ylqjgm
/
canvas-lms
mirror of https://github.com/instructure/canvas-lms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
canvas-lms/spec/lti2_spec_helper.rb

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

213 lines
7.2 KiB
Ruby
Raw Normal View History

add # frozen_string_literal: true for specs Change-Id: Id508bec1817937b1c24c29f1db7221e09cb9c2ab Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/251157 Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com> Reviewed-by: Simon Williams <simon@instructure.com> QA-Review: Cody Cutrer <cody@instructure.com> Product-Review: Cody Cutrer <cody@instructure.com>
2020-10-27 00:51:19 +08:00
# frozen_string_literal: true
da licença part 47 add consistent license headers to all source files Change-Id: I8d372efee113550ada3255f32ec6f1858e5520c4 Reviewed-on: https://gerrit.instructure.com/110152 Tested-by: Jenkins Reviewed-by: Jon Jensen <jon@instructure.com> Product-Review: Jon Jensen <jon@instructure.com> QA-Review: Jon Jensen <jon@instructure.com>
2017-04-28 12:06:26 +08:00
#
# Copyright (C) 2017 - present Instructure, Inc.
#
# This file is part of Canvas.
#
# Canvas is free software: you can redistribute it and/or modify it under
# the terms of the GNU Affero General Public License as published by the Free
# Software Foundation, version 3 of the License.
#
# Canvas is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
# A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
# details.
#
# You should have received a copy of the GNU Affero General Public License along
# with this program. If not, see <http://www.gnu.org/licenses/>.
put originality report behind lti2 oauth2 security fixes PLAT-1966 test plan: -get an lti2 OAuth2 access token -attempt to use the originality reports endpoint with it -it should work -attempt to hit the endpoint with a canvas access token -it should not work - attempt to hit the endpoints unauthenticated - it should not work Change-Id: I4b7993b17f2931f7b0dc97a7d187c234490e87d2 Reviewed-on: https://gerrit.instructure.com/100148 Tested-by: Jenkins Reviewed-by: Weston Dransfield <wdransfield@instructure.com> QA-Review: August Thornton <august@instructure.com> Product-Review: Nathan Mills <nathanm@instructure.com>
2017-01-21 05:29:32 +08:00
RSpec.shared_context "lti2_spec_helper", shared_context: :metadata do
LTI2 API webhook subscription service Fixes: PLAT-2129 PLAT-2126 Test Plan: - Verify you can create and retrieve a TCP with the new subscription service and capabilities. - Install an LTI2 tool using the split secret capability. The tool's security contract should use the new webhook service. Example security contract: "tp_half_shared_secret"=> "873f5...", "tool_service"=> [{"@type"=>"RestServiceProfile", "service"=>"vnd.Canvas.webhooksSubscription", "action"=>["GET", "POST"]}]} - Do a POST request to /api/lti/subscriptions with the following body: { "subscription":{ "EventTypes":[ "submission_created" ], "ContextType":"course", "ContextId":<valid course id here>, "Format":"live-event", "TransportType":"sqs", "TransportMetadata":{ "Url":"http://sqs.docker" } } } - Verify a 401 is returned - Using https://docs.google.com/document/d /12x6Peif-I-0zvl2uMv2JVbQdZumGGqMtspWKYTqlL9o/edit attempt to create each subscription type (in bold) and verify 401s are returned in each case. - Using the same document, verify that adding one of the capabilities listed under a subscription types allows you to create the subscription - Verify that using the vnd.instructure.webhooks.root_account.all capability allows you to create any subscription. - Install an LTI2 tool in a course - Attempt to create a subscription in another course and verify a 401 is given. Change-Id: I322e4bb2c49209afdc6f0a3c3a8b5c73e339996e Reviewed-on: https://gerrit.instructure.com/102272 Tested-by: Jenkins QA-Review: August Thornton <august@instructure.com> Reviewed-by: Andrew Butterfield <abutterfield@instructure.com> Product-Review: Weston Dransfield <wdransfield@instructure.com>
2017-02-14 23:55:06 +08:00
let(:account) { Account.create! }
Add data fixups to help with live event cleanup post shard splits Closes PLAT-5768 Test Plan: - Create an assignment configured with a plagiarism platform tool. - Submit to the assignment - Run the fixup_plagiarism_subscriptions_after_shard_split fixup and verify the subscription the subscription_id of the AssignmentConfigurationToolLookup changes. - Run resend_plagiarism_events_after_shard_split fixup and verify Canvas resends the events for all submissions associated with the assignment that have not received an originality score. One way this can be done is by setting the 'STUB_LIVE_EVENTS_KINESIS' variable to "true" and watching the the Rails logs for events Change-Id: I8493141b7bea93abffad49f89e3d1ed3a5640b24 Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/236330 Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com> Reviewed-by: Mysti Lilla <mysti@instructure.com> QA-Review: Weston Dransfield <wdransfield@instructure.com> Product-Review: Weston Dransfield <wdransfield@instructure.com>
2020-05-06 02:18:15 +08:00
let(:course) do
Add tool proxy subscription info to assignment with include flag=none Test plan - Set up an assignment with a Plagiarism tool proxy (one with a subscription would help :) ) - Load an assignment with the API (most routes should work, but try api/v1/courses/:course_id/assignments/ :assignment_id?include[]=webhook_info) (There isn't a good way to avoid n+1s on this, so I didn't actually try. I'm not that worried, since I'm not adding this to the API documentation, but people should avoid doing this on a list of assignments - Verify you can see the current subscription info on the assignment Change-Id: I7647ef7d05b8766e8936dbb6ef72ec4d4abbe746 Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/273929 Product-Review: Karl Lloyd <karl@instructure.com> Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com> QA-Review: Xander Moffatt <xmoffatt@instructure.com> Reviewed-by: Xander Moffatt <xmoffatt@instructure.com> Reviewed-by: Evan Battaglia <ebattaglia@instructure.com>
2021-09-21 06:36:04 +08:00
course_with_student(account: account, active_all: true)
