ylqjgm
/
canvas-lms
mirror of https://github.com/instructure/canvas-lms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
canvas-lms/gems/request_context
History
Ethan Vizitei 02f14d341f treat openssl cipher error as auth failure 
closes FOO-1670

also fix canvas_security porting failures

TEST PLAN:
  1) encrypt a token with some invalid key
  2) you should get a standard auth failure
     when you present it
Change-Id: Id635f9889fd5a595bc74dfdf89757b9f535434c5

Change-Id: I53334c82e6e3b8637f4d8142d49a46351464ed60
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/260038
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
Reviewed-by: Rob Orton <rob@instructure.com>
QA-Review: Ethan Vizitei <evizitei@instructure.com>
Product-Review: Ethan Vizitei <evizitei@instructure.com>
 		2021-03-05 18:36:54 +00:00
..
lib request_context as a gem 2021-03-02 23:02:40 +00:00
spec request_context as a gem 2021-03-02 23:02:40 +00:00
Gemfile treat openssl cipher error as auth failure 2021-03-05 18:36:54 +00:00
README.md request_context as a gem 2021-03-02 23:02:40 +00:00
request_context.gemspec request_context as a gem 2021-03-02 23:02:40 +00:00
test.sh request_context as a gem 2021-03-02 23:02:40 +00:00

README.md

RequestContext

Keeping the state for canvas requests.

Usage

RequestContext is a combination of middleware for rails and a kind of global "what is my current state" access from anywhere.

Generator

RequestContext::Generator, when added to the middleware stack for an application, makes sure that every request has a request_context_id on it:

# application.rb
initializer("extend_middleware_stack") do |app|
  app.config.middleware.swap(ActionDispatch::RequestId, RequestContext::Generator)\
  app.config.middleware.insert_after(config.session_store, RequestContext::Session)
end

Why replace the build in RequestId middleware? this one reads the incoming environment for potentially provided request IDs from other services in the 'HTTP_X_REQUEST_CONTEXT_ID' header. This class also provides an interface for accessing the current request id from pretty much anywhere in the app without having to know where it's stored (we use the thread context):

RequestContext::Generator.request_id

In order for this to work, you need the cookie jar to have the right data loaded into it, which you can find being written in the RequestContext::Session middleware. The reason is middleware ordering, the Generator runs after the cookie jar has already been written to on the way out.

You need to use both.

Running Tests

This gem is tested with rspec. You can use test.sh to run it, or do it yourself with bundle exec rspec spec.