update _check_request for token access

moevm · Aug 26, 2024 · 2184642 · 2184642
1 parent e275cef
commit 2184642
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -11,6 +11,7 @@ SIGNUP_PAGE_ENABLED=...
 
 CONSUMER_KEY=...
 CONSUMER_SECRET=...
+ACCESS_TOKEN=...
 ```
 
 ## Run  

diff --git a/app/lti_session_passback/lti/check_request.py b/app/lti_session_passback/lti/check_request.py
@@ -4,6 +4,7 @@
 
 from .lti_validator import LTIRequestValidator
 
+from os import environ 
 
 def check_request(request):
     if not mock_lti_auth():
@@ -13,6 +14,13 @@ def check_request(request):
 
 
 def _check_request(request):
+    # access by token
+    access_token = request.args.get('access_token', None)
+    if access_token and (access_token == environ.getenv('ACCESS_TOKEN')):
+        # if request has access_token, and it's equal to ACCESS_TOKEN from env -> accept, esle - check user
+        return True
+
+    # access by LTI user
     provider = FlaskToolProvider.from_flask_request(
         secret=ConsumersDBManager.get_secret(request.args.get('oauth_consumer_key', None)),
         request=request)
-Original file line number
+Diff line change
@@ Expand Up / @@ -11,6 +11,7 @@ SIGNUP_PAGE_ENABLED=... @@
     CONSUMER_KEY=...
     CONSUMER_SECRET=...
+    ACCESS_TOKEN=...
     ```
     ## Run
@@ Expand Down @@