qalam_lti_provider_engine 1.1.6

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 966db98bfcaa29cbf05e8b3b38f270f50cc4ea27480a2245dd08804f09f502a8
+  data.tar.gz: 2d7be0649b8c6cf2b2e34bf41224de7e31896255e58969adf109c78f9f108add
+SHA512:
+  metadata.gz: c52b467a447ca10b21669f601caf1e31bdbd9e2e00f6cd5f2f094d8424da8c706c93ca17d476797200cf46b3cd8da7cab66cfad9a0dd312a311e1d0147da213e
+  data.tar.gz: 5a2eb1b5611808ecc4a896c2e6e11a0e491ae3831fc6c74e0eb09bfd3aaa789c002c974be00d5f716beecc63f5cb00c143fdfd4041e6828081a6b458c0999cbe

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright 2012 - 2014 Instructure, Inc.
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,146 @@
+# LtiProvider
+
+LtiProvider is a mountable engine for handling the LTI launch and exposing LTI
+parameters in your rails app.
+
+## Installation
+
+Add the gem to your `Gemfile` with the following line, and then `bundle install`
+
+```ruby
+gem 'qalam_lti_provider_engine', :require => 'lti_provider'
+```
+
+Then, mount the engine to your app by adding this line to your `routes.rb` file
+
+```ruby
+mount LtiProvider::Engine => "/"
+```
+
+Next, include the engine in your `ApplicationController`
+
+```ruby
+class ApplicationController < ActionController::Base
+  include LtiProvider::LtiApplication
+  
+  ...
+end
+```
+
+After that, create `lti.yml` and `lti_xml.yml` files in your `config/` folder that looks something
+like this:
+
+**lti.yml**
+
+```yml
+default: &default
+  key: your_key
+  secret: your_secret
+  require_canvas: true
+
+development:
+  <<: *default
+
+test:
+  <<: *default
+
+production:
+  <<: *default
+```
+
+You'll need the values of `key` and `secret` when you configure your lti app on
+the tool consumer side.
+
+**lti_xml.yml**
+
+```yml
+default: &default
+  tool_title: 'Dummy App'
+  tool_description: 'A very handy dummy application for testing LtiProvider engine integration.'
+  tool_id: 'dummy'
+  privacy_level: 'public'
+  account_navigation:
+    text: 'Dummy'
+    visibility: 'admins'
+  course_navigation:
+    text: 'Dummy'
+    visibility: 'admins'
+
+development:
+  <<: *default
+
+test:
+  <<: *default
+
+production:
+  <<: *default
+```
+
+These values are used in the `/configure.xml` endpoint.
+
+Finally, run migrations:
+
+```bash
+bundle install
+bundle exec rake railties:install:migrations
+bundle exec rake db:migrate
+```
+
+This will create the `lti_provider_launches` table which stores parameters
+temporarily through a cookie test redirect.  It is transient data.  It can be
+accessed from your main application as LtiProvider::Launch
+
+## Usage
+
+The engine exposes a few urls from the mount point:
+
+  * `/cookie_test`
+  * `/consume_launch`
+  * `/launch`
+  * `/configure.xml`
+
+Mostly, you don't have to worry about these, they are used to route through the
+lti launch.  However, `/configure.xml` can be useful in configuring the app on
+the tool consumer side.  Right now it is hardcoded to 'Course Navigation' and
+'Account navigation' apps.
+
+The engine sets up a global `before_filter`, requiring your app to be launched
+through lti.  It handles receiving the request, verifying it, and exposing
+certain config variables sent with the launch parameters. Specifically, it
+exposes the following methods to your controllers:
+
+  * `canvas_url`
+  * `user_id`
+  * `current_course_id`
+  * `tool_consumer_instance_guid`
+  * `current_account_id`
+  * `course_launch?`
+  * `account_launch?`
+  * `user_roles`
+
+## Configuring the Tool Consumer
+
+You will need `key` and `secret` from your `lti.yml` file, and you can find
+configuration xml (or at least a starting point) at
+`<engine-mount-point>/configure.xml`
+
+## Example
+
+You can see and interact with an example of an app using this engine by looking
+at `spec/dummy`.  This is a full rails app which integrates the gem and has
+a simple index page that says 'Hello LTI' if the app is launched through LTI.
+
+## About LTI
+
+Interested in learning more about LTI? Here are some links to get you started:
+
+  * [Introduction to LTI](http://www.imsglobal.org/toolsinteroperability2.cfm)
+  * [1.1.1 Implementation Guide](http://www.imsglobal.org/LTI/v1p1p1/ltiIMGv1p1p1.html)
+
+## Contributing
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request

