Module: IMS::LTI::RequestValidator

Included in:
ToolBase
Defined in:
lib/ims/lti/request_validator.rb

Overview

A mixin for OAuth request validation

Instance Attribute Summary collapse

Instance Method Summary collapse

Instance Attribute Details

#oauth_signature_validatorObject (readonly)

Returns the value of attribute oauth_signature_validator.



5
6
7
# File 'lib/ims/lti/request_validator.rb', line 5

def oauth_signature_validator
  @oauth_signature_validator
end

Instance Method Details

#request_oauth_nonceObject

convenience method for getting the oauth nonce from the request



46
47
48
# File 'lib/ims/lti/request_validator.rb', line 46

def request_oauth_nonce
  @oauth_signature_validator && @oauth_signature_validator.request.oauth_nonce
end

#request_oauth_timestampObject

convenience method for getting the oauth timestamp from the request



51
52
53
# File 'lib/ims/lti/request_validator.rb', line 51

def request_oauth_timestamp
  @oauth_signature_validator && @oauth_signature_validator.request.oauth_timestamp
end

#valid_request!(request) ⇒ Bool

Check whether the OAuth-signed request is valid and throw error if not

Returns:

  • (Bool)

    Whether the request was valid



41
42
43
# File 'lib/ims/lti/request_validator.rb', line 41

def valid_request!(request)
  valid_request?(request, false)
end

#valid_request?(request, handle_error = true) ⇒ Bool

Validates and OAuth request using the OAuth Gem - github.com/oauth/oauth-ruby

To validate the OAuth signatures you need to require the appropriate request proxy for your application. For example:

# For a sinatra app:
require 'oauth/request_proxy/rack_request'

# For a rails app:
require 'oauth/request_proxy/action_controller_request'

Returns:

  • (Bool)

    Whether the request was valid



18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
# File 'lib/ims/lti/request_validator.rb', line 18

def valid_request?(request, handle_error=true)
  begin
    @oauth_signature_validator = OAuth::Signature.build(request, :consumer_secret => @consumer_secret)
    @oauth_signature_validator.verify() or raise OAuth::Unauthorized.new(request)
    true
  rescue OAuth::Signature::UnknownSignatureMethod
    if handle_error
      false
    else
      raise $!
    end
  rescue OAuth::Unauthorized
    if handle_error
      false
    else
      raise OAuth::Unauthorized.new(request)
    end
  end
end