From c122312dc6a0916667ee6e50ea7c4b9d7f610f3e Mon Sep 17 00:00:00 2001
From: Paulo Viadanna <paulo@opencraft.com>
Date: Wed, 29 Apr 2020 11:20:59 -0300
Subject: [PATCH] BB-2332: Add preflight response validation

---
 lti_consumer/lti_1p3/consumer.py | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/lti_consumer/lti_1p3/consumer.py b/lti_consumer/lti_1p3/consumer.py
index c79eb96..9c3e09d 100644
--- a/lti_consumer/lti_1p3/consumer.py
+++ b/lti_consumer/lti_1p3/consumer.py
@@ -1,6 +1,8 @@
 """
 LTI 1.3 Consumer implementation
 """
+import json
+import time
 from six.moves.urllib.parse import urlencode
 
 from . import exceptions
@@ -278,6 +280,10 @@ class LtiConsumer1p3:
 
         return self.key_handler.get_public_jwk()
 
+        public_keys = jwk.KEYS()
+        public_keys.append(self.jwk)
+        return json.loads(public_keys.dump_jwks())
+
     def access_token(self, token_request_data):
         """
         Validate request and return JWT access token.
@@ -344,3 +350,19 @@ class LtiConsumer1p3:
             "expires_in": 3600,
             "scope": scopes_str
         }
+
+    def _validate_preflight_response(self, response):
+        """
+        Validates a preflight response to be used in a launch request
+
+        Raises ValueError in case of validation failure
+
+        :param response: the preflight response to be validated
+        """
+        try:
+            assert response.get("nonce")
+            assert response.get("state")
+            assert response.get("client_id") == self.client_id
+            assert response.get("redirect_uri") == self.launch_url
+        except AssertionError as e:
+            raise ValueError("Preflight reponse failed validation")
-- 
GitLab