Merge pull request #13850 from proversity-org/proversity/fix-valid-signature

Fix valid signature
2017-06-09 08:53:17 -04:00
parent 53cd05fb7f e58e295ca0
commit e31590e528
2 changed files with 6 additions and 2 deletions
--- a/lms/djangoapps/verify_student/models.py
+++ b/lms/djangoapps/verify_student/models.py
@@ -885,8 +885,10 @@ class SoftwareSecurePhotoVerification(PhotoVerification):
            "Content-Type": "application/json",
            "Date": formatdate(timeval=None, localtime=False, usegmt=True)
        }
+
+        body_for_signature = {"EdX-ID": str(self.receipt_id)}
        _message, _sig, authorization = generate_signed_message(
-            "POST", headers, body, access_key, secret_key
+            "POST", headers, body_for_signature, access_key, secret_key
        )
        headers['Authorization'] = authorization

--- a/lms/djangoapps/verify_student/views.py
+++ b/lms/djangoapps/verify_student/views.py
@@ -1109,13 +1109,15 @@ def results_callback(request):

    headers = {
        "Authorization": request.META.get("HTTP_AUTHORIZATION", ""),
+        "Content-Type": "application/json",
        "Date": request.META.get("HTTP_DATE", "")
    }

+    body_for_signature = {"EdX-ID": body_dict.get("EdX-ID")}
    has_valid_signature(
        "POST",
        headers,
-        body_dict,
+        body_for_signature,
        settings.VERIFY_STUDENT["SOFTWARE_SECURE"]["API_ACCESS_KEY"],
        settings.VERIFY_STUDENT["SOFTWARE_SECURE"]["API_SECRET_KEY"]
    )