fixes PLAT-1022
Test Plan
- Turn on the 'Don't move LTI query params to POST body' feature flag in the root account
- Launch a tool with a query string in the URL
- make sure the query params are not copied to the POST body
Change-Id: Ie3446086d5caa957558e0dafa1cec992934d48e8
Reviewed-on: https://gerrit.instructure.com/54399
Tested-by: Jenkins
Reviewed-by: Nathan Mills <nathanm@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Product-Review: Weston Dransfield <wdransfield@instructure.com>
fixes PLAT-1021
Test Plan:
- Add an LTI tool to a module and set it's launch URL to a url that contains a query string.
- Launch the tool and make sure no query string is used in the launch URL.
Change-Id: I181df2573ebf2916f4aba44d61d1772f339fd693
Reviewed-on: https://gerrit.instructure.com/54200
Tested-by: Jenkins
Reviewed-by: Nathan Mills <nathanm@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Product-Review: Weston Dransfield <wdransfield@instructure.com>
fixes CNVS-5172
test plan:
- go to a course and start creating a new assignment
- set the submission type to external tool, but leave the url field
blank
- hit save
- you should see a error message that the url field cannot be blank
- fill it in and save, it should work
- create a non external tool assignment, it should still work normally
Change-Id: I4f9514069f8822e7e337c5d1b728dc6402492bfd
Reviewed-on: https://gerrit.instructure.com/52357
Tested-by: Jenkins
Reviewed-by: Mike Nomitch <mnomitch@instructure.com>
QA-Review: Adam Stone <astone@instructure.com>
Product-Review: Simon Williams <simon@instructure.com>
test plan:
* enroll a user
* use the course as that user (giving a total activity time)
* add the user to another section of the course
* the total activity time should be unchanged
* repeat, only instead of adding to another section,
switch the user to a different section (removing
them from the old one)
* total activity time should still be unchanged
closes #CNVS-16335
Change-Id: I7b7889832ae97e3d8fafe0fd1243a6048e359645
Reviewed-on: https://gerrit.instructure.com/52248
Reviewed-by: Braden Anderson <braden@instructure.com>
Tested-by: Jenkins
Reviewed-by: Jeremy Stanley <jeremy@instructure.com>
Product-Review: Jeremy Stanley <jeremy@instructure.com>
QA-Review: Jahnavi Yetukuri <jyetukuri@instructure.com>
test plan:
* create a group for a course
* add an editor_button configured LTI tool to
the course or account (such as youtube embed)
* create or edit rce content in the group
(such as a discussion topic or wiki page)
* the editor button should show up and function
closes #CNVS-2866
Change-Id: Icad2258689565046d5a40d346e1968e8dad6cbdb
Reviewed-on: https://gerrit.instructure.com/51927
Tested-by: Jenkins
Reviewed-by: Nathan Mills <nathanm@instructure.com>
QA-Review: Clare Strong <clare@instructure.com>
Product-Review: James Williams <jamesw@instructure.com>
fixes PLAT-951
test-plan:
install the lti2 test tool and set some default tool settings
do a launch, it should include the default tool settings as params
Change-Id: I9685059299697260f579f745b53777f121fd11e8
Reviewed-on: https://gerrit.instructure.com/50771
Reviewed-by: Brad Humphrey <brad@instructure.com>
Tested-by: Jenkins
QA-Review: Clare Strong <clare@instructure.com>
Product-Review: Nathan Mills <nathanm@instructure.com>
LTI tools will be able to request a caliper url to send
view events to. The duration will be used to log a page
view within canvas.
Test Plan:
* Install the test lti app http://lti-tool-provider.herokuapp.com/
* launch it and click the caliper link in the app
* the "total activity" time on the people page for that user
should increase by 5 minutes.
