Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-59490

LTI broken when using long activity name (regression)

    XMLWordPrintable

    Details

    • Testing Instructions:
      Hide
      1. Add External Tool Provider:

        Launch URL: http://lti.tools/test/tp.php
        Consumer Key: jisc.ac.uk
        Shared secret: secret
        

      2. Create activity with the external tool. Use a short name aaa
      3. Verify that the request summary is valid and says:

         basic-lti-launch-request message request is valid.
        

      4. Change the activity name to a aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa a a a a a a a a a a a a a a a a a a a a aa a a aa
      5. Try to launch the activity and confirm that it loaded
      Show
      Add External Tool Provider: Launch URL: http://lti.tools/test/tp.php Consumer Key: jisc.ac.uk Shared secret: secret Create activity with the external tool. Use a short name aaa Verify that the request summary is valid and says:  basic-lti-launch-request message request is valid. Change the activity name to a aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa a a a a a a a a a a a a a a a a a a a a aa a a aa Try to launch the activity and confirm that it loaded
    • Affected Branches:
      MOODLE_33_STABLE
    • Fixed Branches:
      MOODLE_32_STABLE, MOODLE_33_STABLE
    • Pull Master Branch:

      Description

      When using a long activity name, the resource_link_title in the LTI launch request is modified and the oAuth signature is wrong.
       
       This is a regression from MDL-58770

      https://tracker.moodle.org/browse/MDL-58770
       
       Steps to reproduce:
       1. Install Moodle 3.3.1
       2. Add External Tool Provider:
       Launch URL: http://lti.tools/test/tc.php
       Consumer Key: jisc.ac.uk
       Shared secret: secret
       3. Create activity with the external tool. Use a short name "aaa".
       4. Verify that the request summary is valid and says:
       basic-lti-launch-request message request is valid.
       5. Change the activity name to
       "a aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa a a a a a a a a a a a a a a a a a a a a aa a a aa"
       6. Try to launch the activity and see that the request summary is now:
       Could not validate request: OAuth signature check failed - perhaps an incorrect secret or timestamp.
       
       Bad commit found with git bisect:
       -------------------
       
       22227b7701d20e67784ce1e29606f19ad08e0bbf is the first bad commit
       commit 22227b7701d20e67784ce1e29606f19ad08e0bbf
       Author: Stephen Vickers <github@spvickers.freeserve.co.uk>
       Date:   Mon May 1 21:10:40 2017 +0100

          MDL-58770 mod_lti: Strip HTML from parameters

          Remove HTML tags from parameters which should be plain text.

      :040000 040000 f3a7b2c667a981feaeda48fcfca0966991a0a4c4 72ee91c80fb15c128474517d53784868836ecaed M mod

      ----------------

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              svickers Stephen Vickers
              Reporter:
              ofirdev ofirdev
              Peer reviewer:
              Ankit Agarwal
              Integrator:
              Andrew Nicols
              Tester:
              Ryan Wyllie
              Participants:
              Component watchers:
              Adrian Greeve, Jake Dallimore, Mathew May, Mihail Geshoski, Peter Dias
              Votes:
              9 Vote for this issue
              Watchers:
              8 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Fix Release Date:
                11/Sep/17