replaced session_paramerters with server params for security reasons
cleaned up comments
This commit is contained in:
Tom Staubitz
@ -19,14 +19,13 @@ module Lti
|
|||||||
# exercise_id.exists? ==> the user has submitted the results of an exercise to the consumer.
|
# exercise_id.exists? ==> the user has submitted the results of an exercise to the consumer.
|
||||||
# Only the lti_parameters are deleted.
|
# Only the lti_parameters are deleted.
|
||||||
def clear_lti_session_data(exercise_id = nil)
|
def clear_lti_session_data(exercise_id = nil)
|
||||||
#Todo replace session with lti_parameter /done
|
|
||||||
if (exercise_id.nil?)
|
if (exercise_id.nil?)
|
||||||
LtiParameter.destroy_all(consumers_id: session[:consumer_id], external_user_id: session[:external_user_external_id])
|
LtiParameter.destroy_all(consumers_id: session[:consumer_id], external_user_id: @current_user.external_id)
|
||||||
session.delete(:consumer_id)
|
session.delete(:consumer_id)
|
||||||
session.delete(:external_user_id)
|
session.delete(:external_user_id)
|
||||||
else
|
else
|
||||||
LtiParameter.destroy_all(consumers_id: session[:consumer_id],
|
LtiParameter.destroy_all(consumers_id: session[:consumer_id],
|
||||||
external_user_id: session[:external_user_external_id],
|
external_user_id: @current_user.external_id,
|
||||||
exercises_id: exercise_id)
|
exercises_id: exercise_id)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
@ -103,15 +102,14 @@ module Lti
|
|||||||
def send_score(exercise_id, score)
|
def send_score(exercise_id, score)
|
||||||
::NewRelic::Agent.add_custom_parameters({ score: score, session: session })
|
::NewRelic::Agent.add_custom_parameters({ score: score, session: session })
|
||||||
fail(Error, "Score #{score} must be between 0 and #{MAXIMUM_SCORE}!") unless (0..MAXIMUM_SCORE).include?(score)
|
fail(Error, "Score #{score} must be between 0 and #{MAXIMUM_SCORE}!") unless (0..MAXIMUM_SCORE).include?(score)
|
||||||
#Todo replace session with lti_parameter /done
|
|
||||||
lti_parameter = LtiParameter.where(consumers_id: session[:consumer_id],
|
lti_parameter = LtiParameter.where(consumers_id: session[:consumer_id],
|
||||||
external_user_id: session[:external_user_external_id],
|
external_user_id: @current_user.external_id,
|
||||||
exercises_id: exercise_id).first
|
exercises_id: exercise_id).first
|
||||||
# lti_parameters = JSON.parse(lti_parameter.lti_parameters)
|
|
||||||
|
|
||||||
consumer = Consumer.find_by(id: session[:consumer_id])
|
consumer = Consumer.find_by(id: session[:consumer_id])
|
||||||
provider = build_tool_provider(consumer: consumer, parameters: lti_parameter.lti_parameters)
|
provider = build_tool_provider(consumer: consumer, parameters: lti_parameter.lti_parameters)
|
||||||
# provider = build_tool_provider(consumer: Consumer.find_by(id: session[:consumer_id]), parameters: session[:lti_parameters])
|
|
||||||
if provider.nil?
|
if provider.nil?
|
||||||
{status: 'error'}
|
{status: 'error'}
|
||||||
elsif provider.outcome_service?
|
elsif provider.outcome_service?
|
||||||
@ -141,7 +139,6 @@ module Lti
|
|||||||
lti_parameters.save!
|
lti_parameters.save!
|
||||||
|
|
||||||
session[:consumer_id] = options[:consumer].id
|
session[:consumer_id] = options[:consumer].id
|
||||||
session[:external_user_external_id] = @current_user.external_id
|
|
||||||
session[:external_user_id] = @current_user.id
|
session[:external_user_id] = @current_user.id
|
||||||
end
|
end
|
||||||
private :store_lti_session_data
|
private :store_lti_session_data
|
||||||
|
|||||||
@ -157,16 +157,14 @@ class ExercisesController < ApplicationController
|
|||||||
end
|
end
|
||||||
|
|
||||||
def redirect_to_lti_return_path
|
def redirect_to_lti_return_path
|
||||||
#Todo replace session with lti_parameter /done
|
|
||||||
lti_parameter = LtiParameter.where(consumers_id: session[:consumer_id],
|
lti_parameter = LtiParameter.where(consumers_id: session[:consumer_id],
|
||||||
external_user_id: session[:external_user_external_id],
|
external_user_id: @current_user.external_id,
|
||||||
exercises_id: @submission.exercise_id).first
|
exercises_id: @submission.exercise_id).first
|
||||||
|
|
||||||
path = lti_return_path(consumer_id: session[:consumer_id],
|
path = lti_return_path(consumer_id: session[:consumer_id],
|
||||||
submission_id: @submission.id,
|
submission_id: @submission.id,
|
||||||
url: consumer_return_url(build_tool_provider(consumer: Consumer.find_by(id: session[:consumer_id]),
|
url: consumer_return_url(build_tool_provider(consumer: Consumer.find_by(id: session[:consumer_id]),
|
||||||
parameters: lti_parameter.lti_parameters)))
|
parameters: lti_parameter.lti_parameters)))
|
||||||
# parameters: session[:lti_parameters])))
|
|
||||||
respond_to do |format|
|
respond_to do |format|
|
||||||
format.html { redirect_to(path) }
|
format.html { redirect_to(path) }
|
||||||
format.json { render(json: {redirect: path}) }
|
format.json { render(json: {redirect: path}) }
|
||||||
@ -230,7 +228,7 @@ class ExercisesController < ApplicationController
|
|||||||
def submit
|
def submit
|
||||||
@submission = Submission.create(submission_params)
|
@submission = Submission.create(submission_params)
|
||||||
score_submission(@submission)
|
score_submission(@submission)
|
||||||
if lti_outcome_service?(@submission.exercise_id)
|
if lti_outcome_service?(@submission.exercise_id, @current_user.external_id, @current_user.consumer_id)
|
||||||
transmit_lti_score
|
transmit_lti_score
|
||||||
else
|
else
|
||||||
redirect_after_submit
|
redirect_after_submit
|
||||||
|
|||||||
@ -22,7 +22,7 @@ class SessionsController < ApplicationController
|
|||||||
store_lti_session_data(consumer: @consumer, parameters: params)
|
store_lti_session_data(consumer: @consumer, parameters: params)
|
||||||
store_nonce(params[:oauth_nonce])
|
store_nonce(params[:oauth_nonce])
|
||||||
redirect_to(implement_exercise_path(@exercise),
|
redirect_to(implement_exercise_path(@exercise),
|
||||||
notice: t("sessions.create_through_lti.session_#{lti_outcome_service?(@exercise.id) ? 'with' : 'without'}_outcome",
|
notice: t("sessions.create_through_lti.session_#{lti_outcome_service?(@exercise.id, @current_user.external_id , @consumer.id) ? 'with' : 'without'}_outcome",
|
||||||
consumer: @consumer))
|
consumer: @consumer))
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|||||||
@ -1,10 +1,10 @@
|
|||||||
module LtiHelper
|
module LtiHelper
|
||||||
def lti_outcome_service?(exercise_id)
|
def lti_outcome_service?(exercise_id, external_user_id, consumer_id)
|
||||||
#Todo replace session with lti_parameter /done
|
return false if external_user_id == '' || consumer_id == ''
|
||||||
lti_parameters = LtiParameter.where(consumers_id: session[:consumer_id],
|
|
||||||
external_user_id: session[:external_user_external_id],
|
lti_parameters = LtiParameter.where(consumers_id: consumer_id,
|
||||||
|
external_user_id: external_user_id,
|
||||||
exercises_id: exercise_id).lis_outcome_service_url?
|
exercises_id: exercise_id).lis_outcome_service_url?
