omniauth-canvas 1.0.0 → 1.0.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 4c0c30e36d3e9b1c579d216e667b02ad46187a61
4
- data.tar.gz: 5b6138bd38ebb022175315f85f5f9a5ad89d73ee
3
+ metadata.gz: bed487653d42c525284111c5b171b6720bd9c367
4
+ data.tar.gz: 9f3aee7c1fbeeb1a48f58eef249d55fc905a020b
5
5
  SHA512:
6
- metadata.gz: 64f34e7d984274d65b291797ac430354c84a21e68112cf7a599efb0b8b1653dfab73f86a95641c7ae4e9c8e81e22efee15c8391accffb63c4819498c6c669fc4
7
- data.tar.gz: 1fb3d8d74b34dc7053bb957bade9d1559971674261e8a6222643593e30275ac5f5841a39e8aa3af8c1f2c17f6dd332b142b61067cb8607765d13344df771592e
6
+ metadata.gz: 8b20a1efeb1f73cd0754169df20f9e32fb84791609e6a0c9558ad5a68d735d0bd84e1a5bafd9661b32f26c2bac569e82ae5a1bf9496fa2145858f5e5a32086d0
7
+ data.tar.gz: 4684457ad32efc0c4418974774a4e179d5947738cbe758ec2fe7f212437ab17441d7c3bea67d12e0c01994f36abf72632e1252064be65171651ada4ed5061eab
data/.hound.yml ADDED
@@ -0,0 +1,8 @@
1
+ # reference: https://houndci.com/configuration
2
+
3
+ fail_on_violations: true
4
+
5
+ ruby:
6
+ enabled: true
7
+ config_file: .rubocop.yml
8
+
data/.rubocop.yml CHANGED
@@ -130,6 +130,22 @@ Style/EachWithObject:
130
130
  Style/EmptyLiteral:
131
131
  Description: 'Prefer literals to Array.new/Hash.new/String.new.'
132
132
  StyleGuide: 'https://github.com/bbatsov/ruby-style-guide#literal-array-hash'
133
+ Enabled: true
134
+
135
+ Style/EmptyLinesAroundBlockBody:
136
+ Description: "Keeps track of empty lines around block bodies."
137
+ Enabled: false
138
+
139
+ Style/EmptyLinesAroundClassBody:
140
+ Description: "Keeps track of empty lines around class bodies."
141
+ Enabled: false
142
+
143
+ Style/EmptyLinesAroundModuleBody:
144
+ Description: "Keeps track of empty lines around module bodies."
145
+ Enabled: false
146
+
147
+ Style/EmptyLinesAroundMethodBody:
148
+ Description: "Keeps track of empty lines around method bodies."
133
149
  Enabled: false
134
150
 
135
151
  # Checks whether the source file has a utf-8 encoding comment or not
data/.travis.yml ADDED
@@ -0,0 +1,32 @@
1
+ language: ruby
2
+ sudo: required
3
+ dist: trusty
4
+
5
+ env:
6
+ - CXX=g++-4.8
7
+
8
+ addons:
9
+ postgresql: "9.5"
10
+ apt:
11
+ sources:
12
+ - ubuntu-toolchain-r-test
13
+ packages:
14
+ - g++-4.8
15
+
16
+ cache:
17
+ bundler: true
18
+
19
+ branches:
20
+ only:
21
+ - master
22
+ - staging
23
+ - stable
24
+
25
+ services:
26
+ - postgresql
27
+
28
+ install:
29
+ - bundle install
30
+
31
+ script:
32
+ - rspec
data/README.md CHANGED
@@ -1,17 +1,20 @@
1
- # OmniAuth Canvas
1
+ # OmniAuth Canvas [![Build Status](https://travis-ci.org/atomicjolt/omniauth-canvas.svg?branch=master)](https://travis-ci.org/atomicjolt/omniauth-canvas)
2
2
  Gem to authenticate with Instructure Canvas via OAuth2
3
3
 
