panda_pal 5.2.5 → 5.3.6.beta1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: dc40f9ca1d3a036a82a30105f8390bfe9faf57519ca977040921999c1e97221c
-  data.tar.gz: 01cca7d9851d83e6d2029291fde3f0baba97c1ba46e51287211b9769f803ae7f
+  metadata.gz: 89cb05a4553807543825da2a80fa692689cbbc594a1ed7d7087aaf91b4967039
+  data.tar.gz: 0603fbf7137c94639f1c43252e2ddb5510d8d620a72042587840fed8b18b3d08
 SHA512:
-  metadata.gz: f41f229e1d8101ce9de5ba9d97ec3e8a3a96b5a11d5fa7972534df8e1d2226172db2e82c3af17f228cc48b1ceb0f8e71e6ded9ed08308c9124a45365e89cf8fa
-  data.tar.gz: 29dbfab39a1b5445d31975306af414e336f0a3965c2fd5426e90335963d4da50238c69c7232a66248ad4f7524b7fd3444fc01d2a535ba4e1414aa2f02267b1bc
+  metadata.gz: c0b5747018b1a1f0fcb6193038e26905a54f4afcc9f4e698954f2ac9924082826d1ed29be76740c4ea389a2c2ccbb3d4d3d303bd0d18b3d4ba6709f7ad79b625
+  data.tar.gz: 0deda4bedafe6583167610e83a86b8d13bd4256094df6158971811c097c3a085345ea18ecaaedcf84cc9b0d890ca6ebf8ee6685ee6e70ada9b71370d4b4c9834

data/README.md

@@ -369,8 +369,30 @@ You will want to watch out for a few scenarios:
 3) If you use `link_to` and navigate in your LTI (apps that are not single page)
    make sure you include the `link_nonce` like so: 
     ```ruby
-      link_to "Link Name", somewhere_else_path(session_token: link_nonce)
+      link_to "Link Name", somewhere_else_path(arg, session_token: link_nonce)
     ```
+    NB: As of PandaPal 5.2.6, you can instead use
+    ```ruby
+      link_to "Name", url_with_session(:somewhere_else_path, arg, kwarg: 1)
+    ```
+
+Persistent sessions have session_tokens as a way to safely communicate a session key in a way that is hopefully not too persistent in case it is logged somewhere.
+Options for communicating session_token -
+:nonce (default) - each nonce is good for exactly one communication with the backend server.  Once the nonce is used, it is no longer valid.
+:fixed_ip - each session_token is good until it expires.  It must be used from the same ip the LTI launched from.
+:expiring - this is the least secure.  Each token is good until it expires.
+
+For :fixed_ip and :expiring tokens you can override the default expiration period of 15 minutes.
+
+See the following example of how to override the link_nonce_type and token expiration length.
+
+class ApplicationController < ActionController::Base
+  link_nonce_type :fixed_ip
+  def session_expiration_period_minutes
+    120
+  end
+...
+end
 
 ### Previous Safari Instructions
 Safari is weird and you'll potentially run into issues getting `POST` requests to properly validate CSRF if you don't do the following:

data/app/controllers/panda_pal/lti_v1_p0_controller.rb

@@ -2,6 +2,8 @@ require_dependency "panda_pal/application_controller"
 
 module PandaPal
   class LtiV1P0Controller < ApplicationController
+    skip_forgery_protection
+
     def launch
       current_session_data.merge!({
         lti_version: 'v1p0',

data/app/controllers/panda_pal/lti_v1_p3_controller.rb

@@ -2,8 +2,7 @@ require_dependency "panda_pal/application_controller"
 
 module PandaPal
   class LtiV1P3Controller < ApplicationController
-    skip_before_action :verify_authenticity_token
-
+    skip_forgery_protection
     before_action :validate_launch!, only: [:resource_link_request]
     around_action :switch_tenant, only: [:resource_link_request]
 
@@ -37,6 +36,12 @@ module PandaPal
 
         redirect_with_session_to(:"#{LaunchUrlHelpers.launch_route(params[:launch_type])}_url", route_context: main_app)
       end
+      # render json: {
+      #   launch_type: params[:launch_type],
+      #   final_url: LaunchUrlHelpers.launch_url(params[:launch_type]),
+      #   final_route: LaunchUrlHelpers.launch_route(params[:launch_type]),
+      #   decoded_jwt: @decoded_lti_jwt,
+      # }
     end
 
     def tool_config

data/app/lib/panda_pal/batch_processor.rb

@@ -0,0 +1,41 @@
+module PandaPal
+  # An array that "processes" after so many items are added.
+  #
+  # Example Usage:
+  #   batches = BatchProcessor.new(of: 1000) do |batch|
+  #     # Process the batch somehow
+  #   end
+  #   enumerator_of_some_kind.each { |item| batches << item }
+  #   batches.flush
+  class BatchProcessor
+    attr_reader :batch_size
+
+    def initialize(of: 1000, &blk)
+      @batch_size = of
+      @block = blk
+      @current_batch = []
+    end
+
+    def <<(item)
+      @current_batch << item
+      process_batch if @current_batch.count >= batch_size
+    end
+
+    def add_all(items)
+      items.each do |i|
+        self << i
+      end
+    end
+
+    def flush
+      process_batch if @current_batch.present?
+    end
+
+    protected
+
+    def process_batch
+      @block.call(@current_batch)
+      @current_batch = []
+    end
+  end
+end

data/app/lib/panda_pal/misc_helper.rb

@@ -4,9 +4,9 @@ module PandaPal
 
     def self.to_boolean(v)
       if Rails.version < '5.0'
-        ActiveRecord::Type::Boolean.new.type_cast_from_user("0")
+        ActiveRecord::Type::Boolean.new.type_cast_from_user(v)
       else
-        ActiveRecord::Type::Boolean.new.deserialize('0')
+        ActiveRecord::Type::Boolean.new.deserialize(v)
       end
     end
   end

data/app/models/panda_pal/organization_concerns/task_scheduling.rb

@@ -40,41 +40,7 @@ module PandaPal
 
                 hash.tap do |hash|
                   kl = ' ' * (k.to_s.length - 4)
-                  hash[k.to_sym] = hash[k.to_s] = {
-                    required: false,
-                    description: <<~MARKDOWN,
-                      Override schedule for '#{k.to_s}' task.
-
-                      **Default**: #{desc[:schedule].is_a?(String) ? desc[:schedule] : '<Computed>'}
-
-                      Set to `false` to disable or supply a Cron string:
-                      ```yaml
-                      #{k.to_s}: 0 0 0 * * * America/Denver
-                      ##{kl}     │ │ │ │ │ │ └── Timezone (Optional)
-                      ##{kl}     │ │ │ │ │ └── Day of Week
-                      ##{kl}     │ │ │ │ └── Month
-                      ##{kl}     │ │ │ └── Day of Month
-                      ##{kl}     │ │ └── Hour
-                      ##{kl}     │ └── Minute
-                      ##{kl}     └── Second (Optional)
-                      ````
-                    MARKDOWN
-                    json_schema: {
-                      oneOf: [
-                        { type: 'string', pattern: '^((((\d+,)+\d+|(\d+(\/|-)\d+)|\d+|\*) ?){5,6})(\w+\/\w+)?$' },
-                        { enum: [false] },
-                      ],
-                      default: desc[:schedule].is_a?(String) ? desc[:schedule] : '0 0 3 * * * America/Denver',
-                    },
-                    validate: ->(value, *args, errors:, **kwargs) {
-                      begin
-                        Rufus::Scheduler.parse(value) if value
-                        nil
-                      rescue ArgumentError
-                        errors << "<path> must be false or a Crontab string"
-                      end
-                    }
-                  }
+                  hash[k.to_sym] = hash[k.to_s] = PandaPal::OrganizationConcerns::TaskScheduling.build_settings_entry(desc)
                 end
               end,
             }
@@ -137,6 +103,51 @@ module PandaPal
         end
       end
 
+      def self.build_settings_entry(desc)
+        k = desc[:key]
+        kl = ' ' * (k.to_s.length - 4)
+
+        default_schedule = '<Computed>'
+        default_schedule = desc[:schedule] if desc[:schedule].is_a?(String)
+        default_schedule = '<Disabled>' unless desc[:schedule].present?
+
+        {
+          required: false,
+          description: <<~MARKDOWN,
+            Override schedule for '#{k.to_s}' task.
+
+            **Default**: #{default_schedule}
+
+            Set to `false` to disable or supply a Cron string:
+            ```yaml
+            #{k.to_s}: 0 0 0 * * * America/Denver
+            ##{kl}     │ │ │ │ │ │ └── Timezone (Optional)
+            ##{kl}     │ │ │ │ │ └── Day of Week
+            ##{kl}     │ │ │ │ └── Month
+            ##{kl}     │ │ │ └── Day of Month
+            ##{kl}     │ │ └── Hour
+            ##{kl}     │ └── Minute
+            ##{kl}     └── Second (Optional)
+            ````
+          MARKDOWN
+          json_schema: {
+            oneOf: [
+              { type: 'string', pattern: '^((((\d+,)+\d+|(\d+(\/|-)\d+)|\d+|\*) ?){5,6})(\w+\/\w+)?$' },
+              { enum: [false] },
+            ],
+            default: desc[:schedule].is_a?(String) ? desc[:schedule] : '0 0 3 * * * America/Denver',
+          },
+          validate: ->(value, *args, errors:, **kwargs) {
+            begin
+              Rufus::Scheduler.parse(value) if value
+              nil
+            rescue ArgumentError
+              errors << "<path> must be false or a Crontab string"
+            end
+          }
+        }
+      end
+
       private
 
       def unschedule_tasks(new_task_keys = nil)

data/db/migrate/20171205194657_remove_old_organization_settings.rb

@@ -19,7 +19,6 @@ class RemoveOldOrganizationSettings < PandaPal::MiscHelper::MigrationClass
       #PandaPal::Organization.reset_column_information
       PandaPal::Organization.find_each do |o|
         # Would like to just be able to do this:
-        # PandaPal::Organization.reset_column_information
         # o.settings = YAML.load(o.old_settings)
         # o.save!
         # but for some reason that is always making the settings null.  Instead we will encrypt the settings manually.

data/lib/panda_pal/helpers/controller_helper.rb

@@ -1,226 +1,139 @@
 require 'browser'
+require_relative 'session_replacement'
 
-module PandaPal::Helpers::ControllerHelper
-  extend ActiveSupport::Concern
+module PandaPal::Helpers
+  module ControllerHelper
+    extend ActiveSupport::Concern
+    include SessionReplacement
 
-  class SessionNonceMismatch < StandardError; end
-
-  included do
-    helper_method :link_nonce, :current_session
-
-    after_action :auto_save_session
-  end
-
-  def save_session
-    current_session.try(:save)
-  end
-
-  def current_session
-    return @current_session if @current_session.present?
-
-    if params[:session_token]
-      payload = JSON.parse(panda_pal_cryptor.decrypt_and_verify(params[:session_token])).with_indifferent_access
-      matched_session = PandaPal::Session.find_by(session_key: payload[:session_key])
+    def current_organization
+      @organization ||= PandaPal::Organization.find_by!(key: organization_key) if organization_key
+      @organization ||= PandaPal::Organization.find_by(id: organization_id) if organization_id
+      @organization ||= PandaPal::Organization.find_by_name(Apartment::Tenant.current)
+    end
 
-      if matched_session.present? && matched_session.data[:link_nonce] == payload[:nonce]
-        @current_session = matched_session
-        @current_session.data[:link_nonce] = nil
+    def current_lti_platform
+      return @current_lti_platform if @current_lti_platform.present?
+      # TODO: (Future) This could be expanded more to take better advantage of the LTI 1.3 Multi-Tenancy model.
+      if (canvas_url = current_organization&.settings&.dig(:canvas, :base_url)).present?
+        @current_lti_platform ||= PandaPal::Platform::Canvas.new(canvas_url)
       end
-      raise SessionNonceMismatch, "Session Not Found" unless @current_session.present?
-    elsif (session_key = params[:session_key] || session_key_header || flash[:session_key] || session[:session_key]).present?
-      @current_session = PandaPal::Session.find_by(session_key: session_key) if session_key.present?
+      @current_lti_platform ||= PandaPal::Platform::Canvas.new('http://localhost:3000') if Rails.env.development?
+      @current_lti_platform ||= PandaPal::Platform::CANVAS
+      @current_lti_platform
     end
 
-    @current_session ||= PandaPal::Session.new(panda_pal_organization_id: current_organization.id)
-
-    @current_session
-  end
-
-  def current_organization
-    @organization ||= PandaPal::Organization.find_by!(key: organization_key) if organization_key
-    @organization ||= PandaPal::Organization.find_by(id: organization_id) if organization_id
-    @organization ||= PandaPal::Organization.find_by_name(Apartment::Tenant.current)
-  end
-
-  def current_lti_platform
-    return @current_lti_platform if @current_lti_platform.present?
-    # TODO: (Future) This could be expanded more to take better advantage of the LTI 1.3 Multi-Tenancy model.
-    if (canvas_url = current_organization&.settings&.dig(:canvas, :base_url)).present?
-      @current_lti_platform ||= PandaPal::Platform::Canvas.new(canvas_url)
+    def lti_launch_params
+      current_session_data[:launch_params]
     end
-    @current_lti_platform ||= PandaPal::Platform::Canvas.new('http://localhost:3000') if Rails.env.development?
-    @current_lti_platform ||= PandaPal::Platform::CANVAS
-    @current_lti_platform
-  end
-
-  def current_session_data
-    current_session.data
-  end
-
-  def lti_launch_params
-    current_session_data[:launch_params]
-  end
-
-  def session_changed?
-    current_session.changed? && current_session.changes[:data].present?
-  end
 
-  def validate_launch!
-    safari_override
+    def validate_launch!
+      safari_override
 
-    if params[:id_token].present?
-      validate_v1p3_launch
-    elsif params[:oauth_consumer_key].present?
-      validate_v1p0_launch
-    end
-  end
-
-  def validate_v1p0_launch
-    authorized = false
-    if @organization = params['oauth_consumer_key'] && PandaPal::Organization.find_by_key(params['oauth_consumer_key'])
-      sanitized_params = request.request_parameters
-      # These params come over with a safari-workaround launch.  The authenticator doesn't like them, so clean them out.
-      safe_unexpected_params = ["full_win_launch_requested", "platform_redirect_url", "dummy_param"]
-      safe_unexpected_params.each do |p|
-        sanitized_params.delete(p)
+      if params[:id_token].present?
+        validate_v1p3_launch
+      elsif params[:oauth_consumer_key].present?
+        validate_v1p0_launch
       end
-      authenticator = IMS::LTI::Services::MessageAuthenticator.new(request.original_url, sanitized_params, @organization.secret)
-      authorized = authenticator.valid_signature?
     end
 
-    if !authorized
-      render plain: 'Invalid Credentials, please contact your Administrator.', :status => :unauthorized unless authorized
-    end
-
-    authorized
-  end
+    def validate_v1p0_launch
+      authorized = false
+      if @organization = params['oauth_consumer_key'] && PandaPal::Organization.find_by_key(params['oauth_consumer_key'])
+        sanitized_params = request.request_parameters
+        # These params come over with a safari-workaround launch.  The authenticator doesn't like them, so clean them out.
+        safe_unexpected_params = ["full_win_launch_requested", "platform_redirect_url", "dummy_param"]
+        safe_unexpected_params.each do |p|
+          sanitized_params.delete(p)
+        end
+        authenticator = IMS::LTI::Services::MessageAuthenticator.new(request.original_url, sanitized_params, @organization.secret)
+        authorized = authenticator.valid_signature?
+      end
 
-  def validate_v1p3_launch
-    decoded_jwt = JSON::JWT.decode(params.require(:id_token), :skip_verification)
-    raise JSON::JWT::VerificationFailed, 'error decoding id_token' if decoded_jwt.blank?
+      if !authorized
+        render plain: 'Invalid Credentials, please contact your Administrator.', :status => :unauthorized unless authorized
+      end
 
-    client_id = decoded_jwt['aud']
-    @organization = PandaPal::Organization.find_by!(key: 'PandaPal') # client_id)
-    raise JSON::JWT::VerificationFailed, 'Unrecognized Organization' unless @organization.present?
+      authorized
+    end
 
-    decoded_jwt.verify!(current_lti_platform.public_jwks)
+    def validate_v1p3_launch
+      decoded_jwt = JSON::JWT.decode(params.require(:id_token), :skip_verification)
+      raise JSON::JWT::VerificationFailed, 'error decoding id_token' if decoded_jwt.blank?
 
-    params[:session_key] = params[:state]
-    raise JSON::JWT::VerificationFailed, 'State is invalid' unless current_session_data[:lti_oauth_nonce] == decoded_jwt['nonce']
+      client_id = decoded_jwt['aud']
+      @organization = PandaPal::Organization.find_by!(key: client_id)
+      raise JSON::JWT::VerificationFailed, 'Unrecognized Organization' unless @organization.present?
 
-    jwt_verifier = PandaPal::LtiJwtValidator.new(decoded_jwt, client_id)
-    raise JSON::JWT::VerificationFailed, jwt_verifier.errors unless jwt_verifier.valid?
+      decoded_jwt.verify!(current_lti_platform.public_jwks)
 
-    @decoded_lti_jwt = decoded_jwt
-  rescue JSON::JWT::VerificationFailed => e
-    payload = Array(e.message)
+      params[:session_key] = params[:state]
+      raise JSON::JWT::VerificationFailed, 'State is invalid' unless current_session_data[:lti_oauth_nonce] == decoded_jwt['nonce']
 
-    render json: {
-      message: [
-        { errors: payload },
-        { id_token: params.require(:id_token) },
-      ],
-    }, status: :unauthorized
+      jwt_verifier = PandaPal::LtiJwtValidator.new(decoded_jwt, client_id)
+      raise JSON::JWT::VerificationFailed, jwt_verifier.errors unless jwt_verifier.valid?
 
