no default url sessionless launches

Also returns back json when a tool and launch url can't be found

fixes PLAT-3434

test plan:
* Create a tool with no urls only a domain and content-item configuration
* Attempt to generate a sessionless launch using a URL
* Configure an assignment using the tools content-item launch
* Attempt to generate a sessionless launch using the assignment
* The above should both work
* Also test for the use cases defined in MBL-9835

Change-Id: I4a369e1ddd1816645f6a359ba344c571ce85083d
Reviewed-on: https://gerrit.instructure.com/152153
Tested-by: Jenkins
Reviewed-by: Han Ngo <hngo@instructure.com>
QA-Review: Han Ngo <hngo@instructure.com>
Product-Review: Nathan Mills <nathanm@instructure.com>

app/controllers/external_tools_controller.rb

@@ -1053,9 +1053,14 @@ class ExternalToolsController < ApplicationController
       return unless find_tool(tool_id, launch_type)
     end
 
-    if @tool&.url.blank? && @tool&.extension_setting(launch_type, :url).blank?
-      flash[:error] = t "#application.errors.invalid_external_tool", "Couldn't find valid settings for this link"
-      return redirect_to named_context_url(@context, :context_url)
+    if @tool.blank? || (@tool.url.blank? && @tool&.extension_setting(launch_type, :url).blank? && launch_url.blank?)
+      respond_to do |format|
+        format.html do
+          flash[:error] = t "#application.errors.invalid_external_tool", "Couldn't find valid settings for this link"
+          return redirect_to named_context_url(@context, :context_url)
+        end
+        format.json { render json: {errors: {external_tool: "Unable to find a matching external tool"}} and return }
+      end
     end
 
     # generate the launch

spec/apis/v1/external_tools_api_spec.rb

@@ -203,6 +203,36 @@ describe ExternalToolsController, type: :request do
             expect(response.code).to eq '200'
           end
 
+          it "returns sessionless launch URL for an assignment launch no URL is set on the tool" do
+            tool = @course.context_external_tools.create!(
+              name: "Example Tool",
+              consumer_key: "fakefake",
+              shared_secret: "sofakefake",
+              domain: "example.com"
+            )
+            assignment = assignment_model(
+              course: @course,
+              name: 'tool assignment',
+              submission_types: 'external_tool',
+              points_possible: 20,
+              grading_type: 'points'
+            )
+            assignment.create_external_tool_tag!(
+              url: 'http://www.example.com/ims/lti',
+              content_type: 'ContextExternalTool',
+              content_id: tool.id
+            )
+            params = {id: tool.id.to_s, launch_type: 'assessment', assignment_id: @assignment.id}
+            json = get_sessionless_launch_url(@course, 'course', params)
+            expect(json['url']).to include(course_external_tools_sessionless_launch_url(@course))
+          end
+
+          it "returns a json error if there is no matching tool" do
+            params = {url: 'http://my_non_esisting_tool_domain.com', id: -1}
+            json = get_sessionless_launch_url(@course, 'course', params)
+            expect(json["errors"]["external_tool"]).to eq "Unable to find a matching external tool"
+          end
+
         end
 
         it "returns a bad request response if there is no tool_id or url" do
@@ -213,25 +243,6 @@ describe ExternalToolsController, type: :request do
           expect(json["errors"]["id"].first["message"]).to eq 'A tool id, tool url, or module item id must be provided'
           expect(json["errors"]["url"].first["message"]).to eq 'A tool id, tool url, or module item id must be provided'
         end
-
-        it 'redirects if there is no matching tool for the launch_url, and tool id' do
-          params = {url: 'http://my_non_esisting_tool_domain.com', id: -1}
-          code = get_raw_sessionless_launch_url(@course, 'course', params)
-          expect(code).to eq 302
-        end
-
-        it 'redirects if there is no matching tool for the and tool id' do
-          params = { id: -1}
-          code = get_raw_sessionless_launch_url(@course, 'course', params)
-          expect(code).to eq 302
-        end
-
-        it 'redirects if there is no launch url associated with the tool' do
-          no_url_tool = tool.dup
-          no_url_tool.update_attributes!(url: nil)
-          get_raw_sessionless_launch_url(@course, 'course', {id: no_url_tool.id})
-          expect(response).to be_redirect
-        end
       end
     end
 

