also pins all migrations to Rails 4.2 semantics
Change-Id: I386566f7a1f3e3e8aa31675f467c87c443457aee
Reviewed-on: https://gerrit.instructure.com/95571
Reviewed-by: Simon Williams <simon@instructure.com>
Tested-by: Simon Williams <simon@instructure.com>
Product-Review: Cody Cutrer <cody@instructure.com>
QA-Review: Cody Cutrer <cody@instructure.com>
fixes CAT-66
Auto-authorize trusted developer keys during without prompting the end-
user. This will allow for more seamless integrations with other in-house
apps.
Also fix remember-me access so it works when you re-auth into canvas
(previously it only worked if you were already authenticated into
canvas)
Expand test coverage around oauth login scenarios
test plan setup:
* set up a web-based oauth integration with canvas
* ensure your app doesn't currently pass force_login=1 during oauth
* ensure your app doesn't currently delete access tokens during logout
* for part 2, ensure your app uses the /auth/userinfo scope (for part
1 it doesn't matter)
* for part 3, ensure your app does token request flow (not userinfo)
test plan part 1 (trusted keys):
1. in the canvas console, set trusted=true on the app's developer key
2. do an oauth login as and end-user
3. confirm that you are authenticated into the app without being prompted
to give it canvas access
4. log out of the app (but not canvas)
5. click to log in again
6. confirm that you are automagically logged in without any prompts
test plan part 2 (remember access):
1. in the canvas console, set trusted=false on the app's developer key (or
set up your app to use a different one)
2. do an oauth login as and end-user
3. confirm that you are prompted to authorize the app
4. check the box to remember access
5. log out of canvas and the app
6. do an oauth login again
7. confirm you are not prompted to authorize the app
8. log out of the app (but not canvas)
9. click to log in again
10. confirm that you are automagically logged in without any prompts
test plan part 3 (untrusted key, not-userinfo)
1. in the canvas console, set trusted=false on the app's developer key (or
set up your app to use a different one)
2. do an oauth login as and end-user
3. confirm that you are prompted to authorize the app
4. confirm there is no box to remember access
5. log out of canvas and the app
6. do an oauth login again
7. confirm you are prompted to authorize the app again
8. log out of the app (but not canvas)
9. click to log in again
10. confirm that are prompted to authorize the app again
Change-Id: Ifb2eb29e4da163b595cb070455ebae21a4618ba4
Reviewed-on: https://gerrit.instructure.com/32926
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Jon Jensen <jon@instructure.com>
Product-Review: Marc LeGendre <marc@instructure.com>
QA-Review: Marc LeGendre <marc@instructure.com>
Landon Wilkins