gracefully handle missing sourcedid for grade passback

fixes PLAT-1356 test plan: send a grade passback with no sourcedid canvas shouldn't return a 500 Change-Id: I21436d679e05a5fa837167b163212a729c10a3a8 Reviewed-on: https://gerrit.instructure.com/72998 Tested-by: Jenkins QA-Review: August Thornton <august@instructure.com> Reviewed-by: Brad Horrocks <bhorrocks@instructure.com> Product-Review: Nathan Mills <nathanm@instructure.com>
2016-02-25 08:44:41 -07:00 · 2016-02-25 08:44:41 -07:00 · e893a488c8
parent 4ae581bf62
commit e893a488c8
2 changed files with 14 additions and 1 deletions
--- a/lib/basic_lti/basic_outcomes.rb
+++ b/lib/basic_lti/basic_outcomes.rb
@ -40,6 +40,7 @@ module BasicLTI

    def self.decode_source_id(tool, sourceid)
      tool.shard.activate do
+        raise InvalidSourceId, 'Invalid sourcedid' if sourceid.blank?
        md = sourceid.match(SOURCE_ID_REGEX)
        raise InvalidSourceId, 'Invalid sourcedid' unless md
        new_encoding = [md[1], md[2], md[3], md[4]].join('-')
@ -159,13 +160,15 @@ module BasicLTI
      end

      def handle_request(tool)
+        #check if we recognize the xml structure
+        return false unless operation_ref_identifier
        # verify the lis_result_sourcedid param, which will be a canvas-signed
        # tuple of (course, assignment, user) to ensure that only this launch of
        # the tool is attempting to modify this data.
        source_id = self.sourcedid

        begin
-          course, assignment, user = BasicLTI::BasicOutcomes.decode_source_id(tool, source_id) if source_id
+          course, assignment, user = BasicLTI::BasicOutcomes.decode_source_id(tool, source_id)
        rescue InvalidSourceId => e
          self.code_major = 'failure'
          self.description = e.to_s
--- a/spec/lib/basic_lti/basic_outcomes_spec.rb
+++ b/spec/lib/basic_lti/basic_outcomes_spec.rb
@ -114,6 +114,16 @@ describe BasicLTI::BasicOutcomes do
      expect(described_class.decode_source_id(tool, source_id)).to eq [@course, assignment, @user]
    end

+    it 'throws Invalid sourcedid if sourcedid is nil' do
+      expect{described_class.decode_source_id(tool, nil)}.
+          to raise_error(BasicLTI::BasicOutcomes::InvalidSourceId, 'Invalid sourcedid')
+    end
+
+    it 'throws Invalid sourcedid if sourcedid is empty' do
+      expect{described_class.decode_source_id(tool, "")}.
+          to raise_error(BasicLTI::BasicOutcomes::InvalidSourceId, 'Invalid sourcedid')
+    end
+
    it 'throws Invalid sourcedid if no signature' do
      missing_signature = source_id.split('-')[0..3].join('-')
      expect{described_class.decode_source_id(tool, missing_signature)}.