`Development`: Fix LTI authentication

[maximiliansoelch]

Checklist

General

• [x] This is a small issue that I tested locally and was confirmed by another developer on a test server.
• [x] Language: I followed the guidelines for inclusive, diversity-sensitive, and appreciative language.
• [x] I chose a title conforming to the naming conventions for pull requests.

Server

• [x] Important: I implemented the changes with a very good performance and prevented too many (unnecessary) database calls.
• [x] I strictly followed the server coding and design guidelines.

Motivation and Context

Currently, users need to login to Artemis when they do a LTI launch from an external system even in the case they are already logged in. This issue is caused by the fact that the LTILaunchFilter is placed before the JWTFilter. As the authentication is checked within the JWTFilter, this information is just not yet present in the LTILaunchFilter, requiring a user login every time.

Description

• Add LTI Filter after JWTFilter so authentication info is available at launch again
• Remove code that sets a logout cookie for authenticated users
• Adapts the tests to the changes

Steps for Testing

Prerequisites:

• Access to Moodle
• Testserver 1

1. Make sure you are logged in to Artemis with a test user (artemis_test_user_{1-5})
2. Navigate to Moodle and login with the same test user (artemis_test_user_{1-5}, same PW as for the Artemis Test Server)
3. Go to My Courses and open the course TS1 - Artemis Feature Demo Course
4. Click on one of the exercise
5. Artemis should be opened in an iFrame and you should still be logged in with the same test user

Testserver States

[!NOTE] These badges show the state of the test servers. Green = Currently available, Red = Currently locked Click on the badges to get to the test servers.

Review Progress

Performance Review

• [ ] I (as a reviewer) confirm that the client changes (in particular related to REST calls and UI responsiveness) are implemented with a very good performance
• [ ] I (as a reviewer) confirm that the server changes (in particular related to database calls) are implemented with a very good performance

Code Review

• [ ] Code Review 1
• [ ] Code Review 2

Manual Tests

• [ ] Test 1
• [ ] Test 2

Test Coverage

Screenshots

Summary by CodeRabbit

• New Features

  • Enhanced security architecture by integrating JWT-based authentication for LTI 1.3 handling.
  • Streamlined user activation logic for JWT cookie management, improving clarity and maintainability.

• Bug Fixes

  • Removed redundant checks related to user activation and LTI login requirements, simplifying session management.

• Tests

  • Updated test methods to reflect changes in LTI query parameter handling for new and existing users.