Skip to content

Commit

Permalink
[FEATURE] Added the security check page from docs to demos, currently
Browse files Browse the repository at this point in the history 
pointing at Questions API V1 until a fix is made to make it
compatible with V2.

https://app.asana.com/0/8825147419757/8855479765468
  • Loading branch information
@michaelsharman
michaelsharman committed Nov 27, 2013
1 parent 87849e8 commit 72d1218
Show file tree
Hide file tree
Showing 12 changed files with 3,685 additions and 1 deletion.
1 change: 1 addition & 0 deletions src/includes/header.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@
<link rel="stylesheet" href="./static/vendor/bootstrap/css/bootstrap.min.css">
<link rel="stylesheet" href="./static/vendor/bootstrap/css/bootstrap-theme.min.css">
<link rel="stylesheet" href="./static/vendor/reveal/reveal.css">
<link rel="stylesheet" href="./static/vendor/codemirror/codemirror.css">
<link rel="stylesheet" href="./static/css/main.css">
<script src="./static/vendor/jquery/jquery-1.10.2.min.js"></script>
<script src="./static/js/main.js"></script>
Expand Down
3 changes: 3 additions & 0 deletions src/includes/nav.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,9 @@
'Reporting' => array(
'reportsapi.php' => 'Reports API',
'ssoapi.php' => 'Single Sign On API'
),
'Misc' => array(
'security_check.php' => 'Security Check'
)
);
?>
Expand Down
2 changes: 1 addition & 1 deletion www/index.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

<div class="jumbotron">
<h1>Learnosity API Demos</h1>
<p>Welcome to the Learnosity API demos site. Here you can try out some of our services.<p>
<p>Welcome to the Learnosity API demos site. Here you can try out some of our services.</p>
<p>You may also <a href="https://github.com/Learnosity/learnosity-php-examples/archive/master.zip">download the entire site</a>
to see how you can integrate our services into your own technology stack,
or <a href="https://github.com/Learnosity/learnosity-php-examples">browse the code directly</a> on github.</p>
Expand Down
157 changes: 157 additions & 0 deletions www/security_check.php
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,157 @@
<?php include_once '../src/includes/header.php'; ?>

<div class="jumbotron">
<h1>Security Check</h1>
<p>This is a simple security test that attempts to make a request to the Questions API,
passing the security parameters you provide in the form below.</p>
<p>If the request is successful, a status code 200 will be returned in the box at the
bottom of the page, otherwise a status code 403 will be returned.</p>
<p>Information on security is available on the documentation site for
the <a href="http://docs.learnosity.com/questionsapi/apiauth.php">Questions API</a>.</p>
</div>

<form id="securityForm">
<fieldset>
<div class="row">
<div class="col-lg-6">
<h2>Security Parameters</h2>
<label for="consumer_key">consumer_key:</label>
<div class="form-group">
<div class="row">
<div class="col-xs-4">
<input type="text" id="consumer_key" name="consumer_key" value="" class="signaturePart form-control">
</div>
</div>
<div class="help-block">
Unique id provided by Learnosity that allows the server to identify the
client and retrive its <em>consumer_secret</em>.
</div>
</div>

<label for="domain">domain:</label>
<div class="form-group">
<div class="row">
<div class="col-xs-6">
<input type="text" id="domain" name="domain" value="" class=" signaturePart form-control">
</div>
</div>
<div class="help-block">
Must be the same as <em>location.hostname</em>, as the Learnosity Questions API is sending
that value to the server for authentication.
</div>
</div>

<label for="timestamp">timestamp:</label>
<div class="form-group">
<div class="row">
<div class="col-xs-4">
<input type="text" id="timestamp" name="timestamp" value="" class="span4 signaturePart form-control">
</div>
</div>
<div class="help-block">
Current time in GMT/UTC.The server will check if the timestamp is within the allowed
time frame: 3h in this test.
</div>
</div>