Add data fixups to help with live event cleanup post shard splits Closes PLAT-5768 Test Plan: - Create an assignment configured with a plagiarism platform tool. - Submit to the assignment - Run the fixup_plagiarism_subscriptions_after_shard_split fixup and verify the subscription the subscription_id of the AssignmentConfigurationToolLookup changes. - Run resend_plagiarism_events_after_shard_split fixup and verify Canvas resends the events for all submissions associated with the assignment that have not received an originality score. One way this can be done is by setting the 'STUB_LIVE_EVENTS_KINESIS' variable to "true" and watching the the Rails logs for events Change-Id: I8493141b7bea93abffad49f89e3d1ed3a5640b24 Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/236330 Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com> Reviewed-by: Mysti Lilla <mysti@instructure.com> QA-Review: Weston Dransfield <wdransfield@instructure.com> Product-Review: Weston Dransfield <wdransfield@instructure.com>
2020-05-06 02:18:15 +08:00
@course
end
let(:student) { course.student_enrollments.first.user }
Add DeveloperKey/vendor code association for LTI2 refs PLAT-2708 Test Plan: - Create a developer key through the Canvas UI and verify that a new vendor code text input is available and optional. - Verify each of the following: * If a vendor is associated with a devloper key they must use one of the associated developer keys when registering. * If a vendor is associated with a developer key they may not register without using a developer key. * If a vendor is associated with a developer key they may not use a developer key other than one they are associated with to register. * If a vendor is not associated with a developer key they must register without a developer key. Change-Id: I9c9974706f542c1442988634790656da1c407cb8 Reviewed-on: https://gerrit.instructure.com/118592 Reviewed-by: Cody Cutrer <cody@instructure.com> Reviewed-by: Nathan Mills <nathanm@instructure.com> QA-Review: August Thornton <august@instructure.com> Tested-by: Jenkins Product-Review: Jesse Poulos <jpoulos@instructure.com>
2017-07-12 05:45:28 +08:00
let(:vendor_code) { "com.instructure.test" }
let(:developer_key) { DeveloperKey.create!(redirect_uri: "http://www.example.com/redirect", vendor_code: vendor_code) }
put originality report behind lti2 oauth2 security fixes PLAT-1966 test plan: -get an lti2 OAuth2 access token -attempt to use the originality reports endpoint with it -it should work -attempt to hit the endpoint with a canvas access token -it should not work - attempt to hit the endpoints unauthenticated - it should not work Change-Id: I4b7993b17f2931f7b0dc97a7d187c234490e87d2 Reviewed-on: https://gerrit.instructure.com/100148 Tested-by: Jenkins Reviewed-by: Weston Dransfield <wdransfield@instructure.com> QA-Review: August Thornton <august@instructure.com> Product-Review: Nathan Mills <nathanm@instructure.com>
2017-01-21 05:29:32 +08:00
let(:product_family) do
Lti::ProductFamily.create!(
Add DeveloperKey/vendor code association for LTI2 refs PLAT-2708 Test Plan: - Create a developer key through the Canvas UI and verify that a new vendor code text input is available and optional. - Verify each of the following: * If a vendor is associated with a devloper key they must use one of the associated developer keys when registering. * If a vendor is associated with a developer key they may not register without using a developer key. * If a vendor is associated with a developer key they may not use a developer key other than one they are associated with to register. * If a vendor is not associated with a developer key they must register without a developer key. Change-Id: I9c9974706f542c1442988634790656da1c407cb8 Reviewed-on: https://gerrit.instructure.com/118592 Reviewed-by: Cody Cutrer <cody@instructure.com> Reviewed-by: Nathan Mills <nathanm@instructure.com> QA-Review: August Thornton <august@instructure.com> Tested-by: Jenkins Product-Review: Jesse Poulos <jpoulos@instructure.com>
2017-07-12 05:45:28 +08:00
vendor_code: vendor_code,
put originality report behind lti2 oauth2 security fixes PLAT-1966 test plan: -get an lti2 OAuth2 access token -attempt to use the originality reports endpoint with it -it should work -attempt to hit the endpoint with a canvas access token -it should not work - attempt to hit the endpoints unauthenticated - it should not work Change-Id: I4b7993b17f2931f7b0dc97a7d187c234490e87d2 Reviewed-on: https://gerrit.instructure.com/100148 Tested-by: Jenkins Reviewed-by: Weston Dransfield <wdransfield@instructure.com> QA-Review: August Thornton <august@instructure.com> Product-Review: Nathan Mills <nathanm@instructure.com>
2017-01-21 05:29:32 +08:00
product_code: "abc",
vendor_name: "acme",
root_account: account,
developer_key: developer_key
)
end
Distinguish course/account tool installs in ACTL The AssignmentConfigurationToolLookup (ACTL) represents that a given assignment is connected with a given plagiarism detection (LTI2) tool. This is a soft link, not a direct "tool_proxy_id" link to the tool installation, though, since we can uninstall and reinstall tools and we want those connections (actually LESS subscriptions) to be reestablished. We used to figure out that a ACTL belongs to a give tool by matching up product and vendor codes; but if the user installs the tool in both a Course context and an Account context, we can get confused, and one tool from either context can delete the subscriptions created with the tool in the other context. The solution is to store the context_type (Course or Account) in the ACTL when setting up an assignment with a plagiarism detection tool. Test plan: - instrument the locations in the canvas code where a LESS subscription is created and destroyed. You can comment out the calls and replace with "puts" statements in lib/lti/assignment_subscriptions_helper.rb: * replace `destroy_subscription` to not send to LESS, but log (append to a file is easiest to see) with the ID * replace `create_subscription` - make it log (append to a file) and return a fake id like `rand(100000).to_s * run both canvas