panda_pal 5.0.0 → 5.2.3

data/app/models/panda_pal/organization_concerns/task_scheduling.rb

@@ -0,0 +1,204 @@
+return unless defined?(Sidekiq.schedule)
+
+require_relative 'settings_validation'
+
+module PandaPal
+  module OrganizationConcerns
+    module TaskScheduling
+      extend ActiveSupport::Concern
+      include OrganizationConcerns::SettingsValidation
+
+      included do
+        after_commit :sync_schedule, on: [:create, :update]
+        after_commit :unschedule_tasks, on: :destroy
+      end
+
+      class_methods do
+        def _schedule_descriptors
+          @_schedule_descriptors ||= {}
+        end
+
+        def settings_structure
+          return super unless _schedule_descriptors.present?
+
+          super.tap do |struc|
+            struc[:properties] ||= {}
+
+            struc[:properties][:timezone] ||= {
+              type: 'String',
+              required: false,
+              validate: ->(timezone, *args) {
+                ActiveSupport::TimeZone[timezone].present? ? nil : "<path> Invalid Timezone '#{timezone}'"
+              },
+            }
+
+            struc[:properties][:task_schedules] = {
+              type: 'Hash',
+              required: false,
+              properties: _schedule_descriptors.keys.reduce({}) do |hash, k|
+                desc = _schedule_descriptors[k]
+
+                hash.tap do |hash|
+                  kl = ' ' * (k.to_s.length - 4)
+                  hash[k.to_sym] = hash[k.to_s] = {
+                    required: false,
+                    description: <<~MARKDOWN,
+                      Override schedule for '#{k.to_s}' task.
+
+                      **Default**: #{desc[:schedule].is_a?(String) ? desc[:schedule] : '<Computed>'}
+
+                      Set to `false` to disable or supply a Cron string:
+                      ```yaml
+                      #{k.to_s}: 0 0 0 * * * America/Denver
+                      ##{kl}     │ │ │ │ │ │ └── Timezone (Optional)
+                      ##{kl}     │ │ │ │ │ └── Day of Week
+                      ##{kl}     │ │ │ │ └── Month
+                      ##{kl}     │ │ │ └── Day of Month
+                      ##{kl}     │ │ └── Hour
+                      ##{kl}     │ └── Minute
+                      ##{kl}     └── Second (Optional)
+                      ````
+                    MARKDOWN
+                    json_schema: {
+                      oneOf: [
+                        { type: 'string', pattern: '^((((\d+,)+\d+|(\d+(\/|-)\d+)|\d+|\*) ?){5,6})(\w+\/\w+)?$' },
+                        { enum: [false] },
+                      ],
+                      default: desc[:schedule].is_a?(String) ? desc[:schedule] : '0 0 3 * * * America/Denver',
+                    },
+                    validate: ->(value, *args, errors:, **kwargs) {
+                      begin
+                        Rufus::Scheduler.parse(value) if value
+                        nil
+                      rescue ArgumentError
+                        errors << "<path> must be false or a Crontab string"
+                      end
+                    }
+                  }
+                end
+              end,
+            }
+          end
+        end
+
+        def scheduled_task(cron_time, name_or_method = nil, worker: nil, queue: nil, &block)
+          task_key = (name_or_method.presence || "scheduled_task_#{caller_locations[0].lineno}").to_s
+          raise "Task key '#{task_key}' already taken!" if _schedule_descriptors.key?(task_key)
+
+          _schedule_descriptors[task_key] = {
+            key: task_key,
