Add RootAccountId to jwt for LiveEventSubscriptionService

fixes PLAT-2280 Test plan: * Install an LTI 2.1 tool with a developer key * Start a rails console and run any of the Services::LiveEventsSubscriptionService methods and save the result * Inspect the request that was sent out with result.request.options * Grab the JWT from the headers and decrypt it using Canvas Security * Ensure that the RootAccountId is there and that the DeveloperKey is there Change-Id: I688b45efe1dd16db0d48adcaf718de801a681415 Reviewed-on: https://gerrit.instructure.com/103076 Reviewed-by: Nathan Mills <nathanm@instructure.com> Tested-by: Jenkins QA-Review: August Thornton <august@instructure.com> Product-Review: Andrew Butterfield <abutterfield@instructure.com>
2017-02-23 13:40:44 -07:00 · 2017-02-23 13:40:44 -07:00 · 850833ebba
parent becb8ed63c
commit 850833ebba
2 changed files with 31 additions and 6 deletions
--- a/lib/services/live_events_subscription_service.rb
+++ b/lib/services/live_events_subscription_service.rb
@ -62,7 +62,8 @@ module Services
      def tool_proxy_jwt_body(tool_proxy, options = {})
        options.merge({
          sub: "ltiToolProxy:#{tool_proxy.guid}",
-          developerKey: tool_proxy.product_family.developer_key.global_id.to_s
+          DeveloperKey: tool_proxy.product_family.developer_key.global_id.to_s,
+          RootAccountId: (tool_proxy.context.global_root_account_id || tool_proxy.context.global_id).to_s
        })
      end
    end
--- a/spec/lib/services/live_events_subscription_service_spec.rb
+++ b/spec/lib/services/live_events_subscription_service_spec.rb
@ -43,6 +43,19 @@ module Services
        developer_key
      end

+      let(:non_root_account_context) do
+        non_root_account = mock()
+        non_root_account.stubs(:global_root_account_id).returns(10000000000007)
+        non_root_account
+      end
+
+      let(:root_account_context) do
+        root_account = mock()
+        root_account.stubs(:global_root_account_id).returns(nil)
+        root_account.stubs(:global_id).returns(10000000000004)
+        root_account
+      end
+
      let(:product_family) do
        product_family = mock()
        product_family.stubs(:developer_key).returns(developer_key)
@ -64,11 +77,13 @@ module Services

      describe '.destroy_tool_proxy_subscription' do
        it 'makes the expected request' do
+          tool_proxy.stubs(:context).returns(root_account_context)
          HTTParty.expects(:send).with do |method, endpoint, options|
            expect(method).to eq(:delete)
            expect(endpoint).to eq('http://example.com/api/subscriptions/subscription_id')
            jwt = Canvas::Security::ServicesJwt.new(options[:headers]['Authorization'].gsub('Bearer ',''), false).original_token
-            expect(jwt["developerKey"]).to eq('10000000000003')
+            expect(jwt["DeveloperKey"]).to eq('10000000000003')
+            expect(jwt["RootAccountId"]).to eq('10000000000004')
            expect(jwt["sub"]).to eq('ltiToolProxy:151b52cd-d670-49fb-bf65-6a327e3aaca0')
          end
          LiveEventsSubscriptionService.destroy_tool_proxy_subscription(tool_proxy, 'subscription_id')
@ -77,11 +92,13 @@ module Services

      describe '.tool_proxy_subscription' do
        it 'makes the expected request' do
+          tool_proxy.stubs(:context).returns(non_root_account_context)
          HTTParty.expects(:send).with do |method, endpoint, options|
            expect(method).to eq(:get)
            expect(endpoint).to eq('http://example.com/api/subscriptions/subscription_id')
            jwt = Canvas::Security::ServicesJwt.new(options[:headers]['Authorization'].gsub('Bearer ',''), false).original_token
-            expect(jwt["developerKey"]).to eq('10000000000003')
+            expect(jwt["DeveloperKey"]).to eq('10000000000003')
+            expect(jwt["RootAccountId"]).to eq('10000000000007')
            expect(jwt["sub"]).to eq('ltiToolProxy:151b52cd-d670-49fb-bf65-6a327e3aaca0')
          end
          LiveEventsSubscriptionService.tool_proxy_subscription(tool_proxy, 'subscription_id')
@ -90,11 +107,13 @@ module Services

