qalam_oauth_engine 2.2.9

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: ca4df23009a1ac767c658d767afb25ce07614896e9a64c4a29902034377be29c
+  data.tar.gz: f64d346bf4ef5619e98b491de827602c8b18bec4c38d2e8ee3a761be4b85e858
+SHA512:
+  metadata.gz: b3f808048822cc4442059f75203df5662bc0657cedca326842c2a909ed05e16688ffd3bc295addb02081363cc6d37a68e72e898d49ae4b19fa1cfa4c077c91f7
+  data.tar.gz: 476c685d5a946c4a89494fed0500e439fae6bc1adbec7e51f7f04497ecdfc9e48d5a05be906bd4700fc0ea478360bbcec69a68552812685398472a7d5f4ff897

data/MIT-LICENSE

@@ -0,0 +1,28 @@
+#!/usr/bin/env rake
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+begin
+  require 'rdoc/task'
+rescue LoadError
+  require 'rdoc/rdoc'
+  require 'rake/rdoctask'
+  RDoc::Task = Rake::RDocTask
+end
+
+RDoc::Task.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'CanvasOauth'
+  rdoc.options << '--line-numbers'
+  rdoc.rdoc_files.include('README.rdoc')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+APP_RAKEFILE = File.expand_path("../spec/dummy/Rakefile", __FILE__)
+load 'rails/tasks/engine.rake'
+
+Bundler::GemHelper.install_tasks
+
+task :default => :spec

data/README.md

@@ -0,0 +1,110 @@
+# CanvasOauth
+
+CanvasOauth is a mountable engine for handling the oauth workflow with canvas
+and making api calls from your rails app.  This is tested with Rails 3.2, we'll
+be looking at verifying with Rails 4 soon.
+
+## Warning
+
+The current version of this gem relies heavily on being able to access the user
+session.  Since LTI apps generally run in an iframe inside the LMS, this means
+that tools using this engine MUST run on the same root domain as the LMS they
+are plugging into.  This is obviously not ideal, and we will be working to
+remove this limitation in the future.
+
+## Installation
+
+Add the gem to your `Gemfile` with the following line, and then `bundle install`
+
+```
+gem 'qalam_oauth_engine', :require => 'canvas_oauth'
+```
+
+Then, mount the engine to your app by adding this line to your `routes.rb` file
+
+```
+mount CanvasOauth::Engine => "/canvas_oauth"
+```
+
+Next, include the engine in your `ApplicationController`
+
+```
+class ApplicationController < ActionController::Base
+  include CanvasOauth::CanvasApplication
+
+  ...
+end
+```
+
+After that, create an `canvas.yml` file in your `config/` folder that looks something
+like this (or see `config/canvas.yml.example` for a template):
+
+```
+default: &default
+  key: your_key
+  secret: your_secret
+
+development:
+  <<: *default
+
+test:
+  <<: *default
+
+production:
+  <<: *default
+```
+
+The values of key and secret should be set from the developer key that you
+generate in the canvas application.
+
+Finally, run migrations:
+
+```
+bundle install
+bundle exec rake railties:install:migrations
+bundle exec rake db:migrate
+```
+
+This will create the `canvas_oauth_authorizations` table which stores
+successful oauth tokens for later use, so the user does not have to accept the
+oauth login each time they use the app.
+
+## Usage
+
+The engine only uses one url, whatever it is mounted to, to serve as the
+`redirect_url` in the oauth workflow.
+
+The engine sets up a global `before_filter`, which checks for a valid oauth
+token, and if one does not exist, starts the oauth login flow.  It handles
+posting the oauth request, verifying the result and redirecting to the
+application root. It exposes the following methods to your controllers:
+
+  * `canvas`
+  * `canvas_token`
+
+The first is an instance of HTTParty ready to make api requests to your canvas
+application.  The second is if you need access to the oauth token directly.
+
+## Configuring the Tool Consumer
+
+You will a developer key and secret from canvas, which should be entered into
+you `canvas.yml` file.
+
+## Example
+
+You can see and interact with an example of an app using this engine by looking
+at `spec/dummy`.  This is a full rails app which integrates the gem and has
+a simple index page that says 'Hello Oauth' if the app is launched and the
+oauth flow is successful.
+
+## About Oauth
+
+TODO...
+
+## Contributing
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request

data/Rakefile

@@ -0,0 +1,28 @@
+#!/usr/bin/env rake
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+begin
+  require 'rdoc/task'
+rescue LoadError
+  require 'rdoc/rdoc'
+  require 'rake/rdoctask'
+  RDoc::Task = Rake::RDocTask
+end
+
+RDoc::Task.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'CanvasOauth'
+  rdoc.options << '--line-numbers'
+  rdoc.rdoc_files.include('README.rdoc')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+APP_RAKEFILE = File.expand_path("../spec/dummy/Rakefile", __FILE__)
+load 'rails/tasks/engine.rake'
+
+Bundler::GemHelper.install_tasks
+
+task :default => :spec

data/app/controllers/canvas_oauth/canvas_controller.rb

@@ -0,0 +1,26 @@
+module CanvasOauth
+  class CanvasController < CanvasOauth::OauthApplicationController
+    skip_before_action :request_canvas_authentication
+
+    def oauth
+      if verify_oauth2_state(params[:state]) && params[:code]
+        if token = canvas.get_access_token(params[:code])
+          refresh_token = canvas.refresh_token
+          if CanvasOauth::Authorization.cache_token(token, refresh_token, user_id, tool_consumer_instance_guid)
+            redirect_to main_app.root_path
+          else
+            render plain: "Error: unable to save token"
+          end
+        else
+          render plain: "Error: invalid code - #{params[:code]}"
+        end
+      else
+        render plain: "#{CanvasOauth::Config.tool_name} needs access to your account in order to function properly. Please try again and click log in to approve the integration."
+      end
+    end
+
+    def verify_oauth2_state(callback_state)
+      callback_state.present? && callback_state == session.delete(:oauth2_state)
+    end
+  end
+end

data/app/controllers/canvas_oauth/oauth_application_controller.rb

@@ -0,0 +1,5 @@
+module CanvasOauth
+  class OauthApplicationController < ActionController::Base
+    include CanvasOauth::CanvasApplication
+  end
+end

data/app/models/canvas_oauth/authorization.rb

@@ -0,0 +1,46 @@
+module CanvasOauth
+  class Authorization < ActiveRecord::Base
+    validates :canvas_user_id, :token, :refresh_token, :last_used_at, presence: true
+
+    def self.cache_token(token, refresh_token, user_id, tool_consumer_instance_guid)
+      create do |t|
+        t.token = token
+        t.refresh_token = refresh_token
+        t.canvas_user_id = user_id
+        t.tool_consumer_instance_guid = tool_consumer_instance_guid
+        t.last_used_at = Time.now
+      end
+    end
+
+    def self.fetch_token(user_id, tool_consumer_instance_guid)
+      user_tokens = where(canvas_user_id: user_id, tool_consumer_instance_guid: tool_consumer_instance_guid).order("created_at DESC")
+      if canvas_auth = user_tokens.first
+        canvas_auth.update_attribute(:last_used_at, Time.now)
+        return canvas_auth.token
+      end
+    end
+
+    def self.fetch_refresh_token(user_id, tool_consumer_instance_guid)
+      user_tokens = where(canvas_user_id: user_id, tool_consumer_instance_guid: tool_consumer_instance_guid).order("created_at DESC")
+      if canvas_auth = user_tokens.first
+        canvas_auth.update_attribute(:last_used_at, Time.now)
+        return canvas_auth.refresh_token
+      end
+    end
+
+    def self.update_token(refresh_token, token)
+      if token 
+        user_tokens = where(refresh_token: refresh_token).order("created_at DESC")
+        if canvas_auth = user_tokens.first
+          canvas_auth.update_attribute(:token, token)
+          canvas_auth.update_attribute(:last_used_at, Time.now)
+          return canvas_auth.token
+        end
+      end
+    end
+
+    def self.clear_tokens(user_id, tool_consumer_instance_guid)
+      where(canvas_user_id: user_id, tool_consumer_instance_guid: tool_consumer_instance_guid).destroy_all
+    end
+  end
+end

data/config/canvas.yml.example

@@ -0,0 +1,12 @@
+default: &default
+  key: your_key
+  secret: your_secret
+
+development:
+  <<: *default
+
+test:
+  <<: *default
+
+cucumber:
+  <<: *default

