Merge pull request #753 from UCL-INGI/Drumor-patch-is_lti_launch

[flask/sessions] fix the way lti endpoint is checked
UCL-INGI · Dec 16, 2021 · 745c884 · 745c884
2 parents e5386bb + 7613121
commit 745c884
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 4 deletions.
diff --git a/inginious/frontend/flask/mapping.py b/inginious/frontend/flask/mapping.py
@@ -89,7 +89,7 @@ def init_flask_mapping(flask_app):
     flask_app.add_url_rule('/<cookieless:sessionid>preferences/delete', view_func=DeletePage.as_view('deletepage'))
     flask_app.add_url_rule('/<cookieless:sessionid>preferences/profile', view_func=ProfilePage.as_view('profilepage'))
     flask_app.add_url_rule('/<cookieless:sessionid>lti/task', view_func=LTITaskPage.as_view('ltitaskpage'))
-    flask_app.add_url_rule('/<cookieless:sessionid>lti/<courseid>/<taskid>', view_func=LTILaunchPage.as_view('ltilaunchpage'))
+    flask_app.add_url_rule('/<cookieless:sessionid>lti/<courseid>/<taskid>', view_func=LTILaunchPage.as_view(LTILaunchPage.endpoint))
     flask_app.add_url_rule('/<cookieless:sessionid>lti/bind', view_func=LTIBindPage.as_view('ltibindpage'))
     flask_app.add_url_rule('/<cookieless:sessionid>lti/login', view_func=LTILoginPage.as_view('ltiloginpage'))
     flask_app.add_url_rule('/<cookieless:sessionid>lti/asset/<path:asset_url>', view_func=LTIAssetPage.as_view('ltiassetpage'))

diff --git a/inginious/frontend/flask/mongo_sessions.py b/inginious/frontend/flask/mongo_sessions.py
@@ -73,8 +73,8 @@ def open_session(self, app, request):
         # Check if currently accessed URL is LTI launch page
         try:
             # request.url_rule is not set yet here.
-            endpoint, args = app.create_url_adapter(request).match()
-            is_lti_launch = app.view_functions.get(endpoint).view_class == LTILaunchPage
+            endpoint, _ = app.create_url_adapter(request).match()
+            is_lti_launch = endpoint == LTILaunchPage.endpoint
         except HTTPException:
             is_lti_launch = False
 
@@ -144,4 +144,4 @@ def save_session(self, app, session, response):
         if not cookieless:
             response.set_cookie(app.session_cookie_name, session_id,
                                 expires=expires, httponly=httponly,
-                                domain=domain, path=path, secure=secure)
+                                domain=domain, path=path, secure=secure)
diff --git a/inginious/frontend/pages/lti.py b/inginious/frontend/pages/lti.py
@@ -166,6 +166,7 @@ class LTILaunchPage(INGIniousPage):
     """
     Page called by the TC to start an LTI session on a given task
     """
+    endpoint = 'ltilaunchpage'
 
     def GET(self, courseid, taskid):
         raise MethodNotAllowed()