ylqjgm
/
canvas-lms
mirror of https://github.com/instructure/canvas-lms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
canvas-lms/gems/lti_outbound
History
Xander Moffatt a872bbeb80 send student id for LTI 1.3 student_context_card 
why:
* LTI 1.1 tools launching from this placement receive the
`ext_lti_student_id` launch parameter that corresponds to
the student from which the tool was launched
* this provides parity for LTI 1.3 tools to receive a similar parameter,
`https://www.instructure.com/lti_student_id`

closes INTEROP-8058
flag=none

test plan:
* install a 1.3 tool with the student_context_card placement enabled
* Course -> People -> click on a Student
* a card will slide out from the right side, and will have a button
to launch the 1.3 tool
* launch the tool
* scroll to the bottom of the decoded id_token
* the lti_student_id custom claim should be present and
match the id of the student you clicked on
* bonus:
  * change the id in the URL to a non-student - it should fail
  * change the id to a non-number like SQL injection - it should fail
  * remove the `&student_id=1` query param entirely - the launch should
  succeed, but not include the lti_student_id claim
* extra bonus:
  * test this with a 1.1 tool to confirm it's still working as intended

Change-Id: Ie3aeebb549c14b978fe84e28748275478685fba4
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/335539
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
Reviewed-by: Paul Gray <paul.gray@instructure.com>
QA-Review: Paul Gray <paul.gray@instructure.com>
Product-Review: Alexis Nast <alexis.nast@instructure.com>
 		2023-12-21 15:34:27 +00:00
..
lib send student id for LTI 1.3 student_context_card 2023-12-21 15:34:27 +00:00
spec send student id for LTI 1.3 student_context_card 2023-12-21 15:34:27 +00:00
.rspec raise bundler minimum requirement 2021-02-19 22:49:02 +00:00
Gemfile fix lockfile syncing from canvas lockfile to sub-gems 2023-05-09 22:57:42 +00:00
Gemfile.lock bundle update rake 2023-11-13 21:37:43 +00:00
LICENSE.txt da licença part 53 2017-05-01 21:06:11 +00:00
README.md rename basic_lti_outbound gem to lti_outbound 2014-01-24 15:48:34 +00:00
Rakefile RuboCop: Style/StringLiterals, Style/StringLiteralsInInterpolation 2021-11-25 14:03:06 +00:00
lti_outbound.gemspec fix lockfile syncing from canvas lockfile to sub-gems 2023-05-09 22:57:42 +00:00
test.sh simplify gem test harnesses 2016-01-19 17:52:58 +00:00

README.md

LtiOutbound

TODO: Write a gem description

Installation

Add this line to your application's Gemfile:

gem 'lti_outbound'

And then execute:

$ bundle

Or install it yourself as:

$ gem install lti_outbound

Usage

TODO: Write usage instructions here

Contributing

  1. Fork it ( http://github.com//lti_outbound/fork )
  2. Create your feature branch (git checkout -b my-new-feature)
  3. Commit your changes (git commit -am 'Add some feature')
  4. Push to the branch (git push origin my-new-feature)
  5. Create new Pull Request