fix SEB launch check

This also adds an error message for when a launch request seems to come from SEB, but with no session parameters. This happens when you launch SEB using a previously-set config, but not from the link which includes the session key and resource link ID in query params, or if the SEB settings file doesn't have "allow query params" turned on.
numbas · Feb 13, 2024 · d90098f · d90098f
1 parent 6b4ab78
commit d90098f
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 2 deletions.
diff --git a/numbas_lti/templates/numbas_lti/launch_errors/seb_launch_without_params.html b/numbas_lti/templates/numbas_lti/launch_errors/seb_launch_without_params.html
@@ -0,0 +1,15 @@
+{% extends "numbas_lti/base.html" %}
+{% load i18n %}
+
+{% block content %}
+<div class="container">
+    <header>
+        <h1>{% translate "Invalid Safe Exam Browser launch" %}</h1>
+    </header>
+    <main>
+        <p>{% blocktranslate %}You have opened Safe Exam Browser, but it hasn't said which resource it wants to load.{% endblocktranslate %}</p>
+        <p>{% blocktranslate %}This can happen if you open Safe Exam Browser and it uses a previously-set configuration. If that's the case, please close Safe Exam Browser now.{% endblocktranslate %}</p>
+        <p><a class="btn btn-lg btn-primary" href="{% url 'seb_quit' %}">Quit Safe Exam Browser</a></p>
+    </main>
+</div>
+{% endblock content %}
diff --git a/numbas_lti/views/entry.py b/numbas_lti/views/entry.py
@@ -138,11 +138,11 @@ def basic_lti_launch(request):
         else:
             return redirect(reverse('resource_dashboard',args=(request.resource.pk,)))
     else:
-        require_lockdown_app, _, _ = request.resource.require_lockdown_app_for_user(request.user)
+        require_lockdown_app, _, seb_settings = request.resource.require_lockdown_app_for_user(request.user)
         if require_lockdown_app=='numbas' and not lockdown_app.is_lockdown_app(request):
             return show_lockdown_app(request)
 
-        if require_lockdown_app=='seb' and not lockdown_app.is_seb(request):
+        if require_lockdown_app=='seb' and not lockdown_app.is_seb(request, seb_settings):
             return show_seb_link(request)
 
         if not request.resource.exam:
@@ -186,6 +186,10 @@ def seb_launch(request):
     resource_link_id = request.GET.get('resource_link_id')
 
     if session_key is None or resource_link_id is None:
+        if request.headers.get('X-Safeexambrowser-Configkeyhash'):
+            # TODO - make this error message: SEB launched without GET parameters, probably because it had this config saved
+            return render(request, 'numbas_lti/launch_errors/seb_launch_without_params.html')
+
         return render(request, 'numbas_lti/launch_errors/not_seb_launch.html')
 
     return redirect(add_query_param(reverse('set_cookie_entry'), {'resource_link_id': resource_link_id, 'session_key': session_key}))