panda_pal 5.2.5 → 5.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA256:
-  metadata.gz: dc40f9ca1d3a036a82a30105f8390bfe9faf57519ca977040921999c1e97221c
-  data.tar.gz: 01cca7d9851d83e6d2029291fde3f0baba97c1ba46e51287211b9769f803ae7f
+SHA1:
+  metadata.gz: 42ed3ad8440c5f79c6ccbd20908ffc3e3458b342
+  data.tar.gz: 421fcb272ca0fb0d7c01b191ab4d47da9789d1c4
 SHA512:
-  metadata.gz: f41f229e1d8101ce9de5ba9d97ec3e8a3a96b5a11d5fa7972534df8e1d2226172db2e82c3af17f228cc48b1ceb0f8e71e6ded9ed08308c9124a45365e89cf8fa
-  data.tar.gz: 29dbfab39a1b5445d31975306af414e336f0a3965c2fd5426e90335963d4da50238c69c7232a66248ad4f7524b7fd3444fc01d2a535ba4e1414aa2f02267b1bc
+  metadata.gz: 7a32296d2975f108022334ec1f32b23a461ee7e37966c639680779198a1941b683ef6bc02fe020a61d8ffa683132f7dc05199d43d8fb2c50ed877082a6129b66
+  data.tar.gz: 8d9f225f68a4b3b4d632f48a3975eab2a61ad61575c9278e06e1f21f41b7df6950750f8b429da47ab45c3e0d8aaf032e32da7b98b01c3a0d1151e049971b5857

data/README.md

@@ -369,7 +369,11 @@ You will want to watch out for a few scenarios:
 3) If you use `link_to` and navigate in your LTI (apps that are not single page)
    make sure you include the `link_nonce` like so: 
     ```ruby
-      link_to "Link Name", somewhere_else_path(session_token: link_nonce)
+      link_to "Link Name", somewhere_else_path(arg, session_token: link_nonce)
+    ```
+    NB: As of PandaPal 5.2.6, you can instead use
+    ```ruby
+      link_to "Name", url_with_session(:somewhere_else_path, arg, kwarg: 1)
     ```
 
 ### Previous Safari Instructions

data/lib/panda_pal/helpers/controller_helper.rb

@@ -1,226 +1,140 @@
 require 'browser'
+require_relative 'session_replacement'
 
-module PandaPal::Helpers::ControllerHelper
-  extend ActiveSupport::Concern
+module PandaPal::Helpers
+  module ControllerHelper
+    extend ActiveSupport::Concern
+    include SessionReplacement
 
-  class SessionNonceMismatch < StandardError; end
-
-  included do
-    helper_method :link_nonce, :current_session
-
-    after_action :auto_save_session
-  end
-
-  def save_session
-    current_session.try(:save)
-  end
-
-  def current_session
-    return @current_session if @current_session.present?
-
-    if params[:session_token]
-      payload = JSON.parse(panda_pal_cryptor.decrypt_and_verify(params[:session_token])).with_indifferent_access
-      matched_session = PandaPal::Session.find_by(session_key: payload[:session_key])
+    def current_organization
+      @organization ||= PandaPal::Organization.find_by!(key: organization_key) if organization_key
+      @organization ||= PandaPal::Organization.find_by(id: organization_id) if organization_id
+      @organization ||= PandaPal::Organization.find_by_name(Apartment::Tenant.current)
+    end
 
-      if matched_session.present? && matched_session.data[:link_nonce] == payload[:nonce]
-        @current_session = matched_session
-        @current_session.data[:link_nonce] = nil
+    def current_lti_platform
+      return @current_lti_platform if @current_lti_platform.present?
+      # TODO: (Future) This could be expanded more to take better advantage of the LTI 1.3 Multi-Tenancy model.
+      if (canvas_url = current_organization&.settings&.dig(:canvas, :base_url)).present?
+        @current_lti_platform ||= PandaPal::Platform::Canvas.new(canvas_url)
       end
-      raise SessionNonceMismatch, "Session Not Found" unless @current_session.present?
-    elsif (session_key = params[:session_key] || session_key_header || flash[:session_key] || session[:session_key]).present?
-      @current_session = PandaPal::Session.find_by(session_key: session_key) if session_key.present?
+      @current_lti_platform ||= PandaPal::Platform::Canvas.new('http://localhost:3000') if Rails.env.development?
+      @current_lti_platform ||= PandaPal::Platform::CANVAS
+      @current_lti_platform
     end
 