4
4
  # Background
5
- OmniAuth Canvas grew out of the need to simplify the process of setting up LTI and connecting a user account on
6
- http://www.OpenTapestry.com to Instructure Canvas.
5
+ OmniAuth Canvas grew out of the need to simplify the process of setting up LTI
6
+ and connecting a user account on http://www.OpenTapestry.com to Instructure Canvas.
7
7
 
8
8
  # Setup
9
- Contact Instructure or your Canvas administrator to get an OAuth key and secret. By default omniauth-canvas will attempt to
10
- authenticate with http://canvas.instructure.com.
9
+ Contact Instructure or your Canvas administrator to get an OAuth key and secret.
10
+ By default omniauth-canvas will attempt to authenticate with http://canvas.instructure.com.
11
11
 
12
- **NOTE**: you will need to set `env['rack.session']['oauth_site']` to the current Canvas instance that you wish to OAuth with. By default this is https://canvas.instructure.com
12
+ **NOTE**: you will need to set `env['rack.session']['oauth_site']` to the current
13
+ Canvas instance that you wish to OAuth with. By default this is https://canvas.instructure.com
13
14
 
14
- To dynamically set the canvas site url do one of the following.
15
+ -- OR --
16
+
17
+ to dynamically set the canvas site url do one of the following.
15
18
 
16
19
  ## Standard setup
17
20
 
@@ -33,7 +36,7 @@ config.omniauth :canvas, 'canvas_key', 'canvas_secret', :setup => lambda{|env|
33
36
  }
34
37
  ```
35
38
 
36
- ## Alernative Setup
39
+ ## Alternative Setup
37
40
 
38
41
  In this setup, you do not have to set `env['rack.session']['oauth_site']`
39
42
 
@@ -47,7 +50,7 @@ Rails.application.config.middleware.use OmniAuth::Builder do
47
50
  }
48
51
  end
49
52
  ```
50
-
53
+
51
54
 
52
55
  # Canvas Configuration
53
56
 
@@ -57,9 +60,76 @@ and secret in the Site Admin account of your Canvas install. There will be a
57
60
  consult the [Canvas OAuth Documentation](https://canvas.instructure.com/doc/api/file.oauth.html)
58
61
 
59
62
 
63
+ # State
64
+
65
+ In most cases your application will need to restore state after handling the OAuth process
66
+ with Canvas. Since many applications that integrate with Canvas will be launched via the LTI
67
+ protocol inside of an iframe sessions may not be available. To restore application state the
68
+ omniauth-canvas gem uses the "state" parameter provided by the LTI proctocol. You will need
69
+ to add the following code to your application to take advantage of this functionality:
70
+
71
+
72
+ Add the following initializer in `config/initializers/omniauth.rb`:
73
+
74
+ ```ruby
75
+ OmniAuth.config.before_request_phase do |env|
76
+ request = Rack::Request.new(env)
77
+ state = "#{SecureRandom.hex(24)}#{DateTime.now.to_i}"
78
+ OauthState.create!(state: state, payload: request.params.to_json)
79
+ env["omniauth.strategy"].options[:authorize_params].state = state
80
+
81
+ # Bye default omniauth will store all params in the session. The code above
82
+ # stores the values in the database so we remove the values from the session
83
+ # since the amount of data in the original params object will overflow the
84
+ # allowed cookie size
85
+ env["rack.session"].delete("omniauth.params")
86
+ end
87
+ ```
88
+
89
+ Add the following middleware to `lib/middlware/oauth_state_middleware.rb`:
90
+
91
+ ```ruby
92
+ class OauthStateMiddleware
93
+ def initialize(app)
94
+ @app = app
95
+ end
96
+
97
+ def call(env)
98
+ request = Rack::Request.new(env)
99
+ if request.params["state"] && request.params["code"]
100
+ if oauth_state = OauthState.find_by(state: request.params["state"])
101
+ # Restore the param from before the OAuth dance
102
+ state_params = JSON.parse(oauth_state.payload) || {}
103
+ state_params.each do |key, value|
104
+ request.update_param(key, value)
105
+ end
106
+ application_instance = ApplicationInstance.find_by(lti_key: state_params["oauth_consumer_key"])
107
+ env["canvas.url"] = application_instance.lti_consumer_uri
108
+ oauth_state.destroy
109
+ else
110
+ raise OauthStateMiddlewareException, "Invalid state in OAuth callback"
111
+ end
112
+ end
113
+ @app.call(env)
114
+ end
115
+ end
116
+
117
+ class OauthStateMiddlewareException < RuntimeError
118
+ end
119
+ ```
120
+
121
+
122
+ Last, enable the middleware by adding the following to `config/application.rb`:
123
+
124
+ ```ruby
125
+ # Middleware that can restore state after an OAuth request
126
+ config.middleware.insert_before 0, "OauthStateMiddleware"
127
+ ```
128
+
129
+
60
130
  # License
61
131
 