spec/controllers/external_tools_controller_spec.rb

@@ -1352,11 +1352,11 @@ describe ExternalToolsController do
     before do
       allow(BasicLTI::Sourcedid).to receive(:encryption_secret) {'encryption-secret-5T14NjaTbcYjc4'}
       allow(BasicLTI::Sourcedid).to receive(:signing_secret) {'signing-secret-vp04BNqApwdwUYPUI'}
+      user_session(@user)
     end
 
     it "generates a sessionless launch" do
       @tool = new_valid_tool(@course)
-      user_session(@user)
 
       get :generate_sessionless_launch, params: {:course_id => @course.id, id: @tool.id}
 
@@ -1377,7 +1377,6 @@ describe ExternalToolsController do
 
     it "strips query param from launch_url before signing, attaches to post body, and removes query params in url for launch" do
       @tool = new_valid_tool(@course, { url: 'http://www.example.com/basic_lti?tripping', post_only: true })
-      user_session(@user)
 
       get :generate_sessionless_launch, params: {:course_id => @course.id, id: @tool.id}
 
@@ -1394,7 +1393,6 @@ describe ExternalToolsController do
 
     it "generates a sessionless launch for an external tool assignment" do
       tool = new_valid_tool(@course)
-      user_session(@user)
       assignment_model(:course => @course,
                        :name => 'tool assignment',
                        :submission_types => 'external_tool',
@@ -1422,7 +1420,6 @@ describe ExternalToolsController do
     end
 
     it "requires context_module_id for module_item launch type" do
-      user_session(@user)
       @tool = new_valid_tool(@course)
       @cm = ContextModule.create(context: @course)
       @tg = ContentTag.create(context: @course,
@@ -1440,7 +1437,6 @@ describe ExternalToolsController do
     end
 
     it "Sets the correct resource_link_id for module items when module_item_id is provided" do
-      user_session(@user)
       @tool = new_valid_tool(@course)
       @cm = ContextModule.create(context: @course)
       @tg = ContentTag.create(context: @course,
@@ -1469,7 +1465,6 @@ describe ExternalToolsController do
     end
 
     it 'makes the module item available for variable expansions' do
-      user_session(@user)
       @tool = new_valid_tool(@course)
       @tool.settings[:custom_fields] = {'standard' => '$Canvas.moduleItem.id'}
       @tool.save!
@@ -1495,6 +1490,24 @@ describe ExternalToolsController do
       launch_settings = JSON.parse(Canvas.redis.get(redis_key))
       expect(launch_settings.dig('tool_settings', 'custom_standard')).to eq @tg.id.to_s
     end
+
+    it 'redirects if there is no matching tool for the launch_url, and tool id' do
+      params = {course_id: @course.id, url: 'http://my_non_esisting_tool_domain.com', id: -1}
+      expect(get :generate_sessionless_launch, params: params).to redirect_to course_url(@course)
+    end
+
+    it 'redirects if there is no matching tool for the and tool id' do
+      params = {:course_id => @course.id, id: -1}
+      expect(get :generate_sessionless_launch, params: params).to redirect_to course_url(@course)
+    end
+
+    it 'redirects if there is no launch url associated with the tool' do
+      no_url_tool = new_valid_tool(@course)
+      no_url_tool.update_attributes!(url: nil)
+      params = {:course_id => @course.id, id: no_url_tool.id}
+      expect(get :generate_sessionless_launch, params: params).to redirect_to course_url(@course)
+    end
+
   end
 
   def opaque_id(asset)