Moodle
  1. Moodle
  2. MDL-39090

LTI launches with query strings have wrong signature

    Details

    • Rank:
      49227

      Description

      • If a LTI launch URL has parameters on the query string, those get reproduced in the form post when launched
      • The oauth_signature is based on those parameters being represented once in the request
      • Because the parameters are both in the body and the query in the actual launch, the signature will be incorrect on the receiving end

      Here's why the parameters get duplicated:

        Issue Links

          Activity

          Hide
          Chris Scribner added a comment -

          The fix is to add the oauth signature to the params passed in and return that.

          Show
          Chris Scribner added a comment - The fix is to add the oauth signature to the params passed in and return that.
          Hide
          Nick Read added a comment -

          This is still a problem in the current supported Moodle versions too (see duplicate issue MDL-40944).

          Show
          Nick Read added a comment - This is still a problem in the current supported Moodle versions too (see duplicate issue MDL-40944 ).
          Hide
          Jason Fowler added a comment -

          Hi Mark, Thanks for the patch, it looks great. It will need to be back ported, if you can provide the stable branch versions of the patch or indicate it can be cleanly cherry picked, that'd be great. Thanks.

          Show
          Jason Fowler added a comment - Hi Mark, Thanks for the patch, it looks great. It will need to be back ported, if you can provide the stable branch versions of the patch or indicate it can be cleanly cherry picked, that'd be great. Thanks.
          Hide
          Mark Nielsen added a comment -

          Cherry picking should be fine.

          Show
          Mark Nielsen added a comment - Cherry picking should be fine.
          Hide
          Dongsheng Cai added a comment -

          Hi Jason Fowler I tested Mark Nielsen's patch myself, it can be cleanly cherry-picked to MOODLE_23_STABLE MOODLE_24_STABLE MOODLE_25_STABLE.

          Show
          Dongsheng Cai added a comment - Hi Jason Fowler I tested Mark Nielsen 's patch myself, it can be cleanly cherry-picked to MOODLE_23_STABLE MOODLE_24_STABLE MOODLE_25_STABLE.
          Hide
          Sam Hemelryk added a comment -

          Thanks guys - this has been integrated now and cherry-picked to 24 and 25.

          Show
          Sam Hemelryk added a comment - Thanks guys - this has been integrated now and cherry-picked to 24 and 25.
          Hide
          David Monllaó added a comment -

          It passes, tested in 24, 25 and master

          Show
          David Monllaó added a comment - It passes, tested in 24, 25 and master
          Hide
          Sam Hemelryk added a comment -

          Huzzah, your code made it into Moodle. Perhaps now things are ever so slightly better!

          "The ship can't take this much pressure. Sometimes it falls apart just sitting in the hangar."
          ~ Professor Farnsworth

          Show
          Sam Hemelryk added a comment - Huzzah, your code made it into Moodle. Perhaps now things are ever so slightly better! "The ship can't take this much pressure. Sometimes it falls apart just sitting in the hangar." ~ Professor Farnsworth

            People

            • Votes:
              2 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: