Fixes PLAT-3673
Test Plan
- Install an LTI 2 tool with the new
com.instructure.Assignment.anonymous_grading capability
enabled
- Associate the tool with an assignment with anonymous
grading on
- Verify the parameter is sent in the launch message
Change-Id: I83b244b5c3aa9e86b9ac3786fad07e8e2847cd2b
Reviewed-on: https://gerrit.instructure.com/161133
Reviewed-by: Marc Alan Phillips <mphillips@instructure.com>
Tested-by: Jenkins
QA-Review: August Thornton <august@instructure.com>
Product-Review: Weston Dransfield <wdransfield@instructure.com>
Closes PLAT-3508 & PLAT-3509
Test Plan:
- Verify the key rotate correctly (set current to past, future
to current, and the new key to future) in both cases: when there
is no existing key AND when there is key already in Consul
- Verify the script will be running every month
- Verify the keys got rotated using Imperium gem version '0.4.0'
Change-Id: I630f230b3cd1c515ebb266b532901b4260622173
Reviewed-on: https://gerrit.instructure.com/154529
Reviewed-by: Stewie aka Nicholas Stewart <nstewart@instructure.com>
QA-Review: Nathan Mills <nathanm@instructure.com>
Product-Review: Nathan Mills <nathanm@instructure.com>
Tested-by: Jenkins
Some production installations have a beta or test environment that is
refreshed with data from production, and is used as a place to test
integrations or new features. In that case, you may want to create
a developer key that only works against this test instance, which has
traditionally meant making the following tradeoff:
- Create the key in the test instance directly, which means it will be
removed the next time the data is refreshed
- Create the key in production, which means the key works against the
production instance as well
This new functionality allows the best of both worlds: create the key in
production for persistance, but only allow it to function against a test
cluster.
To enable test cluster functionality, you need a plugin that overrides
`ApplicationController.test_cluster?` to return appropriately for the
environment.
To see the functionality, you need to set:
`Setting.set("dev_key_test_cluster_checks_enabled", true)`
closes PLAT-3392
[ci no-db-snapshot]
test plan:
- First ensure that all existing developer key functionality works and
no new functionality appears without any action taken
- Then set Setting.set("dev_key_test_cluster_checks_enabled", true), you
should see the new option available in the new dev key UI
- Create a key with and without the new option checked. Access tokens
from the key without it check should still work normally. Tokens from
the key with it checked should not work
- Now manually override `ApplicationController.test_cluster?` to be
true.
- Tokens from both keys should now work
Change-Id: I5bbb46782d19c26a7b703834aaa507b0cb10039a
Reviewed-on: https://gerrit.instructure.com/153035
Reviewed-by: Cody Cutrer <cody@instructure.com>
Reviewed-by: Weston Dransfield <wdransfield@instructure.com>
Tested-by: Jenkins
QA-Review: August Thornton <august@instructure.com>
Product-Review: Karl Lloyd <karl@instructure.com>
For development and open source signing we need to expose a
well-known endpoint that is served via canvas. This endpoint
pulls from consul and extracts the public key for each of
the past, present, and future keynames and puts them into
a JWK set.
closes PLAT-3507
Test Plan:
- Run canvas (either locally or with docker) and go to
/api/lti/security/jwks
- A JWK set should be returned
Change-Id: Ia8430240d18ee468796078a37f0e28a9c1b024ca
Reviewed-on: https://gerrit.instructure.com/154203
Reviewed-by: Weston Dransfield <wdransfield@instructure.com>
QA-Review: Weston Dransfield <wdransfield@instructure.com>
Tested-by: Jenkins
Product-Review: Marc Alan Phillips <mphillips@instructure.com>
Refs: PLAT-3453
Test Plan:
- Submit an assignment using an attachment that lives on a different
shard than the submission.
- Verify you can create originality reports for that submission/
attachment combo.
Change-Id: Ie6fe46389eadb6e3534790a4d3770b97467c03a8
Reviewed-on: https://gerrit.instructure.com/152667
Tested-by: Jenkins
Reviewed-by: Stewie aka Nicholas Stewart <nstewart@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Product-Review: Weston Dransfield <wdransfield@instructure.com>
Fixes PLAT-3453
Test Plan:
- Verify tools can create originality reports as before.
- Verify tools can create originality reports for an attachment
from a previous version of the submission.
