[flask/sessions] fix the way lti endpoint is checked

Co-authored-by: Anthony Gégo <[email protected]>

inginious/frontend/flask/mapping.py

@@ -89,7 +89,7 @@ def init_flask_mapping(flask_app):
     flask_app.add_url_rule('/<cookieless:sessionid>preferences/delete', view_func=DeletePage.as_view('deletepage'))
     flask_app.add_url_rule('/<cookieless:sessionid>preferences/profile', view_func=ProfilePage.as_view('profilepage'))
     flask_app.add_url_rule('/<cookieless:sessionid>lti/task', view_func=LTITaskPage.as_view('ltitaskpage'))
-    flask_app.add_url_rule('/<cookieless:sessionid>lti/<courseid>/<taskid>', view_func=LTILaunchPage.as_view('ltilaunchpage'))
+    flask_app.add_url_rule('/<cookieless:sessionid>lti/<courseid>/<taskid>', view_func=LTILaunchPage.as_view(LTILaunchPage.endpoint))
     flask_app.add_url_rule('/<cookieless:sessionid>lti/bind', view_func=LTIBindPage.as_view('ltibindpage'))
     flask_app.add_url_rule('/<cookieless:sessionid>lti/login', view_func=LTILoginPage.as_view('ltiloginpage'))
     flask_app.add_url_rule('/<cookieless:sessionid>lti/asset/<path:asset_url>', view_func=LTIAssetPage.as_view('ltiassetpage'))

inginious/frontend/flask/mongo_sessions.py

@@ -73,8 +73,8 @@ def open_session(self, app, request):
         # Check if currently accessed URL is LTI launch page
         try:
             # request.url_rule is not set yet here.
-            endpoint, args = app.create_url_adapter(request).match()
-            is_lti_launch = app.view_functions.get(endpoint).view_class == LTILaunchPage
+            endpoint, _ = app.create_url_adapter(request).match()
+            is_lti_launch = endpoint == LTILaunchPage.endpoint
         except HTTPException:
             is_lti_launch = False
 
@@ -144,4 +144,4 @@ def save_session(self, app, session, response):
         if not cookieless:
             response.set_cookie(app.session_cookie_name, session_id,
                                 expires=expires, httponly=httponly,
-                                domain=domain, path=path, secure=secure)
+                                domain=domain, path=path, secure=secure)

inginious/frontend/pages/lti.py

@@ -166,6 +166,7 @@ class LTILaunchPage(INGIniousPage):
     """
     Page called by the TC to start an LTI session on a given task
     """
+    endpoint = 'ltilaunchpage'
 
     def GET(self, courseid, taskid):
         raise MethodNotAllowed()