Add root account UUID to sub service JWT

Fixes: PLAT-2379 Change-Id: I6f64e4cd54c60cddb1eefaa31fd29c098c2f2006 Test-Plan: - Modify the SubscriptionService jwt middleware to console.log the raw jwt it decodes - live-events-subscriptions/app/middleware/JwtService.js - Ensure that RootAccountUUID is part of the jwt body Reviewed-on: https://gerrit.instructure.com/107874 Tested-by: Jenkins Reviewed-by: Andrew Butterfield <abutterfield@instructure.com> QA-Review: August Thornton <august@instructure.com> Product-Review: Jayce Higgins <jhiggins@instructure.com>
2017-04-07 12:05:31 -05:00 · 2017-04-07 12:05:31 -05:00 · 8b52ff0dec
parent 25baa102e3
commit 8b52ff0dec
2 changed files with 19 additions and 1 deletions
--- a/lib/services/live_events_subscription_service.rb
+++ b/lib/services/live_events_subscription_service.rb
@ -60,7 +60,8 @@ module Services
        options.merge({
          sub: "ltiToolProxy:#{tool_proxy.guid}",
          DeveloperKey: tool_proxy.product_family.developer_key.global_id.to_s,
-          RootAccountId: (tool_proxy.context.global_root_account_id || tool_proxy.context.global_id).to_s
+          RootAccountId: (tool_proxy.context.global_root_account_id || tool_proxy.context.global_id).to_s,
+          RootAccountUUID: tool_proxy.context.root_account.uuid
        })
      end
    end
--- a/spec/lib/services/live_events_subscription_service_spec.rb
+++ b/spec/lib/services/live_events_subscription_service_spec.rb
@ -56,6 +56,12 @@ module Services
        root_account
      end

+      let(:root_account_object) do
+        root_account_object = mock()
+        root_account_object.stubs(:uuid).returns('random-account-uuid')
+        root_account_object
+      end
+
      let(:product_family) do
        product_family = mock()
        product_family.stubs(:developer_key).returns(developer_key)
@ -78,12 +84,14 @@ module Services
      describe '.destroy_tool_proxy_subscription' do
        it 'makes the expected request' do
          tool_proxy.stubs(:context).returns(root_account_context)
+          root_account_context.stubs(:root_account).returns(root_account_object)
          HTTParty.expects(:send).with do |method, endpoint, options|
            expect(method).to eq(:delete)
            expect(endpoint).to eq('http://example.com/api/subscriptions/subscription_id')
            jwt = Canvas::Security::ServicesJwt.new(options[:headers]['Authorization'].gsub('Bearer ',''), false).original_token
            expect(jwt["DeveloperKey"]).to eq('10000000000003')
            expect(jwt["RootAccountId"]).to eq('10000000000004')
+            expect(jwt["RootAccountUUID"]).to eq('random-account-uuid')
            expect(jwt["sub"]).to eq('ltiToolProxy:151b52cd-d670-49fb-bf65-6a327e3aaca0')
          end
          LiveEventsSubscriptionService.destroy_tool_proxy_subscription(tool_proxy, 'subscription_id')
@ -93,12 +101,14 @@ module Services
      describe '.tool_proxy_subscription' do
        it 'makes the expected request' do
          tool_proxy.stubs(:context).returns(non_root_account_context)
+          non_root_account_context.stubs(:root_account).returns(root_account_object)
          HTTParty.expects(:send).with do |method, endpoint, options|
            expect(method).to eq(:get)
            expect(endpoint).to eq('http://example.com/api/subscriptions/subscription_id')
            jwt = Canvas::Security::ServicesJwt.new(options[:headers]['Authorization'].gsub('Bearer ',''), false).original_token
            expect(jwt["DeveloperKey"]).to eq('10000000000003')
            expect(jwt["RootAccountId"]).to eq('10000000000007')
+            expect(jwt["RootAccountUUID"]).to eq('random-account-uuid')
            expect(jwt["sub"]).to eq('ltiToolProxy:151b52cd-d670-49fb-bf65-6a327e3aaca0')
          end
          LiveEventsSubscriptionService.tool_proxy_subscription(tool_proxy, 'subscription_id')
@ -108,12 +118,14 @@ module Services
      describe '.tool_proxy_subscriptions' do
        it 'makes the expected request' do
          tool_proxy.stubs(:context).returns(non_root_account_context)
+          non_root_account_context.stubs(:root_account).returns(root_account_object)
          HTTParty.expects(:send).with do |method, endpoint, options|
            expect(method).to eq(:get)
            expect(endpoint).to eq('http://example.com/api/subscriptions')
            jwt = Canvas::Security::ServicesJwt.new(options[:headers]['Authorization'].gsub('Bearer ',''), false).original_token
            expect(jwt["DeveloperKey"]).to eq('10000000000003')
            expect(jwt["RootAccountId"]).to eq('10000000000007')
+            expect(jwt["RootAccountUUID"]).to eq('random-account-uuid')
            expect(jwt["sub"]).to eq('ltiToolProxy:151b52cd-d670-49fb-bf65-6a327e3aaca0')
          end
          LiveEventsSubscriptionService.tool_proxy_subscriptions(tool_proxy)
@ -123,6 +135,7 @@ module Services
      describe '.create_tool_proxy_subscription' do
        it 'makes the expected request' do
          tool_proxy.stubs(:context).returns(root_account_context)
+          root_account_context.stubs(:root_account).returns(root_account_object)
          subscription = { 'my' => 'subscription' }

          HTTParty.expects(:send).with do |method, endpoint, options|
@ -132,6 +145,7 @@ module Services
            jwt = Canvas::Security::ServicesJwt.new(options[:headers]['Authorization'].gsub('Bearer ',''), false).original_token
            expect(jwt['DeveloperKey']).to eq('10000000000003')
            expect(jwt["RootAccountId"]).to eq('10000000000004')
+            expect(jwt["RootAccountUUID"]).to eq('random-account-uuid')
            expect(jwt['sub']).to eq('ltiToolProxy:151b52cd-d670-49fb-bf65-6a327e3aaca0')
            expect(JSON.parse(options[:body])).to eq(subscription)
          end
@ -143,6 +157,7 @@ module Services
      describe '.update_tool_proxy_subscription' do
        it 'makes the expected request' do
          tool_proxy.stubs(:context).returns(root_account_context)
+          root_account_context.stubs(:root_account).returns(root_account_object)
          subscription = { 'my' => 'subscription' }

          HTTParty.expects(:send).with do |method, endpoint, options|
@ -152,6 +167,7 @@ module Services
            jwt = Canvas::Security::ServicesJwt.new(options[:headers]['Authorization'].gsub('Bearer ',''), false).original_token
            expect(jwt['DeveloperKey']).to eq('10000000000003')
            expect(jwt["RootAccountId"]).to eq('10000000000004')
+            expect(jwt["RootAccountUUID"]).to eq('random-account-uuid')
            expect(jwt['sub']).to eq('ltiToolProxy:151b52cd-d670-49fb-bf65-6a327e3aaca0')
            expect(JSON.parse(options[:body])).to eq(subscription)
          end
@ -163,6 +179,7 @@ module Services
      context 'timeout protection' do
        it 'throws an exception for .tool_proxy_subscriptions' do
          tool_proxy.stubs(:context).returns(root_account_context)
+          root_account_context.stubs(:root_account).returns(root_account_object)
          Timeout.expects(:timeout).raises(Timeout::Error)
          expect { LiveEventsSubscriptionService.tool_proxy_subscriptions(tool_proxy) }.to raise_error(Timeout::Error)
        end