Merge pull request #60 from rkuncewicz/content_item_message_support

Content item message support
omsmith · Sep 5, 2016 · 0331111 · 0331111
2 parents a00afa5 + 0363f18
commit 0331111
Show file tree

Hide file tree

Showing 2 changed files with 69 additions and 10 deletions.
diff --git a/src/provider.coffee b/src/provider.coffee
@@ -35,15 +35,15 @@ class Provider
     if not callback
       callback = body
       body = undefined
-    
+
     body = body or req.body or req.payload
     callback = callback or () ->
-    
+
     @parse_request(req, body)
-    
+
     if not @_valid_parameters(body)
       return callback(new errors.ParameterError('Invalid LTI parameters'), false)
-    
+
     @_valid_oauth req, body, callback
 
 
@@ -53,12 +53,18 @@ class Provider
   _valid_parameters: (body) ->
     if not body
       return false
-
-    correct_message_type = body.lti_message_type is 'basic-lti-launch-request'
+
     correct_version      = require('./ims-lti').supported_versions.indexOf(body.lti_version) isnt -1
     has_resource_link_id = body.resource_link_id?
-    correct_message_type and correct_version and has_resource_link_id
-
+    omits_content_item_params = 
+      not body.resource_link_id? and
+      not body.resource_link_title? and 
+      not body.resource_link_description? and 
+      not body.launch_presentation_return_url? and
+      not body.lis_result_sourcedid?
+    correct_version and
+      ( body.lti_message_type is 'basic-lti-launch-request' and has_resource_link_id ) or
+      ( body.lti_message_type is 'ContentItemSelectionRequest' and omits_content_item_params )
 
   # Helper to validate the OAuth information in the request
   #
@@ -80,7 +86,7 @@ class Provider
   # Does not return anything
   parse_request: (req, body) =>
     body = body or req.body or req.payload
-    
+
     for key, val of body
       continue if key.match(/^oauth_/)
       @body[key] = val

diff --git a/test/Provider.coffee b/test/Provider.coffee
@@ -77,6 +77,7 @@ describe 'LTI.Provider', () ->
         valid.should.equal false
         done()
 
+
     it 'should return false if incorrect LTI version', (done) =>
       req_wrong_version =
         url: '/'
@@ -160,6 +161,59 @@ describe 'LTI.Provider', () ->
         should.not.exist err
         valid.should.equal true
         done()
+
+    it 'should return true if lti_message_type is ContentItemSelectionRequest', (done) =>
+      req =
+        url: '/test'
+        method: 'POST'
+        connection:
+          encrypted: undefined
+        headers:
+          host: 'localhost'
+        body:
+          lti_message_type: 'ContentItemSelectionRequest'
+          lti_version: 'LTI-1p0'
+          oauth_customer_key: 'key'
+          oauth_signature_method: 'HMAC-SHA1'
+          oauth_timestamp: Math.round(Date.now()/1000)
+          oauth_nonce: Date.now()+Math.random()*100
+
+      #sign the fake request
+      signature = @provider.signer.build_signature(req, req.body, 'secret')
+      req.body.oauth_signature = signature
+
+      @provider.valid_request req, (err, valid) ->
+        should.not.exist err
+        valid.should.equal true
+        done()
+
+    it "should return false if lti_message_type is ContentItemSelectionRequest and there are invalid fields", (done) =>
+      invalidFields = [ 'resource_link_id', 'resource_link_title','resource_link_description','launch_presentation_return_url', 'lis_result_sourcedid' ]
+      for invalidField in invalidFields
+        req =
+          url: '/test'
+          method: 'POST'
+          connection:
+            encrypted: undefined
+          headers:
+            host: 'localhost'
+          body:
+            lti_message_type: 'ContentItemSelectionRequest'
+            lti_version: 'LTI-1p0'
+            oauth_customer_key: 'key'
+            oauth_signature_method: 'HMAC-SHA1'
+            oauth_timestamp: Math.round(Date.now()/1000)
+            oauth_nonce: Date.now()+Math.random()*100
+        req.body[invalidField] = "Invalid Field"
+
+        #sign the fake request
+        signature = @provider.signer.build_signature(req, req.body, 'secret')
+        req.body.oauth_signature = signature
+
+        @provider.valid_request req, (err, valid) ->
+          should.exist err
+          valid.should.equal false
+      done()
 
     it 'should special case and deduplicate Canvas requests', (done) =>
       req =
@@ -419,4 +473,3 @@ describe 'LTI.Provider', () ->
       provider.student.should.equal false
       provider.admin.should.equal false
       provider.alumni.should.equal false
-