-    @current_session ||= PandaPal::Session.new(panda_pal_organization_id: current_organization.id)
-
-    @current_session
-  end
-
-  def current_organization
-    @organization ||= PandaPal::Organization.find_by!(key: organization_key) if organization_key
-    @organization ||= PandaPal::Organization.find_by(id: organization_id) if organization_id
-    @organization ||= PandaPal::Organization.find_by_name(Apartment::Tenant.current)
-  end
-
-  def current_lti_platform
-    return @current_lti_platform if @current_lti_platform.present?
-    # TODO: (Future) This could be expanded more to take better advantage of the LTI 1.3 Multi-Tenancy model.
-    if (canvas_url = current_organization&.settings&.dig(:canvas, :base_url)).present?
-      @current_lti_platform ||= PandaPal::Platform::Canvas.new(canvas_url)
+    def lti_launch_params
+      current_session_data[:launch_params]
     end
-    @current_lti_platform ||= PandaPal::Platform::Canvas.new('http://localhost:3000') if Rails.env.development?
-    @current_lti_platform ||= PandaPal::Platform::CANVAS
-    @current_lti_platform
-  end
-
-  def current_session_data
-    current_session.data
-  end
-
-  def lti_launch_params
-    current_session_data[:launch_params]
-  end
-
-  def session_changed?
-    current_session.changed? && current_session.changes[:data].present?
-  end
 
-  def validate_launch!
-    safari_override
+    def validate_launch!
+      safari_override
 
-    if params[:id_token].present?
-      validate_v1p3_launch
-    elsif params[:oauth_consumer_key].present?
-      validate_v1p0_launch
-    end
-  end
-
-  def validate_v1p0_launch
-    authorized = false
-    if @organization = params['oauth_consumer_key'] && PandaPal::Organization.find_by_key(params['oauth_consumer_key'])
-      sanitized_params = request.request_parameters
-      # These params come over with a safari-workaround launch.  The authenticator doesn't like them, so clean them out.
-      safe_unexpected_params = ["full_win_launch_requested", "platform_redirect_url", "dummy_param"]
-      safe_unexpected_params.each do |p|
-        sanitized_params.delete(p)
+      if params[:id_token].present?
+        validate_v1p3_launch
+      elsif params[:oauth_consumer_key].present?
+        validate_v1p0_launch
       end
-      authenticator = IMS::LTI::Services::MessageAuthenticator.new(request.original_url, sanitized_params, @organization.secret)
-      authorized = authenticator.valid_signature?
     end
 
-    if !authorized
-      render plain: 'Invalid Credentials, please contact your Administrator.', :status => :unauthorized unless authorized
-    end
-
-    authorized
-  end
+    def validate_v1p0_launch
+      authorized = false
+      if @organization = params['oauth_consumer_key'] && PandaPal::Organization.find_by_key(params['oauth_consumer_key'])
+        sanitized_params = request.request_parameters
+        # These params come over with a safari-workaround launch.  The authenticator doesn't like them, so clean them out.
+        safe_unexpected_params = ["full_win_launch_requested", "platform_redirect_url", "dummy_param"]
+        safe_unexpected_params.each do |p|
+          sanitized_params.delete(p)
+        end
+        authenticator = IMS::LTI::Services::MessageAuthenticator.new(request.original_url, sanitized_params, @organization.secret)
+        authorized = authenticator.valid_signature?
+      end
 
-  def validate_v1p3_launch
-    decoded_jwt = JSON::JWT.decode(params.require(:id_token), :skip_verification)
-    raise JSON::JWT::VerificationFailed, 'error decoding id_token' if decoded_jwt.blank?
+      if !authorized
+        render plain: 'Invalid Credentials, please contact your Administrator.', :status => :unauthorized unless authorized
+      end
 
-    client_id = decoded_jwt['aud']
-    @organization = PandaPal::Organization.find_by!(key: 'PandaPal') # client_id)
-    raise JSON::JWT::VerificationFailed, 'Unrecognized Organization' unless @organization.present?
+      authorized
+    end
 
-    decoded_jwt.verify!(current_lti_platform.public_jwks)
+    def validate_v1p3_launch
+      decoded_jwt = JSON::JWT.decode(params.require(:id_token), :skip_verification)
+      raise JSON::JWT::VerificationFailed, 'error decoding id_token' if decoded_jwt.blank?
 
-    params[:session_key] = params[:state]
-    raise JSON::JWT::VerificationFailed, 'State is invalid' unless current_session_data[:lti_oauth_nonce] == decoded_jwt['nonce']
+      client_id = decoded_jwt['aud']
+      @organization = PandaPal::Organization.find_by!(key: 'PandaPal') # client_id)
+      raise JSON::JWT::VerificationFailed, 'Unrecognized Organization' unless @organization.present?
 
-    jwt_verifier = PandaPal::LtiJwtValidator.new(decoded_jwt, client_id)
-    raise JSON::JWT::VerificationFailed, jwt_verifier.errors unless jwt_verifier.valid?
+      decoded_jwt.verify!(current_lti_platform.public_jwks)
 
-    @decoded_lti_jwt = decoded_jwt
-  rescue JSON::JWT::VerificationFailed => e
-    payload = Array(e.message)
+      params[:session_key] = params[:state]
+      raise JSON::JWT::VerificationFailed, 'State is invalid' unless current_session_data[:lti_oauth_nonce] == decoded_jwt['nonce']
 
-    render json: {
-      message: [
-        { errors: payload },
-        { id_token: params.require(:id_token) },
-      ],
-    }, status: :unauthorized
+      jwt_verifier = PandaPal::LtiJwtValidator.new(decoded_jwt, client_id)
+      raise JSON::JWT::VerificationFailed, jwt_verifier.errors unless jwt_verifier.valid?
 
-    false
-  end
+      @decoded_lti_jwt = decoded_jwt
+    rescue JSON::JWT::VerificationFailed => e
+      payload = Array(e.message)
 
-  def switch_tenant(organization = current_organization, &block)
-    return unless organization
-    raise 'This method should be called in an around_action callback' unless block_given?
+      render json: {
+        message: [
+          { errors: payload },
+          { id_token: params.require(:id_token) },
+        ],
+      }, status: :unauthorized
 
-    Apartment::Tenant.switch(organization.name) do
-      yield
+      false
     end
-  end
 
-  def forbid_access_if_lacking_session
-    render plain: 'You should do an LTI Tool Launch.', status: :unauthorized unless valid_session?
-    safari_override
-  end
+    def switch_tenant(organization = current_organization, &block)
+      return unless organization
+      raise 'This method should be called in an around_action callback' unless block_given?
 
-  def verify_authenticity_token
-    # No need to check CSRF when no cookies were sent. This fixes CSRF failures in Browsers
-    # that restrict Cookie setting within an IFrame.
-    return unless request.cookies.keys.length > 0
-    super
-  end
-
-  def valid_session?
-    [
-      current_session.persisted?,
-      current_organization,
-      current_session.panda_pal_organization_id == current_organization.id,
-      Apartment::Tenant.current == current_organization.name
-    ].all?
-  rescue SessionNonceMismatch
-    false
-  end
-
-  def safari_override
-    use_secure_headers_override(:safari_override) if browser.safari?
-  end
-
-  # Redirect with the session key intact. In production,
-  # handle this by adding a one-time use encrypted token to the URL.
-  # Keeping it in the URL in development means that it plays
-  # nicely with webpack-dev-server live reloading (otherwise
-  # you get an access error everytime it tries to live reload).
-
-  def redirect_with_session_to(location, params = {}, route_context: self, **rest)
-    params.merge!(rest)
-    if Rails.env.development?
-      redirect_to route_context.send(location, {
-        session_key: current_session.session_key,
-        organization_id: current_organization.id,
-      }.merge(params))
-    else
-      redirect_to route_context.send(location, {
-        session_token: link_nonce,
-        organization_id: current_organization.id,
-      }.merge(params))
+      Apartment::Tenant.switch(organization.name) do
+        yield
+      end
     end
-  end
-
-  def link_nonce
-    @link_nonce ||= begin
-      current_session_data[:link_nonce] = SecureRandom.hex
 
