Skip to content

Commit

Permalink
never double render on lti launch
Browse files Browse the repository at this point in the history 
closes FOO-1460
flag=none

TEST PLAN:
  1) try to launch a misconfigured tool
      via "retrieve"
  2) you should get the flash error or a 401,
     not a 500 due to double rendering

Change-Id: I0d1fac07a867905ebabf5aec25bb4bf929748d42
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/256668
Reviewed-by: Jacob Burroughs <[email protected]>
Reviewed-by: Rob Orton <[email protected]>
Tested-by: Service Cloud Jenkins <[email protected]>
QA-Review: Ethan Vizitei <[email protected]>
Product-Review: Ethan Vizitei <[email protected]>
  • Loading branch information
@evizitei
evizitei committed Jan 13, 2021
1 parent 6dc3596 commit abf83a1
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 0 deletions.
1 change: 1 addition & 0 deletions app/controllers/external_tools_controller.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -159,6 +159,7 @@ def retrieve
secure_params: params[:secure_params],
post_live_event: true
)
return unless @lti_launch
display_override = params['borderless'] ? 'borderless' : params[:display]
render Lti::AppUtil.display_template(@tool.display_type(placement), display_override: display_override)
rescue InvalidSettingsError => e
Expand Down
9 changes: 9 additions & 0 deletions spec/controllers/external_tools_controller_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -875,6 +875,15 @@
expect(assigns[:lti_launch].params['custom_collaboration_url']).to eq api_v1_collaboration_members_url(collab)
end

it "messages appropriately when there is a launch error because of missing permissions" do
user_session(@teacher)
tool = new_valid_tool(@course)
tool.settings[:course_navigation] = { 'required_permissions' => 'not-real-permissions,nor-this-one' }
tool.save!
get 'retrieve', params: {:course_id => @course.id, :url => "http://www.example.com/basic_lti"}
expect(response).to be_unauthorized
end

it "should remove query params when post_only is set" do
u = user_factory(active_all: true)
account.account_users.create!(user: u)
Expand Down

0 comments on commit abf83a1

Please sign in to comment.