Change-Id: I1032b9e5cbb007c326e539d9e53c92e83d83b80d
Reviewed-on: https://gerrit.instructure.com/47851
Tested-by: Jenkins
Reviewed-by: Braden Anderson <braden@instructure.com>
Product-Review: Braden Anderson <braden@instructure.com>
QA-Review: Braden Anderson <braden@instructure.com>
fixes PLAT-819
test-plan:
the api at http://{host}/api/v1/{context}/{context_id}/lti_apps
should include disabled lti2 apps
regression test the external tabs selection of assignments and modules
Change-Id: I77e504ac0b6a9edd5eb77abea6c980778bcf0ed4
Reviewed-on: https://gerrit.instructure.com/46862
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Eric Berry <ericb@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Product-Review: Nathan Mills <nathanm@instructure.com>
fixes PLAT-795
test-plan
do a GET at /api/v1/courses/#{@course.id}/lti_apps
it should retunr a list of lti_app definitions
Change-Id: I383682d1638f584ffae9544757cf5aa361777553
Reviewed-on: https://gerrit.instructure.com/45697
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Reviewed-by: Brad Humphrey <brad@instructure.com>
Product-Review: Nathan Mills <nathanm@instructure.com>
fixes PLAT-788
test-plan:
you should be able to destroy a Lti::ToolProxy and it should destroy all dependent tables
Change-Id: Icb7af0c48d081d325f4deabc0514da64f5a977f6
Reviewed-on: https://gerrit.instructure.com/45065
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Brad Humphrey <brad@instructure.com>
QA-Review: Nathan Mills <nathanm@instructure.com>
Product-Review: Nathan Mills <nathanm@instructure.com>
Fixes PLAT-782
Test steps:
- Go to 'modules' tab
- Click the '+' next to a module name
- Select 'External Tools'
- Ensure that the description appears and magnify glass icon is
right aligned
Change-Id: I111d368182a8f1d8b410a4894531fc0f680e8695
Reviewed-on: https://gerrit.instructure.com/44898
QA-Review: August Thornton <august@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Nathan Mills <nathanm@instructure.com>
Product-Review: Eric Berry <ericb@instructure.com>
fixes PLAT-736
test plan:
install the lti2 test tool with all placements enabled
launch the tool from the different placements
every module item and assignment should have a uniq resource_link_id
course_nav and account_nav should have a uniq resource_link_id
Change-Id: Ifb65a27fa5b7758a27f20684a5af3f5c9bb03100
Reviewed-on: https://gerrit.instructure.com/44051
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Brad Humphrey <brad@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Product-Review: Nathan Mills <nathanm@instructure.com>
fixes PLAT-691
test-plan
install a test provider using this url template:
/accounts/{account_id}/lti/tool_proxy_registration?tool_consumer_url=https://lti-tool-provider-example.herokuapp.com/register
during install select no placements
it should show up in the assignment and module item selection
regression test module and assignment lti launches
Change-Id: Ie8a3bee8ddb9a8e9cb8671545448a4bb73caae73
Reviewed-on: https://gerrit.instructure.com/42623
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Reviewed-by: Brad Humphrey <brad@instructure.com>
Product-Review: Brad Humphrey <brad@instructure.com>
Product-Review: Nathan Mills <nathanm@instructure.com>
associations with joins were never really supported by rails
test plan:
* canvas works
Change-Id: I62dd9b38c7340fce96351f1e3ba91acd6440aa66
Reviewed-on: https://gerrit.instructure.com/42856
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Jacob Fugal <jacob@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Product-Review: Cody Cutrer <cody@instructure.com>
Raw net::http doesn't support ssl
Test Plan:
* Test LTI logout service callback to an https endpoint
closes CNVS-16588
Change-Id: I0da743a6cf192b412f7387c37d5278154ba0018e
Reviewed-on: https://gerrit.instructure.com/43602
Reviewed-by: Jeremy Stanley <jeremy@instructure.com>
Product-Review: Jeremy Stanley <jeremy@instructure.com>
QA-Review: Caleb Guanzon <cguanzon@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
fixes CNVS-15647
test plan:
* ensure that all of the following still work -
* replying to an e-mail notification
* displaying avatars
* changing your avatar
* uploading a file that's exempt from quota checks (i.e.
submitting an assignment)
* grade passback via LTI
* add an object embed to a wiki page
* rotate your encryption key -
* in security.yml, move encryption_key to previous_encryption_keys,
and put something else in encryption_key
* repeat step 1, as much as possible using the original verifier
from that step (i.e. reply to the original e-mail, refresh just
the object embedded in the wiki page)
Change-Id: Id36bbb1711f8b6c6f960cc1e898b75e335bfac81
Reviewed-on: https://gerrit.instructure.com/41368
Reviewed-by: Jacob Fugal <jacob@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Product-Review: Cody Cutrer <cody@instructure.com>
fixes PLAT-658 PLAT-660 PLAT-661
test plan:
setup:
fixes PLAT-658 PLAT-660 PLAT-661
test plan:
*setup:
register an lti tool using the following url template
/accounts/#{account_id}/lti/tool_proxy_registration?
tool_consumer_url=http://lti-tool-provider-example.herokuapp.com/tool_proxy
ignore the canvaception during the registration
*testing:
there should be course and account nav placements for the tool
Change-Id: Ie02fffdc3a1ede70216db2b21d9f4bd17f53f36d
Reviewed-on: https://gerrit.instructure.com/42094
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Reviewed-by: Brad Humphrey <brad@instructure.com>
Product-Review: Bracken Mosbacker <bracken@instructure.com>
fixes: PLAT-635 PLAT-652 PLAT-654 PLAT-655
test-plan:
*setup:
register an lti tool using the following url template
/courses/#{course_id}/lti/tool_proxy_registration?
tool_consumer_url=http://lti-tool-provider-example.herokuapp.com/tool_proxy
ignore the canvaception during the registration
testing:
*add some lti tools to module items, including 'default tool'
*make sure all launches, and selecting tools still works
*test the same things for assignments external tools
Change-Id: I0642c10c9b416057764b327d925cb6158fbf5cc9
Reviewed-on: https://gerrit.instructure.com/41726
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Reviewed-by: Brad Humphrey <brad@instructure.com>
Product-Review: Nathan Mills <nathanm@instructure.com>
test plan:
- launch a navigation tool
- launch a module item tool
- launch a tool using /courses/:course_id/external_tools/retrieve?url=:launch_url
* they should all launch
- retest with a private course
* they should all redirect to the login page
- verify that PLAT-572 is fixed
fixes PLAT-678 PLAT-572
Change-Id: I9ccfd990b14428053116f96eb064897dd3dd9262
Reviewed-on: https://gerrit.instructure.com/42625
Reviewed-by: Bracken Mosbacker <bracken@instructure.com>
Product-Review: Bracken Mosbacker <bracken@instructure.com>
QA-Review: Bracken Mosbacker <bracken@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Nathan Mills <nathanm@instructure.com>
also made it use a token in the url instead of only
working for assignment launches
Testplan:
* Install the test lti app http://lti-tool-provider.herokuapp.com/
* launch it as a student and click the xapi link in the app
* the page view count for that student should increment in the
analytics UI
(note, that UI is heavily cached, you may need to clear redis
to see the latest number)
Change-Id: I4fd1ff8201a2a11c654d789bfcd61e7cf44f3c7f
Reviewed-on: https://gerrit.instructure.com/42818
Reviewed-by: Braden Anderson <braden@instructure.com>
Product-Review: Braden Anderson <braden@instructure.com>
QA-Review: Braden Anderson <braden@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
test plan:
0. configure an external tool that uses $Canvas.logoutService.url
1. use that URL to register a logout callback (using OAuth 1.0
signing with the tool's consumer key and shared secret, and
adding a callback parameter set to the URL to hit). you should
get a status 200 response if the auth is correct.
2. repeat step 1. this time you should get status 401 with a
message saying the logout service token has already been used.
3. log out and confirm that the callback registered in step 1
is hit.
fixes CNVS-16009
Change-Id: Ic4aaa8fe928b791a63a9cce61648dc48aeba4f9d
Reviewed-on: https://gerrit.instructure.com/42187
Reviewed-by: Brad Humphrey <brad@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: Jahnavi Yetukuri <jyetukuri@instructure.com>
Product-Review: Bracken Mosbacker <bracken@instructure.com>
test plan:
0. configure an external tool that
- reads the $Canvas.logoutService.url
- POSTs to this address, adding a 'callback' parameter
specifying the URL canvas should GET when the user
logs out of Canvas
(see the platform team for help with this step)
1. launch this tool
2. log out of canvas
3. ensure the logout callback is called
closes CNVS-15764
Change-Id: Iaa66212d8068f2c6f919477bae509a05f1a2993c
Reviewed-on: https://gerrit.instructure.com/41745
Reviewed-by: Brad Humphrey <brad@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: Caleb Guanzon <cguanzon@instructure.com>
Product-Review: Bracken Mosbacker <bracken@instructure.com>
test plan
- do an lti launch
- roles should show up for cross shard users
- the following substitutions should still work
* $Canvas.user.id
* $Canvas.user.sisSourceId
* $Canvas.user.loginId
* $Canvas.enrollment.enrollmentState
* $Canvas.membership.concludedRoles
* $Canvas.membership.roles
fixes PLAT-648
Change-Id: Ic4c3639a95b4528628f8dd2d205cd8250c1b7d11
Reviewed-on: https://gerrit.instructure.com/41214
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Nathan Mills <nathanm@instructure.com>
QA-Review: Clare Strong <clare@instructure.com>
Product-Review: Brad Humphrey <brad@instructure.com>
this is a list of all the roles the user has in canvas
not just the ones for the current context.
This is how it should have been all along, but we can't
make the normal roles parameter do it this way because
tools depend on our current format. So send a new one
and tell people to migrate over as they can
Test Plan:
* do an lti launch, ext_roles should always have "user"
and any of learner, instructure, administrator as appropriate
refs RD-518
closes PLAT-641
Change-Id: I8cf7e96ac88e1b17528cd3d717834762cc9b575b
Reviewed-on: https://gerrit.instructure.com/40875
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Brad Humphrey <brad@instructure.com>
QA-Review: Clare Strong <clare@instructure.com>
Product-Review: Bracken Mosbacker <bracken@instructure.com>
refs CNVS-15408
* add/improve (Course|Account)#account_chain to not have to load
a single account first, separately (it uses a recursive query to
load them all at once)
* change ContextExternalTool.contexts_to_search to use account_chain
to get the benefits of the recursive query
* remove #account_chain_ids - it loaded all the accounts anyway, so
didn't have any optimization, and turns out in all cases it was
used it either didn't matter, or was actually better to not use it
test plan:
* use some LTI tools. that should exercise everything changed here
Change-Id: Ie9e89c2566db5c82fb424b41dc21c06be7d0b112
Reviewed-on: https://gerrit.instructure.com/40878
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Nick Cloward <ncloward@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Product-Review: Cody Cutrer <cody@instructure.com>
Test Plan:
- install a tool with the message_type 'ContentItemSelectionResponse'
- launch the tool
- it should have the JSON param content_items
- content_items should have a placementOf -> id that points to a migration API endpoint
- run the migration by POSTing to the given endpoint
- the migration should have all course content in it
- try a migration with one assignment, one quiz, one module, and one page
* add quizzes[]=:id&assignments[]=:id&modules[]=:id&pages[]=:id
- the migration should only extract the specified items
closes CNVS-14613
Change-Id: Ic43c3fb1e77c12d5f4d6712d42932e63bc36762e
Reviewed-on: https://gerrit.instructure.com/39427
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Bracken Mosbacker <bracken@instructure.com>
Product-Review: Bracken Mosbacker <bracken@instructure.com>
QA-Review: Clare Strong <clare@instructure.com>
test plan:
- LTI launches should contain custom_canvas_api_domain
- on beta the domain should contain .beta
- on test the domain should contain .test
- regression test all LTI launches to ensure they contain this custom variable
fixes PLAT-589
Change-Id: Ifb5b05d92633c97358166644978730b5af1ed062
Reviewed-on: https://gerrit.instructure.com/38902
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Nathan Mills <nathanm@instructure.com>
QA-Review: Clare Strong <clare@instructure.com>
Product-Review: Brad Humphrey <brad@instructure.com>
also, clean up ims-lti usage with pluralized lti methods
test plan:
- registrations should still work
- registrations without resource handlers
and using a default message handler should still work
fixes PLAT-566 PLAT-567
Change-Id: Icd9feca44ba9f5600d89a4943b0b93b34aeb78a5
Reviewed-on: https://gerrit.instructure.com/38182
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Nathan Mills <nathanm@instructure.com>
Product-Review: Brad Humphrey <brad@instructure.com>
QA-Review: Brad Humphrey <brad@instructure.com>
Weston Dransfield