Re-enable signature checking for Software Secure callbacks

2013-09-12 11:59:03 -04:00
parent a7cb28fc90
commit 221777e6ea
1 changed files with 2 additions and 2 deletions
--- a/lms/djangoapps/verify_student/views.py
+++ b/lms/djangoapps/verify_student/views.py
@@ -180,8 +180,8 @@ def results_callback(request):
        settings.VERIFY_STUDENT["SOFTWARE_SECURE"]["API_SECRET_KEY"]
    )

-#    if not sig_valid:
-#        return HttpResponseBadRequest(_("Signature is invalid"))
+    if not sig_valid:
+        return HttpResponseBadRequest(_("Signature is invalid"))

    receipt_id = body_dict.get("EdX-ID")
    result = body_dict.get("Result")