Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-59490

LTI broken when using long activity name (regression)

    XMLWordPrintable

Details

    • MOODLE_33_STABLE
    • MOODLE_32_STABLE, MOODLE_33_STABLE
    • Hide
      1. Add External Tool Provider:

        Launch URL: http://lti.tools/test/tp.php
        Consumer Key: jisc.ac.uk
        Shared secret: secret
        

      2. Create activity with the external tool. Use a short name aaa
      3. Verify that the request summary is valid and says:

         basic-lti-launch-request message request is valid.
        

      4. Change the activity name to a aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa a a a a a a a a a a a a a a a a a a a a aa a a aa
      5. Try to launch the activity and confirm that it loaded
      Show
      Add External Tool Provider: Launch URL: http://lti.tools/test/tp.php Consumer Key: jisc.ac.uk Shared secret: secret Create activity with the external tool. Use a short name aaa Verify that the request summary is valid and says:  basic-lti-launch-request message request is valid. Change the activity name to a aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa a a a a a a a a a a a a a a a a a a a a aa a a aa Try to launch the activity and confirm that it loaded

    Description

      When using a long activity name, the resource_link_title in the LTI launch request is modified and the oAuth signature is wrong.
       
       This is a regression from MDL-58770

      https://tracker.moodle.org/browse/MDL-58770
       
       Steps to reproduce:
       1. Install Moodle 3.3.1
       2. Add External Tool Provider:
       Launch URL: http://lti.tools/test/tc.php
       Consumer Key: jisc.ac.uk
       Shared secret: secret
       3. Create activity with the external tool. Use a short name "aaa".
       4. Verify that the request summary is valid and says:
       basic-lti-launch-request message request is valid.
       5. Change the activity name to
       "a aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa a a a a a a a a a a a a a a a a a a a a aa a a aa"
       6. Try to launch the activity and see that the request summary is now:
       Could not validate request: OAuth signature check failed - perhaps an incorrect secret or timestamp.
       
       Bad commit found with git bisect:
       -------------------
       
       22227b7701d20e67784ce1e29606f19ad08e0bbf is the first bad commit
       commit 22227b7701d20e67784ce1e29606f19ad08e0bbf
       Author: Stephen Vickers <github@spvickers.freeserve.co.uk>
       Date:   Mon May 1 21:10:40 2017 +0100

          MDL-58770 mod_lti: Strip HTML from parameters

          Remove HTML tags from parameters which should be plain text.

      :040000 040000 f3a7b2c667a981feaeda48fcfca0966991a0a4c4 72ee91c80fb15c128474517d53784868836ecaed M mod

      ----------------

      Attachments

        Issue Links

          Activity

            People

              svickers Stephen Vickers
              ofirdev ofirdev
              Ankit Agarwal Ankit Agarwal
              Andrew Lyons Andrew Lyons
              Ryan Wyllie Ryan Wyllie
              Adrian Greeve, Jake Dallimore, Mathew May, Mihail Geshoski
              Votes:
              9 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:
                11/Sep/17