panda_pal 5.3.4 → 5.3.13

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6c598919f88d72cc23c02724fe9689b051ee82d553b8328e528253ec8e4f6622
-  data.tar.gz: 24b76f1904796d1672cb060482f63fc76fa56d34e8b248aad9480ac01e21fa3c
+  metadata.gz: c8eb58ee2c4df4d91c08b20c3ea717a1227ebbc212500b6f5a0abad01855fd8c
+  data.tar.gz: ba0b60f6ee46634a554ac779b6cadf671edb922bc33201ac762de4fa9263ec45
 SHA512:
-  metadata.gz: 75ea92798635fa208e51fc29d492c37fc8b75429b97a8e9e814e07b95e393d26aa03fe1599c42ed4a5dcbd1cb85b2d438a4d8a99ae17d885b7791c0458c4c749
-  data.tar.gz: 2cabc475ece25dadd88da19d3667e80a0f2d94d875d85cf05b244d692b0438771140cf4b9cc9d355f46c46aeca98583cb96323d7ee58c81eed8074cc7a7b87b8
+  metadata.gz: 1337a89241f5a12bc0f5d202197f17f6ea4478be3e44786e68cd2b2161fc8df0cc2338418c4cdacbaa99cb1ec9e07a06446bac3a9a9a965285f35b4cbdce91cb
+  data.tar.gz: 83c6c892aad41adc5fd7ec2709dd8f5b5a70c238764b9caad989f5a2021ee92d81c64ac05e6ce7a3e72d321d2abfa8b1aba3b1298b2225fff4d476b57d4bd3c6

data/README.md

@@ -21,6 +21,14 @@ PandaPal::stage_navigation(:account_navigation, {
 
 Configuration data for an installation can be set by creating a `PandaPal::Organization` record.  Due to the nature of the data segregation, once created, the name of the organization should not be changed (and will raise a validation error).
 
+### LTI 1.3 Configuration
+LTI 1.3 has some additional configuration steps required to setup an LTI:
+
+1. If you're running Canvas locally, make sure the `config/redis.yml` and `config/dynamic_settings.yml` files exist in Canvas.
+2. In prod, you'll need to generate a RSA Private Key for the LTI to use. You can set the `LTI_PRIVATE_KEY` ENV variable, or manually set `PandaPal.lti_private_key = OpenSSL::PKey::RSA.new(key)`.
+3. Make sure you have Redis installed and linked correctly
+4. Your PandaPal::Organization's `key` should be `CLIENT_ID/DEPLOYMENT_ID` (which can be found in Canvas). If a Deployment ID is not given, the key should just be `CLIENT_ID`.
+
 ### Launch URL property
 LTI Spec: `The launch_url contains the URL to which the LTI Launch is to be sent.   The secure_launch_url is the URL to use if secure http is required.  One of either the launch_url or the secure_launch_url must be specified.`
 
@@ -85,10 +93,22 @@ The following routes should be added to the routes.rb file of the implementing L
 ```ruby
 # config/routes.rb
 mount PandaPal::Engine, at: '/lti'
-lti_nav account_navigation: 'accounts#launch' # Use lti_nav to provide a custom Launch implementation, otherwise use the url: param of stage_navigation to let PandaPal handle launch.
 root to: 'panda_pal/lti#launch'
+
+# Add Launch Endpoints:
+lti_nav account_navigation: 'accounts#launch', auto_launch: false # (LTI <1.3 Default)
+# -- OR --
+scope '/organizations/:organization_id' do
+  lti_nav account_navigation: 'accounts#launch_landing', auto_launch: true # (LTI 1.3 Default)
+  lti_nav account_navigation: 'accounts#launch_landing' # Automatically sets auto_launch to true because :organization_id is part of the path
+  # ...
+end
 ```
 
+`auto_launch`: Setting to `true` will tell PandaPal to handle all of the launch details and session creation, and then pass off to
+the defined action. Setting it to `false` indicates that the defined action handles launch validation and setup itself (this has been the legacy approach).
+Because `auto_launch: false` is most similar to the previous behavior, it is the default for LTI 1.0/1.1 LTIs. For LTI 1.3 LTIs, `auto_launch: true` is the default. If not specified and `:organization_id` is detected in the Route Path, `auto_launch` will be set to `true`
+
 ## Implementating data segregation
 This engine uses Apartment to keep data segregated between installations of the implementing LTI tool.
 By default, it does this by inspecting the path of the request, and matching URLs containing `orgs` or `organizations`,
@@ -376,6 +396,24 @@ You will want to watch out for a few scenarios:
       link_to "Name", url_with_session(:somewhere_else_path, arg, kwarg: 1)
     ```
 
+Persistent sessions have session_tokens as a way to safely communicate a session key in a way that is hopefully not too persistent in case it is logged somewhere.
+Options for communicating session_token -
+:nonce (default) - each nonce is good for exactly one communication with the backend server.  Once the nonce is used, it is no longer valid.
+:fixed_ip - each session_token is good until it expires.  It must be used from the same ip the LTI launched from.
+:expiring - this is the least secure.  Each token is good until it expires.
+
+For :fixed_ip and :expiring tokens you can override the default expiration period of 15 minutes.
+
+See the following example of how to override the link_nonce_type and token expiration length.
+
+class ApplicationController < ActionController::Base
+  link_nonce_type :fixed_ip
+  def session_expiration_period_minutes
+    120
+  end
+...
+end
+
 ### Previous Safari Instructions
 Safari is weird and you'll potentially run into issues getting `POST` requests to properly validate CSRF if you don't do the following:
 

data/app/controllers/panda_pal/lti_v1_p0_controller.rb

@@ -2,6 +2,8 @@ require_dependency "panda_pal/application_controller"
 
 module PandaPal
   class LtiV1P0Controller < ApplicationController
+    skip_before_action :verify_authenticity_token
+
     def launch
       current_session_data.merge!({
         lti_version: 'v1p0',

data/app/controllers/panda_pal/lti_v1_p3_controller.rb

@@ -2,6 +2,7 @@ require_dependency "panda_pal/application_controller"
 
 module PandaPal
   class LtiV1P3Controller < ApplicationController
+    skip_before_action :verify_authenticity_token
     before_action :validate_launch!, only: [:resource_link_request]
     around_action :switch_tenant, only: [:resource_link_request]
 
@@ -54,11 +55,15 @@ module PandaPal
       parsed_request_url = URI.parse(request_url)
 
       mapped_placements = PandaPal.lti_paths.map do |k, opts|
-        opts = opts.dup
-        opts.delete(:route_helper_key)
+        opts = LaunchUrlHelpers.normalize_lti_launch_desc(opts)
         opts.merge!({
           placement: k,
-          target_link_uri: LaunchUrlHelpers.absolute_launch_url(k.to_sym, host: parsed_request_url, launch_handler: v1p3_resource_link_request_path),
+          target_link_uri: LaunchUrlHelpers.absolute_launch_url(
+            k.to_sym,
+            host: parsed_request_url,
+            launch_handler: v1p3_resource_link_request_path,
+            default_auto_launch: true
+          ),
         })
         opts
       end

data/app/lib/lti_xml/base_platform.rb

@@ -85,8 +85,13 @@ module LtiXml
     end
 
     def ext_params(options, k)
-      options.delete(:route_helper_key)
-      options[:url] = PandaPal::LaunchUrlHelpers.absolute_launch_url(k.to_sym, host: parsed_request_url, launch_handler: nil)
+      options = PandaPal::LaunchUrlHelpers.normalize_lti_launch_desc(options)
+      options[:url] = PandaPal::LaunchUrlHelpers.absolute_launch_url(
+        k.to_sym,
+        host: parsed_request_url,
+        launch_handler: :v1p0_launch_path,
+        default_auto_launch: false
+      )
       options
     end
   end

data/app/lib/panda_pal/batch_processor.rb

@@ -0,0 +1,41 @@
+module PandaPal
+  # An array that "processes" after so many items are added.
+  #
+  # Example Usage:
+  #   batches = BatchProcessor.new(of: 1000) do |batch|
+  #     # Process the batch somehow
+  #   end
+  #   enumerator_of_some_kind.each { |item| batches << item }
+  #   batches.flush
+  class BatchProcessor
+    attr_reader :batch_size
+
+    def initialize(of: 1000, &blk)
+      @batch_size = of
+      @block = blk
+      @current_batch = []
+    end
+
+    def <<(item)
+      @current_batch << item
+      process_batch if @current_batch.count >= batch_size
+    end
+
+    def add_all(items)
+      items.each do |i|
+        self << i
+      end
+    end
+
+    def flush
+      process_batch if @current_batch.present?
+    end
+
+    protected
+
+    def process_batch
+      @block.call(@current_batch)
+      @current_batch = []
+    end
+  end
+end

data/app/lib/panda_pal/launch_url_helpers.rb

@@ -1,22 +1,29 @@
 module PandaPal
   module LaunchUrlHelpers
-    def self.absolute_launch_url(launch_type, host:, launch_handler: nil)
+    def self.absolute_launch_url(launch_type, host:, launch_handler: nil, default_auto_launch: false)
       opts = PandaPal.lti_paths[launch_type]
-      final_url = launch_url(opts, launch_type: launch_type)
+      auto_launch = opts[:auto_launch] != nil ? opts[:auto_launch] : default_auto_launch
+      auto_launch = auto_launch && launch_handler.present?
 
-      is_direct = opts[:route_helper_key].present? || !launch_handler.present?
-
-      if is_direct
-        return final_url if URI.parse(final_url).absolute?
-        return [host.to_s, final_url].join
-      else
+      if auto_launch
         launch_handler = resolve_route(launch_handler) if launch_handler.is_a?(Symbol)
         return add_url_params([host.to_s, launch_handler].join, {
           launch_type: launch_type,
         })
+      else
+        final_url = launch_url(opts, launch_type: launch_type)
+        return final_url if URI.parse(final_url).absolute?
+        return [host.to_s, final_url].join
       end
     end
 
+    def self.normalize_lti_launch_desc(opts)
+      opts = opts.dup
+      opts.delete(:route_helper_key)
+      opts.delete(:auto_launch)
+      opts
+    end
+
     def self.launch_url(opts, launch_type: nil)
       url = launch_route(opts, launch_type: launch_type)
       url = resolve_url_symbol(url) if url.is_a?(Symbol)

data/app/models/panda_pal/organization_concerns/settings_validation.rb

@@ -8,8 +8,16 @@ module PandaPal
       end
 
       class_methods do
+        def define_setting(*args, &blk)
+          @_injected_settings_definitions ||= []
+          @_injected_settings_definitions << {
+            args: args,
+            block: blk,
+          }
+        end
+
         def settings_structure
-          if PandaPal.lti_options&.[](:settings_structure).present?
+          struc = if PandaPal.lti_options&.[](:settings_structure).present?
             normalize_settings_structure(PandaPal.lti_options[:settings_structure])
           else
             {
@@ -18,6 +26,32 @@ module PandaPal
               properties: {},
             }
           end
+
+          (@_injected_settings_definitions || []).each do |sub|
+            args = [*sub[:args]]
+            path = args.shift || []
+            path = path.split('.') if path.is_a?(String)
+            path = Array(path)
+
+            if path.present?
+              key = path.pop
+
+              root = struc
+              path.each do |p|
+                root = root[:properties][p.to_sym]
+              end
+
+              if sub[:block]
+                root[:properties][key.to_sym] = sub[:block].call
+              else
+                root[:properties][key.to_sym] = args.shift
+              end
+            else
+              sub[:block].call(struc)
+            end
+          end
+
+          struc
         end
 
         def normalize_settings_structure(struc)
@@ -69,7 +103,7 @@ module PandaPal
           any_match = norm_types.any? do |t|
             if t == 'Boolean'
               settings == true || settings == false
-            else
+            elsif t.is_a?(Class)
               settings.is_a?(t)
             end
           end
@@ -99,6 +133,20 @@ module PandaPal
           errors.concat(val_errors)
         end
 
+        if settings.is_a?(Array)
+          if spec[:length].is_a?(Range)
+            errors << "#{human_path} should contain #{spec[:length]} items" unless spec[:length].include?(settings.count)
+          elsif spec[:length].is_a?(Numeric)
+            errors << "#{human_path} should contain exactly #{spec[:length]} items" unless spec[:length] == settings.count
+          end
+
+          if spec[:item] != nil
+            settings.each_with_index do |value, i|
+              validate_settings_level(settings[i], spec[:item], path: [*path, i], errors: errors)
+            end
+          end
+        end
+
         if settings.is_a?(Hash)
           if spec[:properties] != nil
             spec[:properties].each do |key, pspec|

data/app/models/panda_pal/organization_concerns/task_scheduling.rb

@@ -11,6 +11,31 @@ module PandaPal
       included do
         after_commit :sync_schedule, on: [:create, :update]
         after_commit :unschedule_tasks, on: :destroy
+
+        define_setting do |struc|
+          next unless _schedule_descriptors.present?
+
+          struc[:properties][:timezone] ||= {
+            type: 'String',
+            required: false,
+            validate: ->(timezone, *args) {
+              ActiveSupport::TimeZone[timezone].present? ? nil : "<path> Invalid Timezone '#{timezone}'"
+            },
+          }
+
+          struc[:properties][:task_schedules] = {
+            type: 'Hash',
+            required: false,
+            properties: _schedule_descriptors.keys.reduce({}) do |hash, k|
+              desc = _schedule_descriptors[k]
+
+              hash.tap do |hash|
+                kl = ' ' * (k.to_s.length - 4)
+                hash[k.to_sym] = hash[k.to_s] = PandaPal::OrganizationConcerns::TaskScheduling.build_settings_entry(desc)
+              end
+            end,
+          }
+        end
       end
 
       class_methods do
@@ -18,69 +43,6 @@ module PandaPal
           @_schedule_descriptors ||= {}
         end
 
-        def settings_structure
-          return super unless _schedule_descriptors.present?
-
-          super.tap do |struc|
-            struc[:properties] ||= {}
-
-            struc[:properties][:timezone] ||= {
-              type: 'String',
-              required: false,
-              validate: ->(timezone, *args) {
-                ActiveSupport::TimeZone[timezone].present? ? nil : "<path> Invalid Timezone '#{timezone}'"
-              },
-            }
-
-            struc[:properties][:task_schedules] = {
-              type: 'Hash',
-              required: false,
-              properties: _schedule_descriptors.keys.reduce({}) do |hash, k|
-                desc = _schedule_descriptors[k]
-
-                hash.tap do |hash|
-                  kl = ' ' * (k.to_s.length - 4)
-                  hash[k.to_sym] = hash[k.to_s] = {
-                    required: false,
-                    description: <<~MARKDOWN,
-                      Override schedule for '#{k.to_s}' task.
-
-                      **Default**: #{desc[:schedule].is_a?(String) ? desc[:schedule] : '<Computed>'}
-
-                      Set to `false` to disable or supply a Cron string:
-                      ```yaml
-                      #{k.to_s}: 0 0 0 * * * America/Denver
-                      ##{kl}     │ │ │ │ │ │ └── Timezone (Optional)
-                      ##{kl}     │ │ │ │ │ └── Day of Week
-                      ##{kl}     │ │ │ │ └── Month
-                      ##{kl}     │ │ │ └── Day of Month
-                      ##{kl}     │ │ └── Hour
-                      ##{kl}     │ └── Minute
-                      ##{kl}     └── Second (Optional)
-                      ````
-                    MARKDOWN
-                    json_schema: {
-                      oneOf: [
-                        { type: 'string', pattern: '^((((\d+,)+\d+|(\d+(\/|-)\d+)|\d+|\*) ?){5,6})(\w+\/\w+)?$' },
-                        { enum: [false] },
-                      ],
-                      default: desc[:schedule].is_a?(String) ? desc[:schedule] : '0 0 3 * * * America/Denver',
-                    },
-                    validate: ->(value, *args, errors:, **kwargs) {
-                      begin
-                        Rufus::Scheduler.parse(value) if value
-                        nil
-                      rescue ArgumentError
-                        errors << "<path> must be false or a Crontab string"
-                      end
-                    }
-                  }
-                end
-              end,
-            }
-          end
-        end
-
         def scheduled_task(cron_time, name_or_method = nil, worker: nil, queue: nil, &block)
           task_key = (name_or_method.presence || "scheduled_task_#{caller_locations[0].lineno}").to_s
           raise "Task key '#{task_key}' already taken!" if _schedule_descriptors.key?(task_key)
@@ -137,6 +99,51 @@ module PandaPal
         end
       end
 
+      def self.build_settings_entry(desc)
+        k = desc[:key]
+        kl = ' ' * (k.to_s.length - 4)
+
+        default_schedule = '<Computed>'
+        default_schedule = desc[:schedule] if desc[:schedule].is_a?(String)
+        default_schedule = '<Disabled>' unless desc[:schedule].present?
+
+        {
+          required: false,
+          description: <<~MARKDOWN,
+            Override schedule for '#{k.to_s}' task.
+
+            **Default**: #{default_schedule}
+
+            Set to `false` to disable or supply a Cron string:
+            ```yaml
+            #{k.to_s}: 0 0 0 * * * America/Denver
+            ##{kl}     │ │ │ │ │ │ └── Timezone (Optional)
+            ##{kl}     │ │ │ │ │ └── Day of Week
+            ##{kl}     │ │ │ │ └── Month
+            ##{kl}     │ │ │ └── Day of Month
+            ##{kl}     │ │ └── Hour
+            ##{kl}     │ └── Minute
+            ##{kl}     └── Second (Optional)
+            ````
+          MARKDOWN
+          json_schema: {
+            oneOf: [
+              { type: 'string', pattern: '^((((\d+,)+\d+|(\d+(\/|-)\d+)|\d+|\*) ?){5,6})(\w+\/\w+)?$' },
+              { enum: [false] },
+            ],
+            default: desc[:schedule].is_a?(String) ? desc[:schedule] : '0 0 3 * * * America/Denver',
+          },
+          validate: ->(value, *args, errors:, **kwargs) {
+            begin
+              Rufus::Scheduler.parse(value) if value
+              nil
+            rescue ArgumentError
+              errors << "<path> must be false or a Crontab string"
+            end
+          }
+        }
+      end
+
       private
 
       def unschedule_tasks(new_task_keys = nil)
@@ -157,13 +164,17 @@ module PandaPal
         return nil unless cron_time.present?
 
