panda_pal 5.3.4 → 5.3.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +18 -0
- data/lib/panda_pal/helpers/controller_helper.rb +1 -1
- data/lib/panda_pal/helpers/session_replacement.rb +9 -2
- data/lib/panda_pal/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 751203d046fbd547e8f194feabb335a81a08be96f6a557712f1673d139576a29
|
|
4
|
+
data.tar.gz: b06b642432ce0d1e4a42a4bc93520b3782c6d8cce801e91508b296be60501482
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: cc338a137cec8f7abb900b801ace89f1588b265d534babf98f6bb940307289b8a3175a9ce0d5d70a5ddeb520f3525d13e1ba0f7e52df34e75c6fda40ca03a3de
|
|
7
|
+
data.tar.gz: 717e7355ae2cfb990f40c589df6c29c138f55d660fa0095367a275e000a7041e98e99ec631f6dd1bf9e9f3068c7a01006d4a3580ac017cb358a18b9c9711a87f
|
data/README.md
CHANGED
|
@@ -376,6 +376,24 @@ You will want to watch out for a few scenarios:
|
|
|
376
376
|
link_to "Name", url_with_session(:somewhere_else_path, arg, kwarg: 1)
|
|
377
377
|
```
|
|
378
378
|
|
|
379
|
+
Persistent sessions have session_tokens as a way to safely communicate a session key in a way that is hopefully not too persistent in case it is logged somewhere.
|
|
380
|
+
Options for communicating session_token -
|
|
381
|
+
:nonce (default) - each nonce is good for exactly one communication with the backend server. Once the nonce is used, it is no longer valid.
|
|
382
|
+
:fixed_ip - each session_token is good until it expires. It must be used from the same ip the LTI launched from.
|
|
383
|
+
:expiring - this is the least secure. Each token is good until it expires.
|
|
384
|
+
|
|
385
|
+
For :fixed_ip and :expiring tokens you can override the default expiration period of 15 minutes.
|
|
386
|
+
|
|
387
|
+
See the following example of how to override the link_nonce_type and token expiration length.
|
|
388
|
+
|
|
389
|
+
class ApplicationController < ActionController::Base
|
|
390
|
+
link_nonce_type :fixed_ip
|
|
391
|
+
def session_expiration_period_minutes
|
|
392
|
+
120
|
|
393
|
+
end
|
|
394
|
+
...
|
|
395
|
+
end
|
|
396
|
+
|
|
379
397
|
### Previous Safari Instructions
|
|
380
398
|
Safari is weird and you'll potentially run into issues getting `POST` requests to properly validate CSRF if you don't do the following:
|
|
381
399
|
|
|
@@ -62,7 +62,7 @@ module PandaPal::Helpers
|
|
|
62
62
|
raise JSON::JWT::VerificationFailed, 'error decoding id_token' if decoded_jwt.blank?
|
|
63
63
|
|
|
64
64
|
client_id = decoded_jwt['aud']
|
|
65
|
-
@organization = PandaPal::Organization.find_by!(key:
|
|
65
|
+
@organization = PandaPal::Organization.find_by!(key: client_id)
|
|
66
66
|
raise JSON::JWT::VerificationFailed, 'Unrecognized Organization' unless @organization.present?
|
|
67
67
|
|
|
68
68
|
decoded_jwt.verify!(current_lti_platform.public_jwks)
|
|
@@ -32,13 +32,14 @@ module PandaPal::Helpers
|
|
|
32
32
|
if params[:session_token]
|
|
33
33
|
payload = JSON.parse(session_cryptor.decrypt_and_verify(params[:session_token])).with_indifferent_access
|
|
34
34
|
matched_session = find_or_create_session(key: payload[:session_key])
|
|
35
|
-
|
|
36
35
|
if matched_session.present?
|
|
37
36
|
if payload[:token_type] == 'nonce' && matched_session.data[:link_nonce] == payload[:nonce]
|
|
38
37
|
@current_session = matched_session
|
|
39
38
|
@current_session.data[:link_nonce] = nil
|
|
40
39
|
elsif payload[:token_type] == 'fixed_ip' && matched_session.data[:remote_ip] == request.remote_ip &&
|
|
41
|
-
DateTime.parse(matched_session.data[:last_ip_token_requested]) >
|
|
40
|
+
DateTime.parse(matched_session.data[:last_ip_token_requested]) > session_expiration_period_minutes.minutes.ago
|
|
41
|
+
@current_session = matched_session
|
|
42
|
+
elsif payload[:token_type] == 'expiring' && DateTime.parse(matched_session.data[:last_token_requested]) > session_expiration_period_minutes.minutes.ago
|
|
42
43
|
@current_session = matched_session
|
|
43
44
|
end
|
|
44
45
|
end
|
|
@@ -111,6 +112,8 @@ module PandaPal::Helpers
|
|
|
111
112
|
elsif type == 'fixed_ip'
|
|
112
113
|
current_session_data[:remote_ip] ||= request.remote_ip
|
|
113
114
|
current_session_data[:last_ip_token_requested] = DateTime.now.iso8601
|
|
115
|
+
elsif type == 'expiring'
|
|
116
|
+
current_session_data[:last_token_requested] = DateTime.now.iso8601
|
|
114
117
|
else
|
|
115
118
|
raise StandardError, "Unsupported link_nonce_type: '#{type}'"
|
|
116
119
|
end
|
|
@@ -123,6 +126,10 @@ module PandaPal::Helpers
|
|
|
123
126
|
self.class.link_nonce_type
|
|
124
127
|
end
|
|
125
128
|
|
|
129
|
+
def session_expiration_period_minutes
|
|
130
|
+
15
|
|
131
|
+
end
|
|
132
|
+
|
|
126
133
|
private
|
|
127
134
|
|
|
128
135
|
def session_cryptor
|
data/lib/panda_pal/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: panda_pal
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 5.3.
|
|
4
|
+
version: 5.3.5
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Instructure ProServe
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-
|
|
11
|
+
date: 2020-10-06 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rails
|