data/config/routes.rb

@@ -0,0 +1,3 @@
+CanvasOauth::Engine.routes.draw do
+  match "/", to: "canvas#oauth", via: :get, as: :canvas_oauth
+end

data/db/migrate/20121121005358_create_canvas_oauth_authorizations.rb

@@ -0,0 +1,16 @@
+class CreateCanvasOauthAuthorizations < ActiveRecord::Migration[4.2]
+  def change
+    create_table "canvas_oauth_authorizations", :force => true do |t|
+      t.integer  "canvas_user_id", :limit => 8
+      t.string   "tool_consumer_instance_guid", :null => false
+      t.string   "token"
+      t.string   "refresh_token"
+      t.datetime "last_used_at"
+      t.datetime "created_at",                  :null => false
+      t.datetime "updated_at",                  :null => false
+    end
+
+    add_index :canvas_oauth_authorizations, [:canvas_user_id, :tool_consumer_instance_guid],
+      name: 'index_canvas_oauth_auths_on_user_id_and_tciguid'
+  end
+end

data/lib/canvas_oauth.rb

@@ -0,0 +1,26 @@
+require 'ostruct'
+
+require 'httparty'
+require 'link_header'
+
+require "canvas_oauth/config"
+require "canvas_oauth/canvas_application"
+require 'canvas_oauth/canvas_api'
+require 'canvas_oauth/canvas_api_extensions'
+require 'canvas_oauth/canvas_config'
+require 'canvas_oauth/default_utf8_parser'
+
+module CanvasOauth
+  mattr_accessor :app_root
+
+  def self.setup
+    yield self
+  end
+
+  def self.config
+    yield(CanvasOauth::Config)
+  end
+end
+
+require "canvas_oauth/engine"
+

