qalam_oauth_engine 2.2.9

data/lib/canvas_oauth/canvas_api_extensions.rb

@@ -0,0 +1,9 @@
+module CanvasOauth
+  class CanvasApiExtensions
+    def self.build(canvas_url, user_id, tool_consumer_instance_guid)
+      refresh_token = CanvasOauth::Authorization.fetch_refresh_token(user_id, tool_consumer_instance_guid)
+      token = CanvasOauth::Authorization.fetch_token(user_id, tool_consumer_instance_guid)
+      CanvasApi.new(canvas_url, user_id, token, refresh_token, CanvasConfig.key, CanvasConfig.secret)
+    end
+  end
+end

data/lib/canvas_oauth/canvas_application.rb

@@ -0,0 +1,73 @@
+module CanvasOauth
+  module CanvasApplication
+    extend ActiveSupport::Concern
+
+    module ClassMethods
+    end
+
+    included do
+      helper_method :canvas
+
+      rescue_from CanvasApi::Authenticate, with: :reauthenticate
+      rescue_from CanvasApi::Unauthorized, with: :unauthorized_canvas_access
+
+      before_action :request_canvas_authentication
+    end
+
+    protected
+    def initialize_canvas
+      @canvas = ::CanvasOauth::CanvasApiExtensions.build(canvas_url, user_id, tool_consumer_instance_guid)
+    end
+
+    def canvas
+      @canvas || initialize_canvas
+    end
+
+    def canvas_token
+      ::CanvasOauth::Authorization.fetch_token(user_id, tool_consumer_instance_guid)
+    end
+
+    def request_canvas_authentication
+      if !params[:code].present? && !canvas_token.present?
+        session[:oauth2_state] = SecureRandom.urlsafe_base64(24)
+        redirect_to canvas.auth_url(canvas_oauth_url, session[:oauth2_state])
+      end
+    end
+
+    def request_qalam_authentication(qalam_url)
+      if !params[:code].present? && !canvas_token.present?
+        session[:oauth2_state] = SecureRandom.urlsafe_base64(24)
+        redirect_to canvas.qalam_auth_url(qalam_url, canvas_oauth_url, session[:oauth2_state])
+      end
+    end
+
+    def not_acceptable
+      render plain: "Unable to process request", status: 406
+    end
+
+    def unauthorized_canvas_access
+      render plain: "Your Canvas Developer Key is not authorized to access this data.", status: 401
+    end
+
+    def reauthenticate
+      ::CanvasOauth::Authorization.clear_tokens(user_id, tool_consumer_instance_guid)
+      request_canvas_authentication
+    end
+
+    # these next three methods rely on external session data and either need to
+    # be overridden or the session data needs to be set up by the time the
+    # oauth filter runs (like with the lti_provider_engine)
+
+    def canvas_url
+      session[:canvas_url]
+    end
+
+    def user_id
+      session[:user_id]
+    end
+
+    def tool_consumer_instance_guid
+      session[:tool_consumer_instance_guid]
+    end
+  end
+end

data/lib/canvas_oauth/canvas_config.rb

@@ -0,0 +1,34 @@
+require 'colorize'
+module CanvasOauth
+  module CanvasConfig
+    mattr_accessor :key, :secret
+
+    def self.load_config
+      YAML::load(File.open(config_file))[Rails.env]
+    end
+
+    def self.config_file
+      CanvasOauth.app_root.join('config/canvas.yml')
+    end
+
+    def self.setup!
+      if File.exists?(config_file)
+        Rails.logger.info "Initializing Canvas using configuration in #{config_file}"
+        config = load_config
+        self.key = config['key']
+        self.secret = config['secret']
+
+        Rails.logger.info "\n> Initializing Key #{config['key']} - Secret #{config['secret']}\n".green
+
+      elsif ENV['CANVAS_KEY'].present? && ENV['CANVAS_SECRET'].present?
+        Rails.logger.info "Initializing Canvas using environment vars CANVAS_KEY and CANVAS_SECRET"
+        self.key = ENV['CANVAS_KEY']
+        self.secret = ENV['CANVAS_SECRET']
+
+        Rails.logger.info "\n> Initializing Key #{ENV['CANVAS_KEY']} - Secret #{ENV['CANVAS_SECRET']}\n".green
+      else
+        warn "Warning: Canvas key and secret not configured (RAILS_ENV = #{ENV['RAILS_ENV']})."
+      end
+    end
+  end
+end