         cron_time = instance_exec(&cron_time) if cron_time.is_a?(Proc)
-        if !Rufus::Scheduler.parse(cron_time).zone.present? && settings && settings[:timezone]
-          cron_time += " #{settings[:timezone]}"
+        if !Rufus::Scheduler.parse(cron_time).zone.present? && settings && settings_timezone
+          cron_time += " #{settings_timezone}"
         end
 
         cron_time
       end
 
+      def settings_timezone
+        settings[:timezone] || settings.dig(:canvas, :root_account_timezone).presence || nil
+      end
+
       class ScheduledTaskExecutor
         include Sidekiq::Worker
 

data/config/initializers/apartment.rb

@@ -10,8 +10,10 @@ Apartment.configure do |config|
 end
 
 Rails.application.config.middleware.use Apartment::Elevators::Generic, lambda { |request|
-  if match = request.path.match(/\/(?:orgs|organizations)\/(\d+)/)
+  if match = request.path.match(/\/(?:orgs?|organizations?)\/(\d+)/)
     PandaPal::Organization.find_by(id: match[1]).try(:name)
+  elsif request.path.starts_with?('/rails/active_storage/blobs/')
+    PandaPal::Organization.find_by(id: request.params['organization_id']).try(:name)
   end
 }
 

data/config/routes.rb

@@ -3,6 +3,7 @@ PandaPal::Engine.routes.draw do
 
   scope '/v1p0', as: 'v1p0' do
     get '/config' => 'lti_v1_p0#tool_config'
+    post '/launch' => 'lti_v1_p0#launch'
   end
 
   scope '/v1p3', as: 'v1p3' do

data/db/migrate/20171205194657_remove_old_organization_settings.rb

@@ -19,7 +19,6 @@ class RemoveOldOrganizationSettings < PandaPal::MiscHelper::MigrationClass
       #PandaPal::Organization.reset_column_information
       PandaPal::Organization.find_each do |o|
         # Would like to just be able to do this:
-        # PandaPal::Organization.reset_column_information
         # o.settings = YAML.load(o.old_settings)
         # o.save!
         # but for some reason that is always making the settings null.  Instead we will encrypt the settings manually.

data/lib/panda_pal/engine.rb

@@ -24,6 +24,14 @@ module PandaPal
       end
     end
 
+    initializer 'Sidekiq Scheduler Hooks' do
+      ActiveSupport.on_load(:active_record) do
+        if Sidekiq.server? && PandaPal::Organization.respond_to?(:sync_schedules)
+          PandaPal::Organization.sync_schedules
+        end
+      end
+    end
+
     initializer 'panda_pal.app_controller' do |app|
       OAUTH_10_SUPPORT = true
       ActiveSupport.on_load(:action_controller) do

data/lib/panda_pal/helpers/controller_helper.rb

@@ -39,7 +39,11 @@ module PandaPal::Helpers
 
     def validate_v1p0_launch
       authorized = false
-      if @organization = params['oauth_consumer_key'] && PandaPal::Organization.find_by_key(params['oauth_consumer_key'])
+      # We should verify the timestamp is recent (within 5 minutes).  The approved timestamp is part of the signature,
+      # so we don't need to worry about malicious users messing with it.  We should deny requests that come too long
+      # after the approved timestamp.  
+      good_timestamp = params['oauth_timestamp'] && params['oauth_timestamp'].to_i > Time.now.to_i - 300
+      if @organization = good_timestamp && params['oauth_consumer_key'] && PandaPal::Organization.find_by_key(params['oauth_consumer_key'])
         sanitized_params = request.request_parameters
         # These params come over with a safari-workaround launch.  The authenticator doesn't like them, so clean them out.
         safe_unexpected_params = ["full_win_launch_requested", "platform_redirect_url", "dummy_param"]
@@ -62,7 +66,7 @@ module PandaPal::Helpers
       raise JSON::JWT::VerificationFailed, 'error decoding id_token' if decoded_jwt.blank?
 
       client_id = decoded_jwt['aud']
-      @organization = PandaPal::Organization.find_by!(key: 'PandaPal') # client_id)
+      @organization = PandaPal::Organization.find_by!(key: client_id)
       raise JSON::JWT::VerificationFailed, 'Unrecognized Organization' unless @organization.present?
 
