From 0bc7faaa56f233ddd510da4ed994894cf228d80d Mon Sep 17 00:00:00 2001
From: Bianca Severino <bseverino@edx.org>
Date: Wed, 6 Oct 2021 11:26:04 -0400
Subject: [PATCH] fix: prevent integrity signature creation while masquerading
 (#665)

---
 src/courseware/course/sequence/honor-code/HonorCode.jsx | 8 ++++----
 src/courseware/data/thunks.js                           | 9 +++++++--
 src/index.jsx                                           | 1 +
 3 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/src/courseware/course/sequence/honor-code/HonorCode.jsx b/src/courseware/course/sequence/honor-code/HonorCode.jsx
index 1d9f3999..6817da63 100644
--- a/src/courseware/course/sequence/honor-code/HonorCode.jsx
+++ b/src/courseware/course/sequence/honor-code/HonorCode.jsx
@@ -5,19 +5,19 @@ import { getConfig, history } from '@edx/frontend-platform';
 import { FormattedMessage, injectIntl, intlShape } from '@edx/frontend-platform/i18n';
 import { ActionRow, Alert, Button } from '@edx/paragon';
 
+import { useModel } from '../../../../generic/model-store';
 import { saveIntegritySignature } from '../../../data';
 import messages from './messages';
 
 function HonorCode({ intl, courseId }) {
   const dispatch = useDispatch();
+  const { isMasquerading } = useModel('coursewareMeta', courseId);
   const siteName = getConfig().SITE_NAME;
-  const honorCodeUrl = `${process.env.TERMS_OF_SERVICE_URL}#honor-code`;
+  const honorCodeUrl = `${getConfig().TERMS_OF_SERVICE_URL}#honor-code`;
 
   const handleCancel = () => history.push(`/course/${courseId}/home`);
 
-  const handleAgree = () => {
-    dispatch(saveIntegritySignature(courseId));
-  };
+  const handleAgree = () => dispatch(saveIntegritySignature(courseId, isMasquerading));
 
   return (
     <Alert variant="light" aria-live="off">
diff --git a/src/courseware/data/thunks.js b/src/courseware/data/thunks.js
index 15db7017..406a66ba 100644
--- a/src/courseware/data/thunks.js
+++ b/src/courseware/data/thunks.js
@@ -303,10 +303,15 @@ export function saveSequencePosition(courseId, sequenceId, activeUnitIndex) {
   };
 }
 
-export function saveIntegritySignature(courseId) {
+export function saveIntegritySignature(courseId, isMasquerading) {
   return async (dispatch) => {
     try {
-      await postIntegritySignature(courseId);
+      // If the request is made by a staff user masquerading as a learner,
+      // don't actually create a signature for them on the backend. Only
+      // frontend state will be updated.
+      if (!isMasquerading) {
+        await postIntegritySignature(courseId);
+      }
       dispatch(updateModel({
         modelType: 'coursewareMeta',
         model: {
diff --git a/src/index.jsx b/src/index.jsx
index a6c4c855..0378fde7 100755
--- a/src/index.jsx
+++ b/src/index.jsx
@@ -101,6 +101,7 @@ initialize({
         SUPPORT_URL_CALCULATOR_MATH: process.env.SUPPORT_URL_CALCULATOR_MATH || null,
         SUPPORT_URL_ID_VERIFICATION: process.env.SUPPORT_URL_ID_VERIFICATION || null,
         SUPPORT_URL_VERIFIED_CERTIFICATE: process.env.SUPPORT_URL_VERIFIED_CERTIFICATE || null,
+        TERMS_OF_SERVICE_URL: process.env.TERMS_OF_SERVICE_URL || null,
         TWITTER_HASHTAG: process.env.TWITTER_HASHTAG || null,
         TWITTER_URL: process.env.TWITTER_URL || null,
       }, 'LearnerAppConfig');