panda_pal 5.3.7 → 5.3.9

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2e3454f04c4cbf7a07dc7a041118bb3b60db681c531ebf228115de69f1114d50
-  data.tar.gz: bc600d9940213278b6a0b9e908df51c24012a75ac120746758719faa91e8abbc
+  metadata.gz: 1002e4f3ad5967af145b78fbab0d1baf01463dd106b2516acf8dba0c70374e6a
+  data.tar.gz: 00bd28e3143849e9dbff067ca92bf8b4e8546460b822244af5e7dc311a976bba
 SHA512:
-  metadata.gz: 507728d1f3dbe751125f4bd7fbda5a2245c20eee20ea8d446f12d5b701007ab1fbee5cfe81d741d400966db2f526d484e4f8ffde1c82f5db43a1e685f96362cc
-  data.tar.gz: c97afd8ec0a896f46a5b63a6eb8d9b9f13d31d995d448d29800f88f23c6fd4897877e7958e54d5d47e23dab04277c1eba7c73b852dc61704d197f3ec47ed27aa
+  metadata.gz: 2778d5d235d572716e43596a694968cf06ce07cd5e085edc73e08146ad8e1f10ac3cd0866fd134f88fb867cf7f04586dba46d4c8fd87673b333b659c9776c986
+  data.tar.gz: 5432aa9d9531c19ce5b4f08cd619507f0597a365d585cd482de1917aae538cf21c33d03f25be19431e0b40b7cc19f6f260091c5e377b6e428513c1c06f06265e

data/README.md

@@ -93,10 +93,22 @@ The following routes should be added to the routes.rb file of the implementing L
 ```ruby
 # config/routes.rb
 mount PandaPal::Engine, at: '/lti'
-lti_nav account_navigation: 'accounts#launch' # Use lti_nav to provide a custom Launch implementation, otherwise use the url: param of stage_navigation to let PandaPal handle launch.
 root to: 'panda_pal/lti#launch'
+
+# Add Launch Endpoints:
+lti_nav account_navigation: 'accounts#launch', auto_launch: false # (LTI <1.3 Default)
+# -- OR --
+scope '/organizations/:organization_id' do
+  lti_nav account_navigation: 'accounts#launch_landing', auto_launch: true # (LTI 1.3 Default)
+  lti_nav account_navigation: 'accounts#launch_landing' # Automatically sets auto_launch to true because :organization_id is part of the path
+  # ...
+end
 ```
 
+`auto_launch`: Setting to `true` will tell PandaPal to handle all of the launch details and session creation, and then pass off to
+the defined action. Setting it to `false` indicates that the defined action handles launch validation and setup itself (this has been the legacy approach).
+Because `auto_launch: false` is most similar to the previous behavior, it is the default for LTI 1.0/1.1 LTIs. For LTI 1.3 LTIs, `auto_launch: true` is the default. If not specified and `:organization_id` is detected in the Route Path, `auto_launch` will be set to `true`
+
 ## Implementating data segregation
 This engine uses Apartment to keep data segregated between installations of the implementing LTI tool.
 By default, it does this by inspecting the path of the request, and matching URLs containing `orgs` or `organizations`,

data/app/controllers/panda_pal/lti_v1_p3_controller.rb

@@ -58,7 +58,12 @@ module PandaPal
         opts = LaunchUrlHelpers.normalize_lti_launch_desc(opts)
         opts.merge!({
           placement: k,
-          target_link_uri: LaunchUrlHelpers.absolute_launch_url(k.to_sym, host: parsed_request_url, launch_handler: v1p3_resource_link_request_path),
+          target_link_uri: LaunchUrlHelpers.absolute_launch_url(
+            k.to_sym,
+            host: parsed_request_url,
+            launch_handler: v1p3_resource_link_request_path,
+            default_auto_launch: true
+          ),
         })
         opts
       end

