[MDL-59490] LTI broken when using long activity name (regression) - Moodle Tracker

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: 3.2 regressions, 3.3 regressions, 3.3.1
Fix Version/s: 3.2.5, 3.3.2
Component/s: LTI External tool
Labels:
- ci
- release_notes

Affected Branches:
MOODLE_33_STABLE
Fixed Branches:
MOODLE_32_STABLE, MOODLE_33_STABLE
Pull from Repository:
https://github.com/spvickers/moodle.git
Pull Main Branch:
~~MDL-59490~~
Pull Main Diff URL:
https://github.com/spvickers/moodle/compare/moodle:master...MDL-59490
Testing Instructions:
Hide

Add External Tool Provider:

Launch URL: http://lti.tools/test/tp.php

Consumer Key: jisc.ac.uk

Shared secret: secret

Create activity with the external tool. Use a short name aaa

Verify that the request summary is valid and says:

basic-lti-launch-request message request is valid.

Change the activity name to a aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa a a a a a a a a a a a a a a a a a a a a aa a a aa

Try to launch the activity and confirm that it loaded
Show
Add External Tool Provider: Launch URL: http://lti.tools/test/tp.php Consumer Key: jisc.ac.uk Shared secret: secret Create activity with the external tool. Use a short name aaa Verify that the request summary is valid and says: basic-lti-launch-request message request is valid. Change the activity name to a aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa a a a a a a a a a a a a a a a a a a a a aa a a aa Try to launch the activity and confirm that it loaded

Description

When using a long activity name, the resource_link_title in the LTI launch request is modified and the oAuth signature is wrong.

This is a regression from ~~MDL-58770~~

https://tracker.moodle.org/browse/MDL-58770

Steps to reproduce:
1. Install Moodle 3.3.1
2. Add External Tool Provider:
Launch URL: http://lti.tools/test/tc.php
Consumer Key: jisc.ac.uk
Shared secret: secret
3. Create activity with the external tool. Use a short name "aaa".
4. Verify that the request summary is valid and says:
basic-lti-launch-request message request is valid.
5. Change the activity name to
"a aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa a a a a a a a a a a a a a a a a a a a a aa a a aa"
6. Try to launch the activity and see that the request summary is now:
Could not validate request: OAuth signature check failed - perhaps an incorrect secret or timestamp.

Bad commit found with git bisect:
-------------------

22227b7701d20e67784ce1e29606f19ad08e0bbf is the first bad commit
commit 22227b7701d20e67784ce1e29606f19ad08e0bbf
Author: Stephen Vickers <github@spvickers.freeserve.co.uk>
Date: Mon May 1 21:10:40 2017 +0100

~~MDL-58770~~ mod_lti: Strip HTML from parameters

Remove HTML tags from parameters which should be plain text.

:040000 040000 f3a7b2c667a981feaeda48fcfca0966991a0a4c4 72ee91c80fb15c128474517d53784868836ecaed M mod

----------------

Attachments

Issue Links

is a regression caused by

MDL-58770 LTI parameters must be plain text

Closed

is duplicated by

MDL-59444 LTI broken for courses with long activity name, course name or site name

Closed

MDL-59636 Invalid OAuth Signature error when some params are too long and new line is generated

Closed

Activity

People

Assignee:: Stephen Vickers

Reporter:: ofirdev

Peer reviewer:: Ankit Agarwal

Integrator:: Andrew Lyons

Tester:: Ryan Wyllie

Participants:: Andrew Lyons, Ankit Agarwal, CiBoT, Dan Poltawski, ofirdev, Ryan Wyllie, Stephen Vickers

Votes:: 9 Vote for this issue

Watchers:: 8 Start watching this issue

Dates

Created:: 11/Jul/17 4:44 AM

Updated:: 05/Aug/17 1:14 AM

Resolved:: 28/Jul/17 5:06 AM

Fix Release Date:: 11/Sep/17