Add RootAccountId to jwt for LiveEventSubscriptionService

Andrew Butterfield · Andrew Butterfield · commit 850833ebbaf7 · 2017-03-02T21:21:23.000Z
fixes PLAT-2280 Test plan: * Install an LTI 2.1 tool with a developer key * Start a rails console and run any of the Services::LiveEventsSubscriptionService methods and save the result * Inspect the request that was sent out with result.request.options * Grab the JWT from the headers and decrypt it using Canvas Security * Ensure that the RootAccountId is there and that the DeveloperKey is there Change-Id: I688b45efe1dd16db0d48adcaf718de801a681415 Reviewed-on: https://gerrit.instructure.com/103076 Reviewed-by: Nathan Mills <nathanm@instructure.com> Tested-by: Jenkins QA-Review: August Thornton <august@instructure.com> Product-Review: Andrew Butterfield <abutterfield@instructure.com>
diff --git a/lib/services/live_events_subscription_service.rb b/lib/services/live_events_subscription_service.rb
@@ -62,7 +62,8 @@ def settings
       def tool_proxy_jwt_body(tool_proxy, options = {})
         options.merge({
           sub: "ltiToolProxy:#{tool_proxy.guid}",
-          developerKey: tool_proxy.product_family.developer_key.global_id.to_s
+          DeveloperKey: tool_proxy.product_family.developer_key.global_id.to_s,
+          RootAccountId: (tool_proxy.context.global_root_account_id || tool_proxy.context.global_id).to_s
         })
       end
     end
diff --git a/spec/lib/services/live_events_subscription_service_spec.rb b/spec/lib/services/live_events_subscription_service_spec.rb
@@ -43,6 +43,19 @@ module Services
         developer_key
       end
 
+      let(:non_root_account_context) do
+        non_root_account = mock()
+        non_root_account.stubs(:global_root_account_id).returns(10000000000007)
+        non_root_account
+      end
+
+      let(:root_account_context) do
+        root_account = mock()
+        root_account.stubs(:global_root_account_id).returns(nil)
+        root_account.stubs(:global_id).returns(10000000000004)
+        root_account
+      end
+
       let(:product_family) do
         product_family = mock()
         product_family.stubs(:developer_key).returns(developer_key)
@@ -64,11 +77,13 @@ module Services
 
       describe '.destroy_tool_proxy_subscription' do
         it 'makes the expected request' do
+          tool_proxy.stubs(:context).returns(root_account_context)
           HTTParty.expects(:send).with do |method, endpoint, options|
             expect(method).to eq(:delete)
             expect(endpoint).to eq('http://example.com/api/subscriptions/subscription_id')
             jwt = Canvas::Security::ServicesJwt.new(options[:headers]['Authorization'].gsub('Bearer ',''), false).original_token
-            expect(jwt["developerKey"]).to eq('10000000000003')
+            expect(jwt["DeveloperKey"]).to eq('10000000000003')
+            expect(jwt["RootAccountId"]).to eq('10000000000004')
             expect(jwt["sub"]).to eq('ltiToolProxy:151b52cd-d670-49fb-bf65-6a327e3aaca0')
           end
           LiveEventsSubscriptionService.destroy_tool_proxy_subscription(tool_proxy, 'subscription_id')
@@ -77,11 +92,13 @@ module Services
 
       describe '.tool_proxy_subscription' do
         it 'makes the expected request' do
+          tool_proxy.stubs(:context).returns(non_root_account_context)
           HTTParty.expects(:send).with do |method, endpoint, options|
             expect(method).to eq(:get)
             expect(endpoint).to eq('http://example.com/api/subscriptions/subscription_id')
             jwt = Canvas::Security::ServicesJwt.new(options[:headers]['Authorization'].gsub('Bearer ',''), false).original_token
-            expect(jwt["developerKey"]).to eq('10000000000003')
+            expect(jwt["DeveloperKey"]).to eq('10000000000003')
+            expect(jwt["RootAccountId"]).to eq('10000000000007')
             expect(jwt["sub"]).to eq('ltiToolProxy:151b52cd-d670-49fb-bf65-6a327e3aaca0')
           end
           LiveEventsSubscriptionService.tool_proxy_subscription(tool_proxy, 'subscription_id')
@@ -90,11 +107,13 @@ module Services
 
       describe '.tool_proxy_subscriptions' do
         it 'makes the expected request' do
+          tool_proxy.stubs(:context).returns(non_root_account_context)
           HTTParty.expects(:send).with do |method, endpoint, options|
             expect(method).to eq(:get)
             expect(endpoint).to eq('http://example.com/api/subscriptions')
             jwt = Canvas::Security::ServicesJwt.new(options[:headers]['Authorization'].gsub('Bearer ',''), false).original_token
-            expect(jwt["developerKey"]).to eq('10000000000003')
+            expect(jwt["DeveloperKey"]).to eq('10000000000003')
+            expect(jwt["RootAccountId"]).to eq('10000000000007')
             expect(jwt["sub"]).to eq('ltiToolProxy:151b52cd-d670-49fb-bf65-6a327e3aaca0')
           end
           LiveEventsSubscriptionService.tool_proxy_subscriptions(tool_proxy)
@@ -103,14 +122,16 @@ module Services
 
       describe '.create_tool_proxy_subscription' do
         it 'makes the expected request' do
+          tool_proxy.stubs(:context).returns(root_account_context)
           subscription = { 'my' => 'subscription' }
 
           HTTParty.expects(:send).with do |method, endpoint, options|
             expect(method).to eq(:post)
             expect(endpoint).to eq('http://example.com/api/subscriptions')
             expect(options[:headers]['Content-Type']).to eq('application/json')
             jwt = Canvas::Security::ServicesJwt.new(options[:headers]['Authorization'].gsub('Bearer ',''), false).original_token
-            expect(jwt['developerKey']).to eq('10000000000003')
+            expect(jwt['DeveloperKey']).to eq('10000000000003')
+            expect(jwt["RootAccountId"]).to eq('10000000000004')
             expect(jwt['sub']).to eq('ltiToolProxy:151b52cd-d670-49fb-bf65-6a327e3aaca0')
             expect(JSON.parse(options[:body])).to eq(subscription)
           end
@@ -121,14 +142,16 @@ module Services
 
       describe '.update_tool_proxy_subscription' do
         it 'makes the expected request' do
+          tool_proxy.stubs(:context).returns(root_account_context)
           subscription = { 'my' => 'subscription' }
 
           HTTParty.expects(:send).with do |method, endpoint, options|
             expect(method).to eq(:put)
             expect(endpoint).to eq('http://example.com/api/subscriptions/subscription_id')
             expect(options[:headers]['Content-Type']).to eq('application/json')
             jwt = Canvas::Security::ServicesJwt.new(options[:headers]['Authorization'].gsub('Bearer ',''), false).original_token
-            expect(jwt['developerKey']).to eq('10000000000003')
+            expect(jwt['DeveloperKey']).to eq('10000000000003')
+            expect(jwt["RootAccountId"]).to eq('10000000000004')
             expect(jwt['sub']).to eq('ltiToolProxy:151b52cd-d670-49fb-bf65-6a327e3aaca0')
             expect(JSON.parse(options[:body])).to eq(subscription)
           end
@@ -139,6 +162,7 @@ module Services
 
       context 'timeout protection' do
         it 'throws an exception for .tool_proxy_subscriptions' do
+          tool_proxy.stubs(:context).returns(root_account_context)
           Timeout.expects(:timeout).raises(Timeout::Error)
           expect { LiveEventsSubscriptionService.tool_proxy_subscriptions(tool_proxy) }.to raise_error(Timeout::Error)
         end
