Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-39090

LTI launches with query strings have wrong signature

    Details

      Description

      • If a LTI launch URL has parameters on the query string, those get reproduced in the form post when launched
      • The oauth_signature is based on those parameters being represented once in the request
      • Because the parameters are both in the body and the query in the actual launch, the signature will be incorrect on the receiving end

      Here's why the parameters get duplicated:

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

              Hide
              scriby Chris Scribner added a comment -

              The fix is to add the oauth signature to the params passed in and return that.

              Show
              scriby Chris Scribner added a comment - The fix is to add the oauth signature to the params passed in and return that.
              Hide
              nickread Nick Read added a comment -

              This is still a problem in the current supported Moodle versions too (see duplicate issue MDL-40944).

              Show
              nickread Nick Read added a comment - This is still a problem in the current supported Moodle versions too (see duplicate issue MDL-40944 ).
              Hide
              phalacee Jason Fowler added a comment -

              Hi Mark, Thanks for the patch, it looks great. It will need to be back ported, if you can provide the stable branch versions of the patch or indicate it can be cleanly cherry picked, that'd be great. Thanks.

              Show
              phalacee Jason Fowler added a comment - Hi Mark, Thanks for the patch, it looks great. It will need to be back ported, if you can provide the stable branch versions of the patch or indicate it can be cleanly cherry picked, that'd be great. Thanks.
              Hide
              bushido Mark Nielsen added a comment -

              Cherry picking should be fine.

              Show
              bushido Mark Nielsen added a comment - Cherry picking should be fine.
              Hide
              dongsheng Dongsheng Cai added a comment -

              Hi Jason Fowler I tested Mark Nielsen's patch myself, it can be cleanly cherry-picked to MOODLE_23_STABLE MOODLE_24_STABLE MOODLE_25_STABLE.

              Show
              dongsheng Dongsheng Cai added a comment - Hi Jason Fowler I tested Mark Nielsen 's patch myself, it can be cleanly cherry-picked to MOODLE_23_STABLE MOODLE_24_STABLE MOODLE_25_STABLE.
              Hide
              samhemelryk Sam Hemelryk added a comment -

              Thanks guys - this has been integrated now and cherry-picked to 24 and 25.

              Show
              samhemelryk Sam Hemelryk added a comment - Thanks guys - this has been integrated now and cherry-picked to 24 and 25.
              Hide
              dmonllao David Monllaó added a comment -

              It passes, tested in 24, 25 and master

              Show
              dmonllao David Monllaó added a comment - It passes, tested in 24, 25 and master
              Hide
              samhemelryk Sam Hemelryk added a comment -

              Huzzah, your code made it into Moodle. Perhaps now things are ever so slightly better!

              "The ship can't take this much pressure. Sometimes it falls apart just sitting in the hangar."
              ~ Professor Farnsworth

              Show
              samhemelryk Sam Hemelryk added a comment - Huzzah, your code made it into Moodle. Perhaps now things are ever so slightly better! "The ship can't take this much pressure. Sometimes it falls apart just sitting in the hangar." ~ Professor Farnsworth

                People

                • Votes:
                  2 Vote for this issue
                  Watchers:
                  7 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved:
                    Fix Release Date:
                    9/Sep/13