panda_pal 5.0.0.beta.1 → 5.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 417de10d63af26bbeadb9b1fa5d57f74fad8070dec477ecf42f7ba914c46be4e
-  data.tar.gz: '0268833a242fda47935ec01207644c3a74daaa31b37b311401ac216b9e34f9bf'
+  metadata.gz: 8a2c4fed3544a682a44b4e9acfc30742ab7f7bcdf2ec22db97d90df80af31e04
+  data.tar.gz: f0ee1ba262458c9a5fee095c17c1c673e58e90cc821ea92d29b59cee2afcd1e4
 SHA512:
-  metadata.gz: 1093764dca3b51778eb98cf8c8ce64bc88af73fb970e9f61597c3f71c92761729ad636ea156da7f2aad7d656ca2f35311f4cce72a338c3eb49f8cb85b788f229
-  data.tar.gz: ee960dc3a06b1da790af9ce3f9a7e6bb76bb06e75a2645097654833226ed84f1f9655455c396607b74981879bed44029147b55ead6efc6437b4abe1c9feb4699
+  metadata.gz: adcb31a168a7c5eb09c5ac4ac4c28de5f45ba480873210e309bf5ba60c4c29b4f172648ed03ccee54cfc0e585eac0a25c56be3686dadf582d11e8b95c24a2870
+  data.tar.gz: b06936171d9f3424d2de2cac678726e33d081084a0a99195c6c6d4b7d4286d0a88bb91c9e1ea269ccccbb3f3ea9698a60096b3b7baf8b162f5db751f7b45521c

data/README.md

@@ -28,6 +28,40 @@ Use one of these 6 options in `PandaPal.lti_options` hash.
 5. Leave this property off, and you will get the dynamic host with the root path ('http://appdomain.com/') by default.
 6. If you really do not want this property use the option `launch_url: false` for it to be left off.
 
+### Task Scheduling
+`PandaPal` includes an integration with `sidekiq-scheduler`. You can define tasks on an Organization class Stub like so:
+```ruby
+# <your_app>/app/models/panda_pal/organization.rb
+require File.expand_path('../../app/models/panda_pal/organization.rb', PandaPal::Engine.called_from)
+
+module PandaPal
+  class Organization
+    # Will invoke CanvasSyncStarterWorker.perform_async() according to the cron schedule
+    scheduled_task '0 15 05 * * *', :identifier, worker: CanvasSyncStarterWorker
+
+    # Will invoke the method 'organization_method' on the Organization
+    scheduled_task '0 15 05 * * *', :organization_method_and_identifier
+
+    # If you need to invoke the same method on multiple schedules
+    scheduled_task '0 15 05 * * *', :identifier, worker: :organization_method
+
+    # You can also use a block
+    scheduled_task '0 15 05 * * *', :identifier do
+      # Do Stuff
+    end
+
+    # You can use a Proc (called in the context of the Organization) to determine the schedule
+    scheduled_task -> { settings[:cron] }, :identifier
+
+    # You can specify a timezone. If a TZ is not coded and settings[:timezone] is present, it will be appended automatically
+    scheduled_task '0 15 05 * * * America/Denver', :identifier, worker: :organization_method
+
+    # Setting settings[:task_schedules][:identifier] will override the code cron schedule. Setting it to false will disable the Task
+    # :identifer values _must_ be unique, but can be nil, in which case they will be determined by where (lineno etc) scheduled_task is called
+  end
+end
+```
+
 # Organization Attributes
   id: Primary Key
   name: Name of the organization. Used to on requests to select the tenant
@@ -226,9 +260,43 @@ In your panda_pal initializer (i.e. config/initializers/panda_pal.rb or config/i
 You can specify options that can include a structure for your settings.  If specified, PandaPal will
 enforce this structure on any new / updated organizations.
 
+```ruby
+PandaPal.lti_options = {
+  title: 'LBS Gradebook',
+  settings_structure: {
+    allow_additional: true, # Allow additional properties that aren't included in the :properties Hash.
+    allow_additional: { type: 'String' }, # You can also set :allow_additional to a settings specification that will be used to validate each additional setting
+    validate: ->(value, spec, **kwargs) {
+      # kwargs currently includes:
+      #   :errors => [An array to push errors to]
+      #   :path => [An array representation of the current path in the settings object]
+
+      # To add errors, you may:
+      # Push strings to the kwargs[:errors] Array:
+      kwargs[:errors] << "Your error message at <path>" unless value < 10
+      # Or return a string or string array:
+      value.valid? ? nil : "Your error message at <path>" # <path> will be replaced with the actual path that the error occurred at
+    },
+    properties: {
+      canvas_api_token: { type: 'String', required: true, },
+      catalog: { # :validate, :allow_additional, :properties keys are all supported at this level as well
+        type: 'Hash',
+        required: false,
+        validate: -> (*args) {},
+        allow_additional: false,
+        properties: {
+
+        },
+      }
+    }
+  },
+}
+```
+
+#### Legacy Settings Structure:
 Here is an example options specification:
 
-```
+```ruby
 PandaPal.lti_options = {
   title: 'LBS Gradebook',
   settings_structure: YAML.load("
@@ -287,7 +355,7 @@ This will allow `PandaPal` to apply an iframe cookie fix that will allow CSRF va
 It has been a constant struggle to force safari to store and allow
 access to a rails session while the application is embedded in Canvas.
 
-As of PandaPal 5, a forced persistent session is now optional, and defaults to off.
+As of PandaPal 5, a persistent session is no longer required by panda_pal.
 
 This means that safari will likely refuse to send info about your rails session
 back to the LTI, and the application will start up a new session each time the
@@ -299,29 +367,8 @@ You will want to watch out for a few scenarios:
    and have your PandaPal session_key persisted server side.
 2) Use the "Authorization" header with "token={session_key}" to send your
    PandaPal session info into api calls.
-
-You can force a persistent session with -
-PandaPal.lti_options = {
-  require_persistent_session: true
-}
-in your config/initializer.  With that setting, the user will be required to
-allow our application to store / access cookies in safari before they can use
-the LTI.
-
-# Notes on require_persistent_session
-
-IF you must have a persistent session this is the logical flow of how panda_pal
-attempts to set that up.
-
-1) LTI laumches.
-2) LTI will attempt to POST message from iframe to top window (canvas) telling
-   canvas to relaunch in full screen so we aren't inhibited by safari.
-3) LTI will setup session and cookies in full-screen mode.  Session will be saved
-   in browser.
-4) LTI will redirect to an authorization page, that will require user to give
-   access to the session store to our application.
-5) Once the user gives access to the session store, we will reload the LTI
-   and the cookie should now be persistent.
+3) If you use link_to and navigate in your LTI (apps that are not single page)
+   make sure you include an encrypted_session_key parameter in your links.
 
 # Upgrading from PandaPal 4 to 5:
 
@@ -361,3 +408,7 @@ class AccountController < ApplicationController
 end
 ```
 
+## Running Specs:
+Initialize the Specs DB:
+`cd spec/dummy; bundle exec rake db:drop; bundle exec rake db:create; bundle exec rake db:schema:load`
+Then `bundle exec rspec`

data/app/models/panda_pal/organization.rb

@@ -1,15 +1,23 @@
+Dir[File.dirname(__FILE__) + "/organization/*.rb"].each { |file| require file }
+
 module PandaPal
+  module OrganizationConcerns; end
 
   class Organization < ActiveRecord::Base
+    include OrganizationConcerns::SettingsValidation
+    include OrganizationConcerns::TaskScheduling if defined?(Sidekiq.schedule)
+
     attribute :settings
+    serialize :settings, Hash
     attr_encrypted :settings, marshal: true, key: :encryption_key
     before_save {|a| a.settings = a.settings} # this is a hacky work-around to a bug where attr_encrypted is not saving settings in place
+
     validates :key, uniqueness: { case_sensitive: false }, presence: true
     validates :secret, presence: true
     validates :name, uniqueness: { case_sensitive: false }, presence: true, format: { with: /\A[a-z0-9_]+\z/i }
     validates :canvas_account_id, presence: true
     validates :salesforce_id, presence: true, uniqueness: true
-    validate :validate_settings
+
     after_create :create_schema
     after_commit :destroy_schema, on: :destroy
 
@@ -17,8 +25,6 @@ module PandaPal
       errors.add(:name, 'should not be changed after creation') if name_changed?
     end
 
-    serialize :settings, Hash
-
     def encryption_key
       # production environment might not have loaded secret_key_base yet.
       # In that case, just read it from env.
@@ -29,6 +35,14 @@ module PandaPal
       end
     end
 
+    def switch_tenant(&block)
+      if block_given?
+        Apartment::Tenant.switch(name, &block)
+      else
+        Apartment::Tenant.switch!(name)
+      end
+    end
+
     private
 
     def create_schema
@@ -38,48 +52,5 @@ module PandaPal
     def destroy_schema
       Apartment::Tenant.drop name
     end
-
-    def validate_settings
-      record = self
-      if PandaPal.lti_options && PandaPal.lti_options[:settings_structure]
-        validate_level(record, PandaPal.lti_options[:settings_structure], record.settings, [])
-      end
-    end
-    def validate_level(record, expectation, reality, previous_keys)
-      # Verify that the data elements at this level conform to requirements.
-      if expectation
-        expectation.each do |key, value|
-          is_required = expectation[key].try(:delete, :is_required)
-          data_type = expectation[key].try(:delete, :data_type)
-          value = reality.is_a?(Hash) ? reality.dig(key) : reality
-
-          if is_required && !value
-            record.errors[:settings] << "PandaPal::Organization.settings requires key [:#{previous_keys.push(key).join("][:")}].  It was not found."
-          end
-          if data_type && value
-            if value.class.to_s != data_type
-              record.errors[:settings] << "PandaPal::Organization.settings expected key [:#{previous_keys.push(key).join("][:")}] to be #{data_type} but it was instead #{value.class}."
-            end
-          end
-        end
-      end
-      # Verify that anything that is in the real settings has an expectation.
-      if reality
-        if reality.is_a? Hash
-          reality.each do |key, value|
-            was_expected = expectation.has_key?(key)
-            if !was_expected
-              record.errors[:settings] << "PandaPal::Organization.settings had unexpected key: #{key}.  If settings have expanded please update your lti_options accordingly."
-            end
-          end
-        end
-      end
-      # Recursively check out any children settings as well.
-      if expectation
-        expectation.each do |key, value|
-          validate_level(record, expectation[key], (reality.is_a?(Hash) ? reality.dig(key) : nil), previous_keys.deep_dup.push(key))
-        end
-      end
-    end
   end
 end

data/app/models/panda_pal/organization/settings_validation.rb

@@ -0,0 +1,111 @@
+module PandaPal
+  module OrganizationConcerns
+    module SettingsValidation
+      extend ActiveSupport::Concern
+
+      included do
+        validate :validate_settings
+      end
+
+      class_methods do
+        def settings_structure
+          if PandaPal.lti_options&.[](:settings_structure).present?
+            normalize_settings_structure(PandaPal.lti_options[:settings_structure])
+          else
+            {
+              type: Hash,
+              allow_additional: true,
+              properties: {},
+            }
+          end
+        end
+
+        def normalize_settings_structure(struc)
+          return {} unless struc.present?
+          return struc if struc[:properties] || struc[:type] || struc.key?(:required)
+
+          struc = struc.dup
+          nstruc = {}
+
+          nstruc[:type] = struc.delete(:data_type) if struc.key?(:data_type)
+          nstruc[:required] = struc.delete(:is_required) if struc.key?(:is_required)
+          nstruc[:properties] = struc.map { |k, sub| [k, normalize_settings_structure(sub)] }.to_h if struc.present?
