caccl-lti - npm Package Compare versions
Comparing version 1.0.21 to 1.1.0
58
index.js
@@ -0,3 +1,3 @@ | ||
| // Import local modules | ||
| const Validator = require('./Validator'); | ||
| const parseLaunch = require('./parseLaunch'); | ||
@@ -8,2 +8,3 @@ | ||
| * launch information extraction | ||
| * @author Gabe Abrams | ||
| * @param {object} app - express app to add routes to | ||
@@ -29,2 +30,3 @@ * @param {string} installationCredentials.consumer_key - an LTI consumer key to | ||
| module.exports = (config) => { | ||
| // Throw error if credentials aren't included | ||
| if ( | ||
@@ -39,2 +41,3 @@ !config.installationCredentials | ||
| // Throw error if no express app is included | ||
| if (!config.app) { | ||
@@ -57,3 +60,7 @@ throw new Error('CACCL LTI can\'t be initialized without an express app.'); | ||
| config.app.use(launchPath, (req, res, next) => { | ||
| // Add function that parses an LTI launch body | ||
| /** | ||
| * Parse launch request | ||
| * @author Gabe Abrams | ||
| * @param {object} [launchBody=current request body] - the LTI launch body | ||
| */ | ||
| req._parseLaunch = (launchBody) => { | ||
@@ -67,26 +74,31 @@ return parseLaunch(launchBody || req.body, req); | ||
| // Handle POST launch requests | ||
| config.app.post(launchPath, (req, res) => { | ||
| config.app.post(launchPath, async (req, res) => { | ||
| // This is an LTI launch. Handle it | ||
| // Validate the launch request | ||
| validator.isValid(req) | ||
| .then(() => { | ||
| // This is a valid launch request | ||
| return req._parseLaunch(); | ||
| }) | ||
| .then(() => { | ||
| // Session saved! Now redirect. | ||
| if (!config.disableAuthorizeOnLaunch) { | ||
| // We're authorizing on launch, so redirect to the authorize path and | ||
| // include redirectToAfterLaunch as the 'next' url | ||
| return res.redirect(`${launchPath}?next=${redirectToAfterLaunch}`); | ||
| } | ||
| // Not authorizing on launch. Redirect to redirectToAfterLaunch | ||
| return res.redirect(redirectToAfterLaunch); | ||
| }) | ||
| .catch(() => { | ||
| // Invalid launch request or an error occurred while validating/parsing | ||
| // launch request | ||
| return res.status(403).send('We couldn\'t validate your authorization to use this app. Please try launch the app again. If you continue to have problems, please contact an admin.'); | ||
| }); | ||
| try { | ||
| // Validate | ||
| await validator.isValid(req); | ||
| // Request is valid! Parse the launch | ||
| req._parseLaunch(); | ||
| // Session saved! Now redirect to continue | ||
| if (!config.disableAuthorizeOnLaunch) { | ||
| // We are allowed to authorize on launch, so redirect to the authorize | ||
| // path and include redirectToAfterLaunch as the 'next' url | ||
| return res.redirect(`${launchPath}?next=${redirectToAfterLaunch}`); | ||
| } | ||
| // Not authorizing on launch. Immediately go to redirectToAfterLaunch | ||
| return res.redirect(redirectToAfterLaunch); | ||
| } catch (err) { | ||
| // Invalid launch request or an error occurred while validating/parsing | ||
| // launch request | ||
| return ( | ||
| res | ||
| .status(403) | ||
| .send('We couldn\'t validate your authorization to use this app. Please try launch the app again. If you continue to have problems, please contact an admin.') | ||
| ); | ||
| } | ||
| }); | ||
| }; |
@@ -35,2 +35,3 @@ const locks = require('locks'); | ||
| * Checks if a new nonce is valid, mark it as used | ||
| * @author Gabe Abrams | ||
| * @param {string} nonce - OAuth nonce | ||
@@ -98,2 +99,3 @@ * @param {string} timestamp - OAuth timestamp | ||
| * isUsedPrime => isUsedSecondary and nonces in isUsedSecondary are deleted | ||
| * @author Gabe Abrams | ||
| */ | ||
@@ -100,0 +102,0 @@ _rotate() { |
| { | ||
| "name": "caccl-lti", | ||
| "version": "1.0.21", | ||
| "version": "1.1.0", | ||
| "description": "LTI launch validator for IMS-LTI standard launches.", | ||
@@ -41,15 +41,15 @@ "main": "index.js", | ||
| "chai-as-promised": "^7.1.1", | ||
| "dce-selenium": "^1.0.42", | ||
| "dce-selenium": "^1.0.52", | ||
| "eslint": "^5.16.0", | ||
| "eslint-config-airbnb": "^17.1.1", | ||
| "eslint-plugin-import": "^2.18.2", | ||
| "eslint-plugin-import": "^2.20.1", | ||
| "eslint-plugin-jsx-a11y": "^6.2.3", | ||
| "eslint-plugin-react": "^7.14.3", | ||
| "eslint-plugin-react": "^7.18.3", | ||
| "express": "^4.17.1", | ||
| "express-session": "^1.16.2", | ||
| "express-session": "^1.17.0", | ||
| "fs": "0.0.1-security", | ||
| "https": "^1.0.0", | ||
| "mocha": "^5.2.0", | ||
| "prompt-sync": "^4.1.7" | ||
| "prompt-sync": "^4.2.0" | ||
| } | ||
| } |
| /** | ||
| * Returns parsed value of val if val is truthy, otherwise just returns val | ||
| * @author Gabe Abrams | ||
| * @param val - value to parse if truthy | ||
@@ -15,2 +16,3 @@ * @return value (parsed as int if truthy) | ||
| * Returns split array of val if val is truthy, otherwise just returns val | ||
| * @author Gabe Abrams | ||
| * @param val - value to split if truthy | ||
@@ -39,2 +41,10 @@ * @return value (split on "," if truthy) | ||
| /** | ||
| * Parses an LTI launch body and saves results to the session under | ||
| * req.session.launched (set to true) and req.session.launchInfo (contains | ||
| * all launch information...see /docs/LaunchInfo.md for more info) | ||
| * @author Gabe Abrams | ||
| * @param {object} launchBody - the body of the launch request | ||
| * @param {Express Request} req - express request instance | ||
| */ | ||
| module.exports = (launchBodyOrig, req) => { | ||
@@ -163,5 +173,3 @@ const launchBody = launchBodyOrig || req.body; | ||
| // by caccl-authorizer | ||
| req.session.accessToken = undefined; | ||
| req.session.refreshToken = undefined; | ||
| req.session.accessTokenExpiry = undefined; | ||
| req.accessToken = undefined; | ||
| req.session.authorized = undefined; | ||
@@ -168,0 +176,0 @@ req.session.authFailed = undefined; |
@@ -0,1 +1,2 @@ | ||
| // Import libraries | ||
| const oauth = require('oauth-signature'); | ||
@@ -5,2 +6,3 @@ const clone = require('fast-clone'); | ||
| // Import local modules | ||
| const MemoryNonceStore = require('./MemoryNonceStore'); | ||
@@ -12,2 +14,3 @@ | ||
| * Creates a new Validator | ||
| * @author Gabe Abrams | ||
| * @param {string} consumer_key - an LTI consumer id to compare against during | ||
@@ -24,3 +27,3 @@ * launch validation | ||
| // Consumer credentials | ||
| // Verify and save consumer credentials | ||
| if (!config.consumer_secret) { | ||
@@ -38,2 +41,3 @@ throw new Error('Validator requires consumer_secret'); | ||
| * Checks if an LTI launch request is valid | ||
| * @author Gabe Abrams | ||
| * @param {object} req - Express request object to verify | ||
@@ -63,2 +67,3 @@ * @return {Promise} promise that resolves if valid, rejects if invalid | ||
| * Checks if a nonce is valid | ||
| * @author Gabe Abrams | ||
| * @param {object} req - Express request object to verify | ||
@@ -76,2 +81,3 @@ * @return Promise that resolves if valid, rejects if invalid | ||
| * Checks if an oauth_signature is valid | ||
| * @author Gabe Abrams | ||
| * @param {object} req - Express request object to verify | ||
@@ -78,0 +84,0 @@ * @return boolean, true if req.body.oauth_signature is valid |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by0.45%
173984
- Lines of code
- increased by0.65%
4039