Replace signature validation with access-key and add logging around Software Secure callbacks.

ab6018a0 · David Ormsbee · b1be80b8 · ab6018a0 · ab6018a0
Commit ab6018a0 authored 11 years ago by David Ormsbee
--- a/lms/djangoapps/verify_student/models.py
+++ b/lms/djangoapps/verify_student/models.py
@@ -356,6 +356,26 @@ class PhotoVerification(StatusModel):
        self.status = "denied"
        self.save()

+    @status_before_must_be("must_retry", "submitted", "approved", "denied")
+    def system_error(self,
+                     error_msg,
+                     error_code="",
+                     reviewing_user=None,
+                     reviewing_service=""):
+        """
+        Mark that this attempt could not be completed because of a system error.
+        Status should be moved to `must_retry`.
+        """
+        if self.status in ["approved", "denied"]:
+            return # If we were already approved or denied, just leave it.
+
+        self.error_msg = error_msg
+        self.error_code = error_code
+        self.reviewing_user = reviewing_user
+        self.reviewing_service = reviewing_service
+        self.status = "must_retry"
+        self.save()
+

 class SoftwareSecurePhotoVerification(PhotoVerification):
    """

--- a/lms/djangoapps/verify_student/views.py
+++ b/lms/djangoapps/verify_student/views.py
@@ -180,21 +180,43 @@ def results_callback(request):
        settings.VERIFY_STUDENT["SOFTWARE_SECURE"]["API_SECRET_KEY"]
    )

-    if not sig_valid:
-        return HttpResponseBadRequest(_("Signature is invalid"))
+    _, access_key_and_sig = headers["Authorization"].split(" ")
+    access_key = access_key_and_sig.split(":")[0]
+
+    # This is what we should be doing...
+    #if not sig_valid:
+    #    return HttpResponseBadRequest("Signature is invalid")
+
+    # This is what we're doing until we can figure out why we disagree on sigs
+    if access_key != settings.VERIFY_STUDENT["SOFTWARE_SECURE"]["API_ACCESS_KEY"]:
+        return HttpResponseBadRequest("Access key invalid")

    receipt_id = body_dict.get("EdX-ID")
    result = body_dict.get("Result")
    reason = body_dict.get("Reason", "")
    error_code = body_dict.get("MessageType", "")

-    attempt = SoftwareSecurePhotoVerification.objects.get(receipt_id=receipt_id)
-    if result == "PASSED":
+    try:
+        attempt = SoftwareSecurePhotoVerification.objects.get(receipt_id=receipt_id)
+    except SoftwareSecurePhotoVerification.DoesNotExist:
+        log.error("Software Secure posted back for receipt_id {}, but not found".format(receipt_id))
+        return HttpResponseBadRequest("edX ID {} not found".format(receipt_id))
+
+    if result == "PASS":
+        log.debug("Approving verification for {}".format(receipt_id))
        attempt.approve()
-    elif result == "FAILED":
-        attempt.deny(reason, error_code=error_code)
+    elif result == "FAIL":
+        log.debug("Denying verification for {}".format(receipt_id))
+        attempt.deny(json.dumps(reason), error_code=error_code)
    elif result == "SYSTEM FAIL":
+        log.debug("System failure for {} -- resetting to must_retry".format(receipt_id))
+        attempt.system_error(json.dumps(reason), error_code=error_code)
        log.error("Software Secure callback attempt for %s failed: %s", receipt_id, reason)
+    else:
+        log.error("Software Secure returned unknown result {}".format(result))
+        return HttpResponseBadRequest(
+            "Result {} not understood. Known results: PASS, FAIL, SYSTEM FAIL".format(result)
+        )

    return HttpResponse("OK!")