Merge branch 'master' into snyk-fix-5b306eafefb6dbcb81b504c89a0a8d26

.dockerignore

@@ -14,8 +14,8 @@ tmp
 /db/**/*.sqlite3-journal
 /db/production
 /db/production-postgres
-public/assets
-public/b
+/public/assets
+/public/lti
 coverage/
 .rvmrc
 vendor/bundle

.github/workflows/ci.build.prerelease.yml

@@ -47,7 +47,7 @@ jobs:
 
       - name: Build and Push pre-release
         if: contains(env.DOCKER_BUILD_ENABLED, 'true')
-        uses: docker/build-push-action@v3
+        uses: docker/build-push-action@v5
         with:
           push: true
           tags: |

.github/workflows/ci.build.push.yml

@@ -60,7 +60,7 @@ jobs:
 
       - name: Build and Push branch
         if: contains(env.DOCKER_BUILD_ENABLED, 'true')
-        uses: docker/build-push-action@v3
+        uses: docker/build-push-action@v5
         with:
           push: true
           tags: |

.github/workflows/ci.build.release.yml

@@ -47,7 +47,7 @@ jobs:
 
       - name: Build and Push release
         if: contains(env.DOCKER_BUILD_ENABLED, 'true')
-        uses: docker/build-push-action@v3
+        uses: docker/build-push-action@v5
         with:
           push: true
           tags: |

Dockerfile

@@ -64,7 +64,7 @@ ENV PORT=${PORT:-3000}
 EXPOSE ${PORT}
 
 # Precompile assets
-RUN SECRET_KEY_BASE=1 RAILS_ENV=${RAILS_ENV:-production} bundle exec rake assets:precompile --trace
+RUN SECRET_KEY_BASE=1 RAILS_ENV=${RAILS_ENV:-production} RELATIVE_URL_ROOT=${RELATIVE_URL_ROOT:-lti} bundle exec rake assets:precompile --trace
 
 # Run startup command
 CMD ["scripts/start.sh"]

Gemfile

@@ -66,7 +66,7 @@ gem 'popper_js', '>= 1.16'
 group :development, :test do
   # Call 'byebug' anywhere in the code to stop execution and get a debugger console
   gem 'byebug', platform: :mri
-  gem 'dotenv-rails', '>= 3.0.0'
+  gem 'dotenv-rails', '>= 3.1.1'
   gem 'rspec'
   gem 'rspec-rails', '>= 6.1.2'
 end

app/controllers/concerns/dynamic_registration_service.rb

@@ -28,12 +28,9 @@ def client_registration_request_header(token)
   end
 
   def client_registration_request_body(key_token)
-    params[:app] ||= params[:custom_broker_app] || Rails.configuration.default_tool
-    return if params[:app] == 'default' || params[:custom_broker_app] == 'default'
-
     jwks_uri = registration_pub_keyset_url(key_token: key_token)
 
-    tool = Rails.configuration.default_tool
+    tool = params[:app] || Rails.configuration.default_tool
 
     {
       "application_type": 'web',
@@ -43,9 +40,9 @@ def client_registration_request_body(key_token)
       "redirect_uris":
           [openid_launch_url(protocol: 'https'),
            deep_link_request_launch_url(protocol: 'https'),],
-      "client_name": t("apps.#{tool}.title"),
+      "client_name": params[:app_name] || t("apps.#{tool}.title"),
       "jwks_uri": jwks_uri,
-      "logo_uri": secure_url(lti_app_icon_url(params[:app])),
+      "logo_uri": params[:app_icon_url] || secure_url(lti_app_icon_url(tool)),
       # "policy_uri": 'https://client.example.org/privacy',
       # "policy_uri#ja": 'https://client.example.org/privacy?lang=ja',
       # "tos_uri": 'https://client.example.org/tos',
@@ -55,7 +52,7 @@ def client_registration_request_body(key_token)
       "scope": 'https://purl.imsglobal.org/spec/lti-ags/scope/score https://purl.imsglobal.org/spec/lti-nrps/scope/contextmembership.readonly',
       "https://purl.imsglobal.org/spec/lti-tool-configuration": {
         "domain": URI.parse(openid_launch_url(protocol: 'https')).host,
-        "description": t("apps.#{tool}.description"),
+        "description": params[:app_description] || t("apps.#{tool}.description"),
         "target_link_uri": openid_launch_url(protocol: 'https'),
         "custom_parameters": {},
         "claims": %w[iss sub name given_name family_name email],
@@ -111,13 +108,13 @@ def new_rsa_keypair
     # Setting keys
     private_key = OpenSSL::PKey::RSA.generate(4096)
     public_key = private_key.public_key
+    key_pair_token = Digest::MD5.hexdigest(SecureRandom.uuid)
 
