christianp/README.md

## README.md

      
    Raw
  

              README.md
            
          
    Instructions


Put seb_show_headers.patch in your numbas-lti-provider directory.
Run git apply seb_show_headers.patch.
Run supervisorctl restart numbas_lti:

When you launch a Numbas exam through SEB, the "Not launched by Safe Exam Browser" page will show you the page's URI, all request headers, and all GET and POST data.
There should be a header called X-Safeexambrowser-Configkeyhash which is the sha-256 created by concatenating the request URI and the SEB config key.
If this header is missing, then the server might be stripping it out.
If it's not correct, then either SEB or the server have the wrong URL. If the server is rewriting URLs before passing them to the Numbas LTI tool, then that could be the source of the problem.
You can end up at the "not an SEB launch" page if the session_key or resource_link_id GET parameters are missing. These are given in the SEB launch link produced by the Numbas tool, so I'm not sure how they could go missing.
Check that the URL of the "Launch in Safe Exam Browser" link has these parameters on the end: it should be something like seb://numbas-lti.tld/media/seb_settings/seb_settings.seb??session_key=500hbhof362f7790e0ag0if8yh3is6r3&resource_link_id=21.

  
## seb_show_headers.patch
diff --git a/numbas_lti/templates/numbas_lti/launch_errors/not_seb_launch.html b/numbas_lti/templates/numbas_lti/launch_errors/not_seb_launch.html
index 1844509..03f4751 100644
--- a/numbas_lti/templates/numbas_lti/launch_errors/not_seb_launch.html
+++ b/numbas_lti/templates/numbas_lti/launch_errors/not_seb_launch.html
@@ -8,6 +8,49 @@
     </header>
     <main>
         <p>{% blocktranslate %}This resource must be launched through Safe Exam Browser with the correct settings.{% endblocktranslate %}</p>
+
+        <h2>Request URI</h2>
+        <pre>{{request.build_absolute_uri}}</pre>
+
+        <h2>Expected SEB hash</h2>
+        <pre>{{expected_hash}}</pre>
+
+        <h2>Headers</h2>
+        <table class="table">
+            <thead>
+                <tr><th>{% trans "Key" %}</th><th>{% trans "Value" %}</th></tr>
+            </thead>
+            <tbody>
+                {% for key,value in request.headers.items %}
+                <tr><td ><code style="white-space: pre;">{{key}}</code></td><td ><code style="word-break: break-all">{{value}}</code></td></tr>
+                {% endfor %}
+            </tbody>
+        </table>
+
+        <h2>GET data</h2>
+        <table>
+            <thead>
+                <tr><th>{% trans "Key" %}</th><th>{% trans "Value" %}</th></tr>
+            </thead>
+            <tbody>
+                {% for key,value in request.GET.items %}
+                <tr><td><code>{{key}}</code></td><td><code>{{value}}</code></td></tr>
+                {% endfor %}
+            </tbody>
+        </table>
+
+        <h2>POST data</h2>
+        <table>
+            <thead>
+                <tr><th>{% trans "Key" %}</th><th>{% trans "Value" %}</th></tr>
+            </thead>
+            <tbody>
+                {% for key,value in request.POST.items %}
+                <tr><td><code>{{key}}</code></td><td><code>{{value}}</code></td></tr>
+                {% endfor %}
+            </tbody>
+        </table>
+
     </main>
 </div>
 {% endblock content %}
diff --git a/numbas_lti/views/entry.py b/numbas_lti/views/entry.py
index 05e5216..44015ac 100644
--- a/numbas_lti/views/entry.py
+++ b/numbas_lti/views/entry.py
@@ -167,7 +167,13 @@ def seb_launch(request):
     resource_link_id = request.GET.get('resource_link_id')

     if session_key is None or resource_link_id is None:
-        return render(request, 'numbas_lti/launch_errors/not_seb_launch.html')
+        import hashlib
+        seb_settings = request.resource.seb_settings
+        uri = request.build_absolute_uri()
+        key = seb_settings.config_key_hash
+        expected_hash = hashlib.sha256((uri + key).encode('utf-8')).hexdigest()
+
+        return render(request, 'numbas_lti/launch_errors/not_seb_launch.html', {'expected_hash': expected_hash})

     return redirect(add_query_param(reverse('set_cookie_entry'), {'resource_link_id': resource_link_id, 'session_key': session_key}))
	diff --git a/numbas_lti/templates/numbas_lti/launch_errors/not_seb_launch.html b/numbas_lti/templates/numbas_lti/launch_errors/not_seb_launch.html
	index 1844509..03f4751 100644
	--- a/numbas_lti/templates/numbas_lti/launch_errors/not_seb_launch.html
	+++ b/numbas_lti/templates/numbas_lti/launch_errors/not_seb_launch.html
	@@ -8,6 +8,49 @@
	</header>
	<main>
	<p>{% blocktranslate %}This resource must be launched through Safe Exam Browser with the correct settings.{% endblocktranslate %}</p>
	+
	+ <h2>Request URI</h2>
	+ <pre>{{request.build_absolute_uri}}</pre>
	+
	+ <h2>Expected SEB hash</h2>
	+ <pre>{{expected_hash}}</pre>
	+
	+ <h2>Headers</h2>
	+ <table class="table">
	+ <thead>
	+ <tr><th>{% trans "Key" %}</th><th>{% trans "Value" %}</th></tr>
	+ </thead>
	+ <tbody>
	+ {% for key,value in request.headers.items %}
	+ <tr><td ><code style="white-space: pre;">{{key}}</code></td><td ><code style="word-break: break-all">{{value}}</code></td></tr>
	+ {% endfor %}
	+ </tbody>
	+ </table>
	+
	+ <h2>GET data</h2>
	+ <table>
	+ <thead>
	+ <tr><th>{% trans "Key" %}</th><th>{% trans "Value" %}</th></tr>
	+ </thead>
	+ <tbody>
	+ {% for key,value in request.GET.items %}
	+ <tr><td><code>{{key}}</code></td><td><code>{{value}}</code></td></tr>
	+ {% endfor %}
	+ </tbody>
	+ </table>
	+
	+ <h2>POST data</h2>
	+ <table>
	+ <thead>
	+ <tr><th>{% trans "Key" %}</th><th>{% trans "Value" %}</th></tr>
	+ </thead>
	+ <tbody>
	+ {% for key,value in request.POST.items %}
	+ <tr><td><code>{{key}}</code></td><td><code>{{value}}</code></td></tr>
	+ {% endfor %}
	+ </tbody>
	+ </table>
	+
	</main>
	</div>
	{% endblock content %}
	diff --git a/numbas_lti/views/entry.py b/numbas_lti/views/entry.py
	index 05e5216..44015ac 100644
	--- a/numbas_lti/views/entry.py
	+++ b/numbas_lti/views/entry.py
	@@ -167,7 +167,13 @@ def seb_launch(request):
	resource_link_id = request.GET.get('resource_link_id')

	if session_key is None or resource_link_id is None:
	- return render(request, 'numbas_lti/launch_errors/not_seb_launch.html')
	+ import hashlib
	+ seb_settings = request.resource.seb_settings
	+ uri = request.build_absolute_uri()
	+ key = seb_settings.config_key_hash
	+ expected_hash = hashlib.sha256((uri + key).encode('utf-8')).hexdigest()
	+
	+ return render(request, 'numbas_lti/launch_errors/not_seb_launch.html', {'expected_hash': expected_hash})

	return redirect(add_query_param(reverse('set_cookie_entry'), {'resource_link_id': resource_link_id, 'session_key': session_key}))