-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Hint request: do not allow unsigned requests #824
Comments
It looks like the public key of the platform linked to the item is not set in the DB. When a platform's public key is null, the hint_requested parameter is expected to be JSON, not JWT |
|
The same process/code is used by the service items saveGrade with a scoreToken. Should the change be made for this case too? |
I have to ask @mblockelet ... |
Michel's answer:
|
Ok so if I understand correctly, there is no need to be able to pass either If there is no key for the platform associated with the item:
Do I understand correctly? |
Yes, looks good. At least, that's my understanding as well. Just a small question for validation for @mblockelet : if the task uses keys but the platform does not have the key configured... when there is a |
I'd say we ignore the token and let the plain score go through. The score token is here to sign the score ; if a platform admin cares enough to require authenticated scores from specific tasks, then they should configure the key accordingly, but if they don't care then it's fine to allow for tasks which normally use tokens imo. |
Ok. Note that the score hint request will still fail in such as case. |
…if there is no key for the platform associated with the item See discussion here: #824
…if there is no key for the platform associated with the item See discussion here: #824
The request for hint does not have to support unsigned (as json) requests. If the task has no public key for its platform, we can just consider this service cannot be called.
Please update the implementation and the doc (and the tests?) accordingly.
Initial issue:
As Thomas reported in France-ioi/AlgoreaFrontend#856, I think we have a problem with the format of the hint tokens for the hint token service.
This service takes as an arg a task token and a hint token. If we send both as JWTs, we get a
"Invalid hint_requested: json: cannot unmarshal string into Go value of type map[string]formdata.Anything"
error from the backend. However, if the hint token is decoded and sent a json, it works.I suppose this is not the expected behavior of the service. Let me know if there is a misunderstanding from my side.
The text was updated successfully, but these errors were encountered: