From b6a863fb0e3e15eee672e52e5c4744352a9b7f8c Mon Sep 17 00:00:00 2001 From: David Ormsbee Date: Fri, 13 Sep 2013 11:48:44 -0400 Subject: [PATCH 1/2] Make sure we use the name that was frozen at time of verification when sending to Software Secure. --- lms/djangoapps/verify_student/models.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lms/djangoapps/verify_student/models.py b/lms/djangoapps/verify_student/models.py index bef2d2be7f..c35a1cb2a3 100644 --- a/lms/djangoapps/verify_student/models.py +++ b/lms/djangoapps/verify_student/models.py @@ -476,7 +476,7 @@ class SoftwareSecurePhotoVerification(PhotoVerification): body = { "EdX-ID": str(self.receipt_id), - "ExpectedName": self.user.profile.name, + "ExpectedName": self.name, "PhotoID": self.image_url("photo_id"), "PhotoIDKey": self.photo_id_key, "SendResponseTo": callback_url, From d1e1e7e5bcd2f00ae3abe47e711427a571cb7e99 Mon Sep 17 00:00:00 2001 From: David Ormsbee Date: Fri, 13 Sep 2013 11:49:54 -0400 Subject: [PATCH 2/2] Minor fixes to handle non-ASCII names/config in student verification. --- lms/djangoapps/verify_student/ssencrypt.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/lms/djangoapps/verify_student/ssencrypt.py b/lms/djangoapps/verify_student/ssencrypt.py index 8e448e5b29..862c5aa021 100644 --- a/lms/djangoapps/verify_student/ssencrypt.py +++ b/lms/djangoapps/verify_student/ssencrypt.py @@ -131,7 +131,8 @@ def generate_signed_message(method, headers_dict, body_dict, access_key, secret_ body_str = body_string(body_dict) message = headers_str + body_str - hashed = hmac.new(secret_key, message, sha256) + # hmac needs a byte string for it's starting key, can't be unicode. + hashed = hmac.new(secret_key.encode('utf-8'), message, sha256) signature = binascii.b2a_base64(hashed.digest()).rstrip('\n') authorization_header = "SSI {}:{}".format(access_key, signature) @@ -161,7 +162,7 @@ def body_string(body_dict): for key, value in sorted(body_dict.items()): if value is None: value = "null" - body_list.append(u"{}:{}\n".format(key, value)) + body_list.append(u"{}:{}\n".format(key, value).encode('utf-8')) return "".join(body_list) # Note that trailing \n's are important