|
||||||
!lti_parameters.nil? && lti_parameters.size > 0
|
!lti_parameters.nil? && lti_parameters.size > 0
|
||||||
# session[:lti_parameters].try(:has_key?, 'lis_outcome_service_url')
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
@ -1,11 +1,10 @@
|
|||||||
- external_user_id = @current_user.respond_to?(:external_id) ? @current_user.external_id : '' #'tests' #(@current_user.uuid.present? ? @current_user.uuid : '')
|
- external_user_id = @current_user.respond_to?(:external_id) ? @current_user.external_id : '' #'tests' #(@current_user.uuid.present? ? @current_user.uuid : '')
|
||||||
|
- consumer_id = @current_user.respond_to?(:external_id) ? @current_user.consumer_id : '' #'tests' #(@current_user.uuid.present? ? @current_user.uuid : '')
|
||||||
#editor.row data-exercise-id=exercise.id data-message-depleted=t('exercises.editor.depleted') data-message-timeout=t('exercises.editor.timeout', permitted_execution_time: @exercise.execution_environment.permitted_execution_time) data-errors-url=execution_environment_errors_path(exercise.execution_environment) data-submissions-url=submissions_path data-user-id=@current_user.id data-user-external-id=external_user_id
|
#editor.row data-exercise-id=exercise.id data-message-depleted=t('exercises.editor.depleted') data-message-timeout=t('exercises.editor.timeout', permitted_execution_time: @exercise.execution_environment.permitted_execution_time) data-errors-url=execution_environment_errors_path(exercise.execution_environment) data-submissions-url=submissions_path data-user-id=@current_user.id data-user-external-id=external_user_id
|
||||||
div id="sidebar" class=(@exercise.hide_file_tree ? 'sidebar-col-collapsed' : 'sidebar-col') = render('editor_file_tree', exercise: @exercise, files: @files)
|
div id="sidebar" class=(@exercise.hide_file_tree ? 'sidebar-col-collapsed' : 'sidebar-col') = render('editor_file_tree', exercise: @exercise, files: @files)
|
||||||
div id='output_sidebar' class='output-col-collapsed' = render('exercises/editor_output')
|
div id='output_sidebar' class='output-col-collapsed' = render('exercises/editor_output', external_user_id: external_user_id, consumer_id: consumer_id )
|
||||||
div id='frames' class='editor-col'
|
div id='frames' class='editor-col'
|
||||||
#editor-buttons.btn-group.enforce-bottom-margin
|
#editor-buttons.btn-group.enforce-bottom-margin
|
||||||
// = render('editor_button', data: {:'data-message-success' => t('submissions.create.success'), :'data-placement' => 'top', :'data-tooltip' => true}, icon: 'fa fa-save', id: 'save', label: t('exercises.editor.save'), title: t('.tooltips.save'))
|
|
||||||
// .btn-group
|
|
||||||
= render('editor_button', disabled: true, icon: 'fa fa-ban', id: 'dummy', label: t('exercises.editor.dummy'))
|
= render('editor_button', disabled: true, icon: 'fa fa-ban', id: 'dummy', label: t('exercises.editor.dummy'))
|
||||||
= render('editor_button', icon: 'fa fa-desktop', id: 'render', label: t('exercises.editor.render'))
|
= render('editor_button', icon: 'fa fa-desktop', id: 'render', label: t('exercises.editor.render'))
|
||||||
= render('editor_button', data: {:'data-message-failure' => t('exercises.editor.run_failure'), :'data-message-network' => t('exercises.editor.network'), :'data-message-success' => t('exercises.editor.run_success'), :'data-placement' => 'top', :'data-tooltip' => true}, icon: 'fa fa-play', id: 'run', label: t('exercises.editor.run'), title: t('shared.tooltips.shortcut', shortcut: 'ALT + r'))
|
= render('editor_button', data: {:'data-message-failure' => t('exercises.editor.run_failure'), :'data-message-network' => t('exercises.editor.network'), :'data-message-success' => t('exercises.editor.run_success'), :'data-placement' => 'top', :'data-tooltip' => true}, icon: 'fa fa-play', id: 'run', label: t('exercises.editor.run'), title: t('shared.tooltips.shortcut', shortcut: 'ALT + r'))
|
||||||
|
|||||||
@ -27,9 +27,7 @@ div id='output_sidebar_uncollapsed' class='hidden col-sm-12 enforce-bottom-margi
|
|||||||
.progress-bar role='progressbar'
|
.progress-bar role='progressbar'
|
||||||
|
|
||||||
br
|
br
|
||||||
/ #Todo replace session with lti_parameter /done
|
- if lti_outcome_service?(@exercise.id, external_user_id, consumer_id)
|
||||||
/- if session[:lti_parameters].try(:has_key?, 'lis_outcome_service_url')
|
|
||||||
- if lti_outcome_service?(@exercise.id)
|
|
||||||
p.text-center = render('editor_button', classes: 'btn-lg btn-success', data: {:'data-url' => submit_exercise_path(@exercise)}, icon: 'fa fa-send', id: 'submit', label: t('exercises.editor.submit'))
|
p.text-center = render('editor_button', classes: 'btn-lg btn-success', data: {:'data-url' => submit_exercise_path(@exercise)}, icon: 'fa fa-send', id: 'submit', label: t('exercises.editor.submit'))
|
||||||
- else
|
- else
|
||||||
p.text-center = render('editor_button', classes: 'btn-lg btn-warning-outline', data: {:'data-placement' => 'bottom', :'data-tooltip' => true}, icon: 'fa fa-clock-o', id: 'submit_outdated', label: t('exercises.editor.exercise_deadline_passed'), title: t('exercises.editor.tooltips.exercise_deadline_passed'))
|
p.text-center = render('editor_button', classes: 'btn-lg btn-warning-outline', data: {:'data-placement' => 'bottom', :'data-tooltip' => true}, icon: 'fa fa-clock-o', id: 'submit_outdated', label: t('exercises.editor.exercise_deadline_passed'), title: t('exercises.editor.tooltips.exercise_deadline_passed'))
|
||||||
|
|||||||
@ -217,10 +217,10 @@ de:
|
|||||||
submit: Code zur Bewertung abgeben
|
submit: Code zur Bewertung abgeben
|
||||||
test: Testen
|
test: Testen
|
||||||
timeout: 'Ausführung gestoppt. Ihr Code hat die erlaubte Ausführungszeit von %{permitted_execution_time} Sekunden überschritten.'
