closes CNVS-63544
flag=pkce
Test Plan:
* Regression Testing *
Validate each of the following authorization grant
types continue to work as expected:
- Authorization Code
- Client Credentials (service user)
- Refresh Token
Validate the above grant types require a client secret during
the token exchange.
Validate the access tokens returned by each do not have
a permanent expiration set.
* PKCE Testing *
Setup
- Create a DeveloperKey in your root account and activate it
- Add scopes the the developer DeveloperKey
- Via Rails console, change the `client_type` of the key to `Public`
Authorization Request
- Make an authorization request as defined in rfc7636
(include a code challenge)
- Validate Canvas prompts the user for consent
- Validate the authorization code returned to the redirect URI
Token Request
- Make a token request as defined in rfc7636 (include a code verifier)
- Validate Canvas returns an access token
- Validate the access token has a permanent expiration set to 2
hours from the time of issuance
- Validate the token cannot be used to exceed the scopes it was granted
Refresh Token Request
- Make a refresh token request _without_ a client_secret
- Validate Canvas returns a new access token
- Validate Canvas returns a new _refresh_ token
- Validate Canvas advances the permanent expiration of the access
token by two hours from the time of the refresh token request
* Error Testing *
- Validate requests to the token endpoint using an authorization
code grant _must_ include a client secret if the DeveloperKey
is not "public"
- Validate the PKCE-style token request fails when the
code_verifier does not produce the code_challenge sent in the
authorization request
- Validate tokens cannot be refreshed after their
`permanent_expires_at` has passed
Change-Id: Ifedc3795cc55f0d32ce6e8c5bd67a4d5b23f608e
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/358608
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
Reviewed-by: Attila Sedon <attila.sedon@instructure.com>
Reviewed-by: Jackson Howe <jackson.howe@instructure.com>
QA-Review: Jackson Howe <jackson.howe@instructure.com>
Product-Review: Weston Dransfield <wdransfield@instructure.com>
This commit adds the necessary model changes and the frontend state
management needed to implement the Registration wizard (specifically the
Dynamic Registration portion of it).
Zod models have been added to `manage/model`
API calls have been added to `manage/api`
- `manage/registration_wizard` contains the components for the over-arching registration wizard.
(This will manage dynamic registration, manual, and 1.1 wizards)
- `manage/dynamic_registration_wizard` contains the components for the dynamic registration wizard
test plan:
1. Load the Extensions page
2. Click "Manage"
3. Click "Install new Extension"
4. The Dynamic registration process should roughly work (The UI of those steps still needs to be finalized)
5. Ensure the tests pass
closes INTEROP-8588
flag=lti_registrations_page
Change-Id: I09c9207927a0ef45488a7b9700c8f7104c6ebd5f
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/348757
Reviewed-by: Ryan Hawkins <ryan.hawkins@instructure.com>
QA-Review: Ryan Hawkins <ryan.hawkins@instructure.com>
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
Product-Review: Alexis Nast <alexis.nast@instructure.com>
In development its often useful to attach a debugger to the running
rails instance. This is a docker-compose override file that will switch
the web container to using puma directly instead of the default of
rails via passenger via nginx.
To use this file, add puma.override.yml after
docker-compose.override.yml in your COMPOSE_FILE environment variable
and rebuild your web container.
flag=none
Change-Id: I152ba49fa88db8d33f1223e8b809894a4a10775e
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/335727
QA-Review: Keith Garner <kgarner@instructure.com>
Product-Review: Keith Garner <kgarner@instructure.com>
Reviewed-by: James Butters <jbutters@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
Build-Review: James Butters <jbutters@instructure.com>
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
not automatically installed in the devcontainer, since you may not
have a license. but recommended since many (all?) Instructure
employees do have a license
Change-Id: I7c53eca4515105d3f6c33fc64b488bdd832d4e7e
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/330109
Reviewed-by: Dustin Cowles <dustin.cowles@instructure.com>
Reviewed-by: Isaac Moore <isaac.moore@instructure.com>
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
QA-Review: Cody Cutrer <cody@instructure.com>
Product-Review: Cody Cutrer <cody@instructure.com>
This allows remote attachment to the `debug` server in the web container.
closes AE-532
flag=none
test plan:
- install the 'VS Code rdbg` extension
- add `docker-compose/rdbg.override.yml` to your COMPOSE_FILE var
- start a debugging session
- verify interactive debugging works
Change-Id: I5b44c4e0e76c64575f25876af097bcd48f6fde74
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/328485
Tested-by: Isaac Moore <isaac.moore@instructure.com>
QA-Review: Isaac Moore <isaac.moore@instructure.com>
Product-Review: Isaac Moore <isaac.moore@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
Build-Review: Cody Cutrer <cody@instructure.com>
flag=none
test plan:
- Update your .env to include docker-compose/rdebug-ide.override.yml
in the COMPOSE_FILE variable
- Start your Docker environment
- Configure remote debugging in VS Code or RubyMine
(see https://instructure.atlassian.net/wiki/x/BACP-w)
- Launch the remote debugger and set a breakpoint somewhere ubiquitous
(e.g. in `ApplicationController`)
- Navigate to your local Canvas and confirm
that your breakpoint
Change-Id: I87d7bed838e7a593201a4bfd21f911216329343b
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/270409
Reviewed-by: Cody Cutrer <cody@instructure.com>
Reviewed-by: James Butters <jbutters@instructure.com>
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
QA-Review: Nate Armstrong <narmstrong@instructure.com>
Product-Review: Jon Scheiding <jon.scheiding@instructure.com>
Ed Schiebel