caccl-authorizer - npm Package Compare versions

caccl-authorizer

Package Overview

Dependencies

Maintainers

Advanced tools

Install Socket

Detect and block malicious and high-risk dependencies

Install

Comparing version 1.1.25 to 1.1.26

package.json

		{
		"name": "caccl-authorizer",
		"version": "1.1.25",
		"version": "1.1.26",
		"description": "Acquires Canvas tokens through via OAuth, stores refresh tokens, and refreshes access tokens when they expire.",
		@@ -45,3 +45,2 @@ "main": "index.js",
		"https": "^1.0.0",
		"ims-lti": "^3.0.2",
		"mocha": "^8.2.1"
		@@ -48,0 +47,0 @@ },

492

test/helpers/addAppRoutes.js

		@@ -11,3 +11,2 @@ const API = require('caccl-api');
		course, // Canvas course object for test course
		isValid, // function that checks if a launch request is valid (ret: promise)
		nonceValid, // function that checks if a nonce is valid
		@@ -155,279 +154,276 @@ getOnLoginTimestamp,
		app.post(launchPath, (req, res) => {
		isValid(req)
		.then((valid) => {
		let html = '<style>td {\nborder: 1px solid black;\n}</style>\n';
		html += '<h1>Review, then click play to resume tests</h1>\n';
		html += '<table style="width: 100%">\n<tr><td>Item</td><td>Value</td><td>Expected/Requirement</td><td>Results</td><td>Pass/Fail</td>\n';
		let html = '<style>td {\nborder: 1px solid black;\n}</style>\n';
		html += '<h1>Review, then click play to resume tests</h1>\n';
		html += '<table style="width: 100%">\n<tr><td>Item</td><td>Value</td><td>Expected/Requirement</td><td>Results</td><td>Pass/Fail</td>\n';

		// eslint-disable-next-line max-params
		const addRow = (prop, expected, results, pass) => {
		html += `<tr style="background-color: ${pass ? 'white' : 'red'}; color: ${pass ? 'black' : 'white'}"><td>${prop}</td><td>${req.body[prop]}</td><td>${expected}</td><td>${results}</td><td>${pass ? 'Pass!' : 'Fail!'}</td></tr>\n`;
		};
		// eslint-disable-next-line max-params
		const addRow = (prop, expected, results, pass) => {
		html += `<tr style="background-color: ${pass ? 'white' : 'red'}; color: ${pass ? 'black' : 'white'}"><td>${prop}</td><td>${req.body[prop]}</td><td>${expected}</td><td>${results}</td><td>${pass ? 'Pass!' : 'Fail!'}</td></tr>\n`;
		};

		// Consumer key
		let pass = (req.body.oauth_consumer_key === 'consumer_key');
		addRow(
		'oauth_consumer_key',
		'Equals',
		'consumer_key',
		pass
		);
		// Consumer key
		let pass = (req.body.oauth_consumer_key === 'consumer_key');
		addRow(
		'oauth_consumer_key',
		'Equals',
		'consumer_key',
		pass
		);

		// Request validity
		addRow(
		'oauth_signature',
		'is valid',
		valid,
		valid
		);
		// Request validity
		addRow(
		'oauth_signature',
		'is valid',
		valid,
		valid
		);

		// Nonce
		pass = nonceValid(req.body.oauth_nonce);
		addRow(
		'oauth_nonce',
		'Never used',
		pass ? 'Never used' : 'Used',
		pass
		);
		// Nonce
		pass = nonceValid(req.body.oauth_nonce);
		addRow(
		'oauth_nonce',
		'Never used',
		pass ? 'Never used' : 'Used',
		pass
		);