data/lib/canvas_oauth/canvas_api.rb

@@ -0,0 +1,331 @@
+module CanvasOauth
+  class CanvasApi
+    include HTTParty
+    PER_PAGE = 50
+
+    attr_accessor :token, :refresh_token, :key, :secret
+    attr_reader :canvas_url, :canvas_user_id
+
+    def initialize(canvas_url, canvas_user_id, token, refresh_token, key, secret)
+      unless [key, secret].all?(&:present?)
+        raise "Invalid Canvas oAuth configuration"
+      end
+      
+      self.refresh_token = refresh_token
+      self.canvas_url = canvas_url
+      self.canvas_user_id = canvas_user_id
+      self.token = token
+      self.key = key
+      self.secret = secret
+    end
+
+    def authenticated_request(method, *params)
+      params << {} if params.size == 1
+
+      params.last[:headers] ||= {}
+      params.last[:headers]['Authorization'] = "Bearer #{token}"
+
+      start = Time.now
+
+      response = self.class.send(method, *params)
+
+      Rails.logger.info {
+        stop = Time.now
+        elapsed = ((stop - start) * 1000).round(2)
+
+        params.last[:headers].reject! { |k| k == 'Authorization' }
+        "API call (#{elapsed}ms): #{method} #{params.inspect}"
+      }
+
+      if response && response.unauthorized?
+        if refresh_token
+          get_access_token_by_refresh_token
+          authenticated_request(method, *params)
+        else
+          if response.headers['WWW-Authenticate'].present?
+            raise CanvasApi::Authenticate
+          else
+            raise CanvasApi::Unauthorized
+          end
+        end
+      else
+        return response
+      end
+    end
+
+    def paginated_get(url, params = {})
+      params[:query] ||= {}
+      params[:query][:per_page] = PER_PAGE
+
+      all_pages = []
+
+      while url && current_page = authenticated_get(url, params) do
+        all_pages.concat(current_page) if valid_page?(current_page)
+
+        links = LinkHeader.parse(current_page.headers['link'])
+        url = links.find_link(["rel", "next"]).try(:href)
+        params[:query] = nil if params[:query]
+      end
+
+      all_pages
+    end
+
+    def get_report(account_id, report_type, params)
+      report = authenticated_post("/api/v1/accounts/#{account_id}/reports/#{report_type}", { body: params })
+      report = authenticated_get "/api/v1/accounts/#{account_id}/reports/#{report_type}/#{report['id']}"
+      while (report['status'] == 'created' || report['status'] == 'running')
+        sleep(4)
+        report = authenticated_get "/api/v1/accounts/#{account_id}/reports/#{report_type}/#{report['id']}"
+      end
+
+      if report['status'] == 'complete'
+        file_id = report['file_url'].match(/files\/([0-9]+)\/download/)[1]
+        file = get_file(file_id)
+        return hash_csv(self.class.get(file['url'], limit: 15, parser: DefaultUTF8Parser).parsed_response)
+      else
+        return report
+      end
+    end
+
+    def valid_page?(page)
+      page && page.size > 0
+    end
+
+    def get_file(file_id)
+      authenticated_get "/api/v1/files/#{file_id}"
+    end
+
+    def get_accounts_provisioning_report(account_id)
+      get_report(account_id, :provisioning_csv, 'parameters[accounts]' => true)
+    end
+
+    #Needs to be refactored to somewhere more generic
+    def hash_csv(csv_string)
+      require 'csv'
+
+      csv = csv_string.is_a?(String) ? CSV.parse(csv_string) : csv_string
+      headers = csv.shift
+      output = []
+
+      csv.each do |row|
+        hash = {}
+        headers.each do |header|
+          hash[header] = row.shift.to_s
+        end
+        output << hash
+      end
+
+      return output
+    end
+
+    def authenticated_get(*params)
+      authenticated_request(:get, *params)
+    end
+
+    def authenticated_post(*params)
+      authenticated_request(:post, *params)
+    end
+
+    def authenticated_put(*params)
+      authenticated_request(:put, *params)
+    end
+
+    def get_courses
+      paginated_get "/api/v1/courses"
+    end
+
+    def get_account(account_id)
+      authenticated_get "/api/v1/accounts/#{account_id}"
+    end
+
+    def get_account_sub_accounts(account_id)
+      paginated_get "/api/v1/accounts/#{account_id}/sub_accounts", { query: { :recursive => true } }
+    end
+
+    def get_account_courses(account_id)
+      paginated_get "/api/v1/accounts/#{account_id}/courses"
+    end
+
+    def get_account_courses(account_id)
+      paginated_get "/api/v1/accounts/#{account_id}/users"
+    end
+
+    def get_course(course_id)
+      authenticated_get "/api/v1/courses/#{course_id}"
+    end
+
+    def get_section_enrollments(section_id)
+      paginated_get "/api/v1/sections/#{section_id}/enrollments"
+    end
+
+    def get_user_enrollments(user_id)
+      paginated_get "/api/v1/users/#{user_id}/enrollments"
+    end
+
+    def get_course_users(course_id)
+      paginated_get "/api/v1/courses/#{course_id}/users"
+    end
+
+    def get_all_course_users(course_id)
+      paginated_get "/api/v1/courses/#{course_id}/users", { query: {enrollment_state: ["active","invited","rejected","completed","inactive"] } }
+    end
+
+    def get_course_teachers_and_tas(course_id)
+      paginated_get "/api/v1/courses/#{course_id}/users", { query: { enrollment_type: ['teacher', 'ta'] } }