-    false
-  end
+      @decoded_lti_jwt = decoded_jwt
+    rescue JSON::JWT::VerificationFailed => e
+      payload = Array(e.message)
 
-  def switch_tenant(organization = current_organization, &block)
-    return unless organization
-    raise 'This method should be called in an around_action callback' unless block_given?
+      render json: {
+        message: [
+          { errors: payload },
+          { id_token: params.require(:id_token) },
+        ],
+      }, status: :unauthorized
 
-    Apartment::Tenant.switch(organization.name) do
-      yield
+      false
     end
-  end
 
-  def forbid_access_if_lacking_session
-    render plain: 'You should do an LTI Tool Launch.', status: :unauthorized unless valid_session?
-    safari_override
-  end
+    def switch_tenant(organization = current_organization, &block)
+      return unless organization
+      raise 'This method should be called in an around_action callback' unless block_given?
 
-  def verify_authenticity_token
-    # No need to check CSRF when no cookies were sent. This fixes CSRF failures in Browsers
-    # that restrict Cookie setting within an IFrame.
-    return unless request.cookies.keys.length > 0
-    super
-  end
-
-  def valid_session?
-    [
-      current_session.persisted?,
-      current_organization,
-      current_session.panda_pal_organization_id == current_organization.id,
-      Apartment::Tenant.current == current_organization.name
-    ].all?
-  rescue SessionNonceMismatch
-    false
-  end
-
-  def safari_override
-    use_secure_headers_override(:safari_override) if browser.safari?
-  end
-
-  # Redirect with the session key intact. In production,
-  # handle this by adding a one-time use encrypted token to the URL.
-  # Keeping it in the URL in development means that it plays
-  # nicely with webpack-dev-server live reloading (otherwise
-  # you get an access error everytime it tries to live reload).
-
-  def redirect_with_session_to(location, params = {}, route_context: self, **rest)
-    params.merge!(rest)
-    if Rails.env.development?
-      redirect_to route_context.send(location, {
-        session_key: current_session.session_key,
-        organization_id: current_organization.id,
-      }.merge(params))
-    else
-      redirect_to route_context.send(location, {
-        session_token: link_nonce,
-        organization_id: current_organization.id,
-      }.merge(params))
+      Apartment::Tenant.switch(organization.name) do
+        yield
+      end
     end
-  end
-
-  def link_nonce
-    @link_nonce ||= begin
-      current_session_data[:link_nonce] = SecureRandom.hex
 
-      payload = {
-        session_key: current_session.session_key,
-        organization_id: current_organization.id,
-        nonce: current_session_data[:link_nonce],
-      }
+    def forbid_access_if_lacking_session
+      super
+      safari_override
+    end
 
-      panda_pal_cryptor.encrypt_and_sign(payload.to_json)
+    def valid_session?
+      return false unless current_session(create_missing: false)&.persisted?
+      return false unless current_organization
+      return false unless current_session.panda_pal_organization_id == current_organization.id
+      return false unless Apartment::Tenant.current == current_organization.name
+      true
+    rescue SessionNonceMismatch
+      false
     end
-  end
 
-  private
+    def safari_override
+      use_secure_headers_override(:safari_override) if browser.safari?
+    end
 
-  def organization_key
-    org_key ||= params[:oauth_consumer_key]
-    org_key ||= "#{params[:client_id]}/#{params[:deployment_id]}" if params[:client_id].present?
-    org_key ||= session[:organization_key]
-    org_key
-  end
+    private
 
-  def organization_id
-    params[:organization_id]
-  end
-
-  def session_key_header
-    if match = request.headers['Authorization'].try(:match, /token=(.+)/)
-      match[1]
+    def find_or_create_session(key:)
+      if key == :create
+        PandaPal::Session.new(panda_pal_organization_id: current_organization.id)
+      else
+        PandaPal::Session.find_by(session_key: key)
+      end
     end
-  end
 
-  def panda_pal_cryptor
-    @panda_pal_cryptor ||= ActiveSupport::MessageEncryptor.new(Rails.application.secret_key_base[0..31])
-  end
+    def organization_key
+      org_key ||= params[:oauth_consumer_key]
+      org_key ||= "#{params[:client_id]}/#{params[:deployment_id]}" if params[:client_id].present?
+      org_key ||= session[:organization_key]
+      org_key
+    end
 
-  def auto_save_session
-    yield if block_given?
-    save_session if @current_session && session_changed?
+    def organization_id
+      params[:organization_id]
+    end
   end
 end