Change-Id: Idcbe78bd7fbe9eede828a2e61898878aae3a934d
Reviewed-on: https://gerrit.instructure.com/152406
Tested-by: Jenkins
QA-Review: August Thornton <august@instructure.com>
Reviewed-by: Nathan Mills <nathanm@instructure.com>
Product-Review: Weston Dransfield <wdransfield@instructure.com>
Closes: GRADE-861
Test Plan
- Verify there are no N+1 queries when loading speedgrader
caused by originality reports
- Verify there are no N+1 queries when loading gradebook
caused by originality reports
- Verify originality reports are copied to all submissions
in a group when they are created or updated in a group
assignment.
- Verify online upload originality reports are displayed
correctly in speedgrader, gradebook, student grade page,
and submission details page.
- Verify originality reports display properly in gradebook
and speed grader when there are multiple submissions
and each has a different originality report.
- Verify the "resubmit to plagiarism tool" button still
appears in speedgrader.
- Verify originality reports for group assignments are displayed
correctly.
- Verify text entry originality reports are displayed correctly.
- Verify originality report launches work correctly from speedgrader
and gradebook.
Change-Id: I459bbf0a165bb131d58fc153feb0dce3d0bf07af
Reviewed-on: https://gerrit.instructure.com/141321
Tested-by: Jenkins
Reviewed-by: Keith T. Garner <kgarner@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Product-Review: Weston Dransfield <wdransfield@instructure.com>
Create endpoints for the results service, using new api
namespace for controllers and serializers. Also introduce
the services directory in the root of the app folder.
closes PLAT-3007
Test Plan:
- Create a line item and add some scores
- Query for the results using the result endpoint
- Should return a paginated list
- Query for a result with a user_id in mind
- Use both lti_user_id and user_id
- Should return a single result object
of the user
- Find a result by the id of the result
Change-Id: I5af4b679bcecfc0deef2876a897bc93d739057b6
Reviewed-on: https://gerrit.instructure.com/138870
Tested-by: Jenkins
Reviewed-by: Weston Dransfield <wdransfield@instructure.com>
Product-Review: Marc Alan Phillips <mphillips@instructure.com>
QA-Review: Marc Alan Phillips <mphillips@instructure.com>
closes PLAT-3008
Test Plan:
- Create a line item (both assignment and nonassignment)
- Create a user
- For the assignment lineitem, the submission should be
updated when FullyGraded or PendingManual is passed
with a score. This should show in the gradebook
- The nonassignment lineitem should not update the
submission even if there are scores. These
should only be found in the console
Change-Id: Ie8b65b475f00f364fb78f1d5fe4c1cdd84548472
Reviewed-on: https://gerrit.instructure.com/139469
Tested-by: Jenkins
Reviewed-by: Weston Dransfield <wdransfield@instructure.com>
Product-Review: Marc Alan Phillips <mphillips@instructure.com>
QA-Review: Marc Alan Phillips <mphillips@instructure.com>
Closes PLAT-3005
Test Plan:
- Verify the line item index endpoint
returns all line items in the specified
course.
- Verify that the endpoint is paginated
- Verify the endpoint allow querying by the following
params:
* tag
* resource_id
* lti_link_id (filters line items by Lti::ResourceLink)
Change-Id: I52565f3bf8972fda0c62c4aa38c07bb44aa34ea8
Reviewed-on: https://gerrit.instructure.com/140543
Tested-by: Jenkins
Reviewed-by: Marc Alan Phillips <mphillips@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Product-Review: Weston Dransfield <wdransfield@instructure.com>
Closes PLAT-3004
Test Plan:
CREATE
- Attempt to create a new Line Item using the create
endpont. Verify the following params are required:
- scoreMaximum
- label
- Verify a new line item is returned and properly serialized.
example:
{
"id" : <line item show/update endpoint>
"scoreMaximum" : 60,
"label" : "Chapter 5 Test",
"resourceId" : "quiz-231",
"tag" : "grade"
}
- Verify the create endpoint allows setting the
following optional params:
- resourceId
- tag
- ltiLinkId (Must be the `resource_link_id` of
an Lti::ResourceLink. This resource link must
already have one line item associated with it.)
- Verify a Line Item cannot be created for an Lti::ResourceLink
that does not already have at least one Line Item associated
with it already.
- Verify a Line Item may be created for an Lti::ResourceLink if
it already has at least one Line Item associated with it.
- Verify that creating a Line Item _without_ specifying an
`ltiLinkId` creates a line item and a new assignment specified
with the line item. The new assignment should have the following:
- context: context of the new line item
- name: label of the new line item
- point_possible: the score maximum of the new line item
- submission_types: none
UPDATE
- Verify the following attributes may be updated:
- scoreMaximum
- label
- resourceId
- tag
- Verify that the ltiLinkId may not be updated
- Verify that updating the Line Item label also
updates the assignment title in the following cases:
- when the line item has no associate Lti::ResourceLink
- when the Lti::ResourceLink associated with the Line Item
only has one line item (the one being updated)
- Verify the update response is properly serialized (see
example in CREATE).
