From 850833ebbaf7e87c623497ee4bcd87399655fa8c Mon Sep 17 00:00:00 2001 From: Andrew Butterfield Date: Thu, 23 Feb 2017 13:40:44 -0700 Subject: [PATCH] Add RootAccountId to jwt for LiveEventSubscriptionService fixes PLAT-2280 Test plan: * Install an LTI 2.1 tool with a developer key * Start a rails console and run any of the Services::LiveEventsSubscriptionService methods and save the result * Inspect the request that was sent out with result.request.options * Grab the JWT from the headers and decrypt it using Canvas Security * Ensure that the RootAccountId is there and that the DeveloperKey is there Change-Id: I688b45efe1dd16db0d48adcaf718de801a681415 Reviewed-on: https://gerrit.instructure.com/103076 Reviewed-by: Nathan Mills Tested-by: Jenkins QA-Review: August Thornton Product-Review: Andrew Butterfield --- .../live_events_subscription_service.rb | 3 +- .../live_events_subscription_service_spec.rb | 34 ++++++++++++++++--- 2 files changed, 31 insertions(+), 6 deletions(-) diff --git a/lib/services/live_events_subscription_service.rb b/lib/services/live_events_subscription_service.rb index 8ca91c6b3a4..5726ad131eb 100644 --- a/lib/services/live_events_subscription_service.rb +++ b/lib/services/live_events_subscription_service.rb @@ -62,7 +62,8 @@ module Services def tool_proxy_jwt_body(tool_proxy, options = {}) options.merge({ sub: "ltiToolProxy:#{tool_proxy.guid}", - developerKey: tool_proxy.product_family.developer_key.global_id.to_s + DeveloperKey: tool_proxy.product_family.developer_key.global_id.to_s, + RootAccountId: (tool_proxy.context.global_root_account_id || tool_proxy.context.global_id).to_s }) end end diff --git a/spec/lib/services/live_events_subscription_service_spec.rb b/spec/lib/services/live_events_subscription_service_spec.rb index 7cbd5a89c77..0f45a120cef 100644 --- a/spec/lib/services/live_events_subscription_service_spec.rb +++ b/spec/lib/services/live_events_subscription_service_spec.rb @@ -43,6 +43,19 @@ module Services developer_key end + let(:non_root_account_context) do + non_root_account = mock() + non_root_account.stubs(:global_root_account_id).returns(10000000000007) + non_root_account + end + + let(:root_account_context) do + root_account = mock() + root_account.stubs(:global_root_account_id).returns(nil) + root_account.stubs(:global_id).returns(10000000000004) + root_account + end + let(:product_family) do product_family = mock() product_family.stubs(:developer_key).returns(developer_key) @@ -64,11 +77,13 @@ module Services describe '.destroy_tool_proxy_subscription' do it 'makes the expected request' do + tool_proxy.stubs(:context).returns(root_account_context) HTTParty.expects(:send).with do |method, endpoint, options| expect(method).to eq(:delete) expect(endpoint).to eq('http://example.com/api/subscriptions/subscription_id') jwt = Canvas::Security::ServicesJwt.new(options[:headers]['Authorization'].gsub('Bearer ',''), false).original_token - expect(jwt["developerKey"]).to eq('10000000000003') + expect(jwt["DeveloperKey"]).to eq('10000000000003') + expect(jwt["RootAccountId"]).to eq('10000000000004') expect(jwt["sub"]).to eq('ltiToolProxy:151b52cd-d670-49fb-bf65-6a327e3aaca0') end LiveEventsSubscriptionService.destroy_tool_proxy_subscription(tool_proxy, 'subscription_id') @@ -77,11 +92,13 @@ module Services describe '.tool_proxy_subscription' do it 'makes the expected request' do + tool_proxy.stubs(:context).returns(non_root_account_context) HTTParty.expects(:send).with do |method, endpoint, options| expect(method).to eq(:get) expect(endpoint).to eq('http://example.com/api/subscriptions/subscription_id') jwt = Canvas::Security::ServicesJwt.new(options[:headers]['Authorization'].gsub('Bearer ',''), false).original_token - expect(jwt["developerKey"]).to eq('10000000000003') + expect(jwt["DeveloperKey"]).to eq('10000000000003') + expect(jwt["RootAccountId"]).to eq('10000000000007') expect(jwt["sub"]).to eq('ltiToolProxy:151b52cd-d670-49fb-bf65-6a327e3aaca0') end LiveEventsSubscriptionService.tool_proxy_subscription(tool_proxy, 'subscription_id') @@ -90,11 +107,13 @@ module Services describe '.tool_proxy_subscriptions' do it 'makes the expected request' do + tool_proxy.stubs(:context).returns(non_root_account_context) HTTParty.expects(:send).with do |method, endpoint, options| expect(method).to eq(:get) expect(endpoint).to eq('http://example.com/api/subscriptions') jwt = Canvas::Security::ServicesJwt.new(options[:headers]['Authorization'].gsub('Bearer ',''), false).original_token - expect(jwt["developerKey"]).to eq('10000000000003') + expect(jwt["DeveloperKey"]).to eq('10000000000003') + expect(jwt["RootAccountId"]).to eq('10000000000007') expect(jwt["sub"]).to eq('ltiToolProxy:151b52cd-d670-49fb-bf65-6a327e3aaca0') end LiveEventsSubscriptionService.tool_proxy_subscriptions(tool_proxy) @@ -103,6 +122,7 @@ module Services describe '.create_tool_proxy_subscription' do it 'makes the expected request' do + tool_proxy.stubs(:context).returns(root_account_context) subscription = { 'my' => 'subscription' } HTTParty.expects(:send).with do |method, endpoint, options| @@ -110,7 +130,8 @@ module Services expect(endpoint).to eq('http://example.com/api/subscriptions') expect(options[:headers]['Content-Type']).to eq('application/json') jwt = Canvas::Security::ServicesJwt.new(options[:headers]['Authorization'].gsub('Bearer ',''), false).original_token - expect(jwt['developerKey']).to eq('10000000000003') + expect(jwt['DeveloperKey']).to eq('10000000000003') + expect(jwt["RootAccountId"]).to eq('10000000000004') expect(jwt['sub']).to eq('ltiToolProxy:151b52cd-d670-49fb-bf65-6a327e3aaca0') expect(JSON.parse(options[:body])).to eq(subscription) end @@ -121,6 +142,7 @@ module Services describe '.update_tool_proxy_subscription' do it 'makes the expected request' do + tool_proxy.stubs(:context).returns(root_account_context) subscription = { 'my' => 'subscription' } HTTParty.expects(:send).with do |method, endpoint, options| @@ -128,7 +150,8 @@ module Services expect(endpoint).to eq('http://example.com/api/subscriptions/subscription_id') expect(options[:headers]['Content-Type']).to eq('application/json') jwt = Canvas::Security::ServicesJwt.new(options[:headers]['Authorization'].gsub('Bearer ',''), false).original_token - expect(jwt['developerKey']).to eq('10000000000003') + expect(jwt['DeveloperKey']).to eq('10000000000003') + expect(jwt["RootAccountId"]).to eq('10000000000004') expect(jwt['sub']).to eq('ltiToolProxy:151b52cd-d670-49fb-bf65-6a327e3aaca0') expect(JSON.parse(options[:body])).to eq(subscription) end @@ -139,6 +162,7 @@ module Services context 'timeout protection' do it 'throws an exception for .tool_proxy_subscriptions' do + tool_proxy.stubs(:context).returns(root_account_context) Timeout.expects(:timeout).raises(Timeout::Error) expect { LiveEventsSubscriptionService.tool_proxy_subscriptions(tool_proxy) }.to raise_error(Timeout::Error) end