+
+          nstruc
+        end
+      end
+
+      def settings_structure
+        self.class.settings_structure
+      end
+
+      def validate_settings
+        validate_settings_level(settings || {}, settings_structure).each do |err|
+          errors[:settings] << err
+        end
+      end
+
+      private
+
+      def validate_settings_level(settings, spec, path: [], errors: [])
+        human_path = "[:#{path.join('][:')}]"
+
+        if settings.nil?
+          errors << "Entry #{human_path} is required" if spec[:required]
+          return
+        end
+
+        if spec[:type]
+          resolved_type = spec[:type]
+          resolved_type = resolved_type.constantize if resolved_type.is_a?(String)
+          unless settings.is_a?(resolved_type)
+            errors << "Expected #{human_path} to be a #{spec[:type]}. Was a #{settings.class.to_s}"
+            return
+          end
+        end
+
+        if spec[:validate].present?
+          val_errors = []
+          if spec[:validate].is_a?(Symbol)
+            proc_result = send(spec[:validate], settings, spec, path: path, errors: val_errors)
+          elsif spec[:validate].is_a?(String)
+            split_val = spec[:validate].split?('.')
+            split_val << 'validate_settings' if split_val.count == 1
+            resolved_module = split_val[0].constantize
+            proc_result = resolved_module.send(split_val[1].to_sym, settings, spec, path: path, errors: val_errors)
+          elsif spec[:validate].is_a?(Proc)
+            proc_result = instance_exec(settings, spec, path: path, errors: val_errors, &spec[:validate])
+          end
+          val_errors << proc_result unless val_errors.present? || proc_result == val_errors
+          val_errors = val_errors.flatten.uniq.compact.map do |ve|
+            ve.gsub('<path>', human_path)
+          end
+          errors.concat(val_errors)
+        end
+
+        if settings.is_a?(Hash)
+          if spec[:properties] != nil
+            spec[:properties].each do |key, pspec|
+              validate_settings_level(settings[key], pspec, path: [*path, key], errors: errors)
+            end
+          end
+
+          if spec[:properties] != nil || spec[:allow_additional] != nil
+            extra_keys = settings.keys - (spec[:properties]&.keys || [])
+            if extra_keys.present?
+              if spec[:allow_additional].is_a?(Hash)
+                extra_keys.each do |key|
+                  validate_settings_level(settings[key], spec[:allow_additional], path: [*path, key], errors: errors)
+                end
+              elsif !spec[:allow_additional]
+                errors << "Did not expect #{human_path} to contain [#{extra_keys.join(', ')}]"
+              end
+            end
+          end
+        end
+
+        errors
+      end
+    end
+  end
+end

data/app/models/panda_pal/organization/task_scheduling.rb

@@ -0,0 +1,172 @@
+return unless defined?(Sidekiq.schedule)
+
+require_relative 'settings_validation'
+
+module PandaPal
+  module OrganizationConcerns
+    module TaskScheduling
+      extend ActiveSupport::Concern
+      include OrganizationConcerns::SettingsValidation
+
+      included do
+        after_commit :sync_schedule, on: [:create, :update]
+        after_commit :unschedule_tasks, on: :destroy
+      end
+
+      class_methods do
+        def _schedule_descriptors
+          @_schedule_descriptors ||= {}
+        end
+
+        def settings_structure
+          return super unless _schedule_descriptors.present?
+
+          super.tap do |struc|
+            struc[:properties] ||= {}
+
+            struc[:properties][:timezone] ||= {
+              type: 'String',
+              required: false,
+              validate: ->(timezone, *args) {
+                ActiveSupport::TimeZone[timezone].present? ? nil : "<path> Invalid Timezone '#{timezone}'"
+              },
+            }
+
+            struc[:properties][:task_schedules] = {
+              type: 'Hash',
+              required: false,
+              properties: _schedule_descriptors.keys.reduce({}) do |hash, k|
+                hash.tap do |hash|
+                  hash[k.to_sym] = hash[k.to_s] = {
+                    required: false,
+                    validate: ->(value, *args, errors:, **kwargs) {
+                      begin
+                        Rufus::Scheduler.parse(value) if value
+                        nil
+                      rescue ArgumentError
+                        errors << "<path> must be false or a Crontab string"
+                      end
+                    }
+                  }
+                end
+              end,
+            }
+          end
+        end
+
+        def scheduled_task(cron_time, name_or_method = nil, worker: nil, queue: nil, &block)
+          task_key = (name_or_method.presence || "scheduled_task_#{caller_locations[0].lineno}").to_s
+          raise "Task key '#{task_key}' already taken!" if _schedule_descriptors.key?(task_key)
+
+          _schedule_descriptors[task_key] = {
+            key: task_key,
+            schedule: cron_time,
+            worker: worker || block || name_or_method.to_sym,
+            queue: queue || 'default',
+          }
+        end
+
+        def sync_schedules
+          # Ensure deleted Orgs are removed
+          existing_orgs = pluck(:name)
+          old_schedules = Sidekiq.get_schedule.select do |k, v|
+            m = k.match(/^org:([a-z0-9_]+)\-/i)
+            m.present? && !existing_orgs.include?(m[1])
+          end
+          old_schedules.keys.each do |k|
+            Sidekiq.remove_schedule(k)
+          end
+
+          find_each(&:sync_schedule)
+        end
+      end
+
+      def generate_schedule
+        schedule = {}
+        self.class._schedule_descriptors.values.each do |desc|
+          cron_time = schedule_task_cron_time(desc)
+          next unless cron_time.present?