SHOW
- Verify the show endpoint allows retrieving the Line Item.
- Verify the endpoint responds with 404 if the Line Item
does not exist.
- Verify the endpoint responds with a 404 if the Line Item
exists but is in a different course than the one specified
as a parameter.
DESTROY
- Verify the endpoint responds with 404s in the same instances
as the show endpoint.
- Verify the endpoint does not allow destroying a Line Item
when it is the first line item created chronologically
for its associate Lti::ResourceLink
- Verify the endpoint allows destroying line items.
Change-Id: Iaf26e6addd1e3fe38c5fb76db33fed41a069e7c9
Reviewed-on: https://gerrit.instructure.com/138831
Tested-by: Jenkins
Reviewed-by: Marc Alan Phillips <mphillips@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Product-Review: Weston Dransfield <wdransfield@instructure.com>
Closes PLAT-3014
Test Plan:
- Install a plagiairsim detection tool that uses the
new 'vnd.Canvas.GroupIndex' service in its
security contract.
- Create a file upload group assignment associated with the tool.
- Make a request to the new user index endpoint (
"api/lti/groups/:group_id/users").
- Verify all students in the specified group were are returned.
- Attempt to make a request for a group that does not exist.
- Verify that Canvas responds with a 404.
- Attempt to make a request for a group that is not in the tool's
installed context.
- Verify that Canvas responds with a 401.
- Verify the endpoint is paginated.
Change-Id: I71fa52a4f263876017b6f109df0d018b6a5f3cd9
Reviewed-on: https://gerrit.instructure.com/138639
Tested-by: Jenkins
Reviewed-by: Marc Alan Phillips <mphillips@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Product-Review: Weston Dransfield <wdransfield@instructure.com>
closes PLAT-2992
Test Plan
- hit the /api/lti/assignments/:assignment_id endpoint
- note that 'lti_course_id' is present
- in the console, check that
Lti::Asset.opaque_identifier_for(assignment.context)
equals the value in the api call
Change-Id: I1231b62bf3d633047c7988ddb3260fa5c7e94372
Reviewed-on: https://gerrit.instructure.com/138325
Tested-by: Jenkins
Reviewed-by: Weston Dransfield <wdransfield@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Product-Review: Karl Lloyd <karl@instructure.com>
Fixes PLAT-2998
Test Plan:
- Create three assignments. Two should be associated with
plagiarism detection tools (installed in the root account)
and the third should just be a standard file upload assignment.
- For both assignments that use a plagiarism tool do:
Create a tool setting that takes the following
shape:
{
resource_link_id: <lti_context_id of the
assignment>,
tool_proxy: <The tool associated with the
assignment>,
context: <The course of the assignment>,
custom: <A hash with strings as keys>,
custom_params: <A hash with strings as keys>
}
Note that the `custom` and `custom_params` hashes
should be different for the two tool settings.
- Verify that both tool settings are able to be fetched using
this endpoint: "tool_proxy/:tool_proxy_guid/courses/:course_id
/resource_link_id/<lti_context_id of the assignment>/tool_setting"
This endpoint will require a JWT access token.
- Do a course copy
- Verify that two new tool setting were created.
- Verify the resource link ids match the corresponding
copies of the assignments.
- Verify the `custom` and `custom_parameters` hashes
were copied to the correct new tool settings.
- Verify the tool proxy of the new tool settings point
to the original tool.
- Verify the the context of the new tool settings is
the new course.
- Verify that both _new_ tool settings are able to be fetched using
this endpoint: "tool_proxy/:tool_proxy_guid/courses/:course_id
/resource_link_id/<lti_context_id of the new assignment>/tool_setting"
- Verify the copying the plain file upload assignment also succeeded as
normal.
- Edit the new assignments and verify the correct tool launches.
Change-Id: Iaf92fc23c0373585039cc2debf9657d10989c4ec
Reviewed-on: https://gerrit.instructure.com/138218
Reviewed-by: Andrew Butterfield <abutterfield@instructure.com>
Tested-by: Jenkins
QA-Review: August Thornton <august@instructure.com>
Product-Review: Weston Dransfield <wdransfield@instructure.com>
Closes PLAT-2963
Test Plan:
- Create an originality report using the API that
uses an lti launch for the originality report
- Make an update request to *only* modify the
originality score
- Verify the Lti::Link for the OriginalityReport still
exists
Change-Id: Ic5324868df58da5448b0cf9f98174f12c38eeeba
Reviewed-on: https://gerrit.instructure.com/136715
Reviewed-by: Marc Alan Phillips <mphillips@instructure.com>
Tested-by: Jenkins
QA-Review: August Thornton <august@instructure.com>
Product-Review: Weston Dransfield <wdransfield@instructure.com>
fixes PLAT-2937
Test plan:
* Using one legged oauth hit the membership api for courses and groups
/api/lti/courses/:id/membership_service
/api/lti/groups/:id/membership_service
* Ensure that you get a membership service page back
* Ensure that you get unauthorized if the feature flag is disabled
* Ensure that you get unauthorized if the
allow_membership_service_access boolean is false on the tool
* Ensure that you get unauthorized if the tool can't be found via the
oauth_consumer_key
* Ensure that you get unauthorized if the nonce is reused
* Ensure that you get unauthorized if the timestamp is greater than ten
minutes
Change-Id: I9859d8b2c371dbddf47d0563ad27104420810da3
Reviewed-on: https://gerrit.instructure.com/135917
Reviewed-by: Nathan Mills <nathanm@instructure.com>
Tested-by: Jenkins
QA-Review: August Thornton <august@instructure.com>
Product-Review: Andrew Butterfield <abutterfield@instructure.com>
Closes PLAT-2953
Test Plan:
- Create an assignment associated with a plag tool
that uses the `text entry` submission option
- As a student submit to the assignment
- With the tool attempt to request the submission
via the LTI API and verify the submission
is received
- With the tool attempt to create an originality report
for the submission _without_ specifying an attachment
id (since there is no attachment for the assignment)
- Verify the report is created and is visible in the
following locations:
* Speedgrader
* gradebook
* student grades page
Note that for parity it does not need to be visible in the
submission details page.
- Attempt to edit the the report via each of the 3 update endpoints
(let me know if you don't know what 3 those are) and verify
update works. When testing these first create other originality
reports for other assignemnts in the course to verify the correct
originality report is updated.
- Verify that clicking on originality reports from each part of the UI
initiates an LTI launch to the tool
- Verify that the entire plagiarism platform flow still works for
file upload assignments
Change-Id: I318f605dace31c92ae3954f26ec2aefa3e8ad90e
Reviewed-on: https://gerrit.instructure.com/135409
Tested-by: Jenkins
Reviewed-by: Nathan Mills <nathanm@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Product-Review: Weston Dransfield <wdransfield@instructure.com>
Closes PLAT-2938
Test Plan:
Verify documentation generates successfully and contains accurate
information.
Verify new links work
Change-Id: Idd3a48e9f1e346a07bc990039346d3dad6fe4d22
Reviewed-on: https://gerrit.instructure.com/134945
Tested-by: Jenkins
Reviewed-by: Andrew Butterfield <abutterfield@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Product-Review: Jesse Poulos <jpoulos@instructure.com>
Change-Id: Id9e4f326a32a5576b46a83c54b9e45833b5bcdc2
Reviewed-on: https://gerrit.instructure.com/133581
Reviewed-by: Andrew Butterfield <abutterfield@instructure.com>
Tested-by: Jenkins
Product-Review: Simon Williams <simon@instructure.com>
QA-Review: Simon Williams <simon@instructure.com>
Change-Id: Ife5140b237c58e2040dc536e98bce3fcda73c64a
Reviewed-on: https://gerrit.instructure.com/133529
Tested-by: Jenkins
Reviewed-by: Rob Orton <rob@instructure.com>
Product-Review: Simon Williams <simon@instructure.com>
QA-Review: Simon Williams <simon@instructure.com>
fixes PLAT-2919
Test plan:
* Validate API documentation at /doc/api/plagiarism_detection_platform_assignments.html
* Using an LTI 2.0 AccessToken access the /api/lti/assignments/:assignment_id
endpoint
* You can also test differentiated assignments by supplying a user_id
query parameter
* You should be able to use both native canvas ids and lti ids for both
the assignment_id url parameter and the user_id query parameter
Change-Id: I37d1951a528e9c484f9a7e3030ae9b767a247876
Reviewed-on: https://gerrit.instructure.com/133276
QA-Review: August Thornton <august@instructure.com>
Reviewed-by: Weston Dransfield <wdransfield@instructure.com>
Tested-by: Jenkins
Product-Review: Andrew Butterfield <abutterfield@instructure.com>
Fixes PLAT-2905
Test Plan:
- Regression test LTI 2 registration and
reregistraiton.
- Verify that the registration endpoint is now post
only (i.e. /courses/113/lti/
tool_proxy_registration?tool_consumer_url=https://bad.site.com)
- Verify that when posting to the endpoint the
`tool_consumer_url` parameter may not use the
JavaScript protocol.
Change-Id: Ie61b9293083a65a705db5268f695a2874be35a3f
Reviewed-on: https://gerrit.instructure.com/131981
Tested-by: Jenkins
Reviewed-by: Andrew Butterfield <abutterfield@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Product-Review: Weston Dransfield <wdransfield@instructure.com>
Closes PLAT-2879
Test Plan:
- Install a plagiarim tool that offers a service named
'vnd.Canvas.Eula'. Example:
{"endpoint"=>"http://originality.docker/eula",
"action"=>["GET"],
"@id"=>"http://originality.docker/lti/v2/services#vnd.Canvas.Eula",
"@type"=>"RestService"}
- Associate the tool with an assignment.
- As a student go to the assignment submission page.
Verify and verify the page requires agreeing to the
Eula before submitting.
- Retrieve the submission via api using the plagiarism
tool and verify the submission object returned contains
a timestamp showing when the user clicked the checkbox.
Change-Id: I2a8cac02666b66fbb76d4b55f980a45dfdac2fa6
Reviewed-on: https://gerrit.instructure.com/129858
Reviewed-by: Nathan Mills <nathanm@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Tested-by: Jenkins
Product-Review: Karl Lloyd <karl@instructure.com>
Closes PLAT-2908, PLAT-2889
Test Plan:
- Verify both of the plagiarism platform
feature flags are gone.
- Create a new assignment in a context that has
not plagiarism detection tools installed. Verify
the plagiarism tool selection box is not visible
when creating and editing assignments.
- Install a plagiarism detection tool.
- Verify you can sucesfully associate an assignment
with the tool, retrieve submissions, and create
originality reports.
Change-Id: I87b10d740293329183528d1b14969338df480dd3
Reviewed-on: https://gerrit.instructure.com/131217
Tested-by: Jenkins
Reviewed-by: Nathan Mills <nathanm@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Product-Review: Weston Dransfield <wdransfield@instructure.com>
Missed these from the code-review feedback on g/124349
Change-Id: Id3c4b3c7d2438977f06be66a52a6b931bd8e1617
Refs: AMS-570
Reviewed-on: https://gerrit.instructure.com/129745
Tested-by: Jenkins
Reviewed-by: Weston Dransfield <wdransfield@instructure.com>
Reviewed-by: August Thornton <august@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Product-Review: Jeremy Slade <jslade@instructure.com>
Closes: AMS-570
Test plan:
- Use an account with Gauge configured
- create an access token for a Student
- GET /api/v1/accounts/self/lti_apps/launch_definitions?placements[]=global_navigation
- check response code is 200
- check response body contains Gauge launch definitions
Change-Id: I1a9524e862a2f72f603961aaa6e6f70c3985ef2d
Reviewed-on: https://gerrit.instructure.com/124349
Tested-by: Jenkins
Reviewed-by: Weston Dransfield <wdransfield@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Product-Review: Karl Lloyd <karl@instructure.com>
refs: PLAT-2844
test plan:
you can use tool settings using the folloing endpoints:
"/api/lti/tool_proxy/#{tool_proxy.guid}/accounts/#{account.id}/resource_link_id/#{@link_setting.resource_link_id}/tool_setting"
"/api/lti/tool_proxy/#{tool_proxy.guid}/accounts/#{account.id}/tool_setting"
"/api/lti/tool_proxy/#{tool_proxy.guid}/tool_setting"
you can use tool settings using the endpoints sent in the launch
Change-Id: I8939b63b4f606e97ebee6baec8c30877aefe619d
Reviewed-on: https://gerrit.instructure.com/128928
Tested-by: Jenkins
Reviewed-by: Weston Dransfield <wdransfield@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Product-Review: Nathan Mills <nathanm@instructure.com>
ref PLAT-2844
test plan:
create a originality report placement
do a launch
it should use the lti_assignment_id as the resource_link_id
Change-Id: I6409677a14c259c8f71582deff52698554078d48
Reviewed-on: https://gerrit.instructure.com/128635
Tested-by: Jenkins
Reviewed-by: Weston Dransfield <wdransfield@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Product-Review: Nathan Mills <nathanm@instructure.com>
Closes PLAT-2819
Test Plan:
- Create a tool consumer profile associated with a
developer key that uses the newly added `vnd.Cavnas.User`
service.
- Install a plagiarism detection tool that uses the
new `vnd.Cavnas.User` service.
- Create an assignment in a course with students and
associate it with the tool.
- Make a request to `/api/lti/users/:user_id` with
the id of one of the students and no access token.
verify that you get a 401
- Make the same request but this time include an
access token. Verify the student details is returned.
- Make the same request but use the user's `lti_context_id`.
Verify that the user details is still returned.
- Remove the tool from the assignment and save the change.
- Make the same request and verify a 401 is returned.
- Verify the behaviors outlined above work when the tool
is installed in a course, account, and root account.
Change-Id: I81bd1446729d194f7f3910bca05638e57e5091d1
Reviewed-on: https://gerrit.instructure.com/126931
Tested-by: Jenkins
QA-Review: August Thornton <august@instructure.com>
Reviewed-by: August Thornton <august@instructure.com>
Reviewed-by: Nathan Mills <nathanm@instructure.com>
Product-Review: Weston Dransfield <wdransfield@instructure.com>
Closes PLAT-2818
Test Plan:
- Using the Create endpoint API found at
https://canvas.instructure.com/doc/api/originality_reports.html
and specify an originality score.
- Verify the originality report is created with the specified
originality score and other data.
- Repeat the exact same post request, but change the originality
score value.
- Verify the originality report is updated and a new one is not
created.
- Verify you can still update the originality report via the
PUT endpoint found in the same docs.
Change-Id: I4a2b8ad6f5b68e49a6195862cf7826fe31152bca
Reviewed-on: https://gerrit.instructure.com/125944
Tested-by: Jenkins
Reviewed-by: Andrew Butterfield <abutterfield@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Product-Review: Weston Dransfield <wdransfield@instructure.com>
Adds a uniqueness validation to originality_report for attachment.
closes GRADE-258
Test Plan:
1. In a rails console, create an originality report:
OriginalityReport.create(
attachment: attachment,
submission: submission
)
2. Create another originality report that belongs to the same
attachment (the submission can be different). The record should be
invalid and the error message should be "Attachment has already
been taken".
o = OriginalityReport.create(
attachment: attachment,
submission: some_other_submission
)
o.valid?
=> false
o.errors.full_messages
=> ["Attachment has already been taken"]
Change-Id: I6d73a8f2f62192defffb6908c30233655d843e30
Reviewed-on: https://gerrit.instructure.com/125298
Reviewed-by: Matt Taylor <mtaylor@instructure.com>
Reviewed-by: Jeremy Neander <jneander@instructure.com>
Tested-by: Jenkins
QA-Review: KC Naegle <knaegle@instructure.com>
Product-Review: Keith T. Garner <kgarner@instructure.com>
Closes: CNVS-38885
Test Plan:
Verify the lti subscription index endpoint returns
an array of subscriptions with pagination headers.
Change-Id: Ifa81263ccb9e762c5021c3c5334fa3055d6afbc9
Reviewed-on: https://gerrit.instructure.com/124184
Tested-by: Jenkins
Reviewed-by: Andrew Butterfield <abutterfield@instructure.com>
Reviewed-by: August Thornton <august@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Product-Review: Weston Dransfield <wdransfield@instructure.com>
fixes PLAT-2774
test plan:
do a jwt launch to a url with spaces in the query params
check that the spaces have been encoded
Change-Id: I42dce794149d6bfbcecdc997981faf4a91b11e33
Reviewed-on: https://gerrit.instructure.com/123430
Tested-by: Jenkins
Reviewed-by: August Thornton <august@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Reviewed-by: Andrew Butterfield <abutterfield@instructure.com>
Product-Review: Nathan Mills <nathanm@instructure.com>
Closes PLAT-2771
Test Plan:
- Create an originality report
- Attempt to update the originality report via
the new endpoint and verify changes are persisted:
assignments/:assignment_id/files/:file_id/originality_report
- Attempt to get an originality report via the
new endpoint:
assignments/:assignment_id/files/:file_id/originality_report
Generate docs and verify they now include the new endpoints:
http://canvas.docker/doc/api/originality_reports.html
Change-Id: Iad5543201b3d4de24d4355f5d51730613e328a42
Reviewed-on: https://gerrit.instructure.com/123253
Tested-by: Jenkins
Reviewed-by: Nathan Mills <nathanm@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Product-Review: Weston Dransfield <wdransfield@instructure.com>
Closes PLAT-2738
Test Plan:
- Install two lti tools that use the new
'com.instructure.PostMessageToken' variable expansion.
- Visit a page with two LTI tools launched (this happens when
launching a tool in a course that has chat enabled).
- Have one tool send a resize post message and verify the correct
tool is resized. The post message should include the token
for the value of 'token':
<script type="text/javascript">
parent.postMessage({
subject: 'lti.frameResize',
height: 12000,
token: '<%= @wrapper_id %>'
}, '*');
</script>
- Verify the proper tool is resized.
Change-Id: Ie7e976c5cd53ef5c61cd86c471ba416045a0fb68
Reviewed-on: https://gerrit.instructure.com/119858
QA-Review: August Thornton <august@instructure.com>
Reviewed-by: Andrew Butterfield <abutterfield@instructure.com>
Tested-by: Jenkins
Product-Review: Weston Dransfield <wdransfield@instructure.com>
update the ims-lti gem with the new re-registration service name
remove the OAUTH2 algorithim for the security profile
support OAuth2 for re-registration
fixes PLAT-2721, PLAT-2722
test plan:
LTI2 launches should still work
re-registration should work with OAUTH2 now
the tool consumer profile shouldn't have an algoritim specified for
the OAUTH2 WS security profile
Change-Id: I00d3600da3296ab24d361c31b0599b93f96e715c
Reviewed-on: https://gerrit.instructure.com/118978
Tested-by: Jenkins
Reviewed-by: Weston Dransfield <wdransfield@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Product-Review: Nathan Mills <nathanm@instructure.com>
Change-Id: I2f4ca4a671a0e5bdcfbeb90b4714465ec34acc9f
Reviewed-on: https://gerrit.instructure.com/120891
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Jenkins
Product-Review: James Williams <jamesw@instructure.com>
QA-Review: James Williams <jamesw@instructure.com>
Change-Id: Ic6e4f64874021639f5e8950e2fe42f714ae31250
Reviewed-on: https://gerrit.instructure.com/120225
Tested-by: Jenkins
Reviewed-by: Cody Cutrer <cody@instructure.com>
Product-Review: James Williams <jamesw@instructure.com>
QA-Review: James Williams <jamesw@instructure.com>
closes PLAT-2573
Test Plan:
- Make a variety of invalid requests to the authorization
endpoint (/api/lti/accounts/1/authorize).
- Verify that for each a detailed error report
is created.
Change-Id: Ifa93075d43e3d3e94d95845b5a92859b7ade28e2
Reviewed-on: https://gerrit.instructure.com/119307
Tested-by: Jenkins
QA-Review: August Thornton <august@instructure.com>
Reviewed-by: August Thornton <august@instructure.com>
Product-Review: Weston Dransfield <wdransfield@instructure.com>
Closes PLAT-2715
Test Plan:
- Verify the default tool consumer profile contains
the com.instructure.Assignment.lti.id capability.
- Install a plagiarism detection tool that uses an
LTI launch for display originality reports. The
message in the resource handler associated with
the originality report launch should have the
com.instructure.Assignment.lti.id enabled. The
message associated with the
`Canvas.placements.similarityDetection` capability
should also have the the new capability enabled.
- Associated the tool with an assignment. Verify that
a parameter named com_instructure_assignment_lti_id
is sent in the launch from the create/edit UI. Its
value should match the ext_lti_assignment_id param.
- Create an originality report and do the associated
tool launch.
- Verify a com_instructure_assignment_lti_id parameter
is sent. The value should match the ext_lti_assignment_id
sent in the assignment creattion config launch.
Change-Id: I722dd16a6cc5e62a447f76f10e9f0f582a11a33a
Reviewed-on: https://gerrit.instructure.com/119029
Reviewed-by: Nathan Mills <nathanm@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Tested-by: Jenkins
Product-Review: Weston Dransfield <wdransfield@instructure.com>
Closes PLAT-2716
Test Plan:
- Install and configure a plagiarism detection tool.
- From a shard that does not have the tool proxy, verify
you can fetch attachments for submissions using the LTI2
submission service.
Change-Id: Ib60898f6850739211a66cf7a85b6cecbff7c4ea6
Reviewed-on: https://gerrit.instructure.com/118226
Tested-by: Jenkins
QA-Review: August Thornton <august@instructure.com>
Reviewed-by: Andrew Butterfield <abutterfield@instructure.com>
Product-Review: Weston Dransfield <wdransfield@instructure.com>
Closes PLAT-2710
Test Plan:
- Install a plagiarism detection tool, associate it with an
assignment, and create a submission.
- Delete the tool
- Install the tool again in the same context.
- Using the tool proxy guid and secret from the second tool,
request an access token
- Verify you can request the submission for the assignment in
step one and create an originality report for it.
- Verify this is also true for other lti2 services (
subscription api, originality report api, etc).
Change-Id: I006b4a88b105e808dcf0fbbbc8087a83aabe5731
Reviewed-on: https://gerrit.instructure.com/117700
Tested-by: Jenkins
QA-Review: August Thornton <august@instructure.com>
Reviewed-by: Nathan Mills <nathanm@instructure.com>
Product-Review: Weston Dransfield <wdransfield@instructure.com>
refs PLAT-2649
test plan:
you can do an LTI2 JWT launch for a tool that suports the
correct security profile
Change-Id: I31a06243a171aaabe28552b7ee3866e807a86c30
Reviewed-on: https://gerrit.instructure.com/113018
Tested-by: Jenkins
Reviewed-by: Andrew Butterfield <abutterfield@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Product-Review: Nathan Mills <nathanm@instructure.com>
Closes PLAT-2688
Test Plan:
- Install an plagiarism detection tool that uses
LTI launches for displaying originality reports.
The message handler for these launches should have
com.instructure.OriginalityReport.id,
com.instructure.Submission.id,
and com.instructure.File.id in it's enabled
capability array.
- Create an originality report with the tool and
launch the originality report.
- Verify that parameters for each of these three
capabilities are send and set correctly.
Change-Id: I2cb246e3a48f5e63a60ff6a0d90a003aaf9c8d62
Reviewed-on: https://gerrit.instructure.com/116377
Reviewed-by: Andrew Butterfield <abutterfield@instructure.com>
Reviewed-by: Nathan Mills <nathanm@instructure.com>
Tested-by: Jenkins
QA-Review: August Thornton <august@instructure.com>
Product-Review: Weston Dransfield <wdransfield@instructure.com>
fixes PLAT-2633
Test plan:
* Install an LTI 2 in a course
* Export that course
* Ensure that the registration url is persisted in the imscc file
Change-Id: Ifc3b1ab9b7aeed3985bcddc7ae709e69215eb051
Reviewed-on: https://gerrit.instructure.com/117314
Reviewed-by: Weston Dransfield <wdransfield@instructure.com>
Tested-by: Jenkins
Reviewed-by: Nathan Mills <nathanm@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Product-Review: Andrew Butterfield <abutterfield@instructure.com>
Closes PLAT-2680
Test Plan:
- As a student submit to an assignment associted with an
LTI 2 tool.
- Using the LTI 2 submission service retrieve the submission
- Request the submission attachment using the value of
the `url` string provided in the submission JSON payload (
This will require retrieveing and using a JWT access token).
- Veriy that the attachment is downloaded.
- From a different shard attempt to use the same URL to download
the attachment.
- Verify the attachment is downloaded.
Change-Id: Ia60cd3dfccdea835ead109ba4b7d6fa2147b3a71
Reviewed-on: https://gerrit.instructure.com/116093
Tested-by: Jenkins
Reviewed-by: Nathan Mills <nathanm@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Product-Review: Weston Dransfield <wdransfield@instructure.com>
Fixes CNVS-37395
Test plan:
* Create a course with 2 students
* Create an assignment with a due date for everyone
* Create a differentiated assignment with a due date for only 1 student
* In rails console:
* Run `DueDateCacher.for_course(course_id)
* Make sure `Submission.count` is 3
* Make sure the first assignment has 2 placeholder submissions
* Make sure the second assignment only has one placeholder submission
Change-Id: I5c8084d4fb0138f65e4c117dcc97638cf8d4f49d
Reviewed-on: https://gerrit.instructure.com/114573
Tested-by: Jenkins
Reviewed-by: Cody Cutrer <cody@instructure.com>
Reviewed-by: Shahbaz Javeed <sjaveed@instructure.com>
Product-Review: Neil Gupta <ngupta@instructure.com>
QA-Review: Neil Gupta <ngupta@instructure.com>
refs PLAT-2647
test plan:
• run `rake doc:api`
• ensure no warnings are displayed during doc generation
Change-Id: I6d245ea22fd425c59abdebbe1de6c4e51d6799c9
Reviewed-on: https://gerrit.instructure.com/116159
Reviewed-by: Andrew Butterfield <abutterfield@instructure.com>
Product-Review: August Thornton <august@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Tested-by: Jenkins
wdransfield