 @@
-# OmniAuth Canvas
+# OmniAuth Canvas [![Build Status](https://travis-ci.org/atomicjolt/omniauth-canvas.svg?branch=master)](https://travis-ci.org/atomicjolt/omniauth-canvas)
 Gem to authenticate with Instructure Canvas via OAuth2
 # Background
-OmniAuth Canvas grew out of the need to simplify the process of setting up LTI and connecting a user account on
-http://www.OpenTapestry.com to Instructure Canvas.
+OmniAuth Canvas grew out of the need to simplify the process of setting up LTI
+and connecting a user account on http://www.OpenTapestry.com to Instructure Canvas.
 # Setup
-Contact Instructure or your Canvas administrator to get an OAuth key and secret. By default omniauth-canvas will attempt to
-authenticate with http://canvas.instructure.com.
+Contact Instructure or your Canvas administrator to get an OAuth key and secret.
+By default omniauth-canvas will attempt to authenticate with http://canvas.instructure.com.
-**NOTE**: you will need to set `env['rack.session']['oauth_site']` to the current Canvas instance that you wish to OAuth with. By default this is https://canvas.instructure.com
+**NOTE**: you will need to set `env['rack.session']['oauth_site']` to the current
+Canvas instance that you wish to OAuth with. By default this is https://canvas.instructure.com
-To dynamically set the canvas site url do one of the following.
+-- OR --
+to dynamically set the canvas site url do one of the following.
 ## Standard setup
@@ -33,7 +36,7 @@ config.omniauth :canvas, 'canvas_key', 'canvas_secret', :setup => lambda{|env|
 }
 ```
-## Alernative Setup
+## Alternative Setup
 In this setup, you do not have to set `env['rack.session']['oauth_site']`
@@ -47,7 +50,7 @@ Rails.application.config.middleware.use OmniAuth::Builder do
   }
 end
 ```
 # Canvas Configuration
@@ -57,9 +60,76 @@ and secret in the Site Admin account of your Canvas install. There will be a
 consult the [Canvas OAuth Documentation](https://canvas.instructure.com/doc/api/file.oauth.html)
+# State
+In most cases your application will need to restore state after handling the OAuth process
+with Canvas. Since many applications that integrate with Canvas will be launched via the LTI
+protocol inside of an iframe sessions may not be available. To restore application state the
+omniauth-canvas gem uses the "state" parameter provided by the LTI proctocol. You will need
+to add the following code to your application to take advantage of this functionality:
+Add the following initializer in `config/initializers/omniauth.rb`:
+```ruby
+OmniAuth.config.before_request_phase do |env|
+  request = Rack::Request.new(env)
+  state = "#{SecureRandom.hex(24)}#{DateTime.now.to_i}"
+  OauthState.create!(state: state, payload: request.params.to_json)
+  env["omniauth.strategy"].options[:authorize_params].state = state
+  # Bye default omniauth will store all params in the session. The code above
+  # stores the values in the database so we remove the values from the session
+  # since the amount of data in the original params object will overflow the
+  # allowed cookie size
+  env["rack.session"].delete("omniauth.params")
+end
+```
+Add the following middleware to `lib/middlware/oauth_state_middleware.rb`:
+```ruby
+class OauthStateMiddleware
+  def initialize(app)
+    @app = app
+  end
+  def call(env)
+    request = Rack::Request.new(env)
+    if request.params["state"] && request.params["code"]
+      if oauth_state = OauthState.find_by(state: request.params["state"])
+        # Restore the param from before the OAuth dance
+        state_params = JSON.parse(oauth_state.payload) || {}
+        state_params.each do |key, value|
+          request.update_param(key, value)
+        end
+        application_instance = ApplicationInstance.find_by(lti_key: state_params["oauth_consumer_key"])
+        env["canvas.url"] = application_instance.lti_consumer_uri
+        oauth_state.destroy
+      else
+        raise OauthStateMiddlewareException, "Invalid state in OAuth callback"
+      end
+    end
+    @app.call(env)
+  end
+end
+class OauthStateMiddlewareException < RuntimeError
+end
+```
+Last, enable the middleware by adding the following to `config/application.rb`:
+```ruby
+# Middleware that can restore state after an OAuth request
+config.middleware.insert_before 0, "OauthStateMiddleware"
+```
 # License
-Copyright (C) 2012-2016 by Justin Ball and Atomic Jolt.
+Copyright (C) 2012-2017 by Justin Ball and Atomic Jolt.
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

data/lib/omniauth-canvas/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 module OmniAuth
   module Canvas
-    VERSION = "1.0.0".freeze
+    VERSION = "1.0.1".freeze
   end
 end

data/lib/omniauth/strategies/canvas.rb CHANGED Viewed

@@ -3,6 +3,7 @@ require "omniauth-oauth2"
 module OmniAuth
   module Strategies
     class Canvas < OmniAuth::Strategies::OAuth2
       option :name, "canvas"
       option :client_options,
@@ -10,7 +11,9 @@ module OmniAuth
              authorize_url: "/login/oauth2/auth",
              token_url:     "/login/oauth2/token"
-      option :provider_ignores_state, false
+      # Canvas does use state but we want to control it rather than letting
+      # omniauth-oauth2 handle it.
+      option :provider_ignores_state, true
       option :token_params,
              parse: :json
@@ -46,7 +49,9 @@ module OmniAuth
         ""
       end
-      # Override authorize_params so that we can be deliberate about setting state if needed
+      # Override authorize_params so that we can be deliberate about the value for state
+      # and not use the session which is unavailable inside of an iframe for some
+      # browsers (ie Safari)
       def authorize_params
         # Only set state if it hasn't already been set
         options.authorize_params[:state] ||= SecureRandom.hex(24)
@@ -55,9 +60,9 @@ module OmniAuth
           @env ||= {}
           @env["rack.session"] ||= {}
         end
-        session["omniauth.state"] = params[:state]
         params
       end
     end
   end
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: omniauth-canvas
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 1.0.1
 platform: ruby
 authors:
 - Justin Ball
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2017-01-07 00:00:00.000000000 Z
+date: 2017-01-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: omniauth
@@ -45,10 +45,12 @@ extensions: []
 extra_rdoc_files: []
 files:
 - ".gitignore"
+- ".hound.yml"
 - ".rspec"
 - ".rubocop.yml"
 - ".ruby-gemset"
 - ".ruby-version"
+- ".travis.yml"
 - Gemfile
 - Guardfile
 - README.md