RubyGems - panda_pal - Versions diffs - 4.0.2 → 4.0.3 - Mend

panda_pal 4.0.2 → 4.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

checksums.yaml +4 -4
data/app/views/panda_pal/lti/iframe_cookie_fix.html.erb +10 -2
data/lib/panda_pal/helpers/controller_helper.rb +25 -4
data/lib/panda_pal/version.rb +1 -1
metadata +2 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: afe38f771fc25a97396ec32fe2a0a9d2492026145469a1c6995c4d320eaff626
-  data.tar.gz: 035e59312c1e871de23f1cd589810e4298d5bdf41252b6b1d7051c334ad02895
+  metadata.gz: 5417c78c9e0bcfbf54c14f734f2557bc404b2cd8468308dadec444990504ddae
+  data.tar.gz: 662611dc5ee5bdea1e9ed4fc288c0ba3ac9a2f719245d08666118f4254e46bd1
 SHA512:
-  metadata.gz: 41a6fb8d81d599434f6103e8158bda1529a1cdf743af3b25e9b7dc66cf0b3c23a2cb053943a5b346a13f150b7ed8934c0cdfc42f50f598977263ddf6a6c97d8c
-  data.tar.gz: 7a11d36cbf9ff16743896326e3b4a3fc04bbe85a4513fbd84593f357433a4e93b268eab8df771c241a1e3305d72e9e3dcd39c379beeca8b6fc8d6e0392b878c6
+  metadata.gz: af4e16b5a96d1aca7b4a5f427738ee3059668af3d66ec7f4d56cadf2bafa1b838296b3bbf17033b2893e5a9d7d9e8656d0e2483a09d96f8ddcdc34a278fbf5fd
+  data.tar.gz: fdd6010fa02960f3e9a613a3e4c0f28ee42c1b13318b61660b973ca1bd5611d88c1a96f2d17e7addc98505fb02a47b361a0665a8673c5694b07a46e3b75740ee

data/app/views/panda_pal/lti/iframe_cookie_fix.html.erb CHANGED Viewed

@@ -1,4 +1,12 @@
 <script nonce=<%= content_security_policy_script_nonce %>>
-  var referrer = document.referrer;
-  top.window.location='?safari_cookie_fix=true&return_to='.concat(encodeURI(referrer));
+  const mainWindow = window.parent;
+  var url = window.location.href;
+  // Until PLAT-4836 is resolved, we need to make sure our url has a "?" in it.
+  if (!(url.indexOf("?") > -1)) {
+    url = url + "?dummy_param=1"
+  }
+  mainWindow.postMessage({
+    messageType: "requestFullWindowLaunch",
+    data: url
+  }, '*');
 </script>

data/lib/panda_pal/helpers/controller_helper.rb CHANGED Viewed

@@ -27,11 +27,32 @@ module PandaPal::Helpers::ControllerHelper
   def validate_launch!
     authorized = false
     if @organization = params['oauth_consumer_key'] && PandaPal::Organization.find_by_key(params['oauth_consumer_key'])
-      authenticator = IMS::LTI::Services::MessageAuthenticator.new(request.original_url, request.request_parameters, @organization.secret)
+      sanitized_params = request.request_parameters
+      # These params come over with a safari-workaround launch.  The authenticator doesn't like them, so clean them out.
+      safe_unexpected_params = ["full_win_launch_requested", "platform_redirect_url", "dummy_param"]
+      safe_unexpected_params.each do |p|
+        sanitized_params.delete(p)
+      end
+      authenticator = IMS::LTI::Services::MessageAuthenticator.new(request.original_url, sanitized_params, @organization.secret)
       authorized = authenticator.valid_signature?
     end
-    render plain: 'Invalid Credentials, please contact your Administrator.', :status => :unauthorized unless authorized
-    authorized
+    # short-circuit if we know the user is not authorized.
+    if !authorized
+      render plain: 'Invalid Credentials, please contact your Administrator.', :status => :unauthorized unless authorized
+      return authorized
+    end
+    if cookies_need_iframe_fix?
+      fix_iframe_cookies
+      return false
+    end
+    # For safari we may have been launched temporarily full-screen by canvas.  This allows us to set the session cookie.
+    # In this case, we should make sure the session cookie is fixed and redirect back to canvas to properly launch the embedded LTI.
+    if params[:platform_redirect_url]
+      session[:safari_cookie_fixed] = true
+      redirect_to params[:platform_redirect_url]
+      return false
+    end
+    return authorized
   end
   def switch_tenant(organization = current_organization, &block)
@@ -57,7 +78,7 @@ module PandaPal::Helpers::ControllerHelper
   end
   def cookies_need_iframe_fix?
-    browser.safari? && !request.referrer&.include?('sessionless_launch') && !session[:safari_cookie_fixed]
+    browser.safari? && !request.referrer&.include?('sessionless_launch') && !session[:safari_cookie_fixed] && !params[:platform_redirect_url]
   end
   def forbid_access_if_lacking_session

data/lib/panda_pal/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module PandaPal
-  VERSION = "4.0.2"
+  VERSION = "4.0.3"
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: panda_pal
 version: !ruby/object:Gem::Version
-  version: 4.0.2
+  version: 4.0.3
 platform: ruby
 authors:
 - Instructure ProServe
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2019-07-31 00:00:00.000000000 Z
+date: 2019-08-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails