Reviewed: https://reviews.mahara.org/12303 Committed: https://git.mahara.org/mahara/mahara/commit/d3087a72252837f832c3153f3fc6331ad3159b98 Submitter: Robert Lyon ([email protected]) Branch: main
commit d3087a72252837f832c3153f3fc6331ad3159b98 Author: Dale Davies <[email protected]> Date: Thu Dec 16 14:59:47 2021 +1300 Bug 1954958: Adjusting oauth to work better with sslproxy Change-Id: I1686c74c1639ad120c9d806111225c714447938e Signed-off-by: Robert Lyon <[email protected]> -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. Matching subscriptions: mahara-contributors https://bugs.launchpad.net/bugs/1954958 Title: oauth-php not taking account of proxy setting Status in Mahara: Fix Committed Bug description: There is an issue getting LTI working between Moodle and Mahara in the oauth-php library as it doesn't take Mahara's sslproxy configuration into consideration when generating the URI for $base_string I'd like to propose a patch for Mahara that looks something like a change on line 92 of htdocs/webservice/rest/locallib.php From this... $this->oauth_server = new OAuthServer(); To this... // Instantiating OAuthServer() with get_full_script_path() ensures that // the locally generated signature will contain a URI using the correct // protocol if this server is behind an sslproxy. // Otherwise OAuthServer() determines the protocol based only on a // check for $_SERVER['HTTPS'] and signature verification will fail. $this->oauth_server = new OAuthServer(get_full_script_path()); Essentially the OAuthRequest() class assumes that because the web container is not using SSL directly then the request URI should be prefixed with http:// rather than https://... $proto = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') ? 'https' : 'http'; But it seems OK to instantiate OAuthServer() with a $uri to bypass this, so that could be done in webservice_rest_server::parse_request() rather than having to patch oauth-php directly, I think get_full_script_path() seems OK to use for this. To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/1954958/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~mahara-contributors Post to : [email protected] Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp
