htwkmooc/codeocean
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

replaced session_paramerters with server params for security reasons

Browse Source 
cleaned up comments
This commit is contained in:
Tom Staubitz
2017-01-12 15:10:34 +01:00
parent 41a61a8507
commit dd4c789fed
8 changed files with 20 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
app/controllers/concerns/lti.rb
View File

@ -19,14 +19,13 @@ module Lti
# exercise_id.exists? ==> the user has submitted the results of an exercise to the consumer.
# Only the lti_parameters are deleted.
def clear_lti_session_data(exercise_id = nil)
#Todo replace session with lti_parameter /done
if (exercise_id.nil?)
LtiParameter.destroy_all(consumers_id: session[:consumer_id], external_user_id: session[:external_user_external_id])
LtiParameter.destroy_all(consumers_id: session[:consumer_id], external_user_id: @current_user.external_id)
session.delete(:consumer_id)
session.delete(:external_user_id)
else
LtiParameter.destroy_all(consumers_id: session[:consumer_id],
external_user_id: session[:external_user_external_id],
external_user_id: @current_user.external_id,
exercises_id: exercise_id)
end
end
@ -103,15 +102,14 @@ module Lti
def send_score(exercise_id, score)
::NewRelic::Agent.add_custom_parameters({ score: score, session: session })
fail(Error, "Score #{score} must be between 0 and #{MAXIMUM_SCORE}!") unless (0..MAXIMUM_SCORE).include?(score)
#Todo replace session with lti_parameter /done
lti_parameter = LtiParameter.where(consumers_id: session[:consumer_id],
external_user_id: session[:external_user_external_id],
external_user_id: @current_user.external_id,
exercises_id: exercise_id).first
# lti_parameters = JSON.parse(lti_parameter.lti_parameters)
consumer = Consumer.find_by(id: session[:consumer_id])
provider = build_tool_provider(consumer: consumer, parameters: lti_parameter.lti_parameters)
# provider = build_tool_provider(consumer: Consumer.find_by(id: session[:consumer_id]), parameters: session[:lti_parameters])
if provider.nil?
{status: 'error'}
elsif provider.outcome_service?
@ -141,7 +139,6 @@ module Lti
lti_parameters.save!
session[:consumer_id] = options[:consumer].id
session[:external_user_external_id] = @current_user.external_id
session[:external_user_id] = @current_user.id
end
private :store_lti_session_data