       decoded_jwt.verify!(current_lti_platform.public_jwks)
@@ -127,7 +131,8 @@ module PandaPal::Helpers
 
     def organization_key
       org_key ||= params[:oauth_consumer_key]
-      org_key ||= "#{params[:client_id]}/#{params[:deployment_id]}" if params[:client_id].present?
+      org_key ||= "#{params[:client_id]}/#{params[:deployment_id]}" if params[:client_id].present? && params[:deployment_id].present?
+      org_key ||= params[:client_id] if params[:client_id].present?
       org_key ||= session[:organization_key]
       org_key
     end

data/lib/panda_pal/helpers/route_helper.rb

@@ -9,6 +9,12 @@ module PandaPal::Helpers::RouteHelper
     path = "#{base_path}/#{nav.to_s}"
 
     lti_options = options.delete(:lti_options) || {}
+    lti_options[:auto_launch] = options.delete(:auto_launch)
+
+    if lti_options[:auto_launch].nil?
+      lti_options[:auto_launch] = (@scope[:path] || '').include?(':organization_id')
+    end
+
     lti_options[:route_helper_key] = path.split('/').reject(&:empty?).join('_')
     post(path, options.dup, &block)
     get(path, options.dup, &block)

data/lib/panda_pal/helpers/session_replacement.rb

@@ -32,13 +32,14 @@ module PandaPal::Helpers
       if params[:session_token]
         payload = JSON.parse(session_cryptor.decrypt_and_verify(params[:session_token])).with_indifferent_access
         matched_session = find_or_create_session(key: payload[:session_key])
-
         if matched_session.present?
           if payload[:token_type] == 'nonce' && matched_session.data[:link_nonce] == payload[:nonce]
             @current_session = matched_session
             @current_session.data[:link_nonce] = nil
           elsif payload[:token_type] == 'fixed_ip' && matched_session.data[:remote_ip] == request.remote_ip &&
-            DateTime.parse(matched_session.data[:last_ip_token_requested]) > 15.minutes.ago
+            DateTime.parse(matched_session.data[:last_ip_token_requested]) > session_expiration_period_minutes.minutes.ago
+            @current_session = matched_session
+          elsif payload[:token_type] == 'expiring' && DateTime.parse(matched_session.data[:last_token_requested]) > session_expiration_period_minutes.minutes.ago
             @current_session = matched_session
           end
         end
@@ -111,6 +112,8 @@ module PandaPal::Helpers
         elsif type == 'fixed_ip'
           current_session_data[:remote_ip] ||= request.remote_ip
           current_session_data[:last_ip_token_requested] = DateTime.now.iso8601
+        elsif type == 'expiring'
+          current_session_data[:last_token_requested] = DateTime.now.iso8601
         else
           raise StandardError, "Unsupported link_nonce_type: '#{type}'"
         end
@@ -123,6 +126,10 @@ module PandaPal::Helpers
       self.class.link_nonce_type
     end
 
+    def session_expiration_period_minutes
+      15
+    end
+
     private
 
     def session_cryptor

data/lib/panda_pal/version.rb

@@ -1,3 +1,3 @@
 module PandaPal
-  VERSION = "5.3.4"
+  VERSION = "5.3.13"
 end

data/lib/panda_pal.rb

@@ -81,6 +81,7 @@ module PandaPal
 
   def self.validate_lti_navigation(errors = [])
     @@lti_navigation.each do |k, v|
+      next if v[:route_helper_key]
       errors << "lti navigation '#{k}' does not have a Route!" unless (LaunchUrlHelpers.launch_url(k) rescue nil)
     end
     errors

data/panda_pal.gemspec

@@ -23,6 +23,7 @@ Gem::Specification.new do |s|
   s.add_dependency 'attr_encrypted', '~> 3.0.0'
   s.add_dependency 'secure_headers', '~> 6.1'
   s.add_dependency 'json-jwt'
+  s.add_dependency 'httparty'
 
   s.add_development_dependency 'sidekiq'
   s.add_development_dependency 'sidekiq-scheduler'