      describe '.tool_proxy_subscriptions' do
        it 'makes the expected request' do
+          tool_proxy.stubs(:context).returns(non_root_account_context)
          HTTParty.expects(:send).with do |method, endpoint, options|
            expect(method).to eq(:get)
            expect(endpoint).to eq('http://example.com/api/subscriptions')
            jwt = Canvas::Security::ServicesJwt.new(options[:headers]['Authorization'].gsub('Bearer ',''), false).original_token
-            expect(jwt["developerKey"]).to eq('10000000000003')
+            expect(jwt["DeveloperKey"]).to eq('10000000000003')
+            expect(jwt["RootAccountId"]).to eq('10000000000007')
            expect(jwt["sub"]).to eq('ltiToolProxy:151b52cd-d670-49fb-bf65-6a327e3aaca0')
          end
          LiveEventsSubscriptionService.tool_proxy_subscriptions(tool_proxy)
@ -103,6 +122,7 @@ module Services

      describe '.create_tool_proxy_subscription' do
        it 'makes the expected request' do
+          tool_proxy.stubs(:context).returns(root_account_context)
          subscription = { 'my' => 'subscription' }

          HTTParty.expects(:send).with do |method, endpoint, options|
@ -110,7 +130,8 @@ module Services
            expect(endpoint).to eq('http://example.com/api/subscriptions')
            expect(options[:headers]['Content-Type']).to eq('application/json')
            jwt = Canvas::Security::ServicesJwt.new(options[:headers]['Authorization'].gsub('Bearer ',''), false).original_token
-            expect(jwt['developerKey']).to eq('10000000000003')
+            expect(jwt['DeveloperKey']).to eq('10000000000003')
+            expect(jwt["RootAccountId"]).to eq('10000000000004')
            expect(jwt['sub']).to eq('ltiToolProxy:151b52cd-d670-49fb-bf65-6a327e3aaca0')
            expect(JSON.parse(options[:body])).to eq(subscription)
          end
@ -121,6 +142,7 @@ module Services

      describe '.update_tool_proxy_subscription' do
        it 'makes the expected request' do
+          tool_proxy.stubs(:context).returns(root_account_context)
          subscription = { 'my' => 'subscription' }

          HTTParty.expects(:send).with do |method, endpoint, options|
@ -128,7 +150,8 @@ module Services
            expect(endpoint).to eq('http://example.com/api/subscriptions/subscription_id')
            expect(options[:headers]['Content-Type']).to eq('application/json')
            jwt = Canvas::Security::ServicesJwt.new(options[:headers]['Authorization'].gsub('Bearer ',''), false).original_token
-            expect(jwt['developerKey']).to eq('10000000000003')
+            expect(jwt['DeveloperKey']).to eq('10000000000003')
+            expect(jwt["RootAccountId"]).to eq('10000000000004')
            expect(jwt['sub']).to eq('ltiToolProxy:151b52cd-d670-49fb-bf65-6a327e3aaca0')
            expect(JSON.parse(options[:body])).to eq(subscription)
          end
@ -139,6 +162,7 @@ module Services

      context 'timeout protection' do
        it 'throws an exception for .tool_proxy_subscriptions' do
+          tool_proxy.stubs(:context).returns(root_account_context)
          Timeout.expects(:timeout).raises(Timeout::Error)
          expect { LiveEventsSubscriptionService.tool_proxy_subscriptions(tool_proxy) }.to raise_error(Timeout::Error)
        end