Skip to content

Commit

Permalink
Fix an issue that can cause LTI 1.3 grade passback to fail when calle…
Browse files Browse the repository at this point in the history 
…d from the job queue.

The `get_access_token` method calls `$c->url_for` (on line 141 of
`WeBWorK::Authen::LTIAdvantage::SubmitGrade`.  This is only called if
the access token is not saved in the database or if the access token
that is saved is expired.  When this is called from the minion job
queue, `$c` is not a `Mojolicious::Controller`.  Instead it is an
unblessed hash reference that has the keys `ce`, `db`, and `app`
defined.  Clearly that unblessed hash reference will not have the
`url_for` method.  As such, the job will fail if a new access token is
needed.  So as is done on line 249 in the `submit_grade` method, the
`$c` object needs to be switched to the passed in `$c->{app}` object,
which does have the `url_for` method.

Note that with the current code this method will still succeed if the
database has an unexpired access token stored.  Also, this method will
succeed if called with a `Mojolicious::Controller` object (for instance
when called in the case that a student initially logs in via LTI 1.3
authentication or in the case that  a student submits an answer to a
problem or grades a test).

This could be considered for a hotfix.
  • Loading branch information
@drgrice1
drgrice1 committed Mar 2, 2024
1 parent 59b1f9f commit c10f3c7
Showing 1 changed file with 4 additions and 3 deletions.
7 changes: 4 additions & 3 deletions lib/WeBWorK/Authen/LTIAdvantage/SubmitGrade.pm
View file
Original file line number Diff line number Diff line change
Expand Up @@ -117,16 +117,17 @@ async sub get_access_token ($self) {
my $c = $self->{c};
my $ce = $c->{ce};
my $db = $c->{db};
$c = $c->{app} if $self->{post_processing_mode};

my $current_token = decode_json($db->getSettingValue('LTIAdvantageAccessToken') // '{}');

# If the token is still valid (and not about to expire) then it can still be used.
# If the token has not expired and is not about to expire, then it can still be used.
if (%$current_token && $current_token->{timestamp} + $current_token->{expires_in} > time + 60) {
$self->warning('Using current access token from database.');
return $current_token;
}

# The token is about to expire, so get a new one.
# The token is expired or about to, so get a new one.

my ($private_key, $err) = get_site_key($ce, 1);
if (!$private_key) {
Expand All @@ -150,7 +151,7 @@ async sub get_access_token ($self) {
);
};
if ($@) {
$self->warning("Error encoding JWT: $@") if $@;
$self->warning("Error encoding JWT: $@");
return;
}

Expand Down

0 comments on commit c10f3c7

Please sign in to comment.