-
Notifications
You must be signed in to change notification settings - Fork 482
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
LTI account linking controller and service #58464
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good job! 👍🏻
Co-authored-by: Artem Vavilov <artem.vavilov.7@gmail.com>
dashboard/app/views/lti/v1/account_linking/existing_account.html.haml
Outdated
Show resolved
Hide resolved
dashboard/app/views/lti/v1/account_linking/existing_account.html.haml
Outdated
Show resolved
Hide resolved
…ml.haml Co-authored-by: Artem Vavilov <artem.vavilov.7@gmail.com>
…ml.haml Co-authored-by: Artem Vavilov <artem.vavilov.7@gmail.com>
# POST /lti/v1/account_linking/link_email | ||
def link_email | ||
head :bad_request unless PartialRegistration.in_progress?(session) | ||
params.require([:email, :password]) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If these params are missing, it will throw an exception. Do we care about handling that exception and letting the user know they have a missing param, or are we ok with just returning :unauthorized
in the else
block?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah we'll definitely want to notify the user, but I was thinking we can be added later when we finalize the UI page that will post to this route. The front-end should be able to handle this with the usual "X field is required" messaging.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We'll also need to gracefully handle unauthorized responses for incorrect passwords
@lti_integration = create :lti_integration | ||
end | ||
|
||
setup do |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is the two setup
blocks a Rails best practices thing? One set's variables and one sets up stubs?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Whoops, no I think I accidentally added a second block when I was debugging some DCDO-related errors. Will update this
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM 👍
The first PR to start implementing account linking for LTI.
Links
JIRA
LTI tech spec
Testing story
To test this locally, set enable the DCDO flag:
Then make sure you have an existing user with an email login to test with. Launch from a new user in the LMS (or just delete any existing LTI auth_options for that user). Click "I already have a Code.org account" and then enter the creds for your existing email account. Your LTI auth option should now be attached to the email account, and you will be logged in and redirected to the homepage.
Unit Tests:
Deployment strategy
Follow-up work
This PR just lays the groundwork for the rest of the LTI account linking feature. Not intended to be prod ready yet, so it's behind a DCDO flag.
Privacy
Security
Caching
PR Checklist: