edx-platform

Files

Pan Luo 18648b52fc Fix the duplicate oauth_body_hash in the outcomes request

The "oauth_body_hash" appeared twice in the auth header in the request
when posting grade back to tool consumer. However, the signature sent
from edX is calculated based on only one oauth_body_hash.
On the tool consumer side, the signature is calculated based on the auth
header and will use the duplicated fields. So the signatures will not match.
And request will fail the signature validation.

The bug was introduced in this commit:
03cee389e0
on July 12th by updating the oauthlib.

Because 0.7.2(original version) doesn't have oauth_body_hash support, so a custom
OAuth1 client was implemented to add oauth_body_hash to the headers:
f5d0f3ff55/lms/djangoapps/lti_provider/outcomes.py (L24).
However, the new oauthlib 1.0.3 has support for oauth_body_hash
(51675237c4 (diff-c2a1e5f1ddfe8e48ff62b59eb952644eR180)).
So after updating library, oauth_body_hash is added twice.

This fixes the bug by removing the custom client and use the oauthlib
default client to generate the auth header.

2016-09-13 09:33:07 -04:00

__init__.py

[LTI Provider] Create LTI Provider app, initial views and OAuth signature validation

2015-04-23 13:45:47 -04:00

test_outcomes.py

Fix the duplicate oauth_body_hash in the outcomes request

2016-09-13 09:33:07 -04:00

test_signature_validator.py

[LTI Provider] Refactoring to remove the lti_run method

2015-07-08 09:45:24 -04:00

test_tasks.py

Create Grades djangoapp