From d10f717ca7569b8fc9cba1865956bf14220e60ea Mon Sep 17 00:00:00 2001
From: pgvandelden
Date: Mon, 22 Mar 2021 11:35:00 +0100
Subject: [PATCH] use sha256 in launch
---
lib/lti.ex | 4 ++--
test/lti_test.exs | 12 ++++++------
2 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/lib/lti.ex b/lib/lti.ex
index e7d6ef4..4146467 100644
--- a/lib/lti.ex
+++ b/lib/lti.ex
@@ -15,7 +15,7 @@ defmodule LTI do
oauth_version: "1.0",
oauth_nonce: nonce(),
oauth_timestamp: timestamp(),
- oauth_signature_method: "HMAC-SHA1"
+ oauth_signature_method: "HMAC-SHA256"
}
end
@@ -28,7 +28,7 @@ defmodule LTI do
%OAuthData{} = oauth_params,
%LaunchParams{} = launch_params
) do
- :sha
+ :sha256
|> :crypto.hmac(
encode_secret(secret),
base_string(creds, oauth_params, launch_params)
diff --git a/test/lti_test.exs b/test/lti_test.exs
index e417e7e..11c1fe8 100644
--- a/test/lti_test.exs
+++ b/test/lti_test.exs
@@ -27,7 +27,7 @@ defmodule LTITest do
oauth_version: "1.0",
oauth_nonce: "nonce",
oauth_timestamp: "timestamp",
- oauth_signature_method: "HMAC-SHA1"
+ oauth_signature_method: "HMAC-SHA256"
}
@valid_launch_params %LTI.LaunchParams{
@@ -52,12 +52,12 @@ defmodule LTITest do
launch_data = LTI.launch_query(oauth_params, @valid_launch_params, [])
assert "roles=Student" in launch_data
- assert "oauth_signature_method=HMAC-SHA1" in launch_data
+ assert "oauth_signature_method=HMAC-SHA256" in launch_data
end
test "signature/3 encodes all the variables" do
assert LTI.signature(@credentials, @oauth_credentials, @valid_launch_params) ==
- "NgK2X7WQb+CwHikcJMjqnJTsSBk="
+ "709pOpaAubqFMg2w3dPgNj5psL2NKr+of14tl3dYC2c="
end
test "signature/3 encodes all the variables, with url with capitals" do
@@ -66,12 +66,12 @@ defmodule LTITest do
@oauth_credentials,
@valid_launch_params
) ==
- "NgK2X7WQb+CwHikcJMjqnJTsSBk="
+ "709pOpaAubqFMg2w3dPgNj5psL2NKr+of14tl3dYC2c="
end
test "signature/3 with url with query string parameters" do
assert LTI.signature(@credentials_with_query_string, @oauth_credentials, @valid_launch_params) ==
- "68JVqL7aRC1meflszD8p+onIvWI="
+ "LzQhP77ayGyHsS7RnRLzHuLd56Oy1+iL1h9HY2tyGmk="
end
test "signature/3 with url with query string with nested query parameters" do
@@ -79,7 +79,7 @@ defmodule LTITest do
@credentials_with_nested_query_string,
@oauth_credentials,
@valid_launch_params
- ) == "f/DC8AEzcDcMUPs07nc0tPG8/CM="
+ ) == "AUU3pCgwluS7tRBLRCGnXeoY9MK2NCX+P5VpofkIgE0="
end
test "oauth_params/1 should always be different" do