<label for="user_id">user_id:</label>
<div class="form-group">
<div class="row">
<div class="col-xs-4">
<input type="text" id="user_id" name="user_id" value="" class="span4 signaturePart form-control">
</div>
</div>
<div class="help-block">The id of the student/user whose assets are to be requested.</div>
</div>

<label for="consumer_secret">consumer_secret:</label>
<div class="form-group">
<div class="row">
<div class="col-xs-8">
<input type="text" id="consumer_secret" name="consumer_secret" value="" class="signaturePart form-control">
</div>
</div>
<div class="help-block">
Secret key supplied by Learnosity, which <strong>must not be exposed</strong>
either by sending it to the browser or across the network.
</div>
</div>
</div>
<div class="col-lg-6">
<div class="form-group">
<h3>Sample Activity JSON object</h3>
<pre id="actJson" class="cm-s-elegant"></pre>
</div>
<label for="domain"><strong>domain override:</strong></label>
<div class="form-group">
<input type="text" id="domain_override" name="domain" value="" class="signaturePart form-control">
</div>
<span class="help-block">
Override the <em>window.location</em> comparison. This domain must be registered
with Learnosity against the <em>consumer_key</em> being used.
</span>
</div>
</div>

<hr>

<div class="row">
<div class="col-lg-12">
<label for="signature">concatenated string:</label>
<div class="input">
<pre id="concatenation"></pre>
<span class="help-block">
Concatenation of the above parameters in order, separated by underscores.
</span>
</div>
</div>
</div>

<hr>

<div class="row">
<div class="col-lg-12">
<label for="signature">signature:</label>
<div class="form-group">
<input type="text" id="signature" name="signature" value="" class="col-lg-12 form-control">
<span class="help-block">
64 character long string, resulting from applying the SHA256 hashing algorithm
to the concatenated string.
</span>
</div>
</div>
</div>

<hr>

<div class="col-lg-12">
<button class="btn btn-primary" id="testbtn">Test</button>
<button class="btn btn-default" id="resetbtn">Reset to Defaults</button>
</div>

<hr>

<div class="row">
<div class="col-lg-12">
<h3>Server Response</h3>
<pre id="serverresponse"></pre>
</div>
</div>
</fieldset>
</form>

<script src="/static/vendor/require/require.js"></script>
<script>
var LearnosityAmd = {};
LearnosityAmd.requirejs = requirejs;
LearnosityAmd.require = require;
LearnosityAmd.define = define;
var timestamp = '<?php echo gmdate('Ymd-Hi'); ?>';
</script>
<script src="/static/vendor/sha256.js"></script>
<script src="/static/js/securityCheck.js"></script>
<script src="/static/vendor/underscore.min.js"></script>
<script src="/static/vendor/codemirror/codemirror.min.js"></script>
<script src="/static/vendor/beautify.js"></script>

<?php include_once '../src/includes/footer.php';
16 changes: 16 additions & 0 deletions www/static/css/main.css
View file
Original file line number Diff line number Diff line change
Expand Up @@ -181,3 +181,19 @@ td {
min-height: 250px;
max-height: 250px;
}

/********************************************************************
*
* Security Check
*
********************************************************************/
#serverresponse{ min-height: 75px;}

#concatenation span.conpart {color: #762;}
#concatenation span.conpart2 {color: #555;}

#actJson {margin: 0;}

#securityForm pre {
word-wrap: break-word;
}
156 changes: 156 additions & 0 deletions www/static/js/securityCheck.js
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,156 @@
/*global $, require, jsSHA, window, LearnosityApp, _, CodeMirror, js_beautify */
$(function () {
"use strict";
var concatenated = "",
activityTemplate = 'var activity = {"consumer_key":"<%= act.consumer_key %>","timestamp":"<%= act.timestamp %>","signature":"<%= act.signature %>","user_id":"<%= act.user_id %>", ... };',
defaults = {
consumer_key: 'soCnIErF4fojFiKe',
domain: location.hostname,
timestamp: window.timestamp,
user_id: '12345678',
consumer_secret: '457e0592c9a63b9d6cd39966c49db45c7ceee784'
},
domain = "api.learnosity.com",
LearnosityApp = {},
questionsApiComms;

