Moodle
  1. Moodle
  2. MDL-39090

LTI launches with query strings have wrong signature

    Details

      Description

      • If a LTI launch URL has parameters on the query string, those get reproduced in the form post when launched
      • The oauth_signature is based on those parameters being represented once in the request
      • Because the parameters are both in the body and the query in the actual launch, the signature will be incorrect on the receiving end

      Here's why the parameters get duplicated:

        Gliffy Diagrams

          Issue Links

            Activity

            Hide
            Chris Scribner added a comment -

            The fix is to add the oauth signature to the params passed in and return that.

            Show
            Chris Scribner added a comment - The fix is to add the oauth signature to the params passed in and return that.
            Hide
            Nick Read added a comment -

            This is still a problem in the current supported Moodle versions too (see duplicate issue MDL-40944).

            Show
            Nick Read added a comment - This is still a problem in the current supported Moodle versions too (see duplicate issue MDL-40944 ).
            Hide
            Jason Fowler added a comment -

            Hi Mark, Thanks for the patch, it looks great. It will need to be back ported, if you can provide the stable branch versions of the patch or indicate it can be cleanly cherry picked, that'd be great. Thanks.

            Show
            Jason Fowler added a comment - Hi Mark, Thanks for the patch, it looks great. It will need to be back ported, if you can provide the stable branch versions of the patch or indicate it can be cleanly cherry picked, that'd be great. Thanks.
            Hide
            Mark Nielsen added a comment -

            Cherry picking should be fine.

            Show
            Mark Nielsen added a comment - Cherry picking should be fine.
            Hide
            Dongsheng Cai added a comment -

            Hi Jason Fowler I tested Mark Nielsen's patch myself, it can be cleanly cherry-picked to MOODLE_23_STABLE MOODLE_24_STABLE MOODLE_25_STABLE.

            Show
            Dongsheng Cai added a comment - Hi Jason Fowler I tested Mark Nielsen 's patch myself, it can be cleanly cherry-picked to MOODLE_23_STABLE MOODLE_24_STABLE MOODLE_25_STABLE.
            Hide
            Sam Hemelryk added a comment -

            Thanks guys - this has been integrated now and cherry-picked to 24 and 25.

            Show
            Sam Hemelryk added a comment - Thanks guys - this has been integrated now and cherry-picked to 24 and 25.
            Hide
            David Monllaó added a comment -

            It passes, tested in 24, 25 and master

            Show
            David Monllaó added a comment - It passes, tested in 24, 25 and master
            Hide
            Sam Hemelryk added a comment -

            Huzzah, your code made it into Moodle. Perhaps now things are ever so slightly better!

            "The ship can't take this much pressure. Sometimes it falls apart just sitting in the hangar."
            ~ Professor Farnsworth

            Show
            Sam Hemelryk added a comment - Huzzah, your code made it into Moodle. Perhaps now things are ever so slightly better! "The ship can't take this much pressure. Sometimes it falls apart just sitting in the hangar." ~ Professor Farnsworth

              People

              • Votes:
                2 Vote for this issue
                Watchers:
                7 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: