Closed lduarte1991 closed 6 years ago
lduarte1991
commented
6 years ago @arthurian Starting to organize the changes I made for the accessibility testing and I'll break them down into smaller PRs so there are fewer conflicts (or at least they can be fixed independently). This will allow me to be able to start testing your PRs afterward.
lduarte1991
commented
6 years ago @arthurian Actually, I just realized this won't actually merge properly with your fixes. Is there a way you can do what I did in this PR in yours? It's only 4 lines of code (3 in middleware.py and the other in base.py).
It should have no effect on your implementation.
arthurian
commented
6 years ago @lduarte1991 If I understand correctly, this change makes it possible to use a different secret for each course (if defined in the secret dict), otherwise fall back to the default secret. The key will be the same for all courses, however.
I'll integrate this change in PR #85 as you suggested and post an update here when that's done.
arthurian
commented
6 years ago @lduarte1991 FYI Implemented this change in our master branch via commit 93577765172fd959379049d034ce89348808241c (committed by our student developer @Jmencab).
lduarte1991
commented
6 years ago @arthurian you understood correctly and thanks to @Jmencab for including this in #85 ! I'll close this PR now then.
To allow a course-by-course level validation for who can use the tool, I've added a way to add a dictionary to the secure.py file where the key is the "lti_context_id" and the value is a hash string created externally.
For backward compatibility the original secret can stay as a sort of "master key" but should be phased out as soon as possible.