data/app/lib/lti_xml/base_platform.rb

@@ -86,7 +86,12 @@ module LtiXml
 
     def ext_params(options, k)
       options = PandaPal::LaunchUrlHelpers.normalize_lti_launch_desc(options)
-      options[:url] = PandaPal::LaunchUrlHelpers.absolute_launch_url(k.to_sym, host: parsed_request_url, launch_handler: nil)
+      options[:url] = PandaPal::LaunchUrlHelpers.absolute_launch_url(
+        k.to_sym,
+        host: parsed_request_url,
+        launch_handler: :v1p0_launch_path,
+        default_auto_launch: false
+      )
       options
     end
   end

data/app/lib/panda_pal/launch_url_helpers.rb

@@ -1,25 +1,26 @@
 module PandaPal
   module LaunchUrlHelpers
-    def self.absolute_launch_url(launch_type, host:, launch_handler: nil)
+    def self.absolute_launch_url(launch_type, host:, launch_handler: nil, default_auto_launch: false)
       opts = PandaPal.lti_paths[launch_type]
-      is_direct = opts[:no_redirect] || !launch_handler.present?
+      auto_launch = opts[:auto_launch] != nil ? opts[:auto_launch] : default_auto_launch
+      auto_launch = auto_launch && launch_handler.present?
 
-      if is_direct
-        final_url = launch_url(opts, launch_type: launch_type)
-        return final_url if URI.parse(final_url).absolute?
-        return [host.to_s, final_url].join
-      else
+      if auto_launch
         launch_handler = resolve_route(launch_handler) if launch_handler.is_a?(Symbol)
         return add_url_params([host.to_s, launch_handler].join, {
           launch_type: launch_type,
         })
+      else
+        final_url = launch_url(opts, launch_type: launch_type)
+        return final_url if URI.parse(final_url).absolute?
+        return [host.to_s, final_url].join
       end
     end
 
     def self.normalize_lti_launch_desc(opts)
       opts = opts.dup
       opts.delete(:route_helper_key)
-      opts.delete(:no_redirect)
+      opts.delete(:auto_launch)
       opts
     end
 

data/app/models/panda_pal/organization_concerns/task_scheduling.rb

@@ -40,41 +40,7 @@ module PandaPal
 
                 hash.tap do |hash|
                   kl = ' ' * (k.to_s.length - 4)
-                  hash[k.to_sym] = hash[k.to_s] = {
-                    required: false,
-                    description: <<~MARKDOWN,
-                      Override schedule for '#{k.to_s}' task.
-
-                      **Default**: #{desc[:schedule].is_a?(String) ? desc[:schedule] : '<Computed>'}
-
-                      Set to `false` to disable or supply a Cron string:
-                      ```yaml
-                      #{k.to_s}: 0 0 0 * * * America/Denver
-                      ##{kl}     │ │ │ │ │ │ └── Timezone (Optional)
-                      ##{kl}     │ │ │ │ │ └── Day of Week
-                      ##{kl}     │ │ │ │ └── Month
-                      ##{kl}     │ │ │ └── Day of Month
-                      ##{kl}     │ │ └── Hour
-                      ##{kl}     │ └── Minute
-                      ##{kl}     └── Second (Optional)
-                      ````
-                    MARKDOWN
-                    json_schema: {
-                      oneOf: [
-                        { type: 'string', pattern: '^((((\d+,)+\d+|(\d+(\/|-)\d+)|\d+|\*) ?){5,6})(\w+\/\w+)?$' },
-                        { enum: [false] },
-                      ],
-                      default: desc[:schedule].is_a?(String) ? desc[:schedule] : '0 0 3 * * * America/Denver',
-                    },
-                    validate: ->(value, *args, errors:, **kwargs) {
-                      begin
-                        Rufus::Scheduler.parse(value) if value
-                        nil
-                      rescue ArgumentError
-                        errors << "<path> must be false or a Crontab string"
-                      end
-                    }
-                  }
+                  hash[k.to_sym] = hash[k.to_s] = PandaPal::OrganizationConcerns::TaskScheduling.build_settings_entry(desc)
                 end
               end,
             }
@@ -137,6 +103,51 @@ module PandaPal
         end
       end
 
+      def self.build_settings_entry(desc)
+        k = desc[:key]
+        kl = ' ' * (k.to_s.length - 4)
+
+        default_schedule = '<Computed>'
+        default_schedule = desc[:schedule] if desc[:schedule].is_a?(String)
+        default_schedule = '<Disabled>' unless desc[:schedule].present?
+
+        {
+          required: false,
+          description: <<~MARKDOWN,
+            Override schedule for '#{k.to_s}' task.
+
+            **Default**: #{default_schedule}
+
+            Set to `false` to disable or supply a Cron string:
+            ```yaml
+            #{k.to_s}: 0 0 0 * * * America/Denver
+            ##{kl}     │ │ │ │ │ │ └── Timezone (Optional)
+            ##{kl}     │ │ │ │ │ └── Day of Week
+            ##{kl}     │ │ │ │ └── Month
+            ##{kl}     │ │ │ └── Day of Month
+            ##{kl}     │ │ └── Hour
+            ##{kl}     │ └── Minute
+            ##{kl}     └── Second (Optional)
+            ````
+          MARKDOWN
+          json_schema: {
+            oneOf: [
+              { type: 'string', pattern: '^((((\d+,)+\d+|(\d+(\/|-)\d+)|\d+|\*) ?){5,6})(\w+\/\w+)?$' },
+              { enum: [false] },
+            ],
+            default: desc[:schedule].is_a?(String) ? desc[:schedule] : '0 0 3 * * * America/Denver',
+          },
+          validate: ->(value, *args, errors:, **kwargs) {
+            begin
+              Rufus::Scheduler.parse(value) if value
+              nil
+            rescue ArgumentError
+              errors << "<path> must be false or a Crontab string"
+            end
+          }
+        }
+      end
+
       private
 
       def unschedule_tasks(new_task_keys = nil)

data/config/routes.rb

@@ -3,6 +3,7 @@ PandaPal::Engine.routes.draw do
 
   scope '/v1p0', as: 'v1p0' do
     get '/config' => 'lti_v1_p0#tool_config'
+    post '/launch' => 'lti_v1_p0#launch'
   end
 
   scope '/v1p3', as: 'v1p3' do

data/lib/panda_pal/helpers/controller_helper.rb

@@ -39,7 +39,11 @@ module PandaPal::Helpers
 
     def validate_v1p0_launch
       authorized = false
-      if @organization = params['oauth_consumer_key'] && PandaPal::Organization.find_by_key(params['oauth_consumer_key'])
+      # We should verify the timestamp is recent (within 5 minutes).  The approved timestamp is part of the signature,
+      # so we don't need to worry about malicious users messing with it.  We should deny requests that come too long
+      # after the approved timestamp.  
+      good_timestamp = params['oauth_timestamp'] && params['oauth_timestamp'].to_i > Time.now.to_i - 300
+      if @organization = good_timestamp && params['oauth_consumer_key'] && PandaPal::Organization.find_by_key(params['oauth_consumer_key'])
         sanitized_params = request.request_parameters
         # These params come over with a safari-workaround launch.  The authenticator doesn't like them, so clean them out.
         safe_unexpected_params = ["full_win_launch_requested", "platform_redirect_url", "dummy_param"]

data/lib/panda_pal/helpers/route_helper.rb

@@ -9,7 +9,12 @@ module PandaPal::Helpers::RouteHelper
     path = "#{base_path}/#{nav.to_s}"
 
     lti_options = options.delete(:lti_options) || {}
-    lti_options[:no_redirect] = options.delete(:no_redirect)
+    lti_options[:auto_launch] = options.delete(:auto_launch)
+
+    if lti_options[:auto_launch].nil?
+      lti_options[:auto_launch] = (@scope[:path] || '').include?(':organization_id')
+    end
+
     lti_options[:route_helper_key] = path.split('/').reject(&:empty?).join('_')
     post(path, options.dup, &block)
     get(path, options.dup, &block)

data/lib/panda_pal/version.rb

@@ -1,3 +1,3 @@
 module PandaPal
-  VERSION = "5.3.7"
+  VERSION = "5.3.9"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: panda_pal
 version: !ruby/object:Gem::Version
-  version: 5.3.7
+  version: 5.3.9
 platform: ruby
 authors:
 - Instructure ProServe
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-02-01 00:00:00.000000000 Z
+date: 2021-02-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails