ylqjgm
/
canvas-lms
mirror of https://github.com/instructure/canvas-lms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Revert "Remove oauth2 patch that is no longer necessary" 

This reverts commit fa752b25eb.

Reason for revert: still needed until newer upstream

Change-Id: Icecf71afaca21686b5b9abccbcc9f9fa1145ce41
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/323891
Tested-by: Isaac Moore <isaac.moore@instructure.com>
QA-Review: Isaac Moore <isaac.moore@instructure.com>
Product-Review: Isaac Moore <isaac.moore@instructure.com>
Reviewed-by: Jacob Burroughs <jburroughs@instructure.com>
This commit is contained in:
Isaac Moore 2023-08-01 16:01:40 +00:00
parent 80c61bcba0
commit 25f313de48
3 changed files with 46 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
app/models/authentication_provider/oauth.rb
View File

@ -19,6 +19,7 @@
# #
require "oauth2" require "oauth2"
require "canvas/core_ext/oauth2"
class AuthenticationProvider::OAuth < AuthenticationProvider::Delegated class AuthenticationProvider::OAuth < AuthenticationProvider::Delegated
SENSITIVE_PARAMS = [:consumer_secret].freeze SENSITIVE_PARAMS = [:consumer_secret].freeze

1
app/models/authentication_provider/oauth2.rb
View File

@ -19,6 +19,7 @@
# #
require "oauth2" require "oauth2"
require "canvas/core_ext/oauth2"
class OAuthValidationError < RuntimeError class OAuthValidationError < RuntimeError
end end

44
lib/canvas/core_ext/oauth2.rb Normal file
View File

@ -0,0 +1,44 @@
# frozen_string_literal: true
#
# Copyright (C) 2016 - present Instructure, Inc.
#
# This file is part of Canvas.
#
# Canvas is free software: you can redistribute it and/or modify it under
# the terms of the GNU Affero General Public License as published by the Free
# Software Foundation, version 3 of the License.
#
# Canvas is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
# A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
# details.
#
# You should have received a copy of the GNU Affero General Public License along
# with this program. If not, see <http://www.gnu.org/licenses/>.
module Canvas::CoreExt
module OAuth2
def get_token(params, access_token_opts = {}, access_token_class = ::OAuth2::AccessToken)
params = ::OAuth2::Authenticator.new(id, secret, options[:auth_scheme]).apply(params)
opts = { raise_errors: options[:raise_errors], parse: params.delete(:parse) }
headers = params.delete(:headers) || {}
if options[:token_method] == :post
opts[:body] = params
opts[:headers] = { "Content-Type" => "application/x-www-form-urlencoded" }
else
opts[:params] = params
opts[:headers] = {}
end
opts[:headers].merge!(headers)
response = request(options[:token_method], token_url, opts)
# only change is on this line; Microsoft doesn't send back an access_token if you're doing a pure OpenID Connect auth
if options[:raise_errors] && !((response.parsed.is_a?(Hash) && response.parsed["access_token"]) || response.parsed["id_token"])
error = ::OAuth2::Error.new(response)
raise(error)
end
access_token_class.from_hash(self, response.parsed.merge(access_token_opts))
end
end
end
OAuth2::Client.prepend(Canvas::CoreExt::OAuth2)