data/lib/canvas_oauth/config.rb

@@ -0,0 +1,3 @@
+module CanvasOauth
+  Config = OpenStruct.new
+end

data/lib/canvas_oauth/default_utf8_parser.rb

@@ -0,0 +1,13 @@
+module CanvasOauth
+  # We get into a weird case with the CDN with canvas where the Content-Type for a CSV comes back as text/csv, but there
+  # is no associated charset with it. HTTParty will default to treating it as binary (aka ASCII-8BIT) data which causes
+  # issues downstream when the data gets combined with local application data. In cases where we can reasonably know
+  # it'll be a UTF-8 compatible file (i.e any csv file from canvas) we'll force an encoding of UTF-8 if ruby thinks its
+  # ASCII-8BIT
+  class DefaultUTF8Parser < HTTParty::Parser
+    def parse
+      body.force_encoding("UTF-8") if body&.encoding == Encoding::ASCII_8BIT
+      super
+    end
+  end
+end

data/lib/canvas_oauth/engine.rb

@@ -0,0 +1,15 @@
+module CanvasOauth
+  class Engine < ::Rails::Engine
+    isolate_namespace CanvasOauth
+
+    initializer "canvas_oauth.load_app_instance_data" do |app|
+      CanvasOauth.setup do |config|
+        config.app_root = app.root
+      end
+    end
+
+    initializer "canvas_oauth.canvas_config" do |app|
+      CanvasOauth::CanvasConfig.setup!
+    end
+  end
+end

data/lib/canvas_oauth/version.rb

@@ -0,0 +1,3 @@
+module CanvasOauth
+  VERSION = "2.2.9"
+end

data/lib/tasks/canvas_oauth_tasks.rake

@@ -0,0 +1 @@
+

data/spec/controllers/canvas_oauth/canvas_controller_spec.rb

@@ -0,0 +1,90 @@
+require 'spec_helper'
+
+describe CanvasOauth::CanvasController do
+  describe "GET 'oauth'" do
+    before do
+      @routes = CanvasOauth::Engine.routes
+    end
+
+    context "with a code" do
+      context "valid" do
+        before do
+          canvas = double("canvas")
+          allow(canvas).to receive(:get_access_token).with('valid') { 'token' }
+          allow(controller).to receive(:canvas).and_return(canvas)
+          allow(controller).to receive(:verify_oauth2_state).with(nil) { true }
+        end
+
+        it "caches the token for the current user" do
+          # test that the controller methods are used
+          allow(controller).to receive(:user_id) { 1 }
+          # but by default they delegate to the session
+          session[:tool_consumer_instance_guid] = 'abc123'
+
+          expect(CanvasOauth::Authorization).to receive(:cache_token).with('token', 1, 'abc123')
+          get 'oauth', params: { code: 'valid' }
+         end
+
+        it "redirects to the root_path" do
+          get 'oauth', params: { code: 'valid' }
+          expect(response).to redirect_to main_app.root_path
+        end
+      end
+
+      context "invalid" do
+        before do
+          canvas = double("canvas")
+          allow(canvas).to receive(:get_access_token).with('invalid') { nil }
+          allow(controller).to receive(:canvas).and_return(canvas)
+          allow(controller).to receive(:verify_oauth2_state).with(nil) { true }
+        end
+
+        it "renders an error" do
+          get 'oauth', params: { code: 'invalid' }
+          expect(response.body).to be =~ /invalid code/
+        end
+      end
+    end
+
+    context "without a code" do
+      it "renders an error" do
+        allow(controller).to receive(:verify_oauth2_state).with(nil) { true }
+        get 'oauth'
+        expect(response.body).to be =~ /#{CanvasOauth::Config.tool_name} needs access to your account/
+      end
+    end
+
+    context "with an oauth state callback" do
+      before do
+        canvas = double("canvas")
+        allow(canvas).to receive(:get_access_token).with('valid') { 'token' }
+        allow(controller).to receive(:canvas).and_return(canvas)
+      end
+
+      it "works with a valid state" do
+        session[:oauth2_state] = 'zzyyxx'
+        get 'oauth', params: { code: 'valid', state: 'zzyyxx' }
+        expect(response).to redirect_to main_app.root_path
+      end
+
+      it "renders an error with an invalid state" do
+        session[:oauth2_state] = 'zzyyxx'
+        get 'oauth', params: { code: 'valid', state: 'mismatch' }
+        expect(response.body).to be =~ /#{CanvasOauth::Config.tool_name} needs access to your account/
+      end
+    end
+
+    context "without an oauth state callback" do
+      it "in the session, renders an error" do
+        get 'oauth', params: { code: 'valid', state: 'zzyyxx' }
+        expect(response.body).to be =~ /#{CanvasOauth::Config.tool_name} needs access to your account/
+      end
+
+      it "in the params, renders an error" do
+        session[:oauth2_state] = 'zzyyxx'
+        get 'oauth', params: { code: 'valid' }
+        expect(response.body).to be =~ /#{CanvasOauth::Config.tool_name} needs access to your account/
+      end
+    end
+  end
+end

