def verify_credentials(): if 'oauth_consumer_key' in request.form: consumer_key = request.form['oauth_consumer_key'] permission_to_lt_user = PermissionToLtUser.find(key = consumer_key) # TODO: check for nonce # TODO: check for old requests if permission_to_lt_user is None: response = Response(render_template('lti/errors.html', message = gettext("Invalid consumer key. Please check it again."))) # response.status_code = 412 return response secret = permission_to_lt_user.secret # The original dict is in unicode, which does not work with ToolProvider USE_UNICODE = False if USE_UNICODE: data_dict = request.form.to_dict() else: data_dict = {} for key, value in request.form.to_dict().iteritems(): data_dict[key.encode('utf8')] = value.encode('utf8') tool_provider = ToolProvider(consumer_key, secret, data_dict) try: return_value = tool_provider.valid_request(request) except: traceback.print_exc() response = Response(render_template('lti/errors.html', message = gettext("Invalid secret: could not validate request."))) # response.status_code = 403 return response else: if return_value == False: response = Response(render_template('lti/errors.html', message = gettext("Request checked and failed. Please check that the 'secret' is correct."))) # response.status_code = 403 return response session['author_identifier'] = request.form['user_id'] if 'lis_person_name_full' in request.form: session['user_fullname'] = request.form['lis_person_name_full'] if 'context_id' in request.form: session['group_id'] = request.form['context_id'] if 'context_title' in request.form: session['group_name'] = request.form['context_title'] if 'launch_presentation_locale' in request.form: session['launch_locale'] = request.form['launch_presentation_locale'] if 'launch_presentation_document_target' in request.form: session['launch_presentation_document_target'] = request.form['launch_presentation_document_target'] if 'launch_presentation_return_url' in request.form: session['launch_presentation_return_url'] = request.form['launch_presentation_return_url'] session['consumer'] = consumer_key session['last_request'] = time() return elif 'consumer' in session: if float(session['last_request']) - time() < 60 * 60 * 5: # Five Hours session['last_request'] = time() return else: response = Response(render_template('lti/errors.html', message = gettext("Session not initialized. Are you a LMS?"))) # response.status_code = 403 return response
def verify_credentials(): if 'oauth_consumer_key' in request.form: consumer_key = request.form['oauth_consumer_key'] permission_to_lt_user = PermissionToLtUser.find(key=consumer_key) # TODO: check for nonce # TODO: check for old requests if permission_to_lt_user is None: response = Response( render_template( 'lti/errors.html', message=gettext( "Invalid consumer key. Please check it again."))) # response.status_code = 412 return response secret = permission_to_lt_user.secret # The original dict is in unicode, which does not work with ToolProvider USE_UNICODE = False if USE_UNICODE: data_dict = request.form.to_dict() else: data_dict = {} for key, value in request.form.to_dict().iteritems(): data_dict[key.encode('utf8')] = value.encode('utf8') tool_provider = ToolProvider(consumer_key, secret, data_dict) try: return_value = tool_provider.valid_request(request) except: traceback.print_exc() response = Response( render_template( 'lti/errors.html', message=gettext( "Invalid secret: could not validate request."))) # response.status_code = 403 return response else: if return_value == False: response = Response( render_template( 'lti/errors.html', message=gettext( "Request checked and failed. Please check that the 'secret' is correct." ))) # response.status_code = 403 return response session['author_identifier'] = request.form['user_id'] if 'lis_person_name_full' in request.form: session['user_fullname'] = request.form['lis_person_name_full'] if 'context_id' in request.form: session['group_id'] = request.form['context_id'] if 'context_title' in request.form: session['group_name'] = request.form['context_title'] if 'launch_presentation_locale' in request.form: session['launch_locale'] = request.form[ 'launch_presentation_locale'] if 'launch_presentation_document_target' in request.form: session['launch_presentation_document_target'] = request.form[ 'launch_presentation_document_target'] if 'launch_presentation_return_url' in request.form: session['launch_presentation_return_url'] = request.form[ 'launch_presentation_return_url'] session['consumer'] = consumer_key session['last_request'] = time() return elif 'consumer' in session: if float(session['last_request']) - time() < 60 * 60 * 5: # Five Hours session['last_request'] = time() return else: response = Response( render_template( 'lti/errors.html', message=gettext("Session not initialized. Are you a LMS?"))) # response.status_code = 403 return response