From e58e295ca01b983d6008043ab4faf43486520523 Mon Sep 17 00:00:00 2001 From: jagonzalr Date: Thu, 27 Oct 2016 09:12:05 +0200 Subject: [PATCH] fix valid signature --- lms/djangoapps/verify_student/models.py | 4 +++- lms/djangoapps/verify_student/views.py | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/lms/djangoapps/verify_student/models.py b/lms/djangoapps/verify_student/models.py index 5373347e58..3d46b47c5d 100644 --- a/lms/djangoapps/verify_student/models.py +++ b/lms/djangoapps/verify_student/models.py @@ -885,8 +885,10 @@ class SoftwareSecurePhotoVerification(PhotoVerification): "Content-Type": "application/json", "Date": formatdate(timeval=None, localtime=False, usegmt=True) } + + body_for_signature = {"EdX-ID": str(self.receipt_id)} _message, _sig, authorization = generate_signed_message( - "POST", headers, body, access_key, secret_key + "POST", headers, body_for_signature, access_key, secret_key ) headers['Authorization'] = authorization diff --git a/lms/djangoapps/verify_student/views.py b/lms/djangoapps/verify_student/views.py index c69c998d5f..feb13e0a55 100644 --- a/lms/djangoapps/verify_student/views.py +++ b/lms/djangoapps/verify_student/views.py @@ -1109,13 +1109,15 @@ def results_callback(request): headers = { "Authorization": request.META.get("HTTP_AUTHORIZATION", ""), + "Content-Type": "application/json", "Date": request.META.get("HTTP_DATE", "") } + body_for_signature = {"EdX-ID": body_dict.get("EdX-ID")} has_valid_signature( "POST", headers, - body_dict, + body_for_signature, settings.VERIFY_STUDENT["SOFTWARE_SECURE"]["API_ACCESS_KEY"], settings.VERIFY_STUDENT["SOFTWARE_SECURE"]["API_SECRET_KEY"] )