Module: IMS::LTI::RequestValidator

Included in:

ToolBase

Defined in:

lib/ims/lti/request_validator.rb

Overview

A mixin for OAuth request validation

Instance Attribute Summary

• #oauth_signature_validator ⇒ Object readonly

  Returns the value of attribute oauth_signature_validator.

Instance Method Summary

• #request_oauth_nonce ⇒ Object

  convenience method for getting the oauth nonce from the request.

• #request_oauth_timestamp ⇒ Object

  convenience method for getting the oauth timestamp from the request.

• #valid_request!(request) ⇒ Bool

  Check whether the OAuth-signed request is valid and throw error if not.

• #valid_request?(request, handle_error = true) ⇒ Bool

  Validates and OAuth request using the OAuth Gem - github.com/oauth/oauth-ruby.

Instance Attribute Details

#oauth_signature_validator ⇒ Object (readonly)

Returns the value of attribute oauth_signature_validator.

# File 'lib/ims/lti/request_validator.rb', line 5

def oauth_signature_validator
  @oauth_signature_validator
end

Instance Method Details

#request_oauth_nonce ⇒ Object

convenience method for getting the oauth nonce from the request

# File 'lib/ims/lti/request_validator.rb', line 46

def request_oauth_nonce
  @oauth_signature_validator && @oauth_signature_validator.request.oauth_nonce
end

#request_oauth_timestamp ⇒ Object

convenience method for getting the oauth timestamp from the request

# File 'lib/ims/lti/request_validator.rb', line 51

def request_oauth_timestamp
  @oauth_signature_validator && @oauth_signature_validator.request.oauth_timestamp
end

#valid_request!(request) ⇒ Bool

Check whether the OAuth-signed request is valid and throw error if not

Returns:

• (Bool) —

  Whether the request was valid

# File 'lib/ims/lti/request_validator.rb', line 41

def valid_request!(request)
  valid_request?(request, false)
end

#valid_request?(request, handle_error = true) ⇒ Bool

Validates and OAuth request using the OAuth Gem - github.com/oauth/oauth-ruby

To validate the OAuth signatures you need to require the appropriate request proxy for your application. For example:

# For a sinatra app:
require 'oauth/request_proxy/rack_request'

# For a rails app:
require 'oauth/request_proxy/action_controller_request'

Returns:

• (Bool) —

  Whether the request was valid

# File 'lib/ims/lti/request_validator.rb', line 18

def valid_request?(request, handle_error=true)
  begin
    @oauth_signature_validator = OAuth::Signature.build(request, :consumer_secret => @consumer_secret)
    @oauth_signature_validator.verify() or raise OAuth::Unauthorized.new(request)
    true
  rescue OAuth::Signature::UnknownSignatureMethod
    if handle_error
      false
    else
      raise $!
    end
  rescue OAuth::Unauthorized
    if handle_error
      false
    else
      raise OAuth::Unauthorized.new(request)
    end
  end
end