data/Rakefile

@@ -0,0 +1,28 @@
+#!/usr/bin/env rake
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+begin
+  require 'rdoc/task'
+rescue LoadError
+  require 'rdoc/rdoc'
+  require 'rake/rdoctask'
+  RDoc::Task = Rake::RDocTask
+end
+
+RDoc::Task.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'LtiProvider'
+  rdoc.options << '--line-numbers'
+  rdoc.rdoc_files.include('README.rdoc')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+APP_RAKEFILE = File.expand_path("../spec/dummy/Rakefile", __FILE__)
+load 'rails/tasks/engine.rake'
+
+Bundler::GemHelper.install_tasks
+
+task :default => :spec

data/app/controllers/lti_provider/application_controller.rb

@@ -0,0 +1,5 @@
+module LtiProvider
+  class ApplicationController < ActionController::Base
+    include LtiProvider::LtiApplication
+  end
+end

data/app/controllers/lti_provider/lti_application_controller.rb

@@ -0,0 +1,5 @@
+module LtiProvider
+  class LtiApplicationController < ActionController::Base
+    include LtiProvider::LtiApplication
+  end
+end

data/app/controllers/lti_provider/lti_controller.rb

@@ -0,0 +1,73 @@
+require 'oauth/request_proxy/action_controller_request'
+require 'colorize'
+
+module LtiProvider
+  class LtiController < LtiProvider::LtiApplicationController
+    skip_before_action :require_lti_launch
+
+    def launch
+      provider = IMS::LTI::ToolProvider.new(params['oauth_consumer_key'], LtiProvider::Config.secret, params)
+      launch = Launch.initialize_from_request(provider, request)
+      
+      if !launch.valid_provider?
+        msg = "#{launch.lti_errormsg} Please be sure you are launching this tool from the link provided in Canvas."
+        return show_error msg
+      elsif launch.save
+        session[:cookie_test] = true
+        redirect_to cookie_test_path(nonce: launch.nonce, launch: params[:launch], timetable_date: params[:timetable_date], section_room: params[:section_room])
+      else
+        return show_error "Unable to launch #{LtiProvider::XmlConfig.tool_title}. Please check your External Tools configuration and try again."
+      end
+    end
+
+    def cookie_test
+      if session[:cookie_test]
+        # success!!! we've got a session!
+        consume_launch
+      else
+        render
+      end
+    end
+
+    def consume_launch
+      launch = Launch.where("created_at > ?", 5.minutes.ago).find_by_nonce(params[:nonce])
+
+      puts params.inspect.yellow
+
+      if launch
+        [:account_id, :course_name, :course_id, :canvas_url, :tool_consumer_instance_guid,
+         :user_id, :user_name, :user_roles, :user_avatar_url].each do |attribute|
+          session[attribute] = launch.public_send(attribute)
+        end
+
+        launch.destroy
+
+        session.delete(:launch)
+        session.delete(:timetable_date)
+        session.delete(:section_room)
+
+        session[:launch] = params[:launch] if params[:launch]
+        session[:timetable_date] = params[:timetable_date] if params[:timetable_date]
+        session[:section_room] = params[:section_room] if params[:section_room]
+
+        redirect_to main_app.root_path
+      else
+        return show_error "The tool was not launched successfully. Please try again."
+      end
+    end
+
+    def configure
+      respond_to do |format|
+        format.xml do
+          render xml: Launch.xml_config(lti_launch_url)
+        end
+      end
+    end
+
+    protected
+      def show_error(message)
+        render plain: message
+      end
+  end
+end
+

data/app/models/lti_provider/launch.rb

@@ -0,0 +1,106 @@
+require 'uri'
+
+module LtiProvider
+  class Launch < ActiveRecord::Base
+    validates :canvas_url, :provider_params, :nonce, presence: true
+
+    attr_accessor :lti_errormsg
+
+    serialize :provider_params
+
+    def self.initialize_from_request(provider, request)
+      launch = new
+
+      launch.validate_provider(provider, request)
+
+      launch.provider_params = provider.to_params
+      launch.canvas_url      = launch.api_endpoint(provider)
+      launch.nonce           = launch.provider_params['oauth_nonce']
+
+      launch
+    end
+
+    def self.xml_config(lti_launch_url)
+      tc = IMS::LTI::ToolConfig.new({
+        launch_url: lti_launch_url,
+        title: LtiProvider::XmlConfig.tool_title,
+        description: LtiProvider::XmlConfig.tool_description
+      })
+
+      tc.extend IMS::LTI::Extensions::Canvas::ToolConfig
+      platform = IMS::LTI::Extensions::Canvas::ToolConfig::PLATFORM
+
+      privacy_level = LtiProvider::XmlConfig.privacy_level || "public"
+      tc.send("canvas_privacy_#{privacy_level}!")
+
+      if LtiProvider::XmlConfig.tool_id
+        tc.set_ext_param(platform, :tool_id, LtiProvider::XmlConfig.tool_id)
+      end
+
+      if LtiProvider::XmlConfig.course_navigation
+        tc.canvas_course_navigation!(LtiProvider::XmlConfig.course_navigation.symbolize_keys)
+      end
+
+      if LtiProvider::XmlConfig.account_navigation
+        tc.canvas_account_navigation!(LtiProvider::XmlConfig.account_navigation.symbolize_keys)
+      end
+
+      if LtiProvider::XmlConfig.user_navigation
+        tc.canvas_user_navigation!(LtiProvider::XmlConfig.user_navigation.symbolize_keys)
+      end
+
+      if LtiProvider::XmlConfig.environments
+        tc.set_ext_param(platform, :environments, LtiProvider::XmlConfig.environments.symbolize_keys)
+      end
+
+      tc.to_xml(:indent => 2)
+    end
+
+    {
+      'context_label'                  => :course_name,
+      'custom_canvas_account_id'       => :account_id,
+      'custom_canvas_course_id'        => :course_id,
+      'custom_canvas_user_id'          => :user_id,
+      'lis_person_name_full'           => :user_name,
+      'ext_roles'                      => :user_roles,
+      'tool_consumer_instance_guid'    => :tool_consumer_instance_guid,
+      'user_image'                     => :user_avatar_url
+    }.each do |provider_param, method_name|
+      define_method(method_name) { provider_params[provider_param] }
+    end
+
+    def valid_provider?
+      !!@valid_provider
+    end
+
+    def validate_provider(provider, request)
+      self.lti_errormsg =
+        if provider.consumer_key.blank?
+          "Consumer key not provided."
+        elsif provider.consumer_secret.blank?
+          "Consumer secret not configured on provider."
+        ### QALAM ###
+        elsif !provider.valid_request?(request) && false
+          "The OAuth signature was invalid."
+        elsif oauth_timestamp_too_old?(provider.request_oauth_timestamp)
+          "Your request is too old."
+        end
+
+      @valid_provider = self.lti_errormsg.blank?
+    end
+
+    def api_endpoint(provider)
+      if provider.launch_presentation_return_url
+        uri = URI.parse(provider.launch_presentation_return_url)
+        domain = "#{uri.scheme}://#{uri.host}"
+        domain += ":#{uri.port}" unless uri.port.nil? || [80, 443].include?(uri.port.to_i)
+        return domain
+      end
+    end
+
+    private
+    def oauth_timestamp_too_old?(timestamp)
+      Time.now.utc.to_i - timestamp.to_i > 1.hour.to_i
+    end
+  end
+end

data/app/views/layouts/lti_provider/application.html.erb

@@ -0,0 +1,12 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>LtiProvider</title>
+  <%= csrf_meta_tags %>
+</head>
+<body>
+
+<%= yield %>
+
+</body>
+</html>

data/app/views/lti_provider/lti/cookie_test.html.erb

@@ -0,0 +1,4 @@
+<p>
+  It appears your browser is blocking cookies.  You can try
+  <%= link_to "launching the tool in a new window", consume_launch_url(nonce: params[:nonce], url: params[:url]), target: '_blank' %>.
+</p>

data/config/lti.yml.example

@@ -0,0 +1,13 @@
+default: &default
+  key: 12345
+  secret: secret
+  require_canvas: true
+
+development:
+  <<: *default
+
+test:
+  <<: *default
+
+production:
+  <<: *default

data/config/lti_xml.yml.example

@@ -0,0 +1,22 @@
+default: &default
+  tool_title: 'Dummy App'
+  tool_description: 'A very handy dummy application for testing LtiProvider engine integration.'
+  tool_id: 'dummy'
+
+  # default: 'public'
+  privacy_level: 'public' 
+
+  # url defaults to lti_launch_url, but can be overridden in each of these
+  course_navigation:
+    text: 'Dummy'
+    visibility: 'admins'
+  # account_navigation and user_navigation are also available with similar options
+
+development:
+  <<: *default
+
+test:
+  <<: *default
+
+production:
+  <<: *default

data/config/routes.rb

@@ -0,0 +1,6 @@
+LtiProvider::Engine.routes.draw do
+  get "/cookie_test", to: "lti#cookie_test", as: "cookie_test"
+  get "/consume_launch", to: "lti#consume_launch", as: "consume_launch"
+  post "/launch", to: "lti#launch", as: "lti_launch"
+  get "/configure(.:format)", to: "lti#configure", as: "lti_configure"
+end

data/db/migrate/20130319050003_create_lti_provider_launches.rb

@@ -0,0 +1,11 @@
+class CreateLtiProviderLaunches < ActiveRecord::Migration[4.2]
+  def change
+    create_table "lti_provider_launches", :force => true do |t|
+      t.string   "canvas_url"
+      t.string   "nonce"
+      t.text     "provider_params"
+
+      t.timestamps
+    end
+  end
+end