-    rsa_key_pair = RsaKeyPair.create(
-      private_key: private_key.to_s,
-      public_key: public_key.to_s
+    RsaKeyPair.create(
+      private_key: private_key,
+      public_key: public_key,
+      token: key_pair_token
     )
-
-    rsa_key_pair.id
   end
 
   private

app/controllers/registration_controller.rb

@@ -171,9 +171,9 @@ def process_registration_initiation_request
     # validate_issuer(jwt_body)
 
     # 3.5.2 Client Registration Request
-    key_id = new_rsa_keypair
+    key_pair = new_rsa_keypair
     header = client_registration_request_header(params[:registration_token])
-    body = client_registration_request_body(key_id)
+    body = client_registration_request_body(key_pair.token)
     body = body.to_json
 
     http = Net::HTTP.new(uri.host, uri.port)
@@ -191,7 +191,8 @@ def process_registration_initiation_request
       key_set_url: openid_configuration['jwks_uri'],
       auth_token_url: openid_configuration['token_endpoint'],
       auth_login_url: openid_configuration['authorization_endpoint'],
-      rsa_key_pair_id: key_id,
+      rsa_key_pair_id: key_pair.id,
+      rsa_key_pair_token: key_pair.token,
       registration_token: params[:registration_token],
     }
 

app/views/message/deep_link.html.erb

@@ -26,7 +26,7 @@ with BigBlueButton; if not, see <http://www.gnu.org/licenses/>. %>
 							<div class="tool-logo-background">
 								<%= image_tag(lti_app_icon_url(app[:app_name]), alt: "Icon", size: "35", class: "img-fluid") %>
 							</div>
-							<h5 class="card-title mt-3"><%= app[:app_name] %></h5>
+							<h5 class="card-title mt-3"><%= app[:app_name].capitalize %></h5>
 
 							<!-- Info icon -->
 							<a class="info-icon mt-3" 

config/environments/development.rb

@@ -102,4 +102,13 @@
 
   # Uncomment if you wish to allow Action Cable access from any origin.
   # config.action_cable.disable_request_forgery_protection = true
+
+  # Disable dynamic asset compilation
+  config.assets.compile = true
+
+  # Enable serving static files from the `/public` directory
+  config.public_file_server.enabled = true
+
+  # Use digests for assets URLs
+  config.assets.digest = true
 end