+            schedule: cron_time,
+            worker: worker || block || name_or_method.to_sym,
+            queue: queue || 'default',
+          }
+        end
+
+        def remove_scheduled_task(name_or_method)
+          dval = _schedule_descriptors.delete(name_or_method.to_s)
+          Rails.logger.warn("No task with key '#{name_or_method}' to delete!") unless dval.present?
+        end
+
+        def sync_schedules
+          # Ensure deleted Orgs are removed
+          existing_orgs = pluck(:name)
+          old_schedules = Sidekiq.get_schedule.select do |k, v|
+            m = k.match(/^org:([a-z0-9_]+)\-/i)
+            m.present? && !existing_orgs.include?(m[1])
+          end
+          old_schedules.keys.each do |k|
+            Sidekiq.remove_schedule(k)
+          end
+
+          find_each(&:sync_schedule)
+        end
+      end
+
+      def generate_schedule
+        schedule = {}
+        self.class._schedule_descriptors.values.each do |desc|
+          cron_time = schedule_task_cron_time(desc)
+          next unless cron_time.present?
+
+          schedule["org:#{name}-#{desc[:key]}"] = {
+            'cron' => cron_time,
+            'queue' => desc[:queue],
+            'class' => ScheduledTaskExecutor.to_s,
+            'args' => [name, desc[:key]],
+          }
+        end
+        schedule
+      end
+
+      def sync_schedule
+        new_schedules = generate_schedule
+        unschedule_tasks(new_schedules.keys)
+        new_schedules.each do |k, v|
+          Sidekiq.set_schedule(k, v)
+        end
+      end
+
+      private
+
+      def unschedule_tasks(new_task_keys = nil)
+        current_schedules = Sidekiq.get_schedule.select { |k,v| k.starts_with?("org:#{name}-") }
+        del_tasks = current_schedules.keys
+        del_tasks -= new_task_keys if new_task_keys
+        del_tasks.each do |k|
+          Sidekiq.remove_schedule(k)
+        end
+      end
+
+      def schedule_task_cron_time(desc)
+        cron_time = nil
+        cron_time = settings&.dig(:task_schedules, desc[:key].to_s) if cron_time.nil?
+        cron_time = settings&.dig(:task_schedules, desc[:key].to_sym) if cron_time.nil?
+        cron_time = desc[:schedule] if cron_time.nil?
+
+        return nil unless cron_time.present?
+
+        cron_time = instance_exec(&cron_time) if cron_time.is_a?(Proc)
+        if !Rufus::Scheduler.parse(cron_time).zone.present? && settings && settings[:timezone]
+          cron_time += " #{settings[:timezone]}"
+        end
+
+        cron_time
+      end
+
+      class ScheduledTaskExecutor
+        include Sidekiq::Worker
+
+        def perform(org_name, task_key)
+          org = Organization.find_by!(name: org_name)
+          task = Organization._schedule_descriptors[task_key]
+          worker = task[:worker]
+
+          Apartment::Tenant.switch(org.name) do
+            if worker.is_a?(Proc)
+              org.instance_exec(&worker)
+            elsif worker.is_a?(Symbol)
+              org.send(worker)
+            elsif worker.is_a?(String)
+              worker.constantize.perform_async
+            elsif worker.is_a?(Class)
+              worker.perform_async
+            end
+          end
+        end
+      end
+    end
+  end
+end
+
+SidekiqScheduler::Scheduler.instance.dynamic = true
+
+module SidekiqScheduler
+  module Schedule
+    original_schedule_setter = instance_method(:schedule=)
+
+    define_method :schedule= do |sched|
+      original_schedule_setter.bind(self).(sched).tap do
+        PandaPal::Organization.sync_schedules
+      end
+    end
+  end
+end

data/app/models/panda_pal/platform.rb

@@ -0,0 +1,40 @@
+module PandaPal
+  class Platform
+    def public_jwks
+      response = HTTParty.get(jwks_url)
+      return nil unless response.success?
+
+      JSON::JWK::Set.new(JSON.parse(response.body))
+    rescue
+      nil
+    end
+  end
+
+  class Platform::Canvas < Platform
+    attr_accessor :base_url
+
+    def initialize(base_url)
+      @base_url = base_url
+    end
+
+    def host
+      base_url
+    end
+
+    def jwks_url
+      "#{base_url}/api/lti/security/jwks"
+    end
+
+    def authentication_redirect_url
+      "#{base_url}/api/lti/authorize_redirect"
+    end
+
+    def grant_url
+      "#{base_url}/login/oauth2/token"
+    end
+  end
+
+  class Platform
+    CANVAS = Platform::Canvas.new('https://canvas.instructure.com')
+  end
+end

data/app/views/panda_pal/lti_v1_p3/login.html.erb

@@ -0,0 +1 @@
+<%= render "panda_pal/partials/auto_submit_form" %>

data/app/views/panda_pal/partials/_auto_submit_form.html.erb

@@ -0,0 +1,9 @@
+<%= form_tag(@form_action, method: @method, id: 'redirect-form') do %>
+  <% @form_data.each do |k, v| %>
+    <%= hidden_field_tag(k, v) %>
+  <% end %>
+<% end %>
+
+<script type="text/javascript" nonce="<%= content_security_policy_script_nonce %>">
+  document.getElementById('redirect-form').submit();
+</script>

data/config/dev_lti_key.key

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAt+Za2scYD223YjVvAeuxpYvBjTf4yp2Y3udPFllG85zIVH/K
+XKsP4QVP9de/fh4FzouZPOfXMDY1KmWSlMK9jNYUm2rh0zp7+X/F6cnc5QMCzbqV
+MNnfALI4kvGM8yNPLbMJx4nA47T7T9TmlMJUZQxtyvC8zxBMv8Mv4Ae0arXevpI1
+Vcm/3Huz6dAJPRjTnL2CBsXrmNzf51OJU5r27HYFE4367g9njix1lGOcQqVDVjnT
+uXFTlidfUa2Bp2v5owzZU7Fe9jSQmeAQpqQ/XdYzWQNEJPrz8ESz5jP3brJ4q5Y5
+FaK9l8DHILqomGWhttYQ6IMCfdpLb4D4B2gcLQIDAQABAoIBAAuaXislmrAGhSaO
+JoXhgCDo03p8iJcIIIgX4haP5XkjcERcl8EHDgZtlmD1juB/NnCUwENmgV5KXUpi
+hEAclWcYbs5rjPoN25qfZDZfBS/x47BlUFp3tKlPlWA4G2OP28QPYtOTLndviNe9
+oBrMtBR4F0lRrSgHaEBFKXUiJ1EAMycKcXab63HA7Fp9HArLAu0NM0VWCsJBmxB/
+BprW4LtYRG7iJl9kfsHyAzOaAV5H1zLqhfA2YvEI2XADrILQtpPwZpmNKq/5L5On
+RlGy1WcBgxj8cqWdqir1PxVN/xDKVnUT9Mrf+SHn7xzgDL2uXvhD1Qt/5iLeVlvN
+nQTNJyECgYEA681T7A0oj9/FuqLwE1gxm+RUczv+EyXcNvHCUkpFSaiyEyqdQB9f
+EpHgeg7pXmlRmUwNkT3ZAH7O0uv3CVR6b8j9N7XmYbmcuRU2A6loeiBB/HkOOt21
+hxiC+tXD/K7c5BfRkThL6ca213xqztbqxxj/C8qGnWVaLc7SLPlJZfUCgYEAx6bp
+7tRGq8Q5xkyKvSDUSln9MI/iZjSysd44rTtj8Vo9LfQsBi5JbWm0+UEtaZoabeC1
+xaAp/ZETLe4oGu7CJxBreSE+UE/a6zc5MIcJblP+8RIiAYkf67iHNwSbiqSBvPqj
+S0HFxUZqw1NigmqsptHrPtvuTUZI8Hx3hKMgwlkCgYAa8RrlnZtE1QyChptnmmwQ
+o8YCZJhjF7BRls3dGR9RizTNe9D7wpnaRVCgoZOIdgAcw9PJBIgGxnZbIxrWthBH
+NW+5Lc9k2xBNFV9Wi8SkL4tajXpSv4I+LU7J2iLKfDBA33fSX9xMmafKdyy89VFd
+7j01264Fzc6/7SGWgeUhAQKBgDKGSgMXkz7arKhDLIUKLs8WEN3eO7QTt/kNPJiS
+RAuLA5qChTWXNxvKOXMujFiCGBggWr/FdXrm4MypzVpre5S5Mgl4YTWfz83grsda
+FQfnl8fYB+UNl5dmnklNEDO4x+BUKUjdPzhaRqBhlLdeWYzp6LeCnr7Nf53kUbau
+NZcZAoGBAJcYyWegsQCEVMY/ck42uNmZ00DmK1XSAU7hYulBo8iD3OqvXZ7Etppw
+SaRhSTCoTsLBWlqGccNDGoXH/r2/jJAFb8hUjGa2Z5dKP9byWMONEQEh6g8wzL/w
+XRthIsgdIE58a+cJGwHh/raUQwvD72S1C/epQSYcLe3TdUumtZm/
+-----END RSA PRIVATE KEY-----

data/config/routes.rb

@@ -1,4 +1,14 @@
 PandaPal::Engine.routes.draw do
-  get '/config' => 'lti#tool_config'
-  get '/launch' => 'lti#launch'
+  get '/config' => 'lti_v1_p0#tool_config' # Legacy Support
+
+  scope '/v1p0', as: 'v1p0' do
+    get '/config' => 'lti_v1_p0#tool_config'
+  end
+
+  scope '/v1p3', as: 'v1p3' do
+    get '/config' => 'lti_v1_p3#tool_config'
+    post '/oidc_login' => 'lti_v1_p3#login'
+    post '/resource_link_request' => 'lti_v1_p3#resource_link_request'
+    get '/public_jwks' => 'lti_v1_p3#public_jwks'
+  end
 end

data/db/migrate/20160412205931_create_panda_pal_organizations.rb

@@ -1,4 +1,4 @@
-class CreatePandaPalOrganizations < ActiveRecord::Migration[5.1]
+class CreatePandaPalOrganizations < PandaPal::MiscHelper::MigrationClass
   def change
     create_table :panda_pal_organizations do |t|
       t.string :name

data/db/migrate/20160413135653_create_panda_pal_sessions.rb

@@ -1,4 +1,4 @@
-class CreatePandaPalSessions < ActiveRecord::Migration[5.1]
+class CreatePandaPalSessions < PandaPal::MiscHelper::MigrationClass
   def change
     create_table :panda_pal_sessions do |t|
       t.string :session_key

data/db/migrate/20160425130344_add_panda_pal_organization_to_session.rb

@@ -1,4 +1,4 @@
-class AddPandaPalOrganizationToSession < ActiveRecord::Migration[5.1]
+class AddPandaPalOrganizationToSession < PandaPal::MiscHelper::MigrationClass
   def change
     add_column :panda_pal_sessions, :panda_pal_organization_id, :integer
     add_index :panda_pal_sessions, :panda_pal_organization_id

data/db/migrate/20170106165533_add_salesforce_id_to_organizations.rb

@@ -1,4 +1,4 @@
-class AddSalesforceIdToOrganizations < ActiveRecord::Migration[5.1]
+class AddSalesforceIdToOrganizations < PandaPal::MiscHelper::MigrationClass
   def change
     add_column :panda_pal_organizations, :salesforce_id, :string, unique: true
   end

data/db/migrate/20171205183457_encrypt_organization_settings.rb

@@ -1,4 +1,4 @@
-class EncryptOrganizationSettings < ActiveRecord::Migration[5.1]
+class EncryptOrganizationSettings < PandaPal::MiscHelper::MigrationClass
   def up
     # don't rerun this if it was already run before we renamed the migration.
     existing_versions = execute ("SELECT * from schema_migrations where version = '30171205183457'")

data/db/migrate/20171205194657_remove_old_organization_settings.rb

@@ -1,4 +1,4 @@
-class RemoveOldOrganizationSettings < ActiveRecord::Migration[5.1]
+class RemoveOldOrganizationSettings < PandaPal::MiscHelper::MigrationClass
   def current_tenant
     @current_tenant ||= PandaPal::Organization.find_by_name(Apartment::Tenant.current)
   end
@@ -10,14 +10,16 @@ class RemoveOldOrganizationSettings < ActiveRecord::Migration[5.1]
       execute "DELETE from schema_migrations where version = '30171205194657'"
       return
     end
+
     # migrations run for public and local tenants.  However, PandaPal::Organization
     # is going to always go to public tenant.  So don't do this active record
     # stuff unless we are on the public tenant.
-    if current_tenant == 'public'
+    if Apartment::Tenant.current == 'public'
       #PandaPal::Organization.connection.schema_cache.clear!
       #PandaPal::Organization.reset_column_information
       PandaPal::Organization.find_each do |o|
         # Would like to just be able to do this:
+        # PandaPal::Organization.reset_column_information
         # o.settings = YAML.load(o.old_settings)
         # o.save!
         # but for some reason that is always making the settings null.  Instead we will encrypt the settings manually.
@@ -26,14 +28,17 @@ class RemoveOldOrganizationSettings < ActiveRecord::Migration[5.1]
         key = o.encryption_key
         encrypted_settings = PandaPal::Organization.encrypt_settings(YAML.load(o.old_settings), iv: iv, key: key)
         o.update_columns(encrypted_settings_iv: [iv].pack("m"), encrypted_settings: encrypted_settings)
+        o = PandaPal::Organization.find_by!(name: o.name)
+        raise "Failed to migrate PandaPal Settings" if o.settings != YAML.load(o.old_settings)
       end
     end
+
     remove_column :panda_pal_organizations, :old_settings
   end
 
   def down
     add_column :panda_pal_organizations, :old_settings, :text
-    if current_tenant == 'public'
+    if Apartment::Tenant.current == 'public'
       PandaPal::Organization.find_each do |o|
         o.old_settings = o.settings.to_yaml
         o.save

data/lib/panda_pal.rb

@@ -7,11 +7,11 @@ module PandaPal
   class NotMounted < StandardError;end
 
   @@lti_navigation = {}
-  @@staged_navigation = {}
   @@lti_options = {}
   @@lti_properties = {}
   @@lti_environments = {}
   @@lti_custom_params = {}
+  @@lti_private_key = nil
 
   def self.lti_options= lti_options
     @@lti_options = lti_options
@@ -45,31 +45,44 @@ module PandaPal
     @@lti_custom_params.deep_dup
   end
 
-  def self.register_navigation(navigation)
-    @@lti_navigation[navigation] ||= {}
-  end
-
   def self.stage_navigation(navigation, options)
-    @@staged_navigation[navigation] = {} unless @@staged_navigation.has_key?(navigation)
-    @@staged_navigation[navigation].merge!(options)
+    @@lti_navigation[navigation] ||= {}
+    @@lti_navigation[navigation].merge!(options)
   end
 
   def self.lti_paths
     @@lti_navigation.deep_dup
   end
 
-  def self.propagate_lti_navigation
-    @@staged_navigation.each do |k,v|
-      lti_navigation(k,v)
-      @@staged_navigation.delete(k)
-    end
+  def self.lti_private_key
+    key = @@lti_private_key.presence
+    key ||= ENV['LTI_PRIVATE_KEY'].presence
+    key ||= File.read(File.join( File.dirname(__FILE__), "../config/dev_lti_key.key")) if Rails.env.development?
+    return nil unless key.present?
+
+    key = OpenSSL::PKey::RSA.new(key) if key.is_a?(String)
+    key
+  end
+
+  def self.lti_private_key=(v)
+    @@lti_private_key = k
   end
 
   private
 
-  def self.lti_navigation(navigation, options)
-    raise "lti navigation '#{navigation}' has not been registered!" unless @@lti_navigation.has_key?(navigation)
-    @@lti_navigation[navigation].merge!(options)
+  def self.validate_pandapal_config!
+    errors = []
+    validate_lti_navigation(errors)
+    if errors.present?
+      lines = errors.map { |e| " - #{e}" }
+      raise "PandaPal was not configured correctly:\n#{lines.join("\n")}"
+    end
   end
 
+  def self.validate_lti_navigation(errors = [])
+    @@lti_navigation.each do |k, v|
+      errors << "lti navigation '#{k}' does not have a Route!" unless (LaunchUrlHelpers.launch_url(k) rescue nil)
+    end
+    errors
+  end
 end