Uploaded image for project: 'Opencast'
  1. MH-11786

HttpsRequestWrapper wrongly sets the new URL

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed and reviewed
    • Affects Version/s: 1.6.3, 2.0.2, 2.1.0, 2.1.1, 2.1.2, 2.2.0, 2.2.1, 2.2.2, 3.0
    • Fix Version/s: 2.3.0
    • Component/s: Backend Software
    • Labels:
      None
    • Severity:
      Non Functioning
    • Steps to reproduce:
      Hide
      Steps to reproduce:

      1. Run Opencast without HTTPS
      2. Configure a HTTP proxy to use HTTPS and set the "X-Forwarded-SSL" header to "on". Configure Opencast to uses the proxy URL.
      3. Configure LTI and try to authenticate
       
      Actual Results:

      An error is returned:

      HTTP ERROR 401
      Problem accessing /lti. Reason:
          Invalid signature for signature method HMAC-SHA1

      The problem is that the SignatureBaseString of OAuth still contains "http" instead of "https" and thus validation fails. This is a result of a bug in `modules/matterhorn-kernel/src/main/java/org/opencastproject/kernel/filter/https/HttpsRequestWrapper.java:46` where `originalURL` is reseted to the "http" one.

      Expected Results:

      The LTI tool is displayed.
      Show
      Steps to reproduce: 1. Run Opencast without HTTPS 2. Configure a HTTP proxy to use HTTPS and set the "X-Forwarded-SSL" header to "on". Configure Opencast to uses the proxy URL. 3. Configure LTI and try to authenticate   Actual Results: An error is returned: HTTP ERROR 401 Problem accessing /lti. Reason:     Invalid signature for signature method HMAC-SHA1 The problem is that the SignatureBaseString of OAuth still contains "http" instead of "https" and thus validation fails. This is a result of a bug in `modules/matterhorn-kernel/src/main/java/org/opencastproject/kernel/filter/https/HttpsRequestWrapper.java:46` where `originalURL` is reseted to the "http" one. Expected Results: The LTI tool is displayed.

      TestRail: Results

        Attachments

          Issue links

            Activity

              People

              • Assignee:
                smarquard Stephen Marquard
                Reporter:
                mtneug Matthias Neugebauer
              • Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  TestRail: Cases