+    end
+
+    def get_course_students(course_id)
+      paginated_get "/api/v1/courses/#{course_id}/students"
+    end
+
+    def get_course_active_students(course_id)
+      paginated_get "/api/v1/courses/#{course_id}/active_users"
+    end
+
+    def get_section(section_id)
+      authenticated_get "/api/v1/sections/#{section_id}"
+    end
+
+    def get_sections(course_id)
+      paginated_get "/api/v1/courses/#{course_id}/sections", { query: { :include => ['students', 'avatar_url', 'enrollments'] } }
+    end
+
+    def get_assignments(course_id)
+      paginated_get "/api/v1/courses/#{course_id}/assignments"
+    end
+
+    def get_assignment(course_id, assignment_id)
+      authenticated_get "/api/v1/courses/#{course_id}/assignments/#{assignment_id}"
+    end
+
+    def get_user_profile(user_id)
+      authenticated_get "/api/v1/users/#{user_id}/profile"
+    end
+
+    def create_assignment(course_id, params)
+      authenticated_post "/api/v1/courses/#{course_id}/assignments", { body: { assignment: params } }
+    end
+
+    def update_assignment(course_id, assignment_id, params)
+      authenticated_put "/api/v1/courses/#{course_id}/assignments/#{assignment_id}", { body: { assignment: params } }
+    end
+
+    def grade_assignment(course_id, assignment_id, user_id, params)
+      authenticated_put "/api/v1/courses/#{course_id}/assignments/#{assignment_id}/submissions/#{user_id}", { body: params }
+    end
+
+    def get_submission(course_id, assignment_id, user_id)
+      authenticated_get "/api/v1/courses/#{course_id}/assignments/#{assignment_id}/submissions/#{user_id}"
+    end
+
+    def course_account_id(course_id)
+      course = get_course(course_id)
+      course['account_id'] if course
+    end
+
+    def root_account_id(account_id)
+      if account_id && account = get_account(account_id)
+        root_id = account['root_account_id']
+      end
+
+      root_id || account_id
+    end
+
+    def course_root_account_id(course_id)
+      root_account_id(course_account_id(course_id))
+    end
+
+    def auth_url(redirect_uri, oauth2_state)
+      "#{canvas_url}/login/oauth2/auth?client_id=#{key}&response_type=code&state=#{oauth2_state}&redirect_uri=#{redirect_uri}"
+    end
+
+    def qalam_auth_url(qalam_url, redirect_uri, oauth2_state)
+      "#{qalam_url}/login/oauth2/auth?client_id=#{key}&response_type=code&state=#{oauth2_state}&redirect_uri=#{redirect_uri}"
+    end
+
+    def get_access_token(code)
+      params = {
+        body: {
+          client_id: key,
+          client_secret: secret,
+          code: code
+        }
+      }
+
+      response = self.class.post '/login/oauth2/token', params
+      self.refresh_token = response['refresh_token']
+      self.token = response['access_token']
+    end
+
+    def get_access_token_by_refresh_token
+      params = {
+        body: {
+          grant_type: 'refresh_token',
+          client_id: key,
+          client_secret: secret,
+          refresh_token: refresh_token
+        }
+      }
+
+      response = self.class.post '/login/oauth2/token', params
+      self.token = response['access_token']
+      CanvasOauth::Authorization.update_token(refresh_token, token)
+    end
+
+    def hex_sis_id(name, value)
+      hex = value.unpack("H*")[0]
+      return "hex:#{name}:#{hex}"
+    end
+
+    def canvas_url=(value)
+      @canvas_url = value
+      self.class.base_uri(value)
+    end
+
+    def canvas_user_id=(value)
+      @canvas_user_id = value
+    end
+
+    ### QALAM ###
+    def get_canvas_user_profile
+      authenticated_get "/api/v1/users/#{canvas_user_id}/profile"
+    end
+
+    def get_course_active_pages(course_id, publish=nil)
+      unless publish.nil?
+        paginated_get "/api/v1/courses/#{course_id}/pages?published=#{publish}&sort=created_at&order=desc"
+      else
+        paginated_get "/api/v1/courses/#{course_id}/pages?sort=created_at&order=desc"
+      end
+    end
+
+    def course_external_tool_update(external_tool_url, tool_id, account_id, publish)
+      authenticated_put "/api/v1/accounts/#{account_id}/external_tools_url", { body: {"course_navigation"=>{"enabled"=>"#{publish}"},
+       "tool_id"=>tool_id, "external_tool_url"=>external_tool_url} }
+    end
+
+    def account_external_tool_update(external_tool_url, tool_id, account_id, publish)
+      authenticated_put "/api/v1/accounts/#{account_id}/external_tools_url", { body: {"account_navigation"=>{"enabled"=>"#{publish}"},
+       "tool_id"=>tool_id, "external_tool_url"=>external_tool_url} }
+    end
+
+    def get_school_details(account_id)
+      authenticated_get "/api/v1/accounts/#{account_id}/school_details"
+    end
+
+    def get_school_account(account_id)
+      authenticated_get "/api/v1/accounts/#{account_id}/school_account"
+    end
+
+    def get_students_by_grade(account_id, grade_id)
+      paginated_get "/api/v1/accounts/#{account_id}/students_by_grade/#{grade_id}"
+    end
+
+    def get_students_by_class(account_id, class_id)
+      paginated_get "/api/v1/accounts/#{account_id}/students_by_class_room/#{class_id}"
+    end
+  end
+
+  class CanvasApi::Unauthorized < StandardError ; end
+  class CanvasApi::Authenticate < StandardError ; end
+end