CopyBot/mediacms
1
0
Fork 0
mirror of https://github.com/mediacms-io/mediacms.git synced 2026-01-20 15:22:58 -05:00
Code Issues Packages Projects Releases Wiki Activity

this

Browse Source
This commit is contained in:
Markos Gogoulos
2025-12-28 15:37:35 +02:00
parent f9a94321ad
commit 20a1da22bb
1 changed files with 4 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
lti/adapters.py
View File

@@ -118,9 +118,9 @@ class DjangoSessionService:
return session_key in self.request.session return session_key in self.request.session
def check_state_is_valid(self, state, nonce): def check_state_is_valid(self, state, nonce):
"""Check if state is valid""" """Check if state is valid - state is for CSRF protection, nonce is validated separately by JWT"""
state_key = f'state-{state}' state_key = f'state-{state}'
print(f"Checking state validity: state={state}, nonce={nonce}", flush=True) print(f"Checking state validity: state={state}", flush=True)
print(f"Looking for state_key: {state_key}", flush=True) print(f"Looking for state_key: {state_key}", flush=True)
state_data = self.get_launch_data(state_key) state_data = self.get_launch_data(state_key)
@@ -130,12 +130,8 @@ class DjangoSessionService:
print("ERROR: State data not found in session!", flush=True) print("ERROR: State data not found in session!", flush=True)
return False return False
# Check if nonce matches (if we stored one) # State exists - that's sufficient for CSRF protection
stored_nonce = state_data.get('nonce') # Nonce validation is handled by PyLTI1p3 through JWT signature and claims validation
if stored_nonce and stored_nonce != nonce:
print(f"ERROR: Nonce mismatch! Expected: {stored_nonce}, Got: {nonce}", flush=True)
return False
print("State is valid!", flush=True) print("State is valid!", flush=True)
return True return True