web and jobs - install a locally-running test tool (e.g. web.lti-originality-report-example.docker:3000/register) in a course context and add an assignment that uses the tool. (note: sometimes when adding a tool it didn't show up in the new assignment dropdown. restarting canvas may help) - Check subscription id: `AssignmentConfigurationToolLookup.where(assignment_id: a_id` The ACTL should also have a context_type of "Course" - install the test tool in a account context. check (by looking at ACTL) that the subscription ID did not change, and that no subscriptions were created or destroyed. - delete the account-level test tool. observe that nothing changed. delete the course-level test tool, observe that the subscriptions have been deleted (looking at the logging you added). - you can do other combinations like creating assignments with an account-level tool. - Test "Blueprint course" syncing still works by creating a blueprint course, adding a tool and assignment with tool, making copies of the course, and syncing the copies. Check that there is still only one copy of the ACTL per course. Fixes PLAT-5023 Change-Id: I6ded9ab91e223fc1cf6a9b7ed7f0df649823c95d Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/215171 Tested-by: Jenkins Reviewed-by: Weston Dransfield <wdransfield@instructure.com> QA-Review: Weston Dransfield <wdransfield@instructure.com> Product-Review: Jesse Poulos <jpoulos@instructure.com>
2019-10-29 07:51:16 +08:00
let(:tool_proxy_context) { account }
let(:tool_proxy) { create_tool_proxy(tool_proxy_context) }
Add subscription to all LTI 2 Plagiarism tool installations fixes INTEROP-6130 flag=plagiarism_tool_subscriptions (removes it) Test plan - Have a Lti::ToolProxy for TurnItIn or Urkund or some other Plagiarism service that does not have an associated subscription - Run the data fixup. Verify the tool has a working subscription Change-Id: I21a85321caf1a735e0034661e175da3423548967 Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/246411 Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com> QA-Review: Tucker Mcknight <tmcknight@instructure.com> Product-Review: Mysti Lilla <mysti@instructure.com> Reviewed-by: Cody Cutrer <cody@instructure.com> Reviewed-by: Weston Dransfield <wdransfield@instructure.com>
2020-08-29 07:34:28 +08:00
def create_tool_proxy(context, overrides = {})
create lti2 endpoint to get a submission fixes PLAT-2232 test plan: - install an lti2 tool with the originality placement - associate it to an assignment as a tool_settings_tool - use the /api/lti/assignments/#{@assignment.id}/submissions/#{submission.id} endpoint to get a submssion - use the /api/lti/assignments/#{@assignment.id}/submissions/#{submission.id}/history endpoint to get the submission history - make sure you can't access it without the placement enabled - make sure you can't access it unless the tool is associated to the assignment - make sure you can't access it unless the tool is installed - make sure you can't access it unless the tool is active - make sure you can't access it if the tool is not in that context Change-Id: I66d892658a67b04f532f37bda3206efb8666cde7 Reviewed-on: https://gerrit.instructure.com/104803 Reviewed-by: Andrew Butterfield <abutterfield@instructure.com> QA-Review: August Thornton <august@instructure.com> Tested-by: Jenkins Product-Review: Nathan Mills <nathanm@instructure.com>
2017-03-11 06:53:20 +08:00
tp = Lti::ToolProxy.create!(
Distinguish course/account tool installs in ACTL The AssignmentConfigurationToolLookup (ACTL) represents that a given assignment is connected with a given plagiarism detection (LTI2) tool. This is a soft link, not a direct "tool_proxy_id" link to the tool installation, though, since we can uninstall and reinstall tools and we want those connections (actually LESS subscriptions) to be reestablished. We used to figure out that a ACTL belongs to a give tool by matching up product and vendor codes; but if the user installs the tool in both a Course context and an Account context, we can get confused, and one tool from either context can delete the subscriptions created with the tool in the other context. The solution is to store the context_type (Course or Account) in the ACTL when setting up an assignment with a plagiarism detection tool. Test plan: - instrument the locations in the canvas code where a LESS subscription is created and destroyed. You can comment out the calls and replace with "puts" statements in lib/lti/assignment_subscriptions_helper.rb: * replace `destroy_subscription` to not send to LESS, but log (append to a file is easiest to see) with the ID * replace `create_subscription` - make it log (append to a file) and return a fake id like `rand(100000).to_s * run both canvas web and jobs - install a locally-running test tool (e.g. web.lti-originality-report-example.docker:3000/register) in a course context and add an assignment that uses the tool. (note: sometimes when adding a tool it didn't show up in the new assignment dropdown. restarting canvas may help) - Check subscription id: `AssignmentConfigurationToolLookup.where(assignment_id: a_id` The ACTL should also have a context_type of "Course" - install the test tool in a account context. check (by looking at ACTL) that the subscription ID did not change, and that no subscriptions were created or destroyed. - delete the account-level test tool. observe that nothing changed. delete the course-level test tool, observe that the subscriptions have been deleted (looking at the logging you added). - you can do other combinations like creating assignments with an account-level tool. - Test "Blueprint course" syncing still works by creating a blueprint course, adding a tool and assignment with tool, making copies of the course, and syncing the copies. Check that there is still only one copy of the ACTL per course. Fixes PLAT-5023 Change-Id: I6ded9ab91e223fc1cf6a9b7ed7f0df649823c95d Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/215171 Tested-by: Jenkins Reviewed-by: Weston Dransfield <wdransfield@instructure.com> QA-Review: Weston Dransfield <wdransfield@instructure.com> Product-Review: Jesse Poulos <jpoulos@instructure.com>
2019-10-29 07:51:16 +08:00
context: context,
put originality report behind lti2 oauth2 security fixes PLAT-1966 test plan: -get an lti2 OAuth2 access token -attempt to use the originality reports endpoint with it -it should work -attempt to hit the endpoint with a canvas access token -it should not work - attempt to hit the endpoints unauthenticated - it should not work Change-Id: I4b7993b17f2931f7b0dc97a7d187c234490e87d2 Reviewed-on: https://gerrit.instructure.com/100148 Tested-by: Jenkins Reviewed-by: Weston Dransfield <wdransfield@instructure.com> QA-Review: August Thornton <august@instructure.com> Product-Review: Nathan Mills <nathanm@instructure.com>
2017-01-21 05:29:32 +08:00
guid: SecureRandom.uuid,
shared_secret: "abc",
product_family: product_family,
product_version: "1",
workflow_state: "active",
Add ability to import tool profiles fixes PLAT-2598 Test plan: * Install the plagiarism detection tool in a course locally using docker * Get a zip file from me with a bunch of exports * In the course that has the plagiarism detection tool installed * Import 'import.imscc' * Ensure that the import completes without warnings or errors * Import 'different_version.imscc' * Ensure that the import completes with a warning about finding a different version of the tool * Import 'missing_data.imscc' * Ensure that the import completes with a warning that has a link to an error report * In a course where the plagiarism detection tool is not installed * Import 'registration_url.imscc' * Ensure that the import completes with a warning that tells the user the registration url they can use to install the missing tool * Import 'import.imscc' * Ensure that the import completes with a warning that tells the user they need to install the tool but without a registration url Change-Id: I3836c2caf602487de135b5a8732bba00b96b9342 Reviewed-on: https://gerrit.instructure.com/114139 Tested-by: Jenkins Reviewed-by: Weston Dransfield <wdransfield@instructure.com> Reviewed-by: Jeremy Stanley <jeremy@instructure.com> Reviewed-by: Brad Humphrey <brad@instructure.com> QA-Review: August Thornton <august@instructure.com> Product-Review: Karl Lloyd <karl@instructure.com>
2017-06-03 06:38:02 +08:00
raw_data: {
Add subscription to all LTI 2 Plagiarism tool installations fixes INTEROP-6130 flag=plagiarism_tool_subscriptions (removes it) Test plan - Have a Lti::ToolProxy for TurnItIn or Urkund or some other Plagiarism service that does not have an associated subscription - Run the data fixup. Verify the tool has a working subscription Change-Id: I21a85321caf1a735e0034661e175da3423548967 Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/246411 Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com> QA-Review: Tucker Mcknight <tmcknight@instructure.com> Product-Review: Mysti Lilla <mysti@instructure.com> Reviewed-by: Cody Cutrer <cody@instructure.com> Reviewed-by: Weston Dransfield <wdransfield@instructure.com>
2020-08-29 07:34:28 +08:00
"enabled_capability" => overrides[:enabled_capability] || ["Security.splitSecret"],
Service appender support endpoint Refs PLAT-3991 Test Plan: - Create multipel tool proxies in your account. Note the vendor code and product code of the proxies. - Using the new documentation as a reference, hit the endpoint to add a new service to the tool proxies - Verify all tool proxies have the new service added with the correct actions Change-Id: If19c8ed0b8e788dab3025a7e33c5176386a8d885 Reviewed-on: https://gerrit.instructure.com/172604 Tested-by: Jenkins QA-Review: Marc Phillips <mphillips@instructure.com> Product-Review: Jesse Poulos <jpoulos@instructure.com> Reviewed-by: Marc Phillips <mphillips@instructure.com>
2018-11-16 04:57:26 +08:00
"security_contract" => security_contract,
Add ability to import tool profiles fixes PLAT-2598 Test plan: * Install the plagiarism detection tool in a course locally using docker * Get a zip file from me with a bunch of exports * In the course that has the plagiarism detection tool installed * Import 'import.imscc' * Ensure that the import completes without warnings or errors * Import 'different_version.imscc' * Ensure that the import completes with a warning about finding a different version of the tool * Import 'missing_data.imscc' * Ensure that the import completes with a warning that has a link to an error report * In a course where the plagiarism detection tool is not installed * Import 'registration_url.imscc' * Ensure that the import completes with a warning that tells the user the registration url they can use to install the missing tool * Import 'import.imscc' * Ensure that the import completes with a warning that tells the user they need to install the tool but without a registration url Change-Id: I3836c2caf602487de135b5a8732bba00b96b9342 Reviewed-on: https://gerrit.instructure.com/114139 Tested-by: Jenkins Reviewed-by: Weston Dransfield <wdransfield@instructure.com> Reviewed-by: Jeremy Stanley <jeremy@instructure.com> Reviewed-by: Brad Humphrey <brad@instructure.com> QA-Review: August Thornton <august@instructure.com> Product-Review: Karl Lloyd <karl@instructure.com>
2017-06-03 06:38:02 +08:00
"tool_profile" => {
"lti_version" => "LTI-2p0",
"product_instance" => {
"guid" => "be42ae52-23fe-48f5-a783-40ecc7ef6d5c",
"product_info" => {
"product_version" => "1.0",
"product_family" => {
"code" => "abc",
"vendor" => {
"code" => "123",
"vendor_name" => {
"default_value" => "acme"
},
"description" => {
"default_value" => "example vendor"
}
}
},
"description" => {
"default_value" => "example product"
},
"product_name" => {
"default_value" => "learn abc's"
}
}
},
"base_url_choice" => [
{
"default_base_url" => "https://www.samplelaunch.com",
"selector" => {
"applies_to" => [
"MessageHandler"
]
}
}
],
"resource_handler" => [
{
"resource_type" => {
"code" => "code"
},
"resource_name" => {
"default_value" => "resource name",
"key" => ""
},
"message" => [
{
"message_type" => "message_type",
"path" => "https://www.samplelaunch.com/blti"
}
]
},
],
"service_offered" => []
}
},
Add webhook subscription info to submission flag=none Test plan - Install an LTI tool proxy that does plagiarism - Submit an assignment as a student - Load /api/v1/courses/:course_id/ assignments/:assignment_id/submissions /:user_id?include[]=webhook_info and verify that you can see the webhook_info in the API call - Make sure you don't see it anywhere without the webhook_info includes flag (check as many submissions APIs as you can remember) Change-Id: I6113128cae9c3184d73437bc97935a2d4e33fcee Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/274333 Reviewed-by: Xander Moffatt <xmoffatt@instructure.com> QA-Review: Xander Moffatt <xmoffatt@instructure.com> Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com> Product-Review: Karl Lloyd <karl@instructure.com>
2021-09-23 04:58:47 +08:00
lti_version: "1",
subscription_id: overrides[:add_subscription_id] && SecureRandom.uuid
put originality report behind lti2 oauth2 security fixes PLAT-1966 test plan: -get an lti2 OAuth2 access token -attempt to use the originality reports endpoint with it -it should work -attempt to hit the endpoint with a canvas access token -it should not work - attempt to hit the endpoints unauthenticated - it should not work Change-Id: I4b7993b17f2931f7b0dc97a7d187c234490e87d2 Reviewed-on: https://gerrit.instructure.com/100148 Tested-by: Jenkins Reviewed-by: Weston Dransfield <wdransfield@instructure.com> QA-Review: August Thornton <august@instructure.com> Product-Review: Nathan Mills <nathanm@instructure.com>
2017-01-21 05:29:32 +08:00
)
Consider resource type code when sending tool events Fixes INTEROP-6252 flag=none Test Plan: - Install multiple plagiarism detection tools in the same account with _different_ resource type codes. Each tool should also have a different endpoint - Associate an assignment with one of the tools - Submit and verify an event is sent to the tool with the matching resource type code - Verify events were not sent to the other tools Change-Id: I5892451c2ac3af64254881319d6f1143703a5cb6 Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/249776 Reviewed-by: Mysti Lilla <mysti@instructure.com> QA-Review: Tucker Mcknight <tmcknight@instructure.com> Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com> Product-Review: Weston Dransfield <wdransfield@instructure.com>
2020-10-10 11:22:13 +08:00
Distinguish course/account tool installs in ACTL The AssignmentConfigurationToolLookup (ACTL) represents that a given assignment is connected with a given plagiarism detection (LTI2) tool. This is a soft link, not a direct "tool_proxy_id" link to the tool installation, though, since we can uninstall and reinstall tools and we want those connections (actually LESS subscriptions) to be reestablished. We used to figure out that a ACTL belongs to a give tool by matching up product and vendor codes; but if the user installs the tool in both a Course context and an Account context, we can get confused, and one tool from either context can delete the subscriptions created with the tool in the other context. The solution is to store the context_type (Course or Account) in the ACTL when setting up an assignment with a plagiarism detection tool. Test plan: - instrument the locations in the canvas code where a LESS subscription is created and destroyed. You can comment out the calls and replace with "puts" statements in lib/lti/assignment_subscriptions_helper.rb: * replace `destroy_subscription` to not send to LESS, but log (append to a file is easiest to see) with the ID * replace `create_subscription` - make it log (append to a file) and return a fake id like `rand(100000).to_s * run both canvas web and jobs - install a locally-running test tool (e.g. web.lti-originality-report-example.docker:3000/register) in a course context and add an assignment that uses the tool. (note: sometimes when adding a tool it didn't show up in the new assignment dropdown. restarting canvas may help) - Check subscription id: `AssignmentConfigurationToolLookup.where(assignment_id: a_id` The ACTL should also have a context_type of "Course" - install the test tool in a account context. check (by looking at ACTL) that the subscription ID did not change, and that no subscriptions were created or destroyed. - delete the account-level test tool. observe that nothing changed. delete the course-level test tool, observe that the subscriptions have been deleted (looking at the logging you added). - you can do other combinations like creating assignments with an account-level tool. - Test "Blueprint course" syncing still works by creating a blueprint course, adding a tool and assignment with tool, making copies of the course, and syncing the copies. Check that there is still only one copy of the ACTL per course. Fixes PLAT-5023 Change-Id: I6ded9ab91e223fc1cf6a9b7ed7f0df649823c95d Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/215171 Tested-by: Jenkins Reviewed-by: Weston Dransfield <wdransfield@instructure.com> QA-Review: Weston Dransfield <wdransfield@instructure.com> Product-Review: Jesse Poulos <jpoulos@instructure.com>
2019-10-29 07:51:16 +08:00
Lti::ToolProxyBinding.where(context_id: context.id, context_type: context.class.to_s,
create lti2 endpoint to get a submission fixes PLAT-2232 test plan: - install an lti2 tool with the originality placement - associate it to an assignment as a tool_settings_tool - use the /api/lti/assignments/#{@assignment.id}/submissions/#{submission.id} endpoint to get a submssion - use the /api/lti/assignments/#{@assignment.id}/submissions/#{submission.id}/history endpoint to get the submission history - make sure you can't access it without the placement enabled - make sure you can't access it unless the tool is associated to the assignment - make sure you can't access it unless the tool is installed - make sure you can't access it unless the tool is active - make sure you can't access it if the tool is not in that context Change-Id: I66d892658a67b04f532f37bda3206efb8666cde7 Reviewed-on: https://gerrit.instructure.com/104803 Reviewed-by: Andrew Butterfield <abutterfield@instructure.com> QA-Review: August Thornton <august@instructure.com> Tested-by: Jenkins Product-Review: Nathan Mills <nathanm@instructure.com>
2017-03-11 06:53:20 +08:00
tool_proxy_id: tp).first_or_create!
tp
put originality report behind lti2 oauth2 security fixes PLAT-1966 test plan: -get an lti2 OAuth2 access token -attempt to use the originality reports endpoint with it -it should work -attempt to hit the endpoint with a canvas access token -it should not work - attempt to hit the endpoints unauthenticated - it should not work Change-Id: I4b7993b17f2931f7b0dc97a7d187c234490e87d2 Reviewed-on: https://gerrit.instructure.com/100148 Tested-by: Jenkins Reviewed-by: Weston Dransfield <wdransfield@instructure.com> QA-Review: August Thornton <august@instructure.com> Product-Review: Nathan Mills <nathanm@instructure.com>
2017-01-21 05:29:32 +08:00
end
Distinguish course/account tool installs in ACTL The AssignmentConfigurationToolLookup (ACTL) represents that a given assignment is connected with a given plagiarism detection (LTI2) tool. This is a soft link, not a direct "tool_proxy_id" link to the tool installation, though, since we can uninstall and reinstall tools and we want those connections (actually LESS subscriptions) to be reestablished. We used to figure out that a ACTL belongs to a give tool by matching up product and vendor codes; but if the user installs the tool in both a Course context and an Account context, we can get confused, and one tool from either context can delete the subscriptions created with the tool in the other context. The solution is to store the context_type (Course or Account) in the ACTL when setting up an assignment with a plagiarism detection tool. Test plan: - instrument the locations in the canvas code where a LESS subscription is created and destroyed. You can comment out the calls and replace with "puts" statements in lib/lti/assignment_subscriptions_helper.rb: * replace `destroy_subscription` to not send to LESS, but log (append to a file is easiest to see) with the ID * replace `create_subscription` - make it log (append to a file) and return a fake id like `rand(100000).to_s * run both canvas web and jobs - install a locally-running test tool (e.g. web.lti-originality-report-example.docker:3000/register) in a course context and add an assignment that uses the tool. (note: sometimes when adding a tool it didn't show up in the new assignment dropdown. restarting canvas may help) - Check subscription id: `AssignmentConfigurationToolLookup.where(assignment_id: a_id` The ACTL should also have a context_type of "Course" - install the test tool in a account context. check (by looking at ACTL) that the subscription ID did not change, and that no subscriptions were created or destroyed. - delete the account-level test tool. observe that nothing changed. delete the course-level test tool, observe that the subscriptions have been deleted (looking at the logging you added). - you can do other combinations like creating assignments with an account-level tool. - Test "Blueprint course" syncing still works by creating a blueprint course, adding a tool and assignment with tool, making copies of the course, and syncing the copies. Check that there is still only one copy of the ACTL per course. Fixes PLAT-5023 Change-Id: I6ded9ab91e223fc1cf6a9b7ed7f0df649823c95d Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/215171 Tested-by: Jenkins Reviewed-by: Weston Dransfield <wdransfield@instructure.com> QA-Review: Weston Dransfield <wdransfield@instructure.com> Product-Review: Jesse Poulos <jpoulos@instructure.com>
2019-10-29 07:51:16 +08:00
put originality report behind lti2 oauth2 security fixes PLAT-1966 test plan: -get an lti2 OAuth2 access token -attempt to use the originality reports endpoint with it -it should work -attempt to hit the endpoint with a canvas access token -it should not work - attempt to hit the endpoints unauthenticated - it should not work Change-Id: I4b7993b17f2931f7b0dc97a7d187c234490e87d2 Reviewed-on: https://gerrit.instructure.com/100148 Tested-by: Jenkins Reviewed-by: Weston Dransfield <wdransfield@instructure.com> QA-Review: August Thornton <august@instructure.com> Product-Review: Nathan Mills <nathanm@instructure.com>
2017-01-21 05:29:32 +08:00
let(:resource_handler) do
Lti::ResourceHandler.create!(
resource_type_code: "code",
name: "resource name",
tool_proxy: tool_proxy
)
end
let(:message_handler) do
Lti::MessageHandler.create!(
Allow tool proxies with equal profiles access to services Closes PLAT-2710 Test Plan: - Install a plagiarism detection tool, associate it with an assignment, and create a submission. - Delete the tool - Install the tool again in the same context. - Using the tool proxy guid and secret from the second tool, request an access token - Verify you can request the submission for the assignment in step one and create an originality report for it. - Verify this is also true for other lti2 services ( subscription api, originality report api, etc). Change-Id: I006b4a88b105e808dcf0fbbbc8087a83aabe5731 Reviewed-on: https://gerrit.instructure.com/117700 Tested-by: Jenkins QA-Review: August Thornton <august@instructure.com> Reviewed-by: Nathan Mills <nathanm@instructure.com> Product-Review: Weston Dransfield <wdransfield@instructure.com>
2017-07-01 01:50:55 +08:00
message_type: "basic-lti-launch-request",
Support lti launches in originality report closes PLAT-2020 Test Plan: 0. Install an LTI 2 tool and associate it with an assignment. As a student create a submission for the assignment. 1. Create an originality report via the api. Specify the `tool_setting[resource_type_code]` param with a value set to the `resoure_type` code of a valid resource handler for your tool proxy. The resource handler should have at least one message handler. The message handler type should be 'basic-lti-launch-request' 2. Verify the OriginalityReport created has a `link_id` set to the resource link id of a new Lti::ToolSetting. 3. From each of the following locations click the originality report colored bubble and verify your tool launches to the message in the resource handler specified in step 1: - submission details modal from gradebook page - submission details page - student grades page - speed grader 4. Update the originality report via api and repeat steps 2 and 3. Change-Id: Ie40ea9e3423b8f8198dd3fdc3f5f4da76800998f Reviewed-on: https://gerrit.instructure.com/113516 Reviewed-by: Brad Humphrey <brad@instructure.com> Tested-by: Jenkins QA-Review: August Thornton <august@instructure.com> Product-Review: Weston Dransfield <wdransfield@instructure.com>
2017-05-19 02:28:16 +08:00
launch_path: "https://www.samplelaunch.com/blti",
Delete subscriptions on tool uninstall Closes PLAT-1924 Test Plan: - Install a plagiarism detection tool - Create multiple assignments associated with the tool - Uninstall the tool - Verify a delayed job for each subscription to delete is enqued. - Verify the subscriptions are deleted from Dynamo once the jobs finish Change-Id: I24983ce0692430fb072ca74933b80ba78fac1898 Reviewed-on: https://gerrit.instructure.com/105973 Reviewed-by: Cody Cutrer <cody@instructure.com> Reviewed-by: Nathan Mills <nathanm@instructure.com> Tested-by: Jenkins QA-Review: August Thornton <august@instructure.com> Product-Review: Weston Dransfield <wdransfield@instructure.com>
2017-03-21 22:36:51 +08:00
resource_handler: resource_handler,
tool_proxy: tool_proxy
put originality report behind lti2 oauth2 security fixes PLAT-1966 test plan: -get an lti2 OAuth2 access token -attempt to use the originality reports endpoint with it -it should work -attempt to hit the endpoint with a canvas access token -it should not work - attempt to hit the endpoints unauthenticated - it should not work Change-Id: I4b7993b17f2931f7b0dc97a7d187c234490e87d2 Reviewed-on: https://gerrit.instructure.com/100148 Tested-by: Jenkins Reviewed-by: Weston Dransfield <wdransfield@instructure.com> QA-Review: August Thornton <august@instructure.com> Product-Review: Nathan Mills <nathanm@instructure.com>
2017-01-21 05:29:32 +08:00
)
end
Distinguish course/account tool installs in ACTL The AssignmentConfigurationToolLookup (ACTL) represents that a given assignment is connected with a given plagiarism detection (LTI2) tool. This is a soft link, not a direct "tool_proxy_id" link to the tool installation, though, since we can uninstall and reinstall tools and we want those connections (actually LESS subscriptions) to be reestablished. We used to figure out that a ACTL belongs to a give tool by matching up product and vendor codes; but if the user installs the tool in both a Course context and an Account context, we can get confused, and one tool from either context can delete the subscriptions created with the tool in the other context. The solution is to store the context_type (Course or Account) in the ACTL when setting up an assignment with a plagiarism detection tool. Test plan: - instrument the locations in the canvas code where a LESS subscription is created and destroyed. You can comment out the calls and replace with "puts" statements in lib/lti/assignment_subscriptions_helper.rb: * replace `destroy_subscription` to not send to LESS, but log (append to a file is easiest to see) with the ID * replace `create_subscription` - make it log (append to a file) and return a fake id like `rand(100000).to_s * run both canvas web and jobs - install a locally-running test tool (e.g. web.lti-originality-report-example.docker:3000/register) in a course context and add an assignment that uses the tool. (note: sometimes when adding a tool it didn't show up in the new assignment dropdown. restarting canvas may help) - Check subscription id: `AssignmentConfigurationToolLookup.where(assignment_id: a_id` The ACTL should also have a context_type of "Course" - install the test tool in a account context. check (by looking at ACTL) that the subscription ID did not change, and that no subscriptions were created or destroyed. - delete the account-level test tool. observe that nothing changed. delete the course-level test tool, observe that the subscriptions have been deleted (looking at the logging you added). - you can do other combinations like creating assignments with an account-level tool. - Test "Blueprint course" syncing still works by creating a blueprint course, adding a tool and assignment with tool, making copies of the course, and syncing the copies. Check that there is still only one copy of the ACTL per course. Fixes PLAT-5023 Change-Id: I6ded9ab91e223fc1cf6a9b7ed7f0df649823c95d Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/215171 Tested-by: Jenkins Reviewed-by: Weston Dransfield <wdransfield@instructure.com> QA-Review: Weston Dransfield <wdransfield@instructure.com> Product-Review: Jesse Poulos <jpoulos@instructure.com>
2019-10-29 07:51:16 +08:00
let(:tool_proxy_binding) do
Lti::ToolProxyBinding.where(context_id: tool_proxy_context, context_type: tool_proxy_context.class.to_s,
create lti2 endpoint to get a submission fixes PLAT-2232 test plan: - install an lti2 tool with the originality placement - associate it to an assignment as a tool_settings_tool - use the /api/lti/assignments/#{@assignment.id}/submissions/#{submission.id} endpoint to get a submssion - use the /api/lti/assignments/#{@assignment.id}/submissions/#{submission.id}/history endpoint to get the submission history - make sure you can't access it without the placement enabled - make sure you can't access it unless the tool is associated to the assignment - make sure you can't access it unless the tool is installed - make sure you can't access it unless the tool is active - make sure you can't access it if the tool is not in that context Change-Id: I66d892658a67b04f532f37bda3206efb8666cde7 Reviewed-on: https://gerrit.instructure.com/104803 Reviewed-by: Andrew Butterfield <abutterfield@instructure.com> QA-Review: August Thornton <august@instructure.com> Tested-by: Jenkins Product-Review: Nathan Mills <nathanm@instructure.com>
2017-03-11 06:53:20 +08:00
tool_proxy_id: tool_proxy).first_or_create!
Distinguish course/account tool installs in ACTL The AssignmentConfigurationToolLookup (ACTL) represents that a given assignment is connected with a given plagiarism detection (LTI2) tool. This is a soft link, not a direct "tool_proxy_id" link to the tool installation, though, since we can uninstall and reinstall tools and we want those connections (actually LESS subscriptions) to be reestablished. We used to figure out that a ACTL belongs to a give tool by matching up product and vendor codes; but if the user installs the tool in both a Course context and an Account context, we can get confused, and one tool from either context can delete the subscriptions created with the tool in the other context. The solution is to store the context_type (Course or Account) in the ACTL when setting up an assignment with a plagiarism detection tool. Test plan: - instrument the locations in the canvas code where a LESS subscription is created and destroyed. You can comment out the calls and replace with "puts" statements in lib/lti/assignment_subscriptions_helper.rb: * replace `destroy_subscription` to not send to LESS, but log (append to a file is easiest to see) with the ID * replace `create_subscription` - make it log (append to a file) and return a fake id like `rand(100000).to_s * run both canvas web and jobs - install a locally-running test tool (e.g. web.lti-originality-report-example.docker:3000/register) in a course context and add an assignment that uses the tool. (note: sometimes when adding a tool it didn't show up in the new assignment dropdown. restarting canvas may help) - Check subscription id: `AssignmentConfigurationToolLookup.where(assignment_id: a_id` The ACTL should also have a context_type of "Course" - install the test tool in a account context. check (by looking at ACTL) that the subscription ID did not change, and that no subscriptions were created or destroyed. - delete the account-level test tool. observe that nothing changed. delete the course-level test tool, observe that the subscriptions have been deleted (looking at the logging you added). - you can do other combinations like creating assignments with an account-level tool. - Test "Blueprint course" syncing still works by creating a blueprint course, adding a tool and assignment with tool, making copies of the course, and syncing the copies. Check that there is still only one copy of the ACTL per course. Fixes PLAT-5023 Change-Id: I6ded9ab91e223fc1cf6a9b7ed7f0df649823c95d Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/215171 Tested-by: Jenkins Reviewed-by: Weston Dransfield <wdransfield@instructure.com> QA-Review: Weston Dransfield <wdransfield@instructure.com> Product-Review: Jesse Poulos <jpoulos@instructure.com>
2019-10-29 07:51:16 +08:00
end
Allow tool proxies with equal profiles access to services Closes PLAT-2710 Test Plan: - Install a plagiarism detection tool, associate it with an assignment, and create a submission. - Delete the tool - Install the tool again in the same context. - Using the tool proxy guid and secret from the second tool, request an access token - Verify you can request the submission for the assignment in step one and create an originality report for it. - Verify this is also true for other lti2 services ( subscription api, originality report api, etc). Change-Id: I006b4a88b105e808dcf0fbbbc8087a83aabe5731 Reviewed-on: https://gerrit.instructure.com/117700 Tested-by: Jenkins QA-Review: August Thornton <august@instructure.com> Reviewed-by: Nathan Mills <nathanm@instructure.com> Product-Review: Weston Dransfield <wdransfield@instructure.com>
2017-07-01 01:50:55 +08:00
let(:tool_profile) do
{
"lti_version" => "LTI-2p0", "product_instance" => {
"guid" => "be42ae52-23fe-48f5-a783-40ecc7ef6d5c", "product_info" => {
"product_version" => "1.0", "product_family" => {
"code" => "similarity detection reference tool", "vendor" => {
"code" => "Instructure.com", "vendor_name" => {
"default_value" => "Instructure"
}, "description" => {
"default_value" => "Canvas Learning Management System"
}
}
}, "description" => {
"default_value" => "LTI 2.1 tool provider reference implementation"
}, "product_name" => {
"default_value" => "similarity detection reference tool"
}
}
}, "base_url_choice" => [{
"default_base_url" => "http://originality.docker", "selector" => {
"applies_to" => ["MessageHandler"]
}
}], "resource_handler" => [{
"resource_type" => {
"code" => "sumbissions"
}, "resource_name" => {
"default_value" => "Similarity Detection Tool", "key" => ""
}, "message" => [{
"message_type" => "basic-lti-launch-request",
"path" => "/submission/index",
"enabled_capability" => ["Canvas.placements.accountNavigation", "Canvas.placements.courseNavigation"],
"parameter" => []
}]
}, {
"resource_type" => {
"code" => "placements"
}, "resource_name" => {
"default_value" => "Similarity Detection Tool", "key" => ""
}, "message" => [{
"message_type" => "basic-lti-launch-request",
"path" => "/assignments/configure",
"enabled_capability" => ["Canvas.placements.similarityDetection"],
"parameter" => []
}]
}, {
"resource_type" => {
"code" => "originality_reports"
}, "resource_name" => {
"default_value" => "Similarity Detection Tool", "key" => ""
}, "message" => [{
"message_type" => "basic-lti-launch-request",
"path" => "/originality_report",
"enabled_capability" => [],
"parameter" => []
}]
}], "service_offered" => [{
"endpoint" => "http://originality.docker/event/submission",
"action" => ["POST"],
"@id" => "http://originality.docker/lti/v2/services#vnd.Canvas.SubmissionEvent",
"@type" => "RestService"
}]
}
end
let(:security_contract) do
{
"tp_half_shared_secret" => "shared-secret",
"tool_service" => [
{ "service" => "vnd.Canvas.submission",
"action" => ["GET"],
"@type" => "RestServiceProfile" },
{ "service" => "vnd.Canvas.OriginalityReport",
"action" => %w[GET POST PUT],
"@type" => "RestServiceProfile" }
]
}
end
put originality report behind lti2 oauth2 security fixes PLAT-1966 test plan: -get an lti2 OAuth2 access token -attempt to use the originality reports endpoint with it -it should work -attempt to hit the endpoint with a canvas access token -it should not work - attempt to hit the endpoints unauthenticated - it should not work Change-Id: I4b7993b17f2931f7b0dc97a7d187c234490e87d2 Reviewed-on: https://gerrit.instructure.com/100148 Tested-by: Jenkins Reviewed-by: Weston Dransfield <wdransfield@instructure.com> QA-Review: August Thornton <august@instructure.com> Product-Review: Nathan Mills <nathanm@instructure.com>
2017-01-21 05:29:32 +08:00
end