use assignment deep link url only when needed

why: * in rare cases (an Assignment exists in the account that does not have an `lti_context_id`), the deep link return url that is passed in the LTI launch will mistakenly point to that assignment, instead of the correct context closes INTEROP-7506 flag=none test plan: * create an assignment however you would like * in a rails console, remove its lti_context_id: `a.update_attribute(:lti_context_id, nil)` * without this commit checked out: * perform a deep linking launch from the account announcements page by creating a new announcement and launching the 1.3 test tool from the RCE that opens * note the deep_link_return_url in the LTI launch JWT - it should point to `.../courses/:account_id/assignments/:id...`, which is incorrect * check out this commit * repeat the same deep linking launch * the deep_link_return_url should point to `.../accounts/:id...`, which is the correct context Change-Id: I90946a1a505e18d7349b953ff9c108959240406b Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/293692 Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com> Reviewed-by: Evan Battaglia <ebattaglia@instructure.com> QA-Review: Evan Battaglia <ebattaglia@instructure.com> Product-Review: Xander Moffatt <xmoffatt@instructure.com>
2022-06-09 15:50:15 -06:00 · 2022-06-09 15:50:15 -06:00 · d2c1bc8f40
parent eced372060
commit d2c1bc8f40
2 changed files with 12 additions and 1 deletions
--- a/lib/lti/messages/deep_linking_request.rb
+++ b/lib/lti/messages/deep_linking_request.rb
@ -128,7 +128,7 @@ module Lti::Messages

    def add_deep_linking_request_claims!
      lti_assignment_id = Lti::Security.decoded_lti_assignment_id(@expander.controller&.params&.[]("secure_params"))
-      assignment = Assignment.find_by(lti_context_id: lti_assignment_id)
+      assignment = Assignment.find_by(lti_context_id: lti_assignment_id) if lti_assignment_id
      @message.deep_linking_settings.deep_link_return_url = assignment ? assignment_return_url(assignment) : return_url
      @message.deep_linking_settings.accept_types = DEEP_LINKING_DETAILS.dig(placement, :accept_types)
      @message.deep_linking_settings.accept_presentation_document_targets = DEEP_LINKING_DETAILS.dig(placement, :document_targets)
--- a/spec/lib/lti/messages/deep_linking_request_spec.rb
+++ b/spec/lib/lti/messages/deep_linking_request_spec.rb
@ -53,6 +53,17 @@ describe Lti::Messages::DeepLinkingRequest do
      expect(subject["deep_link_return_url"]).to eq assignment_return_url
    end

+    context "when assignment with nil lti_context_id exists" do
+      before do
+        a = Assignment.create!(name: "no lti_context_id", context: course)
+        a.update_attribute(:lti_context_id, nil)
+      end
+
+      it "does not use assignment return url" do
+        expect(subject["deep_link_return_url"]).to eq deep_linking_return_url
+      end
+    end
+
    shared_examples_for "sets deep linking attributes" do
      it 'sets the correct "accept_types"' do
        expect(subject["accept_types"]).to match_array accept_types