Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: make lis_person_contact_email_primary matching case-insensitive (LTI Providers) #34688

Merged
merged 3 commits into from
May 17, 2024
Merged

fix: make lis_person_contact_email_primary matching case-insensitive (LTI Providers) #34688

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
2853676
fix: make lis_person_contact_email_primary matching case-insensitive
arslanashraf7 May 6, 2024
ce92ae0
fix: (feedback) pass email from request.user instead of LTI user
arslanashraf7 May 17, 2024
0747163
fix: fix the test
arslanashraf7 May 17, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 10 additions & 0 deletions lms/djangoapps/lti_provider/tests/test_users.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -158,6 +158,16 @@ def test_auto_linking_of_users_using_lis_person_contact_email_primary(self, crea
users.authenticate_lti_user(request, self.lti_user_id, self.auto_linking_consumer)
create_user.assert_called_with(self.lti_user_id, self.auto_linking_consumer, self.old_user.email)

def test_auto_linking_of_users_using_lis_person_contact_email_primary_case_insensitive(self, create_user, switch_user): # pylint: disable=line-too-long
request = RequestFactory().post("/", {"lis_person_contact_email_primary": self.old_user.email.upper()})
request.user = self.old_user

users.authenticate_lti_user(request, self.lti_user_id, self.lti_consumer)
create_user.assert_called_with(self.lti_user_id, self.lti_consumer)

users.authenticate_lti_user(request, self.lti_user_id, self.auto_linking_consumer)
create_user.assert_called_with(self.lti_user_id, self.auto_linking_consumer, request.user.email)

def test_raise_exception_trying_to_auto_link_unauthenticate_user(self, create_user, switch_user):
request = RequestFactory().post("/")
request.user = AnonymousUser()
Expand Down
4 changes: 2 additions & 2 deletions lms/djangoapps/lti_provider/users.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,8 +40,8 @@ def authenticate_lti_user(request, lti_user_id, lti_consumer):
if lti_consumer.require_user_account:
# Verify that the email from the LTI Launch and the logged-in user are the same
# before linking the LtiUser with the edx_user.
if request.user.is_authenticated and request.user.email == lis_email:
lti_user = create_lti_user(lti_user_id, lti_consumer, lis_email)
if request.user.is_authenticated and request.user.email.lower() == lis_email.lower():
lti_user = create_lti_user(lti_user_id, lti_consumer, request.user.email)
else:
# Ask the user to login before linking.
raise PermissionDenied() from exc
Expand Down
Loading