CopyBot/mediacms
1
0
Fork 0
mirror of https://github.com/mediacms-io/mediacms.git synced 2026-01-20 15:22:58 -05:00
Code Issues Packages Projects Releases Wiki Activity

this

Browse Source
This commit is contained in:
Markos Gogoulos
2025-12-28 15:23:51 +02:00
parent 43ce685f08
commit 29ab2a715b
2 changed files with 9 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
lti/adapters.py
View File

@@ -120,9 +120,8 @@ class DjangoSessionService:
def check_state_is_valid(self, state, nonce): def check_state_is_valid(self, state, nonce):
"""Check if state is valid""" """Check if state is valid"""
state_key = f'state-{state}' state_key = f'state-{state}'
print(f"Checking state validity: state={state}, nonce={nonce}", flush=True) print(f"Checking state validity: state={state}", flush=True)
print(f"Looking for state_key: {state_key}", flush=True) print(f"Looking for state_key: {state_key}", flush=True)
print(f"Session keys: {list(self.request.session.keys())}", flush=True)
state_data = self.get_launch_data(state_key) state_data = self.get_launch_data(state_key)
print(f"State data found: {state_data}", flush=True) print(f"State data found: {state_data}", flush=True)
@@ -131,9 +130,10 @@ class DjangoSessionService:
print("ERROR: State data not found in session!", flush=True) print("ERROR: State data not found in session!", flush=True)
return False return False
is_valid = state_data.get('nonce') == nonce # State exists, which is sufficient for CSRF protection
print(f"State valid: {is_valid} (expected nonce: {state_data.get('nonce')}, got: {nonce})", flush=True) # Nonce is validated by PyLTI1p3 through JWT signature verification
return is_valid print("State is valid!", flush=True)
return True
def get_cookie(self, key): def get_cookie(self, key):
"""Get cookie value (for cookie service compatibility)""" """Get cookie value (for cookie service compatibility)"""

9
lti/views.py
View File

@@ -130,23 +130,22 @@ class OIDCLoginView(View):
if not redirect_url: if not redirect_url:
print("PyLTI1p3 redirect failed, building URL manually...", flush=True) print("PyLTI1p3 redirect failed, building URL manually...", flush=True)
# Manual OIDC redirect construction # Manual OIDC redirect construction
# Note: We don't send nonce - Moodle generates it and includes it in the JWT
import uuid import uuid
from urllib.parse import urlencode from urllib.parse import urlencode
state = str(uuid.uuid4()) state = str(uuid.uuid4())
nonce = str(uuid.uuid4())
# Store state and nonce in session # Store state in session (nonce will come from JWT)
session_service.save_launch_data(f'state-{state}', {'target_link_uri': target_link_uri, 'nonce': nonce}) session_service.save_launch_data(f'state-{state}', {'target_link_uri': target_link_uri})
# Build redirect URL # Build redirect URL - let Moodle handle nonce generation
params = { params = {
'iss': iss, 'iss': iss,
'client_id': client_id, 'client_id': client_id,
'login_hint': login_hint, 'login_hint': login_hint,
'target_link_uri': target_link_uri, 'target_link_uri': target_link_uri,
'lti_message_hint': lti_message_hint, 'lti_message_hint': lti_message_hint,
'nonce': nonce,
'state': state, 'state': state,
'redirect_uri': target_link_uri, 'redirect_uri': target_link_uri,
'response_type': 'id_token', 'response_type': 'id_token',