Skip to content

Commit

Permalink
use sha256 in launch
Browse files Browse the repository at this point in the history
  • Loading branch information
pgvandelden committed Mar 22, 2021
1 parent a97fdc3 commit d10f717
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 8 deletions.
4 changes: 2 additions & 2 deletions lib/lti.ex
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ defmodule LTI do
oauth_version: "1.0",
oauth_nonce: nonce(),
oauth_timestamp: timestamp(),
oauth_signature_method: "HMAC-SHA1"
oauth_signature_method: "HMAC-SHA256"
}
end

Expand All @@ -28,7 +28,7 @@ defmodule LTI do
%OAuthData{} = oauth_params,
%LaunchParams{} = launch_params
) do
:sha
:sha256
|> :crypto.hmac(
encode_secret(secret),
base_string(creds, oauth_params, launch_params)
Expand Down
12 changes: 6 additions & 6 deletions test/lti_test.exs
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ defmodule LTITest do
oauth_version: "1.0",
oauth_nonce: "nonce",
oauth_timestamp: "timestamp",
oauth_signature_method: "HMAC-SHA1"
oauth_signature_method: "HMAC-SHA256"
}

@valid_launch_params %LTI.LaunchParams{
Expand All @@ -52,12 +52,12 @@ defmodule LTITest do
launch_data = LTI.launch_query(oauth_params, @valid_launch_params, [])

assert "roles=Student" in launch_data
assert "oauth_signature_method=HMAC-SHA1" in launch_data
assert "oauth_signature_method=HMAC-SHA256" in launch_data
end

test "signature/3 encodes all the variables" do
assert LTI.signature(@credentials, @oauth_credentials, @valid_launch_params) ==
"NgK2X7WQb+CwHikcJMjqnJTsSBk="
"709pOpaAubqFMg2w3dPgNj5psL2NKr+of14tl3dYC2c="
end

test "signature/3 encodes all the variables, with url with capitals" do
Expand All @@ -66,20 +66,20 @@ defmodule LTITest do
@oauth_credentials,
@valid_launch_params
) ==
"NgK2X7WQb+CwHikcJMjqnJTsSBk="
"709pOpaAubqFMg2w3dPgNj5psL2NKr+of14tl3dYC2c="
end

test "signature/3 with url with query string parameters" do
assert LTI.signature(@credentials_with_query_string, @oauth_credentials, @valid_launch_params) ==
"68JVqL7aRC1meflszD8p+onIvWI="
"LzQhP77ayGyHsS7RnRLzHuLd56Oy1+iL1h9HY2tyGmk="
end

test "signature/3 with url with query string with nested query parameters" do
assert LTI.signature(
@credentials_with_nested_query_string,
@oauth_credentials,
@valid_launch_params
) == "f/DC8AEzcDcMUPs07nc0tPG8/CM="
) == "AUU3pCgwluS7tRBLRCGnXeoY9MK2NCX+P5VpofkIgE0="
end

test "oauth_params/1 should always be different" do
Expand Down

0 comments on commit d10f717

Please sign in to comment.