data/spec/dummy/README.rdoc

@@ -0,0 +1,261 @@
+== Welcome to Rails
+
+Rails is a web-application framework that includes everything needed to create
+database-backed web applications according to the Model-View-Control pattern.
+
+This pattern splits the view (also called the presentation) into "dumb"
+templates that are primarily responsible for inserting pre-built data in between
+HTML tags. The model contains the "smart" domain objects (such as Account,
+Product, Person, Post) that holds all the business logic and knows how to
+persist themselves to a database. The controller handles the incoming requests
+(such as Save New Account, Update Product, Show Post) by manipulating the model
+and directing data to the view.
+
+In Rails, the model is handled by what's called an object-relational mapping
+layer entitled Active Record. This layer allows you to present the data from
+database rows as objects and embellish these data objects with business logic
+methods. You can read more about Active Record in
+link:files/vendor/rails/activerecord/README.html.
+
+The controller and view are handled by the Action Pack, which handles both
+layers by its two parts: Action View and Action Controller. These two layers
+are bundled in a single package due to their heavy interdependence. This is
+unlike the relationship between the Active Record and Action Pack that is much
+more separate. Each of these packages can be used independently outside of
+Rails. You can read more about Action Pack in
+link:files/vendor/rails/actionpack/README.html.
+
+
+== Getting Started
+
+1. At the command prompt, create a new Rails application:
+       <tt>rails new myapp</tt> (where <tt>myapp</tt> is the application name)
+
+2. Change directory to <tt>myapp</tt> and start the web server:
+       <tt>cd myapp; rails server</tt> (run with --help for options)
+
+3. Go to http://localhost:3000/ and you'll see:
+       "Welcome aboard: You're riding Ruby on Rails!"
+
+4. Follow the guidelines to start developing your application. You can find
+the following resources handy:
+
+* The Getting Started Guide: http://guides.rubyonrails.org/getting_started.html
+* Ruby on Rails Tutorial Book: http://www.railstutorial.org/
+
+
+== Debugging Rails
+
+Sometimes your application goes wrong. Fortunately there are a lot of tools that
+will help you debug it and get it back on the rails.
+
+First area to check is the application log files. Have "tail -f" commands
+running on the server.log and development.log. Rails will automatically display
+debugging and runtime information to these files. Debugging info will also be
+shown in the browser on requests from 127.0.0.1.
+
+You can also log your own messages directly into the log file from your code
+using the Ruby logger class from inside your controllers. Example:
+
+  class WeblogController < ActionController::Base
+    def destroy
+      @weblog = Weblog.find(params[:id])
+      @weblog.destroy
+      logger.info("#{Time.now} Destroyed Weblog ID ##{@weblog.id}!")
+    end
+  end
+
+The result will be a message in your log file along the lines of:
+
+  Mon Oct 08 14:22:29 +1000 2007 Destroyed Weblog ID #1!
+
+More information on how to use the logger is at http://www.ruby-doc.org/core/
+
+Also, Ruby documentation can be found at http://www.ruby-lang.org/. There are
+several books available online as well:
+
+* Programming Ruby: http://www.ruby-doc.org/docs/ProgrammingRuby/ (Pickaxe)
+* Learn to Program: http://pine.fm/LearnToProgram/ (a beginners guide)
+
+These two books will bring you up to speed on the Ruby language and also on
+programming in general.
+
+
+== Debugger
+
+Debugger support is available through the debugger command when you start your
+Mongrel or WEBrick server with --debugger. This means that you can break out of
+execution at any point in the code, investigate and change the model, and then,
+resume execution! You need to install ruby-debug to run the server in debugging
+mode. With gems, use <tt>sudo gem install ruby-debug</tt>. Example:
+
+  class WeblogController < ActionController::Base
+    def index
+      @posts = Post.all
+      debugger
+    end
+  end
+
+So the controller will accept the action, run the first line, then present you
+with a IRB prompt in the server window. Here you can do things like:
+
+  >> @posts.inspect
+  => "[#<Post:0x14a6be8
+          @attributes={"title"=>nil, "body"=>nil, "id"=>"1"}>,
+       #<Post:0x14a6620
+          @attributes={"title"=>"Rails", "body"=>"Only ten..", "id"=>"2"}>]"
+  >> @posts.first.title = "hello from a debugger"
+  => "hello from a debugger"
+
+...and even better, you can examine how your runtime objects actually work:
+
+  >> f = @posts.first
+  => #<Post:0x13630c4 @attributes={"title"=>nil, "body"=>nil, "id"=>"1"}>
+  >> f.
+  Display all 152 possibilities? (y or n)
+
+Finally, when you're ready to resume execution, you can enter "cont".
+
+
+== Console
+
+The console is a Ruby shell, which allows you to interact with your
+application's domain model. Here you'll have all parts of the application
+configured, just like it is when the application is running. You can inspect
+domain models, change values, and save to the database. Starting the script
+without arguments will launch it in the development environment.
+
+To start the console, run <tt>rails console</tt> from the application
+directory.
+
+Options:
+
+* Passing the <tt>-s, --sandbox</tt> argument will rollback any modifications
+  made to the database.
+* Passing an environment name as an argument will load the corresponding
+  environment. Example: <tt>rails console production</tt>.
+
+To reload your controllers and models after launching the console run
+<tt>reload!</tt>
+
+More information about irb can be found at:
+link:http://www.rubycentral.org/pickaxe/irb.html
+
+
+== dbconsole
+
+You can go to the command line of your database directly through <tt>rails
+dbconsole</tt>. You would be connected to the database with the credentials
+defined in database.yml. Starting the script without arguments will connect you
+to the development database. Passing an argument will connect you to a different
+database, like <tt>rails dbconsole production</tt>. Currently works for MySQL,
+PostgreSQL and SQLite 3.
+
+== Description of Contents
+
+The default directory structure of a generated Ruby on Rails application:
+
+  |-- app
+  |   |-- assets
+  |       |-- images
+  |       |-- javascripts
+  |       `-- stylesheets
+  |   |-- controllers
+  |   |-- helpers
+  |   |-- mailers
+  |   |-- models
+  |   `-- views
+  |       `-- layouts
+  |-- config
+  |   |-- environments
+  |   |-- initializers
+  |   `-- locales
+  |-- db
+  |-- doc
+  |-- lib
+  |   `-- tasks
+  |-- log
+  |-- public
+  |-- script
+  |-- test
+  |   |-- fixtures
+  |   |-- functional
+  |   |-- integration
+  |   |-- performance
+  |   `-- unit
+  |-- tmp
+  |   |-- cache
+  |   |-- pids
+  |   |-- sessions
+  |   `-- sockets
+  `-- vendor
+      |-- assets
+          `-- stylesheets
+      `-- plugins
+
+app
+  Holds all the code that's specific to this particular application.
+
+app/assets
+  Contains subdirectories for images, stylesheets, and JavaScript files.
+
+app/controllers
+  Holds controllers that should be named like weblogs_controller.rb for
+  automated URL mapping. All controllers should descend from
+  ApplicationController which itself descends from ActionController::Base.
+
+app/models
+  Holds models that should be named like post.rb. Models descend from
+  ActiveRecord::Base by default.
+
+app/views
+  Holds the template files for the view that should be named like
+  weblogs/index.html.erb for the WeblogsController#index action. All views use
+  eRuby syntax by default.
+
+app/views/layouts
+  Holds the template files for layouts to be used with views. This models the
+  common header/footer method of wrapping views. In your views, define a layout
+  using the <tt>layout :default</tt> and create a file named default.html.erb.
+  Inside default.html.erb, call <% yield %> to render the view using this
+  layout.
+
+app/helpers
+  Holds view helpers that should be named like weblogs_helper.rb. These are
+  generated for you automatically when using generators for controllers.
+  Helpers can be used to wrap functionality for your views into methods.
+
+config
+  Configuration files for the Rails environment, the routing map, the database,
+  and other dependencies.
+
+db
+  Contains the database schema in schema.rb. db/migrate contains all the
+  sequence of Migrations for your schema.
+
+doc
+  This directory is where your application documentation will be stored when
+  generated using <tt>rake doc:app</tt>
+
+lib
+  Application specific libraries. Basically, any kind of custom code that
+  doesn't belong under controllers, models, or helpers. This directory is in
+  the load path.
+
+public
+  The directory available for the web server. Also contains the dispatchers and the
+  default HTML files. This should be set as the DOCUMENT_ROOT of your web
+  server.
+
+script
+  Helper scripts for automation and generation.
+
+test
+  Unit and functional tests along with fixtures. When using the rails generate
+  command, template test files will be generated for you and placed in this
+  directory.
+
+vendor
+  External libraries that the application depends on. Also includes the plugins
+  subdirectory. If the app has frozen rails, those gems also go here, under
+  vendor/rails/. This directory is in the load path.