-
Notifications
You must be signed in to change notification settings - Fork 78
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Heartbeat Monitoring for Exams: Safe Exam Browser (SEB) browser authorisation #7542
Conversation
58ec3ad
to
073a598
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM just need to rebase and resolve conflict in AssessmentForm @purfectliterature thanks!
@cysjonathan Why are there these commented codes about live feedback fields? |
@purfectliterature can ignore that for now.. those commented lines are later on fixed inside this PR #7553 (it's also under review) |
073a598
to
407cdaa
Compare
- added missing translations from #7542 - migrated away from deprecated codecov gem
- added missing translations from #7542 - migrated away from deprecated codecov gem
- added missing translations from #7542 - migrated away from deprecated codecov gem
- added missing translations from #7542 - migrated away from deprecated codecov gem
- added missing translations from #7542 - migrated away from deprecated codecov gem
- added missing translations from #7542 - migrated away from deprecated codecov gem
- added missing translations from #7542 - migrated away from deprecated codecov gem
- added missing translations from #7542 - migrated away from deprecated codecov gem
- added missing translations from #7542 - migrated away from deprecated codecov gem
- added missing translations from #7542 - migrated away from deprecated codecov gem
This PR adds the long-awaited support for Safe Exam Browser (SEB) Config Keys to be used to authorise accesses to monitored assessments. For backwards compatibility, User Agent (UA)-based browser authorisation is still available, and instructors can now choose to,
The defaults for browser authorisation and browser authorisation method are enabled and User Agent (UA), respectively.
This PR also improves the translations of some parts of UIs pertaining to the monitoring feature, making them more succinct and clearer.
Important
A config key and config key hash are two very different things. A config key is (effectively) a hash of a specific SEB configuration. A config key hash is a SHA256 hash of some URL and the config key of the configuration in which browser the config key hash is generated from.
In our runtime, SEB only provides us with a config key hash; we can get the URL ourselves. We authorise a browser access by hashing the URL with our config key in the server and comparing if the resulting hash equals to the config key hash from SEB. SEB doesn't reveal config keys for security purposes.
A change to our global Axios client is that it will always append a
X-SafeExamBrowser-Url
header with the request URL on every request on SEB. The rationale for this change was documented in the TSDoc forappendRequestURLIfOnSEB
.