Skip to content

Commit

Permalink
Obscure the user id going to the backend
Browse files Browse the repository at this point in the history
  • Loading branch information
Dave St.Germain committed Jan 15, 2019
1 parent 8211f87 commit 38ebe23
Show file tree
Hide file tree
Showing 3 changed files with 20 additions and 4 deletions.
6 changes: 3 additions & 3 deletions edx_proctoring/api.py
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,6 @@
from __future__ import absolute_import

from datetime import datetime, timedelta
import hashlib
import logging
import uuid
import pytz
Expand Down Expand Up @@ -50,7 +49,8 @@

from edx_proctoring.utils import (
humanized_time,
emit_event
emit_event,
obscured_user_id,
)

from edx_proctoring.backends import get_backend_provider
Expand Down Expand Up @@ -600,7 +600,7 @@ def create_exam_attempt(exam_id, user_id, taking_as_proctored=False):
scheme = 'https' if getattr(settings, 'HTTPS', 'on') == 'on' else 'http'
lms_host = '{scheme}://{hostname}'.format(scheme=scheme, hostname=settings.SITE_NAME)

obs_user_id = hashlib.sha1((u'%s%s' % (exam['course_id'], user_id)).encode('ascii')).hexdigest()
obs_user_id = obscured_user_id(user_id, exam['backend'])

# get the name of the user, if the service is available
full_name = None
Expand Down
15 changes: 15 additions & 0 deletions edx_proctoring/utils.py
Original file line number Diff line number Diff line change
Expand Up @@ -5,9 +5,13 @@
from __future__ import absolute_import

from datetime import datetime, timedelta
import hashlib
import hmac
import logging
import pytz
import six

from django.conf import settings
from django.utils.translation import ugettext as _

from opaque_keys.edx.keys import CourseKey
Expand Down Expand Up @@ -216,3 +220,14 @@ def _emit_event(name, context, data):
'Analytics tracker not properly configured. '
'If this message appears in a production environment, please investigate'
)


def obscured_user_id(user_id, *extra):
"""
Obscures the user id, returning a sha1 hash
Any extra information can be added to the hash
"""
obs_hash = hmac.new(settings.SECRET_KEY.encode('ascii'), digestmod=hashlib.sha1)
obs_hash.update(six.text_type(user_id))
obs_hash.update(u''.join(six.text_type(ext) for ext in extra))
return obs_hash.hexdigest()
3 changes: 2 additions & 1 deletion edx_proctoring/views.py
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,7 @@
get_time_remaining_for_attempt,
locate_attempt_by_attempt_code,
humanized_time,
obscured_user_id,
)

ATTEMPTS_PER_PAGE = 25
Expand Down Expand Up @@ -1000,7 +1001,7 @@ def get(self, request, course_id, exam_id=None):
backend = get_backend_provider(exam)
if backend:
user = {
'id': request.user.id,
'id': obscured_user_id(request.user.id, exam['backend']),
'full_name': request.user.get_full_name(),
'email': request.user.email
}
Expand Down

0 comments on commit 38ebe23

Please sign in to comment.