+
+          schedule["org:#{name}-#{desc[:key]}"] = {
+            'cron' => cron_time,
+            'queue' => desc[:queue],
+            'class' => ScheduledTaskExecutor.to_s,
+            'args' => [name, desc[:key]],
+          }
+        end
+        schedule
+      end
+
+      def sync_schedule
+        new_schedules = generate_schedule
+        unschedule_tasks(new_schedules.keys)
+        new_schedules.each do |k, v|
+          Sidekiq.set_schedule(k, v)
+        end
+      end
+
+      private
+
+      def unschedule_tasks(new_task_keys = nil)
+        current_schedules = Sidekiq.get_schedule.select { |k,v| k.starts_with?("org:#{name}-") }
+        del_tasks = current_schedules.keys
+        del_tasks -= new_task_keys if new_task_keys
+        del_tasks.each do |k|
+          Sidekiq.remove_schedule(k)
+        end
+      end
+
+      def schedule_task_cron_time(desc)
+        cron_time = nil
+        cron_time = settings&.dig(:task_schedules, desc[:key].to_s) if cron_time.nil?
+        cron_time = settings&.dig(:task_schedules, desc[:key].to_sym) if cron_time.nil?
+        cron_time = desc[:schedule] if cron_time.nil?
+
+        return nil unless cron_time.present?
+
+        cron_time = instance_exec(&cron_time) if cron_time.is_a?(Proc)
+        if !Rufus::Scheduler.parse(cron_time).zone.present? && settings && settings[:timezone]
+          cron_time += " #{settings[:timezone]}"
+        end
+
+        cron_time
+      end
+
+      class ScheduledTaskExecutor
+        include Sidekiq::Worker
+
+        def perform(org_name, task_key)
+          org = Organization.find_by!(name: org_name)
+          task = Organization._schedule_descriptors[task_key]
+          worker = task[:worker]
+
+          Apartment::Tenant.switch(org.name) do
+            if worker.is_a?(Proc)
+              org.instance_exec(&worker)
+            elsif worker.is_a?(Symbol)
+              org.send(worker)
+            elsif worker.is_a?(String)
+              worker.constantize.perform_async
+            elsif worker.is_a?(Class)
+              worker.perform_async
+            end
+          end
+        end
+      end
+    end
+  end
+end
+
+SidekiqScheduler::Scheduler.instance.dynamic = true
+
+module SidekiqScheduler
+  module Schedule
+    original_schedule_setter = instance_method(:schedule=)
+
+    define_method :schedule= do |sched|
+      original_schedule_setter.bind(self).(sched).tap do
+        PandaPal::Organization.sync_schedules
+      end
+    end
+  end
+end

data/lib/panda_pal/helpers/controller_helper.rb

@@ -42,29 +42,9 @@ module PandaPal::Helpers::ControllerHelper
       render plain: 'Invalid Credentials, please contact your Administrator.', :status => :unauthorized unless authorized
       return authorized
     end
-    if require_persistent_session
-      if cookies_need_iframe_fix?(false)
-        fix_iframe_cookies
-        return false
-      end
-      # For safari we may have been launched temporarily full-screen by canvas.  This allows us to set the session cookie.
-      # In this case, we should make sure the session cookie is fixed and redirect back to canvas to properly launch the embedded LTI.
-      if params[:platform_redirect_url]
-        session[:safari_cookie_fixed] = true
-        redirect_to params[:platform_redirect_url]
-        return false
-      end
-    end
     return authorized
   end
 
-  def require_persistent_session
-    if PandaPal.lti_options.has_key?(:require_persistent_session) && PandaPal.lti_options[:require_persistent_session] == true
-      return true
-    end
-    return false
-  end
-
   def switch_tenant(organization = current_organization, &block)
     return unless organization
     raise 'This method should be called in an around_action callback' unless block_given?
@@ -74,35 +54,8 @@ module PandaPal::Helpers::ControllerHelper
     end
   end
 
-  # Browsers that prevent 3rd party cookies by default (Safari and IE) run into problems
-  # with CSRF handling because the Rails session cookie isn't set. To fix this, we
-  # redirect the current page to the LTI using JavaScript, which will set the cookie,
-  # and then immediately redirect back to Canvas.
-  def fix_iframe_cookies
-    if params[:safari_cookie_authorized].present?
-      session[:safari_cookie_authorized] = true
-      redirect_to params[:return_to]
-    elsif (session[:safari_cookie_fixed] && !params[:safari_cookie_authorized])
-      render 'panda_pal/lti/iframe_cookie_authorize', layout: false
-    else
-      render 'panda_pal/lti/iframe_cookie_fix', layout: false
-    end
-  end
-
-  def cookies_need_iframe_fix?(check_authorized=true)
-    if check_authorized
-      return browser.safari? && !request.referrer&.include?('sessionless_launch') && !(session[:safari_cookie_fixed] && session[:safari_cookie_authorized]) && !params[:platform_redirect_url]
-    else
-      return browser.safari? && !request.referrer&.include?('sessionless_launch') && !session[:safari_cookie_fixed] && !params[:platform_redirect_url]
-    end
-  end
-
   def forbid_access_if_lacking_session
-    if require_persistent_session && cookies_need_iframe_fix?(true)
-      fix_iframe_cookies
-    else
-      render plain: 'You should do an LTI Tool Launch.', status: :unauthorized unless valid_session?
