RunestoneInteractive
diff --git a/‎controllers/assignments.py‎
Lines changed: 5 additions & 38 deletions b/‎controllers/assignments.py‎
Lines changed: 5 additions & 38 deletions
diff --git a/‎controllers/lti.py‎
Lines changed: 37 additions & 14 deletions b/‎controllers/lti.py‎
Lines changed: 37 additions & 14 deletions
diff --git a/‎models/grouped_assignments.py‎
Lines changed: 8 additions & 2 deletions b/‎models/grouped_assignments.py‎
Lines changed: 8 additions & 2 deletions
@@ -18,11 +18,14 @@
 # Third-party imports
 # -------------------
 from psycopg2 import IntegrityError
-from rs_grading import do_autograde, do_calculate_totals, do_check_answer, send_lti_grade
-from db_dashboard import DashboardDataAnalyzer
 import six
 import bleach
 
+# Local application imports
+# -------------------------
+from rs_grading import do_autograde, do_calculate_totals, do_check_answer, send_lti_grade, _get_lti_record, _try_to_send_lti_grade
+from db_dashboard import DashboardDataAnalyzer
+
 logger = logging.getLogger(settings.logger)
 logger.setLevel(settings.log_level)
 
@@ -362,39 +365,6 @@ def _autograde(sid=None, student_rownum=None, question_name=None, enforce_deadli
         return {'success': False, 'message': "Select an assignment before trying to autograde."}
 
 
-def _get_assignment(assignment_id):
-    return db(db.assignments.id == assignment_id).select().first()
-
-def _try_to_send_lti_grade(student_row_num, assignment_id):
-    # try to send lti grades
-    assignment = _get_assignment(assignment_id)
-    if not assignment:
-        session.flash = "Failed to find assignment object for assignment {}".format(assignment_id)
-        return False
-    else:
-        grade = db(
-            (db.grades.auth_user == student_row_num) &
-            (db.grades.assignment == assignment_id)).select().first()
-        if not grade:
-            session.flash = "Failed to find grade object for user {} and assignment {}".format(auth.user.id,
-                                                                                               assignment_id)
-            return False
-        else:
-            lti_record = _get_lti_record(session.oauth_consumer_key)
-            if (not lti_record) or (not grade.lis_result_sourcedid) or (not grade.lis_outcome_url):
-                session.flash = "Failed to send grade back to LMS (Coursera, Canvas, Blackboard...), probably because the student accessed this assignment directly rather than using a link from the LMS, or because there is an error in the assignment link in the LMS. Please report this error."
-                return False
-            else:
-                # really sending
-                # print("send_lti_grade({}, {}, {}, {}, {}, {}".format(assignment.points, grade.score, lti_record.consumer, lti_record.secret, grade.lis_outcome_url, grade.lis_result_sourcedid))
-                send_lti_grade(assignment.points,
-                               score=grade.score,
-                               consumer=lti_record.consumer,
-                               secret=lti_record.secret,
-                               outcome_url=grade.lis_outcome_url,
-                               result_sourcedid=grade.lis_result_sourcedid)
-                return True
-
 @auth.requires_login()
 def student_autograde():
     """
@@ -731,9 +701,6 @@ def chooseAssignment():
 
 # The rest of the file is about the the spaced practice:
 
-def _get_lti_record(oauth_consumer_key):
-    return db(db.lti_keys.consumer == oauth_consumer_key).select().first()
-
 def _get_course_practice_record(course_name):
     return db(db.course_practice.course_name == course_name).select().first()
 
 
@@ -1,7 +1,9 @@
 import uuid
+import six
 
-from applications.runestone.modules import oauth
-from applications.runestone.modules import oauth_store
+
+from rs_grading import _try_to_send_lti_grade
+import oauth2
 
 
 # For some reason, URL query parameters are being processed twice by Canvas and returned as a list, like [23, 23]. So, just take the first element in the list.
@@ -61,20 +63,26 @@ def index():
             masterapp = 'welcome'
         session.connect(request, response, masterapp=masterapp, db=db)
 
-        oauth_server = oauth.OAuthServer(oauth_store.LTI_OAuthDataStore(myrecord.consumer,myrecord.secret))
-        oauth_server.add_signature_method(oauth.OAuthSignatureMethod_PLAINTEXT())
-        oauth_server.add_signature_method(oauth.OAuthSignatureMethod_HMAC_SHA1())
-
-        # Use ``setting.lti_uri`` if it's defined; otherwise, use the current URI (which must be built from its components). Don't include query parameters, which causes a filure in OAuth security validation.
-        full_uri = settings.get('lti_uri',
-          '{}://{}{}'.format(request.env.wsgi_url_scheme,
-                             request.env.http_host, request.url))
-        oauth_request = oauth.OAuthRequest.from_request('POST', full_uri, None,
-          dict(request.vars), query_string=request.env.query_string)
+        oauth_server = oauth2.Server()
+        oauth_server.add_signature_method(oauth2.SignatureMethod_PLAINTEXT())
+        oauth_server.add_signature_method(oauth2.SignatureMethod_HMAC_SHA1())
+
+        # Use ``setting.lti_uri`` if it's defined; otherwise, use the current URI (which must be built from its components). Don't include query parameters, which causes a failure in OAuth security validation.
+        full_uri = settings.get('lti_uri', '{}://{}{}'.format(
+            request.env.wsgi_url_scheme, request.env.http_host, request.url
+        ))
+        oauth_request = oauth2.Request.from_request(
+            'POST', full_uri, None, dict(request.vars),
+            query_string=request.env.query_string
+        )
+        # Fix encoding -- the signed keys are in bytes, but the oauth2 Request constructor translates everything to a string. Therefore, they never compare as equal. ???
+        if isinstance(oauth_request.get('oauth_signature'), six.string_types):
+            oauth_request['oauth_signature'] = oauth_request['oauth_signature'].encode('utf-8')
+        consumer = oauth2.Consumer(myrecord.consumer, myrecord.secret)
 
         try:
-            consumer, token, params = oauth_server.verify_request(oauth_request)
-        except oauth.OAuthError as err:
+            oauth_server.verify_request(oauth_request, consumer, None)
+        except oauth2.Error as err:
             return dict(logged_in=False, lti_errors=["OAuth Security Validation failed:"+err.message, request.vars],
                         masterapp=masterapp)
             consumer = None
@@ -131,12 +139,26 @@ def index():
         auth.login_user(user)
 
     if assignment_id:
+        # If the assignment is released, but this is the first time a student has visited the assignment, auto-upload the grade.
+        assignment = db(db.assignments.id == assignment_id).select(
+            db.assignments.released).first()
+        grade = db(
+            (db.grades.auth_user == user.id) &
+            (db.grades.assignment == assignment_id)
+        ).select(db.grades.lis_result_sourcedid, db.grades.lis_outcome_url).first()
+        send_grade = (assignment and assignment.released and grade and
+                      not grade.lis_result_sourcedid and
+                      not grade.lis_outcome_url)
+
         # save the guid and url for reporting back the grade
         db.grades.update_or_insert((db.grades.auth_user == user.id) & (db.grades.assignment == assignment_id),
                                    auth_user=user.id,
                                    assignment=assignment_id,
                                    lis_result_sourcedid=result_source_did,
                                    lis_outcome_url=outcome_url)
+        if send_grade:
+            _try_to_send_lti_grade(user.id, assignment_id)
+
         redirect(URL('assignments', 'doAssignment', vars={'assignment_id':assignment_id}))
 
     elif practice:
@@ -153,3 +175,4 @@ def index():
         redirect(URL('assignments', 'settz_then_practice', vars={'course_name':user['course_name']}))
 
     redirect(get_course_url('index.html'))
+
@@ -20,8 +20,14 @@
     Field('score', 'double'),
     Field('manual_total', 'boolean'),
     Field('projected', 'double'),
-    Field('lis_result_sourcedid', 'string'), # guid for the student x assignment cell in the external gradebook
-    Field('lis_outcome_url', 'string'), #web service endpoint where you send signed xml messages to insert into gradebook; guid above will be one parameter you send in that xml; the actual grade and comment will be others
+    # guid for the student x assignment cell in the external gradebook
+    #
+    # Guessing that the ``lis_outcome_url`` length is actually inteded for this field, use that as its maximum length.
+    Field('lis_result_sourcedid', 'string', length=1024),
+    # web service endpoint where you send signed xml messages to insert into gradebook; guid above will be one parameter you send in that xml; the actual grade and comment will be others
+    #
+    # Per the ``LTI spec v1.1.1 <https://www.imsglobal.org/specs/ltiv1p1p1/implementation-guide>`_ in section 6, the maximum length of the ``lis_outcome_url`` field is 1023 characters.
+    Field('lis_outcome_url', 'string', length=1024),
     migrate=table_migrate_prefix + 'grades.table',
     )