rack-lti 0.1.1 → 0.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 1d0b37117873d888fb6eb0d4a27aec831870bdeb
-  data.tar.gz: 8bc012c07da2b921027f8e6b05d955771ef3148d
+  metadata.gz: 83539ad4c6309fda9eb0176e963e8386b8ca968f
+  data.tar.gz: 90a44a26537982e6d47607d9009996b07ffd99cd
 SHA512:
-  metadata.gz: dee340fa9cd17d2c16726b9b9b04142fc55ec91766e45da43d4df1af5dd24abb63b1df174fe4a4dbcf631b2e8ada86feb2fb0229ddf88434e2232b5dc779be0b
-  data.tar.gz: e7cbb4c050a9d7a2a0bdd2a6f6cd6fef605fc1601caf91f5480d551a73ecd4f8a104e6d90877145457893cb6759e1b1e5c9d744d38a24412bf10f1e20c7de096
+  metadata.gz: 4c61ce0e39167d3006606c68cac6bbe302b01d110a0c06c0504c521e47fe32aca73e65c3cae8e9436beda00c0c0a05a165db3d78622936f5c9cdbc2538d26b18
+  data.tar.gz: 4e154407ce03c67880fcdaaa2eef0ac6767f4c747bb8a450550b2399553eefe5f80eac6f969e262382fbd3c89148051258669a336f3c9fe1cdd9598095577005

data/.travis.yml

@@ -3,4 +3,3 @@ rvm:
   - 1.9.3
   - 2.0.0
   - jruby-19mode
-  - rbx-19mode

data/README.md

@@ -43,7 +43,9 @@ class Application < Rails::Application
       request.session['launch_params'] = lti_params
       response.headers['X-Custom-Header'] = 'value'
     },
+
     time_limit: 60*60,
+    future_time_limit: 60,
 
     extensions: {
       'canvas.instructure.com' => {
@@ -83,7 +85,9 @@ class Application < Sinatra::Base
       request.session['launch_params'] = lti_params
       response.headers['X-Custom-Header'] = 'value'
     },
+
     time_limit: 60*60,
+    future_time_limit: 60
 
     extensions: {
       'canvas.instructure.com' => {
@@ -119,13 +123,16 @@ values are:
   * `launch_path` The path to receive LTI launch requests at. Defaults to
     '/lti/launch'.
   * `redirect` If true, redirect to the `app_path`. If false, pass the launch
-    request through to the application. If false, app_path is not used.
+    request through to the application. If false, app_path is not used. Defaults
+    to true.
   * `title` The title of your LTI application.
   * `description` The description of your LTI application.
   * `nonce_validator` A lambda used to validate the current request's nonce.
     It is passed the nonce to verify. If not provided, all nonces are allowed.
-  * `time_limit` The time limit, in seconds, to consider requests valid within.
-    If not passed, the default is 3600 seconds (one hour).
+  * `time_limit` The past time limit, inclusive and in seconds, to consider requests
+    valid within.  If not passed, the default is 3600 seconds (one hour).
+  * `future_time_limit` The future time limit, inclusive and in seconds, to consider
+    requests valid within.  If not passed, all future timestamps are accepted as valid.
   * `success` A lambda called on successful launch. It is passed the launch
     params as a hash, the Rack Request, and the Rack Response. Can be used to
     cache params for the current user, find the current user, etc. By default,

data/lib/rack/lti/config.rb

@@ -13,6 +13,7 @@ module Rack::LTI
         req.session['launch_params'] = lti if req.env['rack.session']
       },
       time_limit:      60*60,
+      future_time_limit: nil,
       title:           'LTI App'
     }
 
@@ -24,7 +25,9 @@ module Rack::LTI
     [:consumer_key, :consumer_secret, :nonce_validator].each do |method|
       define_method(method) do |*args|
         if self[method].respond_to?(:call)
-          self[method].call(*args)
+          # Only pass the arguments supported by this lambda
+          supported_args = args.take(self[method].parameters.length)
+          self[method].call(*supported_args)
         else
           self[method]
         end

data/lib/rack/lti/middleware.rb

@@ -7,7 +7,7 @@ module Rack::LTI
     attr_reader :app, :config
 
     def initialize(app, options = {}, &block)
-      @app    = app 
+      @app    = app
       @config = Config.new(options, &block)
     end
 
@@ -38,8 +38,8 @@ module Rack::LTI
     end
 
     def launch_action(request, env)
-      provider = IMS::LTI::ToolProvider.new(@config.consumer_key(*request.params.values_at('oauth_consumer_key', 'tool_consumer_instance_guid')),
-                                            @config.consumer_secret(*request.params.values_at('oauth_consumer_key', 'tool_consumer_instance_guid')),
+      provider = IMS::LTI::ToolProvider.new(@config.consumer_key(*request.params.values_at('oauth_consumer_key', 'tool_consumer_instance_guid'), request),
+                                            @config.consumer_secret(*request.params.values_at('oauth_consumer_key', 'tool_consumer_instance_guid'), request),
                                             request.params)
 
       if valid?(provider, request)
@@ -77,11 +77,15 @@ module Rack::LTI
     end
 
     def valid_timestamp?(timestamp)
-      if @config.time_limit.nil?
-        true
-      else
-        (Time.now.to_i - @config.time_limit) <= timestamp
-      end
+      now = Time.now.to_i
+
+      # timestamp too far into the past?
+      return false if (past = config.time_limit) && (now - past > timestamp)
+
+      # timestamp too far into the future?
+      return false if (future = config.future_time_limit) && (now + future < timestamp)
+
+      true
     end
   end
 end

data/lib/rack/lti/version.rb

@@ -1,5 +1,5 @@
 module Rack
   module LTI
-    VERSION = '0.1.1'
+    VERSION = '0.2.0'
   end
 end

data/test/config_test.rb

@@ -32,6 +32,7 @@ class ConfigTest < Minitest::Test
     assert_equal '/lti/launch',         @config.launch_path
     assert_equal true,                  @config.nonce_validator
     assert_equal 3600,                  @config.time_limit
+    assert_equal nil,                   @config.future_time_limit
     assert_equal 'LTI App',             @config.title
     assert_equal true,                  @config.redirect
     assert_instance_of Proc,            @config.success

data/test/middleware_test.rb

@@ -27,7 +27,7 @@ class MiddlewareTest < Minitest::Test
 	def test_routes_returns_the_recognized_routes
 		known_routes = { @lti_app.config.config_path => :config_action,
 			@lti_app.config.launch_path => :launch_action }
-		assert_equal known_routes, @lti_app.routes	
+		assert_equal known_routes, @lti_app.routes
 	end
 
 	def test_call_returns_a_valid_rack_response
@@ -81,10 +81,28 @@ class MiddlewareTest < Minitest::Test
   def test_call_returns_403_on_expired_timestamp
     @lti_app.config.nonce_validator = true
     @lti_app.config.time_limit      = 30
+    timestamp = (Time.now - 60*60).to_i
 
     @lti_app.stub(:valid_request?, true) do
-      env      = Rack::MockRequest.env_for('/lti/launch',
-                                           oauth_timestamp: Time.now - 60*60)
+      env = Rack::MockRequest.env_for(
+        '/lti/launch',
+        params: { oauth_timestamp: timestamp }
+      )
+      response = @lti_app.call(env)
+      assert_equal 403, response[0]
+    end
+  end
+
+  def test_call_returns_403_on_future_timestamp
+    @lti_app.config.nonce_validator   = true
+    @lti_app.config.future_time_limit = 30
+    timestamp = (Time.now + 60*60).to_i
+
+    @lti_app.stub(:valid_request?, true) do
+      env = Rack::MockRequest.env_for(
+        '/lti/launch',
+        params: { oauth_timestamp: timestamp }
+      )
       response = @lti_app.call(env)
       assert_equal 403, response[0]
     end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rack-lti
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.2.0
 platform: ruby
 authors:
 - Zach Pendleton
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-06-10 00:00:00.000000000 Z
+date: 2018-03-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -127,7 +127,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.4.5
+rubygems_version: 2.6.14
 signing_key: 
 specification_version: 4
 summary: Middleware for handling LTI launches inside your Rack app.