Merge pull request #952 from edx/ormsbee/ss_msg_signing

Re-enable signature checking of Software Secure postbacks
2013-09-12 09:03:36 -07:00
parent a7cb28fc90 221777e6ea
commit 8194eedcd9
1 changed files with 2 additions and 2 deletions
--- a/lms/djangoapps/verify_student/views.py
+++ b/lms/djangoapps/verify_student/views.py
@@ -180,8 +180,8 @@ def results_callback(request):
        settings.VERIFY_STUDENT["SOFTWARE_SECURE"]["API_SECRET_KEY"]
    )

-#    if not sig_valid:
-#        return HttpResponseBadRequest(_("Signature is invalid"))
+    if not sig_valid:
+        return HttpResponseBadRequest(_("Signature is invalid"))

    receipt_id = body_dict.get("EdX-ID")
    result = body_dict.get("Result")