-    end
+    render plain: 'You should do an LTI Tool Launch.', status: :unauthorized unless valid_session?
     safari_override
   end
 
@@ -129,6 +82,10 @@ module PandaPal::Helpers::ControllerHelper
   end
 
   def session_key
+    if params[:encrypted_session_key]
+      crypt = ActiveSupport::MessageEncryptor.new(Rails.application.secret_key_base[0..31])
+      return crypt.decrypt_and_verify(params[:encrypted_session_key])
+    end
     params[:session_key] || session_key_header || flash[:session_key] || session[:session_key]
   end
 
@@ -139,7 +96,8 @@ module PandaPal::Helpers::ControllerHelper
   end
 
   # Redirect with the session key intact. In production,
-  # handle this by saving it to the flash. In dev,
+  # handle this by encrypting the session key.  That way if the
+  # url is logged anywhere, it will all be encrypted data.   In dev,
   # just put it in the URL. Putting it in the URL
   # is insecure, but is fine in development.
   # Keeping it in the URL in development means that it plays
@@ -162,8 +120,10 @@ module PandaPal::Helpers::ControllerHelper
   end
 
   def redirect_production_mode(location, params)
-    flash['session_key'] = current_session.session_key
+    crypt = ActiveSupport::MessageEncryptor.new(Rails.application.secret_key_base[0..31])
+    encrypted_data = crypt.encrypt_and_sign(current_session.session_key)
     redirect_to send(location, {
+      encrypted_session_key: encrypted_data,
       organization_id: current_organization.id
     }.merge(params))
   end

data/lib/panda_pal/version.rb

@@ -1,3 +1,3 @@
 module PandaPal
-  VERSION = "5.0.0.beta.1"
+  VERSION = "5.1.0"
 end

data/panda_pal.gemspec

@@ -22,6 +22,9 @@ Gem::Specification.new do |s|
   s.add_dependency 'browser', '2.5.0'
   s.add_dependency 'attr_encrypted', '~> 3.0.0'
   s.add_dependency 'secure_headers', '~> 6.1.2'
+
+  s.add_development_dependency 'sidekiq'
+  s.add_development_dependency 'sidekiq-scheduler'
   s.add_development_dependency 'rspec-rails'
   s.add_development_dependency 'factory_girl_rails'
 end

data/spec/dummy/config/application.rb

@@ -1,6 +1,12 @@
 require File.expand_path('../boot', __FILE__)
 
-require 'rails/all'
+require "active_model/railtie"
+require "active_job/railtie"
+require "active_record/railtie"
+# require "active_storage/engine"
+require "action_controller/railtie"
+require "action_mailer/railtie"
+require "action_view/railtie"
 
 Bundler.require(*Rails.groups)
 require "panda_pal"

data/spec/dummy/config/environments/development.rb

@@ -22,20 +22,6 @@ Rails.application.configure do
   # Raise an error on page load if there are pending migrations.
   config.active_record.migration_error = :page_load
 
-  # Debug mode disables concatenation and preprocessing of assets.
-  # This option may cause significant delays in view rendering with a large
-  # number of complex assets.
-  config.assets.debug = true
-
-  # Asset digests allow you to set far-future HTTP expiration dates on all assets,
-  # yet still be able to expire them through the digest params.
-  config.assets.digest = true
-
-  # Adds additional error checking when serving assets at runtime.
-  # Checks for improperly declared sprockets dependencies.
-  # Raises helpful error messages.
-  config.assets.raise_runtime_errors = true
-
   # Raises error for missing translations
   # config.action_view.raise_on_missing_translations = true
 end

data/spec/dummy/config/environments/production.rb

@@ -24,17 +24,6 @@ Rails.application.configure do
   # Apache or NGINX already handles this.
   config.serve_static_files = ENV['RAILS_SERVE_STATIC_FILES'].present?
 
-  # Compress JavaScripts and CSS.
-  config.assets.js_compressor = :uglifier
-  # config.assets.css_compressor = :sass
-
-  # Do not fallback to assets pipeline if a precompiled asset is missed.
-  config.assets.compile = false
-
-  # Asset digests allow you to set far-future HTTP expiration dates on all assets,
-  # yet still be able to expire them through the digest params.
-  config.assets.digest = true
-
   # `config.assets.precompile` and `config.assets.version` have moved to config/initializers/assets.rb
 
   # Specifies the header that your server uses for sending files.

data/spec/models/panda_pal/organization/settings_validation_spec.rb

@@ -0,0 +1,175 @@
+require 'rails_helper'
+
+module PandaPal
+  PandaPal::Organization
+  RSpec.describe OrganizationConcerns::SettingsValidation, type: :model do
+    let!(:org) { create :panda_pal_organization }
+
+    def set_test_settings_structure
+      PandaPal.lti_options = {
+        title: 'Test App',
+        settings_structure: structure,
+      }
+    end
+
+    RSpec.shared_examples "shared stuff" do
+      it 'does not perform any validations if settings is not defined' do
+        PandaPal.lti_options = {}
+        expect(org.valid?).to be_truthy
+      end
+
+      it 'does not perform any validations if options is not defined' do
+        PandaPal.lti_options = nil
+        expect(org.valid?).to be_truthy
+      end
+
+      it 'does perform validations if settings_structure is defined' do
+        set_test_settings_structure
+        org.valid?
+        expect(org.valid?).to be_falsey
+      end
+
+      it 'will fail if a required setting is not present' do
+        set_test_settings_structure
+        expect(org.valid?).to be_falsey
+        errors = org.errors.messages[:settings]
+        expect(errors[0]).to eq("Entry [:canvas] is required")
+      end
+
+      it 'will fail if a setting is supplied but data_type is wrong' do
+        set_test_settings_structure
+        org.settings = {canvas: "Dog", reports: {}}
+        expect(org.valid?).to be_falsey
+        errors = org.errors.messages[:settings]
+        expect(errors[0]).to eq("Expected [:canvas] to be a Hash. Was a String")
+      end
+
+      it 'will fail if a required subsetting is missing' do
+        set_test_settings_structure
+        org.settings = {canvas: {base_url: 'http://'}, reports: {}}
+        expect(org.valid?).to be_falsey
+        errors = org.errors.messages[:settings]
+        expect(errors[0]).to eq("Entry [:canvas][:api_token] is required")
+      end
+
+      it 'will fail if extra options are specified' do
+        set_test_settings_structure
+        org.settings = {canvas: {base_url: 'http://', api_token: 'TEST'}, reports: {}, unknown_option: "WHAT IS THIS?"}
+        expect(org.valid?).to be_falsey
+        errors = org.errors.messages[:settings]
+        expect(errors[0]).to eq("Did not expect [:] to contain [unknown_option]")
+      end
+
+      it 'will pass if all structure is maintained' do
+        set_test_settings_structure
+        org.settings = {canvas: {base_url: 'http://', api_token: 'TEST'}, reports: {submissions_report_time_length: 30.minutes, max_recheck_time: 10.hours}}
+        expect(org.valid?).to be_truthy
+      end
+    end
+
+    context 'new settings_structure' do
+      let!(:properties) do
+        {
+          canvas: {
+            required: true,
+            type: 'Hash',
+            properties: {
+              api_token: { type: 'String', required: true },
+              base_url: { type: 'String', required: true },
+            },
+          },
+          reports: {
+            required: true,
+            type: 'Hash',
+            allow_additional: true,
+          }
+        }
+      end
+
+      let!(:structure) do
+        {
+          properties: properties,
+        }
+      end
+
+      it_behaves_like("shared stuff")
+
+      describe ':allow_additional' do
+        it 'passes extra properties if allow_additional is a matching Hash' do
+          structure[:allow_additional] = { type: 'String' }
+          set_test_settings_structure
+          org.settings = {canvas: {base_url: 'http://', api_token: 'TEST'}, reports: {}, unknown_option: "WHAT IS THIS?"}
+          expect(org).to be_valid
+        end
+
+        it 'fails extra properties if allow_additional is an unmatching Hash' do
+          structure[:allow_additional] = { type: 'Hash' }
+          set_test_settings_structure
+          org.settings = {canvas: {base_url: 'http://', api_token: 'TEST'}, reports: {}, unknown_option: "WHAT IS THIS?"}
+          expect(org).not_to be_valid
+        end
+
+        it 'passes extra properties if allow_additional is a blank Hash' do
+          structure[:allow_additional] = { }
+          set_test_settings_structure
+          org.settings = {canvas: {base_url: 'http://', api_token: 'TEST'}, reports: {}, unknown_option: "WHAT IS THIS?"}
+          expect(org).to be_valid
+        end
+      end
+
+      describe ':validate' do
+        let!(:properties) do
+          {
+            blah: {
+              type: 'String',
+              validate: -> (v, *args) { v == 'blah' ? nil : '<path> failed validation' },
+            }
+          }
+        end
+
+        it 'supports a custom validation proc' do
+          set_test_settings_structure
+          org.settings = { blah: 'blah' }
+          expect(org).to be_valid
+        end
+
+        it 'replaces <path> with the human readable path' do
+          set_test_settings_structure
+          org.settings = { blah: '' }
+          expect(org.valid?).to be_falsey
+          errors = org.errors.messages[:settings]
+          expect(errors[0]).to eq("[:blah] failed validation")
+        end
+      end
+    end
+
+    context 'old settings_structure' do
+      let!(:structure) do
+        YAML.load("
+          canvas:
+            is_required: true
+            data_type: Hash
+            api_token:
+              is_required: true
+              data_type: String
+            base_url:
+              is_required: true
+              data_type: String
+          reports:
+            is_required: true
+            data_type: Hash
+            active_term_allowance:
+            submissions_report_time_length:
+              is_required: false
+              data_type: ActiveSupport::Duration
+            recheck_wait:
+              data_type: ActiveSupport::Duration
+            max_recheck_time:
+              is_required: false
+        ").deep_symbolize_keys
+      end
+
+      it_behaves_like("shared stuff")
+    end
+  end
+end

data/spec/models/panda_pal/organization/task_scheduling_spec.rb

@@ -0,0 +1,144 @@
+require 'rails_helper'
+
+module PandaPal
+  PandaPal::Organization
+
+  RSpec.describe OrganizationConcerns::TaskScheduling, type: :model do
+    let!(:organization) { create(:panda_pal_organization) }
+    let(:schedules) { {} }
+
+    before :each do
+      Organization.instance_variable_set(:@_schedule_descriptors, nil)
+      Organization.scheduled_task('0 0 0 * * *', :ident) { }
+
+      allow(Sidekiq).to receive(:remove_schedule)
+      allow(Sidekiq).to receive(:get_schedule) { schedules }
+    end
+
+    def descriptors
+      Organization.instance_variable_get(:@_schedule_descriptors)
+    end
+
+    def descriptor
+      descriptors[descriptors.keys[0]]
+    end
+
+    describe '.scheduled_task' do
+      it 'adds to the set of descriptors' do
+        expect(descriptors).to match(
+          'ident' => {
+            :key=>"ident",
+            :schedule=>"0 0 0 * * *",
+            :worker=>Proc,
+            :queue=>"default",
+          }
+        )
+      end
+    end
+
+    describe '.sync_schedules' do
+      it 'adds new schedules' do
+        expect(Sidekiq).to receive(:set_schedule).with(/org:\w+-ident/, anything)
+        Organization.sync_schedules
+      end
+
+      it 'removes schedules for deleted Orgs' do
+        schedules['org:deleted_org-schedule'] = {}
+        expect(Sidekiq).to receive(:remove_schedule).with('org:deleted_org-schedule')
+        Organization.sync_schedules
+      end
+
+      it 'keeps schedules created from other sources' do
+        schedules['other-schedule'] = {}
