Change the unique student id calculation to match the id we send to xqueue

- can't change the xqueue one because there's data that uses it - we checked, and no one has sent out survey links that use the old sha1() format doing this because we'll need the LMS to be able to send the anon student id to backend services e.g. for peer grading, and passing two different anon student ids to xmodule (one for xqueue, one for other uses) is just asking for confusion.
2012-11-30 11:30:02 -05:00
parent 835f18795a
commit 052807d7f6
2 changed files with 9 additions and 16 deletions
--- a/common/djangoapps/student/models.py
+++ b/common/djangoapps/student/models.py
@@ -36,7 +36,7 @@ file and check it in at the same time as your model changes. To do that,
 3. Add the migration file created in mitx/common/djangoapps/student/migrations/
 """
 from datetime import datetime
-from hashlib import sha1
+import hashlib
 import json
 import logging
 import uuid
@@ -197,14 +197,13 @@ def unique_id_for_user(user):
    """
    Return a unique id for a user, suitable for inserting into
    e.g. personalized survey links.
-
-    Currently happens to be implemented as a sha1 hash of the username
-    (and thus assumes that usernames don't change).
    """
-    # Using the user id as the salt because it's sort of random, and is already
-    # in the db.
-    salt = str(user.id)
-    return sha1(salt + user.username).hexdigest()
+    # include the secret key as a salt, and to make the ids unique accross
+    # different LMS installs.    
+    h = hashlib.md5()
+    h.update(settings.SECRET_KEY)
+    h.update(str(user.id))
+    return h.hexdigest()


 ## TODO: Should be renamed to generic UserGroup, and possibly
--- a/lms/djangoapps/courseware/module_render.py
+++ b/lms/djangoapps/courseware/module_render.py
@@ -1,4 +1,3 @@
-import hashlib
 import json
 import logging
 import pyparsing
@@ -20,6 +19,7 @@ from mitxmako.shortcuts import render_to_string
 from models import StudentModule, StudentModuleCache
 from psychometrics.psychoanalyze import make_psychometrics_data_update_handler
 from static_replace import replace_urls
+from student.models import unique_id_for_user
 from xmodule.errortracker import exc_info_to_str
 from xmodule.exceptions import NotFoundError
 from xmodule.modulestore import Location
@@ -152,12 +152,6 @@ def _get_module(user, request, location, student_module_cache, course_id, positi
    if not has_access(user, descriptor, 'load'):
        return None

-    # Anonymized student identifier
-    h = hashlib.md5()
-    h.update(settings.SECRET_KEY)
-    h.update(str(user.id))
-    anonymous_student_id = h.hexdigest()
-
    # Only check the cache if this module can possibly have state
    instance_module = None
    shared_module = None
@@ -230,7 +224,7 @@ def _get_module(user, request, location, student_module_cache, course_id, positi
                          # by the replace_static_urls code below
                          replace_urls=replace_urls,
                          node_path=settings.NODE_PATH,
-                          anonymous_student_id=anonymous_student_id,
+                          anonymous_student_id=unique_id_for_user(user),
                          )
    # pass position specified in URL to module through ModuleSystem
    system.set('position', position)