		// Timestamp
		const age = (
		(Date.now() / 1000)
		- (req.body.oauth_timestamp \|\| 0)
		);
		pass = (age > -1 && age <= 5);
		addRow(
		'oauth_timestamp',
		'Within last 4s',
		`Age: ${age.toFixed(3)}s`,
		pass
		);
		// Timestamp
		const age = (
		(Date.now() / 1000)
		- (req.body.oauth_timestamp \|\| 0)
		);
		pass = (age > -1 && age <= 5);
		addRow(
		'oauth_timestamp',
		'Within last 4s',
		`Age: ${age.toFixed(3)}s`,
		pass
		);

		// Context id
		pass = (req.body.context_id === course.uuid);
		addRow(
		'context_id',
		'Equals the course uuid',
		`Should be: ${course.uuid}`,
		pass
		);
		pass = (req.body.resource_link_id === course.uuid);
		addRow(
		'resource_link_id',
		'Equals the course uuid',
		`Should be: ${course.uuid}`,
		pass
		);
		// Context id
		pass = (req.body.context_id === course.uuid);
		addRow(
		'context_id',
		'Equals the course uuid',
		`Should be: ${course.uuid}`,
		pass
		);
		pass = (req.body.resource_link_id === course.uuid);
		addRow(
		'resource_link_id',
		'Equals the course uuid',
		`Should be: ${course.uuid}`,
		pass
		);

		// Context label
		pass = (req.body.context_label === course.course_code);
		addRow(
		'context_label',
		'Equals the course code',
		`Should be: ${course.course_code}`,
		pass
		);
		// Context label
		pass = (req.body.context_label === course.course_code);
		addRow(
		'context_label',
		'Equals the course code',
		`Should be: ${course.course_code}`,
		pass
		);

		// Context title
		pass = (req.body.context_title === course.name);
		addRow(
		'context_title',
		'Equals the course name',
		`Should be: ${course.name}`,
		pass
		);
		// Context title
		pass = (req.body.context_title === course.name);
		addRow(
		'context_title',
		'Equals the course name',
		`Should be: ${course.name}`,
		pass
		);

		// Custom api domain
		pass = (req.body.custom_canvas_api_domain === 'localhost:8088');
		addRow(
		'custom_canvas_api_domain',
		'Equals localhost:8088',
		pass,
		pass
		);
		// Custom api domain
		pass = (req.body.custom_canvas_api_domain === 'localhost:8088');
		addRow(
		'custom_canvas_api_domain',
		'Equals localhost:8088',
		pass,
		pass
		);

		// Canvas course id
		pass = (
		String(req.body.custom_canvas_course_id) === String(course.id)
		);
		addRow(
		'custom_canvas_course_id',
		'Equals course id',
		`Should be: ${course.id}`,
		pass
		);
		// Canvas course id
		pass = (
		String(req.body.custom_canvas_course_id) === String(course.id)
		);
		addRow(
		'custom_canvas_course_id',
		'Equals course id',
		`Should be: ${course.id}`,
		pass
		);

		// custom_canvas_enrollment_state
		pass = (req.body.custom_canvas_enrollment_state === 'active');
		addRow(
		'custom_canvas_enrollment_state',
		'Is active',
		pass,
		pass
		);
		// custom_canvas_enrollment_state
		pass = (req.body.custom_canvas_enrollment_state === 'active');
		addRow(
		'custom_canvas_enrollment_state',
		'Is active',
		pass,
		pass
		);

		// user id
		pass = (req.body.custom_canvas_user_id === String(user.id));
		addRow(
		'custom_canvas_user_id',
		'Equals user.id',
		user.id,
		pass
		);
		// user id
		pass = (req.body.custom_canvas_user_id === String(user.id));
		addRow(
		'custom_canvas_user_id',
		'Equals user.id',
		user.id,
		pass
		);

		// login id
		pass = (req.body.custom_canvas_user_login_id === user.login_id);
		addRow(
		'custom_canvas_user_login_id',
		'Equals login id',
		user.login_id,
		pass
		);
		// login id
		pass = (req.body.custom_canvas_user_login_id === user.login_id);
		addRow(
		'custom_canvas_user_login_id',
		'Equals login id',
		user.login_id,
		pass
		);

		// custom_canvas_workflow_state
		pass = (req.body.custom_canvas_workflow_state === 'available');
		addRow(
		'custom_canvas_workflow_state',
		'Is available',
		pass,
		pass
		);
		// custom_canvas_workflow_state
		pass = (req.body.custom_canvas_workflow_state === 'available');
		addRow(
		'custom_canvas_workflow_state',
		'Is available',
		pass,
		pass
		);

		// ext role
		pass = (req.body.ext_roles.includes(course.enrollments[0].role));
		addRow(
		'ext_roles',
		'Matches course enrollment role',
		`Should be: ${course.enrollments[0].role}`,
		pass
		);
		// ext role
		pass = (req.body.ext_roles.includes(course.enrollments[0].role));
		addRow(
		'ext_roles',
		'Matches course enrollment role',
		`Should be: ${course.enrollments[0].role}`,
		pass
		);

		// launch_presentation_document_target
		pass = (
		['window', 'iframe']
		.indexOf(req.body.launch_presentation_document_target) >= 0
		);
		addRow(
		'launch_presentation_document_target',
		'Is either "iframe" or "window"',
		pass,
		pass
		);
		// launch_presentation_document_target
		pass = (
		['window', 'iframe']
		.indexOf(req.body.launch_presentation_document_target) >= 0
		);
		addRow(
		'launch_presentation_document_target',
		'Is either "iframe" or "window"',
		pass,
		pass
		);

		// locale
		pass = (
		req.body.launch_presentation_locale === user.effective_locale
		);
		addRow(
		'launch_presentation_locale',
		'Equals user locale',
		`Should be: ${user.effective_locale}`,
		pass
		);
		// locale
		pass = (
		req.body.launch_presentation_locale === user.effective_locale
		);
		addRow(
		'launch_presentation_locale',
		'Equals user locale',
		`Should be: ${user.effective_locale}`,
		pass
		);

		// last name
		const lastName = user.sortable_name.split(',')[0].trim();
		pass = (req.body.lis_person_name_family === lastName);
		addRow(
		'lis_person_name_family',
		'Equals user last name',
		`Should be: ${lastName}`,
		pass
		);
		// last name
		const lastName = user.sortable_name.split(',')[0].trim();
		pass = (req.body.lis_person_name_family === lastName);
		addRow(
		'lis_person_name_family',
		'Equals user last name',
		`Should be: ${lastName}`,
		pass
		);

		// first name
		const firstName = user.sortable_name.split(',')[1].trim();
		pass = (req.body.lis_person_name_given === firstName);
		addRow(
		'lis_person_name_given',
		'Equals user first name',
		`Should be: ${firstName}`,
		pass
		);
		// first name
		const firstName = user.sortable_name.split(',')[1].trim();
		pass = (req.body.lis_person_name_given === firstName);
		addRow(
		'lis_person_name_given',
		'Equals user first name',
		`Should be: ${firstName}`,
		pass
		);

		// full name
		pass = (req.body.lis_person_name_full === user.name);
		addRow(
		'lis_person_name_full',
		'Equals user full name',
		`Should be ${user.name}`,
		pass
		);
		// full name
		pass = (req.body.lis_person_name_full === user.name);
		addRow(
		'lis_person_name_full',
		'Equals user full name',
		`Should be ${user.name}`,
		pass
		);

		// login id
		pass = (req.body.lis_person_sourcedid === user.login_id);
		addRow(
		'lis_person_sourcedid',
		'Equals user login id',
		`Should be ${user.login_id}`,
		pass
		);
		// login id
		pass = (req.body.lis_person_sourcedid === user.login_id);
		addRow(
		'lis_person_sourcedid',
		'Equals user login id',
		`Should be ${user.login_id}`,
		pass
		);

		// lti_message_type: 'basic-lti-launch-request',
		pass = (req.body.lti_message_type === 'basic-lti-launch-request');
		addRow(
		'lti_message_type',
		'Equals:',
		'basic-lti-launch-request',
		pass
		);
		// lti_message_type: 'basic-lti-launch-request',
		pass = (req.body.lti_message_type === 'basic-lti-launch-request');
		addRow(
		'lti_message_type',
		'Equals:',
		'basic-lti-launch-request',
		pass
		);

		// lti_version: 'LTI-1p0',
		pass = (req.body.lti_version === 'LTI-1p0');
		addRow(
		'lti_version',
		'Equals:',
		'LTI-1p0',
		pass
		);
		// lti_version: 'LTI-1p0',
		pass = (req.body.lti_version === 'LTI-1p0');
		addRow(
		'lti_version',
		'Equals:',
		'LTI-1p0',
		pass
		);

		// roles
		pass = (req.body.roles.includes(course.enrollments[0].role));
		addRow(
		'roles',
		'Includes',
		course.enrollments[0].role,
		pass
		);
		// roles
		pass = (req.body.roles.includes(course.enrollments[0].role));
		addRow(
		'roles',
		'Includes',
		course.enrollments[0].role,
		pass
		);

		// tool family
		pass = (req.body.tool_consumer_info_product_family_code === 'canvas');
		addRow(
		'tool_consumer_info_product_family_code',
		'Equals',
		'canvas',
		pass
		);
		// tool family
		pass = (req.body.tool_consumer_info_product_family_code === 'canvas');
		addRow(
		'tool_consumer_info_product_family_code',
		'Equals',
		'canvas',
		pass
		);

		// cloud
		pass = (req.body.tool_consumer_info_version === 'cloud');
		addRow(
		'tool_consumer_info_version',
		'Equals',
		'cloud',
		pass
		);
		// cloud
		pass = (req.body.tool_consumer_info_version === 'cloud');
		addRow(
		'tool_consumer_info_version',
		'Equals',
		'cloud',
		pass
		);

		// user uuid
		pass = (req.body.user_id === user.lti_user_id);
		addRow(
		'user_id',
		'Equals LTI user id',
		user.lti_user_id,
		pass
		);
		// user uuid
		pass = (req.body.user_id === user.lti_user_id);
		addRow(
		'user_id',
		'Equals LTI user id',
		user.lti_user_id,
		pass
		);

		// User image
		pass = (req.body.user_image === user.avatar_url);
		addRow(
		'user_image',
		'Equals user.avatar_url',
		user.avatar_url,
		pass
		);
		// User image
		pass = (req.body.user_image === user.avatar_url);
		addRow(
		'user_image',
		'Equals user.avatar_url',
		user.avatar_url,
		pass
		);

		html += '\n</table>';
		return res.send(html);
		});
		html += '\n</table>';
		return res.send(html);
		});
		};

test/helpers/createAppCanvasPair.js

		@@ -8,3 +8,2 @@ const initCACCL = require('caccl/script');
		const https = require('https');
		const lti = require('ims-lti');
		const initCanvasSimulation = require('caccl-canvas-partial-simulator');
		@@ -49,16 +48,2 @@
		/------------------------------------------------------------------------/
		/* Set up lti validator */
		/------------------------------------------------------------------------/

		const provider = new lti.Provider('consumer_key', 'consumer_secret');
		const isValid = (req) => {
		return new Promise((resolve) => {
		provider.valid_request(req, (err, valid) => {
		resolve(!err && valid);
		});
		});
		};


		/------------------------------------------------------------------------/
		/* Initialize and create constants */
		@@ -303,3 +288,2 @@ /------------------------------------------------------------------------/
		user,
		isValid,
		nonceValid,
		@@ -306,0 +290,0 @@ getOnLoginTimestamp,

Improved metrics

Worsened metrics