ff1a9a1590
The cryptography package is designed to be the "cryptographic standard library" for Python developers. (Documents are online at https://cryptography.io/en/latest/). The use case for adding this is to bring encrypted claims from outside edX into a course for assigning a grade using CAPA. As an example, imagine that users enrolled in a computer security and penetration testing class on edX are challenged to advance as many levels as possible in a certain capture-the-flag (CTF) puzzle hosted on an external app. The external platform may provide the users an encrypted, tamper- resistant token allowing them to enter that into an edX CAPA auto-graded exercise in order for the edX user to claim credit within the edX course. For example, the external platform might take some plaintext JSON like this: {'user': 'isaac@example.com', 'score': 30} And then use the Fernet symmetric encryption to give the user a token like this: gAAAAABZQX8xwdtvpdnTtuXWQUnbTPVA-Gw5dz6-kXFuKi0_2jpqFkSG Dhy-BugBx38xhUfbmao9KwIhcxZt0uBAE0WT_uzjagLn7BwRIQP4Ap_B r4e797QQllWcaHXVHhskHk6ETohc Because the external platform and the `loncapa/python` script share a secret, this token (1) means nothing to the user, (2) can be decrypted on the edX side and used accordingly, and (3) won't work if tampered with in between. There are probably other use cases for using tokens, HMAC, or encryption with autograded exercises. In any case, the crytography library is well tested and reliable, so adding it presents little risk and will probably benefit others.
This is the main edX platform which consists of LMS and Studio. Installation ------------ Please refer to the following wiki pages in our `configuration repo`_ to install edX: - `edX Developer Stack`_: These instructions are for developers who want to contribute or make changes to the edX source code. - `edX Full Stack`_: Using Vagrant/Virtualbox this will setup all edX services on a single server in a production like configuration. - `edX Ubuntu 12.04 64-bit Installation`_: This will install edX on an existing Ubuntu 12.04 server. .. _configuration repo: https://github.com/edx/configuration .. _edX Developer Stack: https://openedx.atlassian.net/wiki/display/OpenOPS/Running+Devstack .. _edX Full Stack: https://openedx.atlassian.net/wiki/display/OpenOPS/Running+Fullstack .. _edX Ubuntu 12.04 64-bit Installation: https://openedx.atlassian.net/wiki/display/OpenOPS/Native+Open+edX+Ubuntu+12.04+64+bit+Installation License ------- The code in this repository is licensed under version 3 of the AGPL unless otherwise noted. Please see the `LICENSE`_ file for details. .. _LICENSE: https://github.com/edx/edx-platform/blob/master/LICENSE The Open edX Portal --------------------- See the `Open edX Portal`_ to learn more about Open edX. You can find information about the edX roadmap, as well as about hosting, extending, and contributing to Open edX. In addition, the Open edX Portal provides product announcements, the Open edX blog, and other rich community resources. To comment on blog posts or the edX roadmap, you must create an account and log in. If you do not have an account, follow these steps. #. Visit `open.edx.org/user/register`_. #. Fill in your personal details. #. Select **Create New Account**. You are then logged in to the `Open edX Portal`_. .. _Open edX Portal: https://open.edx.org .. _open.edx.org/user/register: https://open.edx.org/user/register Documentation ------------- Documentation details can be found in the `docs index.rst`_. .. _docs index.rst: docs/index.rst Getting Help ------------ If you’re having trouble, we have several different mailing lists where you can ask for help: - `openedx-ops`_: everything related to *running* Open edX. This includes installation issues, server management, cost analysis, and so on. - `openedx-translation`_: everything related to *translating* Open edX into other languages. This includes volunteer translators, our internationalization infrastructure, issues related to Transifex, and so on. - `openedx-analytics`_: everything related to *analytics* in Open edX. - `edx-code`_: anything else related to Open edX. This includes feature requests, idea proposals, refactorings, and so on. Our real-time conversations are on Slack. You can request a `Slack invitation`_, then join our `community Slack team`_. .. _openedx-ops: https://groups.google.com/forum/#!forum/openedx-ops .. _openedx-translation: https://groups.google.com/forum/#!forum/openedx-translation .. _openedx-analytics: https://groups.google.com/forum/#!forum/openedx-analytics .. _edx-code: https://groups.google.com/forum/#!forum/edx-code .. _Slack invitation: https://openedx-slack-invite.herokuapp.com/ .. _community Slack team: http://openedx.slack.com/ Issue Tracker ------------- `We use JIRA for our issue tracker`_, not GitHub Issues. To file a bug or request a new feature, please make a free account on our JIRA and create a new issue! If you’re filing a bug, we’d appreciate it if you would follow `our guidelines for filing high-quality, actionable bug reports`_. Thanks! .. _We use JIRA for our issue tracker: https://openedx.atlassian.net/ .. _our guidelines for filing high-quality, actionable bug reports: https://openedx.atlassian.net/wiki/display/SUST/How+to+File+a+Quality+Bug+Report How to Contribute ----------------- Contributions are very welcome, but for legal reasons, you must submit a signed `individual contributor agreement`_ before we can accept your contribution. See our `CONTRIBUTING`_ file for more information – it also contains guidelines for how to maintain high code quality, which will make your contribution more likely to be accepted. Reporting Security Issues ------------------------- Please do not report security issues in public. Please email security@edx.org. .. _individual contributor agreement: http://open.edx.org/sites/default/files/wysiwyg/individual-contributor-agreement.pdf .. _CONTRIBUTING: https://github.com/edx/edx-platform/blob/master/CONTRIBUTING.rst