62
- Copyright (C) 2012-2016 by Justin Ball and Atomic Jolt.
132
+ Copyright (C) 2012-2017 by Justin Ball and Atomic Jolt.
63
133
 
64
134
  Permission is hereby granted, free of charge, to any person obtaining a copy
65
135
  of this software and associated documentation files (the "Software"), to deal
@@ -1,5 +1,5 @@
1
1
  module OmniAuth
2
2
  module Canvas
3
- VERSION = "1.0.0".freeze
3
+ VERSION = "1.0.1".freeze
4
4
  end
5
5
  end
@@ -3,6 +3,7 @@ require "omniauth-oauth2"
3
3
  module OmniAuth
4
4
  module Strategies
5
5
  class Canvas < OmniAuth::Strategies::OAuth2
6
+
6
7
  option :name, "canvas"
7
8
 
8
9
  option :client_options,
@@ -10,7 +11,9 @@ module OmniAuth
10
11
  authorize_url: "/login/oauth2/auth",
11
12
  token_url: "/login/oauth2/token"
12
13
 
13
- option :provider_ignores_state, false
14
+ # Canvas does use state but we want to control it rather than letting
15
+ # omniauth-oauth2 handle it.
16
+ option :provider_ignores_state, true
14
17
 
15
18
  option :token_params,
16
19
  parse: :json
@@ -46,7 +49,9 @@ module OmniAuth
46
49
  ""
47
50
  end
48
51
 
49
- # Override authorize_params so that we can be deliberate about setting state if needed
52
+ # Override authorize_params so that we can be deliberate about the value for state
53
+ # and not use the session which is unavailable inside of an iframe for some
54
+ # browsers (ie Safari)
50
55
  def authorize_params
51
56
  # Only set state if it hasn't already been set
52
57
  options.authorize_params[:state] ||= SecureRandom.hex(24)
@@ -55,9 +60,9 @@ module OmniAuth
55
60
  @env ||= {}
56
61
  @env["rack.session"] ||= {}
57
62
  end
58
- session["omniauth.state"] = params[:state]
59
63
  params
60
64
  end
65
+
61
66
  end
62
67
  end
63
68
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: omniauth-canvas
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.0
4
+ version: 1.0.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Justin Ball
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2017-01-07 00:00:00.000000000 Z
11
+ date: 2017-01-20 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: omniauth
@@ -45,10 +45,12 @@ extensions: []
45
45
  extra_rdoc_files: []
46
46
  files:
47
47
  - ".gitignore"
48
+ - ".hound.yml"
48
49
  - ".rspec"
49
50
  - ".rubocop.yml"
50
51
  - ".ruby-gemset"
51
52
  - ".ruby-version"
53
+ - ".travis.yml"
52
54
  - Gemfile
53
55
  - Guardfile
54
56
  - README.md