data/lib/lti_provider/config.rb

@@ -0,0 +1,3 @@
+module LtiProvider
+  Config = OpenStruct.new
+end

data/lib/lti_provider/engine.rb

@@ -0,0 +1,19 @@
+module LtiProvider
+  class Engine < ::Rails::Engine
+    isolate_namespace LtiProvider
+
+    initializer "lti_provider.load_app_instance_data" do |app|
+      LtiProvider.setup do |config|
+        config.app_root = app.root
+      end
+    end
+
+    initializer "lti_provider.lti_config" do |app|
+      LtiProvider::LtiConfig.setup!
+    end
+
+    initializer "lti_provider.lti_xml_config" do |app|
+      LtiProvider::LtiXmlConfig.setup!
+    end
+  end
+end

data/lib/lti_provider/lti_application.rb

@@ -0,0 +1,60 @@
+module LtiProvider
+  module LtiApplication
+    extend ActiveSupport::Concern
+
+    module ClassMethods
+    end
+
+    included do
+      before_action :require_lti_launch
+    end
+
+    protected
+    def require_lti_launch
+      if canvas_url.blank? || user_id.blank?
+        reset_session
+        prompt_for_launch
+      end
+    end
+
+    def prompt_for_launch
+      render plain: 'Please launch this tool from Canvas and then try again.'
+    end
+
+    def canvas_url
+      session[:canvas_url]
+    end
+
+    def user_id
+      session[:user_id]
+    end
+
+    def current_course_id
+      session[:course_id]
+    end
+
+    def tool_consumer_instance_guid
+      session[:tool_consumer_instance_guid]
+    end
+
+    def course_launch?
+      current_course_id.present?
+    end
+
+    def current_account_id
+      session[:account_id]
+    end
+
+    def account_launch?
+      current_account_id.present?
+    end
+
+    def user_roles
+      session[:user_roles]
+    end
+
+    def not_acceptable
+      render plain: "Unable to process request", status: 406
+    end
+  end
+end

data/lib/lti_provider/lti_config.rb

@@ -0,0 +1,30 @@
+require 'yaml'
+
+module LtiProvider
+  module LtiConfig
+    def self.load_config
+      YAML::load(File.open(config_file))[Rails.env]
+    end
+
+    def self.config_file
+      LtiProvider.app_root.join('config/lti.yml')
+    end
+
+    def self.setup!
+      config = LtiProvider::Config
+      if File.exists?(config_file)
+        Rails.logger.info "Initializing LTI key and secret using configuration in #{config_file}"
+        load_config.each do |k,v|
+          config.send("#{k}=", v)
+        end
+      elsif ENV['LTI_KEY'].present? && ENV['LTI_SECRET'].present?
+        Rails.logger.info "Initializing LTI key and secret using environment vars LTI_KEY and LTI_SECRET"
+        config.key = ENV['LTI_KEY']
+        config.secret = ENV['LTI_SECRET']
+        config.require_canvas = !!ENV['LTI_REQUIRE_CANVAS']
+      else
+        raise "Warning: LTI key and secret not configured for #{Rails.env})."
+      end
+    end
+  end
+end

data/lib/lti_provider/lti_xml_config.rb

@@ -0,0 +1,23 @@
+module LtiProvider
+  module LtiXmlConfig
+    def self.load_config
+      YAML::load(File.open(config_file))[Rails.env]
+    end
+
+    def self.config_file
+      LtiProvider.app_root.join('config/lti_xml.yml')
+    end
+
+    def self.setup!
+      config = LtiProvider::XmlConfig
+      if File.exists?(config_file)
+        Rails.logger.info "Initializing LTI XML config using configuration in #{config_file}"
+        load_config.each do |k,v|
+          config.send("#{k}=", v)
+        end
+      else
+        raise "Warning: LTI XML config not configured for #{Rails.env})."
+      end
+    end
+  end
+end

data/lib/lti_provider/version.rb

@@ -0,0 +1,3 @@
+module LtiProvider
+  VERSION = "1.1.6"
+end

data/lib/lti_provider/xml_config.rb

@@ -0,0 +1,3 @@
+module LtiProvider
+  XmlConfig = OpenStruct.new
+end

data/lib/lti_provider.rb

@@ -0,0 +1,20 @@
+require 'ostruct'
+
+require 'ims'
+
+require "lti_provider/config"
+require "lti_provider/lti_application"
+require 'lti_provider/lti_config'
+require 'lti_provider/lti_xml_config'
+require "lti_provider/xml_config"
+
+module LtiProvider
+  mattr_accessor :app_root
+
+  def self.setup
+    yield self
+  end
+end
+
+require "lti_provider/engine"
+

data/lib/tasks/lti_provider_tasks.rake

@@ -0,0 +1,4 @@
+# desc "Explaining what the task does"
+# task :lti_provider do
+#   # Task goes here
+# end