-      payload = {
-        session_key: current_session.session_key,
-        organization_id: current_organization.id,
-        nonce: current_session_data[:link_nonce],
-      }
+    def forbid_access_if_lacking_session
+      super
+      safari_override
+    end
 
-      panda_pal_cryptor.encrypt_and_sign(payload.to_json)
+    def valid_session?
+      [
+        current_session&.persisted?,
+        current_organization,
+        current_session&.panda_pal_organization_id == current_organization.id,
+        Apartment::Tenant.current == current_organization.name
+      ].all?
+    rescue SessionNonceMismatch
+      false
     end
-  end
 
-  private
+    def safari_override
+      use_secure_headers_override(:safari_override) if browser.safari?
+    end
 
-  def organization_key
-    org_key ||= params[:oauth_consumer_key]
-    org_key ||= "#{params[:client_id]}/#{params[:deployment_id]}" if params[:client_id].present?
-    org_key ||= session[:organization_key]
-    org_key
-  end
+    private
 
-  def organization_id
-    params[:organization_id]
-  end
-
-  def session_key_header
-    if match = request.headers['Authorization'].try(:match, /token=(.+)/)
-      match[1]
+    def find_or_create_session(key:)
+      if key == :create
+        PandaPal::Session.new(panda_pal_organization_id: current_organization.id)
+      else
+        PandaPal::Session.find_by(session_key: key)
+      end
     end
-  end
 
-  def panda_pal_cryptor
-    @panda_pal_cryptor ||= ActiveSupport::MessageEncryptor.new(Rails.application.secret_key_base[0..31])
-  end
+    def organization_key
+      org_key ||= params[:oauth_consumer_key]
+      org_key ||= "#{params[:client_id]}/#{params[:deployment_id]}" if params[:client_id].present?
+      org_key ||= session[:organization_key]
+      org_key
+    end
 
-  def auto_save_session
-    yield if block_given?
-    save_session if @current_session && session_changed?
+    def organization_id
+      params[:organization_id]
+    end
   end
 end

data/lib/panda_pal/helpers/session_replacement.rb

@@ -0,0 +1,185 @@
+module PandaPal::Helpers
+  class SessionNonceMismatch < StandardError; end
+
+  module SessionReplacement
+    extend ActiveSupport::Concern
+
+    included do
+      helper_method :link_nonce, :current_session, :current_session_data
+      helper_method :link_with_session_to, :url_with_session, :session_url_for
+
+      prepend_around_action :monkeypatch_flash
+      prepend_around_action :auto_save_session
+    end
+
+    class_methods do
+      def link_nonce_type(value = :not_given)
+        if value == :not_given
+          @link_nonce_type || superclass.try(:link_nonce_type) || :nonce
+        else
+          @link_nonce_type = value
+        end
+      end
+    end
+
+    def save_session
+      current_session.try(:save)
+    end
+
+    def current_session
+      return @current_session if @current_session.present?
+
+      if params[:session_token]
+        payload = JSON.parse(session_cryptor.decrypt_and_verify(params[:session_token])).with_indifferent_access
+        matched_session = find_or_create_session(key: payload[:session_key])
+
+        if matched_session.present?
+          if payload[:token_type] == 'nonce' && matched_session.data[:link_nonce] == payload[:nonce]
+            @current_session = matched_session
+            @current_session.data[:link_nonce] = nil
+          elsif payload[:token_type] == 'fixed_ip' && matched_session.data[:remote_ip] == request.remote_ip &&
+            DateTime.parse(matched_session.data[:last_ip_token_requested]) > 15.minutes.ago
+            @current_session = matched_session
+          end
+        end
+        raise SessionNonceMismatch, "Session Not Found" unless @current_session.present?
+      elsif (session_key = params[:session_key] || session_key_header || flash[:session_key] || session[:session_key]).present?
+        @current_session = find_or_create_session(key: session_key)
+      end
+
+      @current_session ||= find_or_create_session(key: :create)
+
+      @current_session
+    end
+
+    def current_session_data
+      current_session.data
+    end
+
+    def session_changed?
+      current_session.changed? && current_session.changes[:data].present?
+    end
+
+    def forbid_access_if_lacking_session
+      render plain: 'You should do an LTI Tool Launch.', status: :unauthorized unless valid_session?
+    end
+
+    def verify_authenticity_token
+      # No need to check CSRF when no cookies were sent. This fixes CSRF failures in Browsers
+      # that restrict Cookie setting within an IFrame.
+      return unless request.cookies.keys.length > 0
+      super
+    end
+
+    # Redirect with the session key intact. In production,
+    # handle this by adding a one-time use encrypted token to the URL.
+    # Keeping it in the URL in development means that it plays
+    # nicely with webpack-dev-server live reloading (otherwise
+    # you get an access error everytime it tries to live reload).
+
+    def redirect_with_session_to(*args)
+      redirect_to url_with_session(*args)
+    end
+
+    def link_with_session_to(*args)
+      helpers.link_to url_with_session(*args)
+    end
+
+    def session_url_for(*args)
+      url_for(build_session_url_params(*args))
+    end
+
+    def url_with_session(location, *args, route_context: self, **kwargs)
+      route_context.send(location, *build_session_url_params(*args, **kwargs))
+    end
+
+    def link_nonce(type: link_nonce_type)
+      type = instance_exec(&type) if type.is_a?(Proc)
+      type = type.to_s
+
+      @cached_link_nonces ||= {}
+      @cached_link_nonces[type] ||= begin
+        payload = {
+          token_type: type,
+          session_key: current_session.session_key,
+          organization_id: current_organization.id,
+        }
+
+        if type == 'nonce'
+          current_session_data[:link_nonce] = SecureRandom.hex
+          payload.merge!(nonce: current_session_data[:link_nonce])
+        elsif type == 'fixed_ip'
+          current_session_data[:remote_ip] ||= request.remote_ip
+          current_session_data[:last_ip_token_requested] = DateTime.now.iso8601
+        else
+          raise StandardError, "Unsupported link_nonce_type: '#{type}'"
+        end
+
+        session_cryptor.encrypt_and_sign(payload.to_json)
+      end
+    end
+
+    def link_nonce_type
+      self.class.link_nonce_type
+    end
+
+    private
+
+    def session_cryptor
+      secret_key_base = Rails.application.try(:secret_key_base) || Rails.application.secrets.secret_key_base
+      @session_cryptor ||= ActiveSupport::MessageEncryptor.new(secret_key_base[0..31])
+    end
+
+    def session_key_header
+      if match = request.headers['Authorization'].try(:match, /token=(.+)/)
+        match[1]
+      end
+    end
+
+    def build_session_url_params(*args, nonce_type: link_nonce_type, **kwargs)
+      if args[-1].is_a?(Hash)
+        args[-1] = args[-1].dup
+      else
+        args.push({})
+      end
+
+      if Rails.env.development?
+        args[-1].merge!(
+          session_key: current_session.session_key,
+          organization_id: current_organization.id,
+        )
+      else
+        args[-1].merge!(
+          session_token: link_nonce(type: nonce_type),
+          organization_id: current_organization.id,
+        )
+      end
+
+      args[-1].merge!(kwargs)
+      args
+    end
+
+    def auto_save_session
+      yield if block_given?
+      save_session if @current_session && session_changed?
+    end
+
+    def monkeypatch_flash
+      if valid_session? && (value = current_session_data['flashes']).present?
+        flashes = value["flashes"]
+        if discard = value["discard"]
+          flashes.except!(*discard)
+        end
+        flash.replace(flashes)
+        flash.discard()
+      end
+
+      yield
+
+      if @current_session.present?
+        current_session_data['flashes'] = flash.to_session_value
+        flash.discard()
+      end
+    end
+  end
+end