|
timeout: 'Ausführung gestoppt. Ihr Code hat die erlaubte Ausführungszeit von %{permitted_execution_time} Sekunden überschritten.'
|
||||||
exercise_deadline_passed: 'Die Abgabefrist für diese Aufgabe ist bereits abgelaufen.'
|
exercise_deadline_passed: 'Das Ergebnis kann nicht übertragen werden.'
|
||||||
tooltips:
|
tooltips:
|
||||||
save: Ihr Code wird automatisch gespeichert, wann immer Sie eine Datei herunterladen, ausführen oder testen. Explizites Speichern ist also selten notwendig.
|
save: Ihr Code wird automatisch gespeichert, wann immer Sie eine Datei herunterladen, ausführen oder testen. Explizites Speichern ist also selten notwendig.
|
||||||
exercise_deadline_passed: 'Die hier erzielten Punkte können nur bis zum Ablauf der Abgabefrist an die E-Learning-Plattform übertragen werden.'
|
exercise_deadline_passed: 'Entweder ist die Abgabefrist bereits abgelaufen oder Sie haben die Aufgabe nicht direkt über die E-Learning Plattform gestartet. (Möglicherweise haben Sie den Zurück Button Ihres Browsers benutzt nachdem Sie Ihre Aufgabe abgegeben haben?)'
|
||||||
request_for_comments_sent: "Kommentaranfrage gesendet."
|
request_for_comments_sent: "Kommentaranfrage gesendet."
|
||||||
editor_file_tree:
|
editor_file_tree:
|
||||||
file_root: Dateien
|
file_root: Dateien
|
||||||
|
|||||||
@ -238,10 +238,10 @@ en:
|
|||||||
submit: Submit Code For Assessment
|
submit: Submit Code For Assessment
|
||||||
test: Test
|
test: Test
|
||||||
timeout: 'Execution stopped. Your code exceeded the permitted execution time of %{permitted_execution_time} seconds.'
|
timeout: 'Execution stopped. Your code exceeded the permitted execution time of %{permitted_execution_time} seconds.'
|
||||||
exercise_deadline_passed: 'The deadline for this exercise has already passed'
|
exercise_deadline_passed: 'The score cannot be submitted.'
|
||||||
tooltips:
|
tooltips:
|
||||||
save: Your code is automatically saved whenever you download, run, or test it. Therefore, explicitly saving is rarely necessary.
|
save: Your code is automatically saved whenever you download, run, or test it. Therefore, explicitly saving is rarely necessary.
|
||||||
exercise_deadline_passed: 'The results for this exercise can only be submitted to the e-learning platform before the deadline has passed.'
|
exercise_deadline_passed: 'Either the deadline has already passed or you did not directly access this page from the e-learning platform. (Did you use the Back button of your browser after submitting the score?)'
|
||||||
request_for_comments_sent: "Request for comments sent."
|
request_for_comments_sent: "Request for comments sent."
|
||||||
editor_file_tree:
|
editor_file_tree:
|
||||||
file_root: Files
|
file_root: Files
|
||||||
|
|||||||
Reference in New Issue
Block a user