Module: Lti2Commons::Signer

Defined in:

lib/lti2_commons/signer.rb

Instance Method Summary

• #create_signed_request(launch_url, http_method, consumer_key, consumer_secret, params = {}, body = nil, content_type = nil) ⇒ Request

  Creates an OAuth signed request using the OAuth Gem - github.com/oauth/oauth-ruby.

Instance Method Details

#create_signed_request(launch_url, http_method, consumer_key, consumer_secret, params = {}, body = nil, content_type = nil) ⇒ Request

Creates an OAuth signed request using the OAuth Gem - github.com/oauth/oauth-ruby

Parameters:

• launch_url (String) —

  Endpoint of service to be launched

• http_method (String) —

  Http method (‘get’, ‘post’, ‘put’, ‘delete’)

• consumer_key (String) —

  OAuth consumer key

• consumer_secret (String) —

  OAuth consumer secret

• params (Hash) (defaults to: {}) —

  Non-auth parameters or oauth parameter default values oauth_timestamp => defaults to current time oauth_nonce => defaults to random number oauth_signature_method => defaults to HMAC-SHA1 (also RSA-SHA1 supported)

• body (String) (defaults to: nil) —

  Body content. Usually would include this for body-signing of non form-encoded data.

• content_type (String) (defaults to: nil) —

  HTTP CONTENT-TYPE header; defaults: ‘application/x-www-form-urlencoded’

Returns:

• (Request) —

  Signed request

# File 'lib/lti2_commons/signer.rb', line 31

def create_signed_request(launch_url, http_method, consumer_key, consumer_secret, params={}, 
                          body=nil, content_type=nil)
  params['oauth_consumer_key'] = consumer_key
  params['oauth_nonce'] = (rand*10E12).to_i.to_s unless params.has_key? 'oauth_nonce'    
  params['oauth_signature_method'] = "HMAC-SHA1" unless params.has_key? 'oauth_signature_method'     
  params['oauth_timestamp'] = Time.now.to_i.to_s unless params.has_key? 'oauth_timestamp'     
  params['oauth_version'] = '1.0' unless params.has_key? 'oauth_version'
   
  content_type = "application/x-www-form-urlencoded" unless content_type
    
  uri = URI.parse(launch_url)
  
  # prepare path
  path = uri.path
  path = '/' if path.empty?
  
  # flatten in query string arrays
  if uri.query && uri.query != ''
    CGI.parse(uri.query).each do |query_key, query_values|
      unless params[query_key]
        params[query_key] = query_values.first
      end
    end
  end
  
  unless content_type == 'application/x-www-form-urlencoded'
    params['oauth_body_hash'] = compute_oauth_body_hash body if body
  end

  request = OAuth::OAuthProxy::OAuthRequest.new \
                  "method" => http_method.to_s.upcase, 
                  "uri" => uri, 
                  "parameters" => params
  
  request.body = body
  request.content_type = content_type
                  
  request.sign! :consumer_secret => consumer_secret
  
  # puts "Sender secret: #{consumer_secret}"
  request
end