18648b52fc
The "oauth_body_hash" appeared twice in the auth header in the request when posting grade back to tool consumer. However, the signature sent from edX is calculated based on only one oauth_body_hash. On the tool consumer side, the signature is calculated based on the auth header and will use the duplicated fields. So the signatures will not match. And request will fail the signature validation. The bug was introduced in this commit:03cee389e0on July 12th by updating the oauthlib. Because 0.7.2(original version) doesn't have oauth_body_hash support, so a custom OAuth1 client was implemented to add oauth_body_hash to the headers:f5d0f3ff55/lms/djangoapps/lti_provider/outcomes.py (L24). However, the new oauthlib 1.0.3 has support for oauth_body_hash (51675237c4 (diff-c2a1e5f1ddfe8e48ff62b59eb952644eR180)). So after updating library, oauth_body_hash is added twice. This fixes the bug by removing the custom client and use the oauthlib default client to generate the auth header.
This is the main edX platform which consists of LMS and Studio. Installation ------------ Please refer to the following wiki pages in our `configuration repo`_ to install edX: - `edX Developer Stack`_: These instructions are for developers who want to contribute or make changes to the edX source code. - `edX Full Stack`_: Using Vagrant/Virtualbox this will setup all edX services on a single server in a production like configuration. - `edX Ubuntu 12.04 64-bit Installation`_: This will install edX on an existing Ubuntu 12.04 server. .. _configuration repo: https://github.com/edx/configuration .. _edX Developer Stack: https://openedx.atlassian.net/wiki/display/OpenOPS/Running+Devstack .. _edX Full Stack: https://openedx.atlassian.net/wiki/display/OpenOPS/Running+Fullstack .. _edX Ubuntu 12.04 64-bit Installation: https://openedx.atlassian.net/wiki/display/OpenOPS/Native+Open+edX+Ubuntu+12.04+64+bit+Installation License ------- The code in this repository is licensed under version 3 of the AGPL unless otherwise noted. Please see the `LICENSE`_ file for details. .. _LICENSE: https://github.com/edx/edx-platform/blob/master/LICENSE The Open edX Portal --------------------- See the `Open edX Portal`_ to learn more about Open edX. You can find information about the edX roadmap, as well as about hosting, extending, and contributing to Open edX. In addition, the Open edX Portal provides product announcements, the Open edX blog, and other rich community resources. To comment on blog posts or the edX roadmap, you must create an account and log in. If you do not have an account, follow these steps. #. Visit `open.edx.org/user/register`_. #. Fill in your personal details. #. Select **Create New Account**. You are then logged in to the `Open edX Portal`_. .. _Open edX Portal: https://open.edx.org .. _open.edx.org/user/register: https://open.edx.org/user/register Documentation ------------- Documentation is managed in the `edx-documentation`_ repository. Documentation is built using `Sphinx`_: you can `view the built documentation on ReadTheDocs`_. You can also check out `Confluence`_, our wiki system. Once you sign up for an account, you'll be able to create new pages and edit existing pages, just like in any other wiki system. You only need one account for both Confluence and `JIRA`_, our issue tracker. .. _Sphinx: http://sphinx-doc.org/ .. _view the built documentation on ReadTheDocs: http://docs.edx.org/ .. _edx-documentation: https://github.com/edx/edx-documentation .. _Confluence: http://openedx.atlassian.net/wiki/ .. _JIRA: https://openedx.atlassian.net/ Getting Help ------------ If you’re having trouble, we have several different mailing lists where you can ask for help: - `openedx-ops`_: everything related to *running* Open edX. This includes installation issues, server management, cost analysis, and so on. - `openedx-translation`_: everything related to *translating* Open edX into other languages. This includes volunteer translators, our internationalization infrastructure, issues related to Transifex, and so on. - `openedx-analytics`_: everything related to *analytics* in Open edX. - `edx-code`_: anything else related to Open edX. This includes feature requests, idea proposals, refactorings, and so on. Our real-time conversations are on Slack. You can request a `Slack invitation`_, then join our `community Slack team`_. .. _openedx-ops: https://groups.google.com/forum/#!forum/openedx-ops .. _openedx-translation: https://groups.google.com/forum/#!forum/openedx-translation .. _openedx-analytics: https://groups.google.com/forum/#!forum/openedx-analytics .. _edx-code: https://groups.google.com/forum/#!forum/edx-code .. _Slack invitation: https://openedx-slack-invite.herokuapp.com/ .. _community Slack team: http://openedx.slack.com/ Issue Tracker ------------- `We use JIRA for our issue tracker`_, not GitHub Issues. To file a bug or request a new feature, please make a free account on our JIRA and create a new issue! If you’re filing a bug, we’d appreciate it if you would follow `our guidelines for filing high-quality, actionable bug reports`_. Thanks! .. _We use JIRA for our issue tracker: https://openedx.atlassian.net/ .. _our guidelines for filing high-quality, actionable bug reports: https://openedx.atlassian.net/wiki/display/SUST/How+to+File+a+Quality+Bug+Report How to Contribute ----------------- Contributions are very welcome, but for legal reasons, you must submit a signed `individual contributor agreement`_ before we can accept your contribution. See our `CONTRIBUTING`_ file for more information – it also contains guidelines for how to maintain high code quality, which will make your contribution more likely to be accepted. Reporting Security Issues ------------------------- Please do not report security issues in public. Please email security@edx.org. .. _individual contributor agreement: http://open.edx.org/sites/default/files/wysiwyg/individual-contributor-agreement.pdf .. _CONTRIBUTING: https://github.com/edx/edx-platform/blob/master/CONTRIBUTING.rst