Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Heartbeat Monitoring for Exams: Safe Exam Browser (SEB) browser authorisation #7542

Merged
merged 3 commits into from
Sep 28, 2024

Conversation

purfectliterature
Copy link
Contributor

@purfectliterature purfectliterature commented Sep 10, 2024

This PR adds the long-awaited support for Safe Exam Browser (SEB) Config Keys to be used to authorise accesses to monitored assessments. For backwards compatibility, User Agent (UA)-based browser authorisation is still available, and instructors can now choose to,

  1. enable browser authorisation if needed, and
  2. if enabled, which method to authorise a given heartbeat in PulseGrid.

The defaults for browser authorisation and browser authorisation method are enabled and User Agent (UA), respectively.

This PR also improves the translations of some parts of UIs pertaining to the monitoring feature, making them more succinct and clearer.

Important

A config key and config key hash are two very different things. A config key is (effectively) a hash of a specific SEB configuration. A config key hash is a SHA256 hash of some URL and the config key of the configuration in which browser the config key hash is generated from.

In our runtime, SEB only provides us with a config key hash; we can get the URL ourselves. We authorise a browser access by hashing the URL with our config key in the server and comparing if the resulting hash equals to the config key hash from SEB. SEB doesn't reveal config keys for security purposes.

A change to our global Axios client is that it will always append a X-SafeExamBrowser-Url header with the request URL on every request on SEB. The rationale for this change was documented in the TSDoc for appendRequestURLIfOnSEB.

image image

@purfectliterature purfectliterature added Technical Story Ruby Pull requests that update Ruby code JavaScript Pull requests that update JavaScript code labels Sep 10, 2024
@purfectliterature purfectliterature self-assigned this Sep 10, 2024
@purfectliterature purfectliterature force-pushed the phillmont/monitoring-seb-hash branch 2 times, most recently from 58ec3ad to 073a598 Compare September 10, 2024 14:21
@purfectliterature purfectliterature changed the title Heartbeat Monitoring for Exams: Safe Exam Browser (SEB) browser authentication Heartbeat Monitoring for Exams: Safe Exam Browser (SEB) browser authorisation Sep 10, 2024
@purfectliterature purfectliterature marked this pull request as ready for review September 10, 2024 14:34
Copy link
Contributor

@cysjonathan cysjonathan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM just need to rebase and resolve conflict in AssessmentForm @purfectliterature thanks!

@purfectliterature
Copy link
Contributor Author

@cysjonathan Why are there these commented codes about live feedback fields?

@bivanalhar
Copy link
Contributor

@purfectliterature can ignore that for now.. those commented lines are later on fixed inside this PR #7553 (it's also under review)

@cysjonathan cysjonathan merged commit 6276ecb into master Sep 28, 2024
9 of 13 checks passed
@cysjonathan cysjonathan deleted the phillmont/monitoring-seb-hash branch September 28, 2024 12:05
adi-herwana-nus pushed a commit that referenced this pull request Oct 1, 2024
- added missing translations from #7542
- migrated away from deprecated codecov gem
adi-herwana-nus pushed a commit that referenced this pull request Oct 1, 2024
- added missing translations from #7542
- migrated away from deprecated codecov gem
adi-herwana-nus pushed a commit that referenced this pull request Oct 1, 2024
- added missing translations from #7542
- migrated away from deprecated codecov gem
adi-herwana-nus pushed a commit that referenced this pull request Oct 1, 2024
- added missing translations from #7542
- migrated away from deprecated codecov gem
adi-herwana-nus pushed a commit that referenced this pull request Oct 6, 2024
- added missing translations from #7542
- migrated away from deprecated codecov gem
adi-herwana-nus pushed a commit that referenced this pull request Oct 6, 2024
- added missing translations from #7542
- migrated away from deprecated codecov gem
adi-herwana-nus pushed a commit that referenced this pull request Oct 6, 2024
- added missing translations from #7542
- migrated away from deprecated codecov gem
adi-herwana-nus pushed a commit that referenced this pull request Oct 8, 2024
- added missing translations from #7542
- migrated away from deprecated codecov gem
adi-herwana-nus pushed a commit that referenced this pull request Oct 8, 2024
- added missing translations from #7542
- migrated away from deprecated codecov gem
cysjonathan pushed a commit that referenced this pull request Oct 9, 2024
- added missing translations from #7542
- migrated away from deprecated codecov gem
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
JavaScript Pull requests that update JavaScript code Ruby Pull requests that update Ruby code Technical Story
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants