We are currently using D2L version 9.1 and have set up an external tool provider in the LMS. I believe that we have properly configured the endpoint, since it redirects me to the endpoint I expected and contains the LTI-specific payloads.
However, as per the LTI Specification, we do not see the standard OAUTH payloads of oauth_consumer_key, oauth_nonce, oauth_signature, oauth_timestamp.
How would we go about authenticating an LTI link from Desire2Learn to make sure that it is properly secured?
The LTI parameters other than security may be sent if the key or secret fields aren't set when the External Learning Tool was set up. That would result in missing oath fields, but, other fields present.
Is there a chance that either key or secret are missing from the link or the configured tool provider?
You can use the "Preview Request Details" in the External Learning Tool Setup page to see what is going to go out.
In my tests if I didn't set the key the preview showed:
<form method="post" id="LtiRequestForm" name="LtiRequestForm" action="http://test.com" enctype="application/x-www-form-urlencoded">
<input type="hidden" name="launch_presentation_locale" value="EN-CA__">
<input type="hidden" name="lti_message_type" value="basic-lti-launch-request">
<input type="hidden" name="lti_version" value="LTI-1p0">
<input type="hidden" name="resource_link_description" value="">
<input type="hidden" name="resource_link_id" value="testserver">
<input type="hidden" name="resource_link_title" value="Test Title">
<input type="hidden" name="tool_consumer_instance_contact_email" value="">
<input type="hidden" name="tool_consumer_instance_description" value="">
<input type="hidden" name="tool_consumer_instance_guid" value="">
<input type="hidden" name="tool_consumer_instance_name" value="">
<input type="submit" name="basiclti_submit" value="Launch Endpoint with BasicLTI Data">
</form>
But when I did set the key the preview shows:
<form method="post" id="LtiRequestForm" name="LtiRequestForm" action="http://test.com" enctype="application/x-www-form-urlencoded">
<input type="hidden" name="launch_presentation_locale" value="EN-CA__">
<input type="hidden" name="lti_message_type" value="basic-lti-launch-request">
<input type="hidden" name="lti_version" value="LTI-1p0">
<input type="hidden" name="oauth_callback" value="about:blank">
<input type="hidden" name="oauth_consumer_key" value="asdf">
<input type="hidden" name="oauth_nonce" value="383531779">
<input type="hidden" name="oauth_signature" value="8G/2Kkkt1ik3Yh6QdNvZd769mug=">
<input type="hidden" name="oauth_signature_method" value="HMAC-SHA1">
<input type="hidden" name="oauth_timestamp" value="1325880893">
<input type="hidden" name="oauth_version" value="1.0">
<input type="hidden" name="resource_link_description" value="">
<input type="hidden" name="resource_link_id" value="testserver">
<input type="hidden" name="resource_link_title" value="Test Title">
<input type="hidden" name="tool_consumer_instance_contact_email" value="">
<input type="hidden" name="tool_consumer_instance_description" value="">
<input type="hidden" name="tool_consumer_instance_guid" value="">
<input type="hidden" name="tool_consumer_instance_name" value="">
<input type="submit" name="basiclti_submit" value="Launch Endpoint with BasicLTI Data">
</form>
Related
We are reviewing how we implement our global payment solution. Currently we are using HPP and message handlers to capture the response from global payment. This works fine apart from some edge cases which are rare. Is it possible to use both the HPP_Response_Url and the Merchant_Response_Url to capture the responses. Are they mutually exclusive.
Regards
Following is our hpp
<form action="https://pay.sandbox.realexpayments.com/pay" method="POST" target="iframe">
<input type="hidden" name="TIMESTAMP" value="20221122112307">
<input type="hidden" name="MERCHANT_ID" value="XXX">
<input type="hidden" name="ACCOUNT" value="internet">
<input type="hidden" name="ORDER_ID" value="N3qsk4kYRZihmPrTXWYS6g">
<input type="hidden" name="AMOUNT" value="4">
<input type="hidden" name="CURRENCY" value="EUR">
<input type="hidden" name="AUTO_SETTLE_FLAG" value="1">
<input type="hidden" name="HPP_VERSION" value="2">
<input type="hidden" name="HPP_CUSTOMER_COUNTRY" value="DE">
<input type="hidden" name="HPP_CUSTOMER_FIRSTNAME" value="James">
<input type="hidden" name="HPP_CUSTOMER_LASTNAME" value="Mason">
<input type="hidden" name="MERCHANT_RESPONSE_URL" value="https://localhost:44369/api/payment/processresponse">
<input type="hidden" name="HPP_TX_STATUS_URL" value="https://localhost:44369/api/payment/processresponse">
<input type="hidden" name="HPP_POST_RESPONSE" value="https://localhost:44369/api/payment/processresponse">
<!-- APMs Mandatory Fields -->
<input type="hidden" name="SHA1HASH" value="edfd9ff20b616e6e5c3fb195bbf51288390e50e6">
<input type="submit" value="Click To Pay">
</form>
i am trying to implement a hpp full redirect to realex payment from Odoo, the transaction is successful but it does not redirect to my website neither giving any response. Here is my code:
<template id="global_form">
<input type="hidden" name="data_set" t-att-data-action-url="tx_url" data-remove-me=""/>
<input type="hidden" name="TIMESTAMP" t-att-value="timestamp"/>
<input type="hidden" name="MERCHANT_ID" t-att-value="merchant_id"/>
<input type="hidden" name="ACCOUNT" t-att-value="account_id"/>
<input type="hidden" name="shared_secret" t-att-value="shared_secret"/>
<input type="hidden" name="ORDER_ID" t-att-value="order_id"/>
<input type="hidden" name="AMOUNT" t-att-value="global_amount"/>
<input type="hidden" name="CURRENCY" value="CAD"/>
<input type="hidden" name="AUTO_SETTLE_FLAG" value="1"/>
<input type="hidden" name="COMMENT1" value="Mobile Channel"/>
<input type="hidden" name="HPP_VERSION" value="2"/>
<input type="hidden" name="HPP_CHANNEL" value="ECOM"/>
<input type="hidden" name="HPP_LANG" value="en"/>
<input type="hidden" name="SHA1HASH" t-att-value="SHA1HASH"/>
<input type="hidden" name="HPP_POST_RESPONSE" value="http://localhost:8069"/>
<input type="hidden" name="MERCHANT_RESPONSE_URL" value="http://localhost:8069/">
</template>
This how it works using Odoo, I ma not getting any response with any of HPP_POST_RESPONSE or MERCHANT_RESPONSE_URL. Note that i have full acces to the merchant site in globalpaymnet.
Thanks.
I have a HTML form on a page which is not running on the secure binding but I need to post this form to a secure page. Now issue I am facing is that my form data gets lost when I submit this form.
I am using following following code for the form:
<form id="pdp-form" action="#Url.Action("action", "Controller")" method="post">
<input type="hidden" value="" name="Size" id="pdp-size">
<input type="hidden" value="" name="ProductId" id="pdp-code">
<input type="hidden" name="Product" id="pdp-ProductName" value="Product Name">
<input type="hidden" name="Category" id="pdp-Category" value="Category Name">
<input type="hidden" value="buyID" name="ProdBuyId" id="ProdBuyId">
</form>
How can I post my from on the secure page without loosing my data?
Note : Secure page where we are posting the form has both get and post methods.
i don't know what are you trying to do, but you're missing the submit button
<button type="submit">Submit</button>
<form role="form" action="#Url.Action("action", "Controller")" method="post">
<input type="hidden" value="" name="Size" id="pdp-size">
<input type="hidden" value="" name="ProductId" id="pdp-code">
<input type="hidden" name="Product" id="pdp-ProductName" value="Product Name">
<input type="hidden" name="Category" id="pdp-Category" value="Category Name">
<input type="hidden" value="buyID" name="ProdBuyId" id="ProdBuyId">
<button type="submit">Submit</button>
</form>
I have a form sending data to Paypal server.
`
<form id="paypal" action="https://www.sandbox.paypal.com/cgi-bin/webscr"method="post">
<input type="hidden" id="amount" name="amount" value="5"/>
<input type="hidden" id="quantity" name="quantity" value="1"/>
<input type="hidden" name="cmd" value="_xclick"/>
<input type="hidden" name="business" value="test#testing.arm"/>
<input type="hidden" name="item_name" value="Credits"/>
<input type="hidden" name="item_number" value="numbertovar"/>
<input type="hidden" name="currency_code" value="USD"/>
<input type="hidden" name="button_subtype" value="services"/>
<input type="hidden" name="no_note" value="1"/>
<input type="hidden" name="no_shipping" value="1"/>
<input type="hidden" name="return" value="http://armbid.dev/credits/add"/>
<input type="hidden" name="notify_url" value="http://armbid.dev/credits/add"/>
<input type="hidden" name="cancel_return"value="http://armbid.dev/credits/add"/>
<input type="hidden" name="bn" value="PP-BuyNowBF:btn_buynowCC_LG.gif:NonHostedGuest"/>
<img alt="" border="0" src="https://www.paypal.com/en_US/i/scr/pixel.gif" width="1" height="1"/>
<input type="submit" value="Пополнить"/>
</form>`
After sending POST data to Paypal, user pays. And after his payment, I need in answer from paypal - transaction number, date of payment, amount payed.
At this moment I can send data to Paypal, pay, and go back
You should configure Instant payment notifications (callback URL) in paypal settings. It will be called by paypal after each transaction. And it will deliver this info to you
<form action="https://bucketname-sellercentral.s3.amazonaws.com/" method="post" enctype="multipart/form-data">
<input type="hidden" name="key" value="uploads/${filename}">
<input type="hidden" name="AWSAccessKeyId" value="GGGGGGGGGG46IITQQ">
<input type="hidden" name="acl" value="private">
<input type="hidden" name="success_action_redirect" value="http://192.168.1.4:8443/test">
<input type="hidden" name="policy" value=<policy>
<input type="hidden" name="signature" value=<signature>
<input type="hidden" name="Content-Type" value="image/jpeg">
<input name="file" type="file" >
</form>
Here if in the key field i put value="uploads/tulips.jpg" it works but if i do not specify the filename it is not working ie value="uploads/${filename}" does not work
it does not throw an error or exception is simply is not visible in my s3 bucket