lib/tasks/apps.rake

@@ -0,0 +1,138 @@
+# frozen_string_literal: true
+
+require 'securerandom'
+require 'uri'
+require 'bbb_lti_broker/helpers'
+
+namespace :apps do
+  desc 'Add a new blti app - add[name,hostname,uid,secret]'
+  task :add, [:name, :hostname, :uid, :secret] => :environment do |_t, args|
+    include BbbLtiBroker::Helpers
+    Rake::Task['environment'].invoke
+    ActiveRecord::Base.connection
+    unless args[:name]
+      puts('No app name provided')
+      exit(1)
+    end
+    blti_apps = Doorkeeper::Application.where(name: args[:name])
+    unless blti_apps.empty?
+      puts("App '#{args[:name]}' already exists, it can not be added")
+      exit(1)
+    end
+    unless args[:hostname]
+      puts("Parameters hostname is required, app '#{args[:name]}' can not be added")
+      exit(1)
+    end
+    puts("Adding '#{args.to_hash}'")
+    uid = args.[](:uid) || SecureRandom.hex(32)
+    secret = args.[](:secret) || SecureRandom.hex(32)
+
+    redirect_uri = (args[:hostname]).to_s
+    app = Doorkeeper::Application.create!(name: args[:name], uid: uid, secret: secret, \
+                                          redirect_uri: redirect_uri, scopes: 'api')
+    app1 = app.attributes.select { |key, _value| %w[name uid secret redirect_uri].include?(key) }
+    puts("Added '#{app1.to_json}'")
+  rescue StandardError => e
+    puts(e.backtrace)
+    exit(1)
+  end
+
+  desc 'Update an existent blti app if exists - update[name,redirect_uris,uid,secret]. redirect_uris is a list of callback uris separated by "\,"'
+  task :update, [:name, :redirect_uris, :uid, :secret] => :environment do |_t, args|
+    include BbbLtiBroker::Helpers
+    Rake::Task['environment'].invoke
+    ActiveRecord::Base.connection
+    unless args[:name]
+      puts('No app name provided')
+      exit(1)
+    end
+    app = Doorkeeper::Application.find_by(name: args[:name])
+    if app.nil?
+      puts("App '#{args[:name]}' does not exist, it can not be updated")
+      exit(1)
+    end
+    puts("Updating '#{args.to_hash}'")
+    app.update!(uid: args[:uid]) if args.[](:uid)
+    app.update!(secret: args[:secret]) if args.[](:secret)
+
+    redirect_uri = (args[:redirect_uris]).gsub(',', "\r\n")
+    puts("redirect_uri:\n#{redirect_uri}")
+    app.update!(redirect_uri: redirect_uri) if args.[](:redirect_uris)
+    app_updated = app.attributes.select { |key, _value| %w[name uid secret redirect_uri].include?(key) }
+    puts("Updated '#{app_updated.to_json}'")
+  rescue StandardError => e
+    puts(e.backtrace)
+    exit(1)
+  end
+
+  desc 'Delete an existent blti app if exists - delete[name]'
+  task :delete, [:name] => :environment do |_t, args|
+    include BbbLtiBroker::Helpers
+    Rake::Task['environment'].invoke
+    ActiveRecord::Base.connection
+    unless args[:name]
+      puts('No app name provided')
+      exit(1)
+    end
+    blti_apps = Doorkeeper::Application.where(name: args[:name])
+    if blti_apps.empty?
+      puts("App '#{args[:name]}' does not exist, it can not be deleted")
+      exit(1)
+    end
+    blti_apps.each(&:destroy)
+    puts("Apps with name '#{args[:name]}' were successfully destroyed")
+  rescue StandardError => e
+    puts(e.backtrace)
+    exit(1)
+  end
+
+  desc 'Show an existent blti app if exists - show[name]'
+  task :show, [:name] => :environment do |_t, args|
+    include BbbLtiBroker::Helpers
+    Rake::Task['environment'].invoke
+    ActiveRecord::Base.connection
+    unless args[:name]
+      puts('No app name provided')
+      exit(1)
+    end
+    apps = Doorkeeper::Application.where(name: args[:name])
+    if apps.empty?
+      puts("App '#{args[:name]}' does not exist, it can not be shown")
+      exit(1)
+    end
+    apps.each do |app|
+      app1 = app.attributes.select { |key, _value| %w[name uid secret redirect_uri].include?(key) }
+      puts(app1.to_json)
+    end
+  rescue StandardError => e
+    puts(e.backtrace)
+    exit(1)
+  end
+
+  desc 'Delete all existent blti apps'
+  task :deleteall, [] => :environment do
+    include BbbLtiBroker::Helpers
+    Rake::Task['environment'].invoke
+    ActiveRecord::Base.connection
+    Doorkeeper::Application.delete_all
+    puts('All the registered apps were deleted')
+  rescue StandardError => e
+    puts(e.backtrace)
+    exit(1)
+  end
+
+  desc 'Show all existent blti apps'
+  task :showall, [] => :environment do
+    include BbbLtiBroker::Helpers
+    Rake::Task['environment'].invoke
+    ActiveRecord::Base.connection
+    apps = Doorkeeper::Application.all
+    apps.each do |app|
+      app1 = app.attributes.select { |key, _value| %w[name uid secret redirect_uri].include?(key) }
+      puts(app1.to_json)
+    end
+  rescue ApplicationRedisRecord::RecordNotFound
+    puts(e.backtrace)
+    exit(1)
+  end
+end