2014-08-27 03:50:51 +08:00
|
|
|
#
|
|
|
|
|
# Copyright (C) 2011 - 2014 Instructure, Inc.
|
2014-08-22 01:28:30 +08:00
|
|
|
#
|
|
|
|
|
# This file is part of Canvas.
|
|
|
|
|
#
|
|
|
|
|
# Canvas is free software: you can redistribute it and/or modify it under
|
|
|
|
|
# the terms of the GNU Affero General Public License as published by the Free
|
|
|
|
|
# Software Foundation, version 3 of the License.
|
|
|
|
|
#
|
|
|
|
|
# Canvas is distributed in the hope that it will be useful, but WITHOUT ANY
|
|
|
|
|
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
|
|
|
|
|
# A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
|
|
|
|
|
# details.
|
|
|
|
|
#
|
|
|
|
|
# You should have received a copy of the GNU Affero General Public License along
|
|
|
|
|
# with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
|
#
|
|
|
|
|
|
2014-08-27 03:50:51 +08:00
|
|
|
# Filters added to this controller apply to all controllers in the application.
|
|
|
|
|
# Likewise, all the methods added will be available for all controllers.
|
|
|
|
|
|
2015-04-09 01:21:08 +08:00
|
|
|
require 'oauth'
|
|
|
|
|
|
2014-08-22 01:28:30 +08:00
|
|
|
module Lti
|
2014-08-27 03:50:51 +08:00
|
|
|
module ApiServiceHelper
|
2014-11-01 05:16:43 +08:00
|
|
|
def lti_authenticate
|
|
|
|
|
@tool_proxy = ToolProxy.where(guid: oauth_consumer_key).first
|
2015-01-16 07:31:18 +08:00
|
|
|
authorized = @tool_proxy && oauth_authenticated_request?(@tool_proxy.shared_secret) && authenticate_body_hash
|
|
|
|
|
authorized or render_unauthorized_api
|
|
|
|
|
authorized
|
2014-11-01 05:16:43 +08:00
|
|
|
end
|
2014-08-22 01:28:30 +08:00
|
|
|
|
2014-08-27 03:50:51 +08:00
|
|
|
def oauth_authenticated_request?(secret)
|
|
|
|
|
!!OAuth::Signature.build(request, :consumer_secret => secret).verify()
|
|
|
|
|
end
|
2014-08-22 01:28:30 +08:00
|
|
|
|
2014-08-27 03:50:51 +08:00
|
|
|
def oauth_consumer_key
|
|
|
|
|
@oauth_consumer_key ||= OAuth::Helper.parse_header(request.authorization)['oauth_consumer_key']
|
|
|
|
|
end
|
2014-08-22 01:28:30 +08:00
|
|
|
|
2015-01-16 07:31:18 +08:00
|
|
|
def authenticate_body_hash
|
|
|
|
|
if body_hash = OAuth::Helper.parse_header(request.authorization)['oauth_body_hash']
|
|
|
|
|
request.body.rewind
|
|
|
|
|
generated_hash = Digest::SHA1.base64digest(request.body.read)
|
|
|
|
|
request.body.rewind #Be Kind Rewind
|
|
|
|
|
generated_hash == body_hash
|
|
|
|
|
else
|
|
|
|
|
true
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def render_unauthorized_api
|
|
|
|
|
render json: {:status => I18n.t('lib.auth.lti.api.status_unauthorized', 'unauthorized'),
|
|
|
|
|
:errors => [{:message => I18n.t('lib.auth.lti.api.not_unauthorized', 'unauthorized request')}]
|
|
|
|
|
},
|
|
|
|
|
:status => :unauthorized
|
|
|
|
|
end
|
|
|
|
|
|
2014-08-22 01:28:30 +08:00
|
|
|
end
|
2017-01-12 05:48:57 +08:00
|
|
|
end
|
