panda_pal 5.3.4 → 5.3.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +18 -0
- data/lib/panda_pal/helpers/controller_helper.rb +1 -1
- data/lib/panda_pal/helpers/session_replacement.rb +9 -2
- data/lib/panda_pal/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 751203d046fbd547e8f194feabb335a81a08be96f6a557712f1673d139576a29
|
|
4
|
+
data.tar.gz: b06b642432ce0d1e4a42a4bc93520b3782c6d8cce801e91508b296be60501482
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: cc338a137cec8f7abb900b801ace89f1588b265d534babf98f6bb940307289b8a3175a9ce0d5d70a5ddeb520f3525d13e1ba0f7e52df34e75c6fda40ca03a3de
|
|
7
|
+
data.tar.gz: 717e7355ae2cfb990f40c589df6c29c138f55d660fa0095367a275e000a7041e98e99ec631f6dd1bf9e9f3068c7a01006d4a3580ac017cb358a18b9c9711a87f
|
data/README.md
CHANGED
|
@@ -376,6 +376,24 @@ You will want to watch out for a few scenarios:
|
|
|
376
376
|
link_to "Name", url_with_session(:somewhere_else_path, arg, kwarg: 1)
|
|
377
377
|
```
|
|
378
378
|
|
|
379
|
+
Persistent sessions have session_tokens as a way to safely communicate a session key in a way that is hopefully not too persistent in case it is logged somewhere.
|
|
380
|
+
Options for communicating session_token -
|
|
381
|
+
:nonce (default) - each nonce is good for exactly one communication with the backend server. Once the nonce is used, it is no longer valid.
|
|
382
|
+
:fixed_ip - each session_token is good until it expires. It must be used from the same ip the LTI launched from.
|
|
383
|
+
:expiring - this is the least secure. Each token is good until it expires.
|
|
384
|
+
|
|
385
|
+
For :fixed_ip and :expiring tokens you can override the default expiration period of 15 minutes.
|
|
386
|
+
|
|
387
|
+
See the following example of how to override the link_nonce_type and token expiration length.
|
|
388
|
+
|
|
389
|
+
class ApplicationController < ActionController::Base
|
|
390
|
+
link_nonce_type :fixed_ip
|
|
391
|
+
def session_expiration_period_minutes
|
|
392
|
+
120
|
|
393
|
+
end
|
|
394
|
+
...
|
|
395
|
+
end
|
|
396
|
+
|
|
379
397
|
### Previous Safari Instructions
|
|
380
398
|
Safari is weird and you'll potentially run into issues getting `POST` requests to properly validate CSRF if you don't do the following:
|
|
381
399
|
|
|
@@ -62,7 +62,7 @@ module PandaPal::Helpers
|
|
|
62
62
|
raise JSON::JWT::VerificationFailed, 'error decoding id_token' if decoded_jwt.blank?
|
|
63
63
|
|
|
64
64
|
client_id = decoded_jwt['aud']
|
|
65
|
-
@organization = PandaPal::Organization.find_by!(key:
|
|
65
|
+
@organization = PandaPal::Organization.find_by!(key: client_id)
|
|
66
66
|
raise JSON::JWT::VerificationFailed, 'Unrecognized Organization' unless @organization.present?
|
|
67
67
|
|
|
68
68
|
decoded_jwt.verify!(current_lti_platform.public_jwks)
|
|
@@ -32,13 +32,14 @@ module PandaPal::Helpers
|
|
|
32
32
|
if params[:session_token]
|
|
33
33
|
payload = JSON.parse(session_cryptor.decrypt_and_verify(params[:session_token])).with_indifferent_access
|
|
34
34
|
matched_session = find_or_create_session(key: payload[:session_key])
|
|
35
|
-
|
|
36
35
|
if matched_session.present?
|
|
37
36
|
if payload[:token_type] == 'nonce' && matched_session.data[:link_nonce] == payload[:nonce]
|
|
38
37
|
@current_session = matched_session
|
|
39
38
|
@current_session.data[:link_nonce] = nil
|
|
40
39
|
elsif payload[:token_type] == 'fixed_ip' && matched_session.data[:remote_ip] == request.remote_ip &&
|
|
41
|
-
DateTime.parse(matched_session.data[:last_ip_token_requested]) >
|
|
40
|
+
DateTime.parse(matched_session.data[:last_ip_token_requested]) > session_expiration_period_minutes.minutes.ago
|
|
41
|
+
@current_session = matched_session
|
|
42
|
+
elsif payload[:token_type] == 'expiring' && DateTime.parse(matched_session.data[:last_token_requested]) > session_expiration_period_minutes.minutes.ago
|
|
42
43
|
@current_session = matched_session
|
|
43
44
|
end
|
|
44
45
|
end
|
|
@@ -111,6 +112,8 @@ module PandaPal::Helpers
|
|
|
111
112
|
elsif type == 'fixed_ip'
|
|
112
113
|
current_session_data[:remote_ip] ||= request.remote_ip
|
|
113
114
|
current_session_data[:last_ip_token_requested] = DateTime.now.iso8601
|
|
115
|
+
elsif type == 'expiring'
|
|
116
|
+
current_session_data[:last_token_requested] = DateTime.now.iso8601
|
|
114
117
|
else
|
|
115
118
|
raise StandardError, "Unsupported link_nonce_type: '#{type}'"
|
|
116
119
|
end
|
|
@@ -123,6 +126,10 @@ module PandaPal::Helpers
|
|
|
123
126
|
self.class.link_nonce_type
|
|
124
127
|
end
|
|
125
128
|
|
|
129
|
+
def session_expiration_period_minutes
|
|
130
|
+
15
|
|
131
|
+
end
|
|
132
|
+
|
|
126
133
|
private
|
|
127
134
|
|
|
128
135
|
def session_cryptor
|
data/lib/panda_pal/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: panda_pal
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 5.3.
|
|
4
|
+
version: 5.3.5
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Instructure ProServe
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-
|
|
11
|
+
date: 2020-10-06 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rails
|