Merge pull request #12988 from edx/jia/MA-2591

MA-2591 update oauthlib version to 1.0.3

common/djangoapps/terrain/stubs/lti.py

@@ -256,16 +256,16 @@ class StubLtiHandler(StubHttpRequestHandler):
         sha1 = hashlib.sha1()
         sha1.update(body)
         oauth_body_hash = unicode(base64.b64encode(sha1.digest()))
-        params = client.get_oauth_params(None)
-        params.append((u'oauth_body_hash', oauth_body_hash))
         mock_request = mock.Mock(
             uri=unicode(urllib.unquote(url)),
             headers=headers,
             body=u"",
             decoded_body=u"",
-            oauth_params=params,
             http_method=unicode(method),
         )
+        params = client.get_oauth_params(mock_request)
+        mock_request.oauth_params = params
+        mock_request.oauth_params.append((u'oauth_body_hash', oauth_body_hash))
         sig = client.get_oauth_signature(mock_request)
         mock_request.oauth_params.append((u'oauth_signature', sig))
         new_headers = parameters.prepare_headers(mock_request.oauth_params, headers, realm=None)

common/djangoapps/third_party_auth/lti.py

@@ -128,9 +128,15 @@ class LTIAuthBackend(BaseAuth):
         request = Request(
             uri=strategy.request.build_absolute_uri(), http_method=strategy.request.method, body=strategy.request.body
         )
+
+        try:
             lti_consumer_key = request.oauth_consumer_key
+        except AttributeError:
+            return None
+
         (lti_consumer_valid, lti_consumer_secret, lti_max_timestamp_age) = cls.load_lti_consumer(lti_consumer_key)
         current_time = calendar.timegm(time.gmtime())
+
         return cls._get_validated_lti_params_from_values(
             request=request, current_time=current_time,
             lti_consumer_valid=lti_consumer_valid,
@@ -148,7 +154,7 @@ class LTIAuthBackend(BaseAuth):
         # Taking a cue from oauthlib, to avoid leaking information through a timing attack,
         # we proceed through the entire validation before rejecting any request for any reason.
         # However, as noted there, the value of doing this is dubious.
-
+        try:
             base_uri = normalize_base_string_uri(request.uri)
             parameters = collect_parameters(uri_query=request.uri_query, body=request.body)
             parameters_string = normalize_parameters(parameters)
@@ -179,10 +185,10 @@ class LTIAuthBackend(BaseAuth):
             valid = valid & ('user_id' in data)  # Not required by LTI but can't log in without one
             valid = valid & (oauth_timestamp >= current_time - lti_max_timestamp_age)
             valid = valid & (oauth_timestamp <= current_time)
-
             if valid:
                 return data
-        else:
+        except AttributeError as error:
+            log.error("'{}' not found.".format(error.message))
         return None
 
     @classmethod

common/djangoapps/third_party_auth/tests/specs/test_lti.py

@@ -121,7 +121,7 @@ class IntegrationTestLTI(testutil.TestCase):
     def test_reject_bad_login(self):
         login_response = self.client.post(
             path=LTI_TPA_LOGIN_URL, content_type=FORM_ENCODED,
-            data="invalid=login"
+            data="invalid=login",
         )
         # The user should be redirected to the login page with an error message
         # (auth_entry defaults to login for this provider)

common/lib/xmodule/xmodule/lti_2_util.py

@@ -109,16 +109,16 @@ class LTI20ModuleMixin(object):
         log.debug("[LTI] oauth_body_hash = {}".format(oauth_body_hash))
         client_key, client_secret = self.get_client_key_secret()
         client = Client(client_key, client_secret)
-        params = client.get_oauth_params(None)
-        params.append((u'oauth_body_hash', oauth_body_hash))
         mock_request = mock.Mock(
             uri=unicode(urllib.unquote(request.url)),
             headers=request.headers,
             body=u"",
             decoded_body=u"",
-            oauth_params=params,
             http_method=unicode(request.method),
         )
+        params = client.get_oauth_params(mock_request)
+        mock_request.oauth_params = params
+        mock_request.oauth_params.append((u'oauth_body_hash', oauth_body_hash))
         sig = client.get_oauth_signature(mock_request)
         mock_request.oauth_params.append((u'oauth_signature', sig))
 

requirements/edx/base.txt

@@ -65,7 +65,7 @@ mongoengine==0.10.0
 MySQL-python==1.2.5
 networkx==1.7
 nose-xunitmp==0.3.2
-oauthlib==0.7.2
+oauthlib==1.0.3
 paramiko==1.9.0
 path.py==7.2
 piexif==1.0.2