+        expect(Sidekiq).not_to receive(:remove_schedule).with('other-schedule')
+        Organization.sync_schedules
+      end
+    end
+
+    describe '#generate_schedule' do
+      it 'generates the expected schedule' do
+        expect(organization.generate_schedule).to eq({
+          "org:#{organization.name}-ident" => {
+            "cron"=>"0 0 0 * * *",
+            "queue"=>"default",
+            "class"=>"PandaPal::OrganizationConcerns::TaskScheduling::ScheduledTaskExecutor",
+            "args"=>[organization.name, "ident"],
+          }
+        })
+      end
+    end
+
+    describe '#schedule_task_cron_time' do
+      before :each do
+        organization.settings = { timezone: 'America/Denver' }
+      end
+
+      it 'includes timezone if in settings' do
+        expect(organization.send(:schedule_task_cron_time, descriptor)).to eq '0 0 0 * * * America/Denver'
+      end
+
+      it 'does not re-append timezone if already present' do
+        descriptor[:schedule] = '1 1 1 * * * America/Chicago'
+        expect(organization.send(:schedule_task_cron_time, descriptor)).to eq '1 1 1 * * * America/Chicago'
+      end
+    end
+
+    describe '#sync_schedule' do
+      it 'adds new schedules' do
+        expect(Sidekiq).to receive(:set_schedule).with(/org:\w+-ident/, anything)
+        organization.sync_schedule
+      end
+
+      it 'removes old jobs' do
+        schedules["org:#{organization.name}-old_schedule"] = {}
+        expect(Sidekiq).to receive(:remove_schedule).with("org:#{organization.name}-old_schedule")
+        organization.sync_schedule
+      end
+    end
+
+    describe 'SettingsValidation' do
+      before :each do
+        organization.settings = {}
+      end
+
+      it 'passes a valid timezone' do
+        organization.settings[:timezone] = 'America/Denver'
+        expect(organization).to be_valid
+      end
+
+      it 'fails an invalid timezone' do
+        organization.settings[:timezone] = 'Timezone/Blorg'
+        expect(organization).not_to be_valid
+      end
+
+      it 'allows [:task_schedules] entry to be missing' do
+        expect(organization).to be_valid
+      end
+
+      it 'does not require [:task_schedules] sub-entries' do
+        organization.settings[:task_schedules] = {}
+        expect(organization).to be_valid
+      end
+
+      it 'allows task entry to be false' do
+        organization.settings[:task_schedules] = { ident: false }
+        expect(organization).to be_valid
+      end
+
+      it 'allows task entry to be a valid cron string' do
+        organization.settings[:task_schedules] = { ident: '0 0 0 * * * America/Denver' }
+        expect(organization).to be_valid
+      end
+
+      it 'does not allow task entry to be an invalid cron string' do
+        organization.settings[:task_schedules] = { ident: 'blort' }
+        expect(organization).not_to be_valid
+      end
+
+      it 'does not allow sub-entries for unknown tasks' do
+        organization.settings[:task_schedules] = { missing_ident: '0 0 0 * * * America/Denver' }
+        expect(organization).not_to be_valid
+      end
+    end
+  end
+end

data/spec/models/panda_pal/organization_spec.rb

@@ -2,35 +2,6 @@ require 'rails_helper'
 
 module PandaPal
   RSpec.describe Organization, type: :model do
-
-    def set_test_settings_structure
-      PandaPal.lti_options = {
-        title: 'Test App',
-        settings_structure: YAML.load("
-          canvas:
-            is_required: true
-            data_type: Hash
-            api_token:
-              is_required: true
-              data_type: String
-            base_url:
-              is_required: true
-              data_type: String
-          reports:
-            is_required: true
-            data_type: Hash
-            active_term_allowance:
-            submissions_report_time_length:
-              is_required: true
-              data_type: ActiveSupport::Duration
-            recheck_wait:
-              data_type: ActiveSupport::Duration
-            max_recheck_time:
-              is_required: true
-        ").deep_symbolize_keys
-      }
-    end
-
     it 'creates a schema upon creation' do
       expect(Apartment::Tenant).to receive(:create)
       create :panda_pal_organization
@@ -59,65 +30,5 @@ module PandaPal
       org2 = build :panda_pal_organization, salesforce_id: 'salesforce'
       expect(org2.valid?).to be_falsey
     end
-
-    context 'settings validation' do
-      let!(:org) { create :panda_pal_organization }
-
-      it 'does not perform any validations if settings is not defined' do
-        PandaPal.lti_options = {}
-        expect_any_instance_of(PandaPal::Organization).not_to receive(:validate_level)
-        expect(org.valid?).to be_truthy
-      end
-
-      it 'does not perform any validations if options is not defined' do
-        PandaPal.lti_options = nil
-        expect_any_instance_of(PandaPal::Organization).not_to receive(:validate_level)
-        expect(org.valid?).to be_truthy
-      end
-
-      it 'does perform validations if settings_structure is defined' do
-        set_test_settings_structure
-        org.valid?
-        expect(org.valid?).to be_falsey
-      end
-
-      it 'will fail if a required setting is not present' do
-        set_test_settings_structure
-        expect(org.valid?).to be_falsey
-        errors = org.errors.messages[:settings]
-        expect(errors[0]).to eq("PandaPal::Organization.settings requires key [:canvas].  It was not found.")
-      end
-
-      it 'will fail if a setting is supplied but data_type is wrong' do
-        set_test_settings_structure
-        org.settings = {canvas: "Dog"}
-        expect(org.valid?).to be_falsey
-        errors = org.errors.messages[:settings]
-        expect(errors[0]).to eq("PandaPal::Organization.settings expected key [:canvas] to be Hash but it was instead String.")
-      end
-
-      it 'will fail if a required subsetting is missing' do
-        set_test_settings_structure
-        org.settings = {canvas: {base_url: 'http://'}, reports: {}}
-        expect(org.valid?).to be_falsey
-        errors = org.errors.messages[:settings]
-        expect(errors[0]).to eq("PandaPal::Organization.settings requires key [:canvas][:api_token].  It was not found.")
-      end
-
-      it 'will fail if extra options are specified' do
-        set_test_settings_structure
-        org.settings = {canvas: {base_url: 'http://'}, reports: {}, unknown_option: "WHAT IS THIS?"}
-        expect(org.valid?).to be_falsey
-        errors = org.errors.messages[:settings]
-        expect(errors[0]).to eq("PandaPal::Organization.settings had unexpected key: unknown_option.  If settings have expanded please update your lti_options accordingly.")