function initialiseQuestionsAPI() {
LearnosityApp._internal = {};
LearnosityApp._internal.config = {
apiHost: 'http://' + domain + "/stable"
};
window.LearnosityApp = LearnosityApp;

var apiModules = '//' + domain + '/stable/scripts';
require.config({
baseUrl: apiModules
});
require(['comms'], function (comms) {
questionsApiComms = comms;
});
}

function updateActJsonArea() {
var actText = _.template(activityTemplate, { act: {
consumer_key: $('#consumer_key').val(),
timestamp: $('#timestamp').val(),
user_id: $('#user_id').val(),
signature: $('#signature').val()
} });
CodeMirror.runMode(js_beautify(actText), {name: "javascript", json: true}, $('#actJson')[0]);
}

function loadDefaults() {
$('#consumer_key').val(defaults.consumer_key);
$('#domain').val(defaults.domain);
$('#domain_override').val(defaults.domain);
$('#timestamp').val(defaults.timestamp);
$('#user_id').val(defaults.user_id);
$('#consumer_secret').val(defaults.consumer_secret);
$('#signature').val('');
$('#serverresponse').html('');
}

function concatenateStringAndGenerateSignature() {
concatenated = "";
concatenated += $('#consumer_key').val();
concatenated += '_';
concatenated += $('#domain_override').val();
concatenated += '_';
concatenated += $('#timestamp').val();
concatenated += '_';
concatenated += $('#user_id').val();
concatenated += '_';
concatenated += $('#consumer_secret').val();

var conc = "";
conc += '<span title="consumer_key" class="conpart">' + $('#consumer_key').val() + '</span>';
conc += '<strong>_</strong>';
conc += '<span title="domain" class="conpart2">' + $('#domain_override').val() + '</span>';
conc += '<strong>_</strong>';
conc += '<span title="timestamp" class="conpart">' + $('#timestamp').val() + '</span>';
conc += '<strong>_</strong>';
conc += '<span title="user_id" class="conpart2">' + $('#user_id').val() + '</span>';
conc += '<strong>_</strong>';
conc += '<span title="consumer_secret" class="conpart">' + $('#consumer_secret').val() + '</span>';

$('#concatenation').html(conc);

var shaObj = new jsSHA(concatenated);
$('#signature').val(shaObj.getHash("SHA-256", "HEX"));
}

function testSuccess(response) {
$('#serverresponse').html(response.status);
}

function testError(response) {
$('#serverresponse').html(response.status + ' - ' + response.response);
}

function submitToServer(withSecurity) {
$('#serverresponse').html('');
var secParams = {
consumer_key: $('#consumer_key').val(),
domain: $('#domain_override').val(),
timestamp: $('#timestamp').val(),
user_id: $('#user_id').val(),
signature: $('#signature').val()
};
if (questionsApiComms) {
questionsApiComms.request({
url: '/authenticate',
security: {
security: JSON.stringify({
consumer_key: secParams.consumer_key,
domain: secParams.domain,
timestamp: secParams.timestamp,
user_id: secParams.user_id,
signature: secParams.signature
})
},
success: testSuccess,
failure: testError
});
}
}


$('form').on('submit', function (e) {
e.preventDefault();
});

$('#domain').val(location.hostname);

$(':text').keypress(function (e) {
if (e.keyCode == 13) {
e.preventDefault();
$(this).blur();
}
});

$('.signaturePart').change(function () {
concatenateStringAndGenerateSignature();
updateActJsonArea();
});

$('#signature').change(function () {
updateActJsonArea();
});


$('#resetbtn').click(function () {
loadDefaults();
concatenateStringAndGenerateSignature();
updateActJsonArea();
});

$('#testbtn').click(function () {
submitToServer(true);
});

initialiseQuestionsAPI();
loadDefaults();
concatenateStringAndGenerateSignature();
updateActJsonArea();
});
Loading

0 comments on commit 72d1218

Please sign in to comment.