-      end
-
-      it 'will pass if all structure is maintained' do
-        set_test_settings_structure
-        org.settings = {canvas: {base_url: 'http://', api_token: 'TEST'}, reports: {submissions_report_time_length: 30.minutes, max_recheck_time: 10.hours}}
-        expect(org.valid?).to be_truthy
-      end
-
-    end
   end
 end

data/spec/spec_helper.rb

@@ -1,4 +1,8 @@
 ENV["RAILS_ENV"] ||= 'test'
+
+require 'sidekiq/testing'
+require 'sidekiq-scheduler'
+
 require File.expand_path("../dummy/config/environment.rb", __FILE__)
 require 'rspec/rails'
 require 'rspec/autorun'

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: panda_pal
 version: !ruby/object:Gem::Version
-  version: 5.0.0.beta.1
+  version: 5.1.0
 platform: ruby
 authors:
 - Instructure ProServe
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-05-20 00:00:00.000000000 Z
+date: 2020-06-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -114,6 +114,34 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: 6.1.2
+- !ruby/object:Gem::Dependency
+  name: sidekiq
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: sidekiq-scheduler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rspec-rails
   requirement: !ruby/object:Gem::Requirement
@@ -163,10 +191,10 @@ files:
 - app/lib/lti_xml/bridge_platform.rb
 - app/lib/lti_xml/canvas_platform.rb
 - app/models/panda_pal/organization.rb
+- app/models/panda_pal/organization/settings_validation.rb
+- app/models/panda_pal/organization/task_scheduling.rb
 - app/models/panda_pal/session.rb
 - app/views/layouts/panda_pal/application.html.erb
-- app/views/panda_pal/lti/iframe_cookie_authorize.html.erb
-- app/views/panda_pal/lti/iframe_cookie_fix.html.erb
 - app/views/panda_pal/lti/launch.html.erb
 - config/initializers/apartment.rb
 - config/routes.rb
@@ -208,7 +236,6 @@ files:
 - spec/dummy/config/environments/development.rb
 - spec/dummy/config/environments/production.rb
 - spec/dummy/config/environments/test.rb
-- spec/dummy/config/initializers/assets.rb
 - spec/dummy/config/initializers/backtrace_silencers.rb
 - spec/dummy/config/initializers/cookies_serializer.rb
 - spec/dummy/config/initializers/filter_parameter_logging.rb
@@ -230,6 +257,8 @@ files:
 - spec/dummy/public/favicon.ico
 - spec/factories/panda_pal_organizations.rb
 - spec/factories/panda_pal_sessions.rb
+- spec/models/panda_pal/organization/settings_validation_spec.rb
+- spec/models/panda_pal/organization/task_scheduling_spec.rb
 - spec/models/panda_pal/organization_spec.rb
 - spec/models/panda_pal/session_spec.rb
 - spec/rails_helper.rb
@@ -249,9 +278,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">"
+  - - ">="
     - !ruby/object:Gem::Version
-      version: 1.3.1
+      version: '0'
 requirements: []
 rubygems_version: 3.1.2
 signing_key: 
@@ -283,7 +312,6 @@ test_files:
 - spec/dummy/config/initializers/filter_parameter_logging.rb
 - spec/dummy/config/initializers/session_store.rb
 - spec/dummy/config/initializers/wrap_parameters.rb
-- spec/dummy/config/initializers/assets.rb
 - spec/dummy/config/initializers/cookies_serializer.rb
 - spec/dummy/config/initializers/inflections.rb
 - spec/dummy/config.ru
@@ -298,6 +326,8 @@ test_files:
 - spec/dummy/log/test.log
 - spec/dummy/log/development.log
 - spec/dummy/README.rdoc
+- spec/models/panda_pal/organization/settings_validation_spec.rb
+- spec/models/panda_pal/organization/task_scheduling_spec.rb
 - spec/models/panda_pal/session_spec.rb
 - spec/models/panda_pal/organization_spec.rb
 - spec/factories/panda_pal_sessions.rb

data/app/views/panda_pal/lti/iframe_cookie_authorize.html.erb

@@ -1,19 +0,0 @@
-<html>
-  <p>Safari requires your consent to access session information when applications are hosted inside of Canvas.  Please consent by clicking the following button.</p>
-  <button id="myButton">Authorize application to use browser session</button>
-  <script nonce=<%= content_security_policy_script_nonce %>>
-    function makeRequestWithUserGesture() {
-      var promise = document.requestStorageAccess();
-      promise.then(
-        function () {
-          var referrer = document.referrer;
-          window.location='?safari_cookie_authorized=true&return_to='.concat(encodeURI(window.location));
-        },
-        function () {
-          // If the user doesn't consent, then do nothing.
-        }
-      );
-    }
-    document.getElementById("myButton").addEventListener("click", makeRequestWithUserGesture);
-  </script>
-</html>

data/app/views/panda_pal/lti/iframe_cookie_fix.html.erb

@@ -1,12 +0,0 @@
-<script nonce=<%= content_security_policy_script_nonce %>>
-  const mainWindow = window.parent;
-  var url = window.location.href;
-  // Until PLAT-4836 is resolved, we need to make sure our url has a "?" in it.
-  if (!(url.indexOf("?") > -1)) {
-    url = url + "?dummy_param=1"
-  }
-  mainWindow.postMessage({
-    messageType: "requestFullWindowLaunch",
-    data: url
-  }, '*');
-</script>

data/spec/dummy/config/initializers/assets.rb

@@ -1,11 +0,0 @@
-# Be sure to restart your server when you modify this file.
-
-# Version of your assets, change this if you want to expire all your assets.
-Rails.application.config.assets.version = '1.0'
-
-# Add additional assets to the asset load path
-# Rails.application.config.assets.paths << Emoji.images_path
-
-# Precompile additional assets.
-# application.js, application.css, and all non-JS/CSS in app/assets folder are already added.
-# Rails.application.config.assets.precompile += %w( search.js )