Merge branch 'develop'

* develop:
  moved the code that stashes the LTI launch params to be after login(); fixes issue with masquerading in Canvas

django_auth_lti/backends.py

@@ -127,48 +127,6 @@ class LTIAuthBackend(ModelBackend):
         user.save()
         logger.debug("updated the user record in the database")
 
-        lti_launch = {
-            'custom_canvas_account_id': request.POST.get('custom_canvas_account_id', None),
-            'lis_outcome_service_url': request.POST.get('lis_outcome_service_url', None),
-            'lti_message_type': request.POST.get('lti_message_type', None),
-            'resource_link_id': request.POST.get('resource_link_id', None),
-            'user_image': request.POST.get('user_image', None),
-            'lis_outcome_service_url': request.POST.get('lis_outcome_service_url', None),
-            'lis_course_offering_sourcedid': request.POST.get('lis_course_offering_sourcedid', None),
-            'selection_directive': request.POST.get('selection_directive', None),
-            'resource_link_title': request.POST.get('resource_link_title', None),
-            'resource_link_description': request.POST.get('resource_link_description', None),
-            'context_id': request.POST.get('context_id', None),
-            'context_type': request.POST.get('context_type', None),
-            'context_title': request.POST.get('context_title', None),
-            'context_label': request.POST.get('context_label', None),
-            'launch_presentation_locale': request.POST.get('launch_presentation_locale', None),
-            'launch_presentation_css_url': request.POST.get('launch_presentation_css_url', None),
-            'launch_presentation_width': request.POST.get('launch_presentation_width', None),
-            'launch_presentation_height': request.POST.get('launch_presentation_height', None),
-            'launch_presentation_return_url': request.POST.get('launch_presentation_return_url', None),
-            'launch_presentation_document_target': request.POST.get('launch_presentation_document_target', None),
-            'tool_consumer_info_product_family_code': request.POST.get('tool_consumer_info_product_family_code', None),
-            'tool_consumer_info_version': request.POST.get('tool_consumer_info_version', None),
-            'tool_consumer_instance_guid': request.POST.get('tool_consumer_instance_guid', None),
-            'tool_consumer_instance_name': request.POST.get('tool_consumer_instance_name', None),
-            'tool_consumer_instance_description': request.POST.get('tool_consumer_instance_description', None),
-            'tool_consumer_instance_url': request.POST.get('tool_consumer_instance_url', None),
-            'tool_consumer_instance_contact_email': request.POST.get('tool_consumer_instance_contact_email', None),
-            'lis_person_name_given': request.POST.get('lis_person_name_given', None),
-            'lis_person_name_family': request.POST.get('lis_person_name_family', None),
-            'lis_person_contact_email_primary': request.POST.get('lis_person_contact_email_primary', None),
-            'user_id': request.POST.get('user_id', None),
-            'custom_canvas_user_id': request.POST.get('custom_canvas_user_id', None),
-            'custom_canvas_api_domain': request.POST.get('custom_canvas_api_domain', None),
-            'custom_canvas_enrollment_state': request.POST.get('custom_canvas_enrollment_state', None),
-            'custom_canvas_course_id': request.POST.get('custom_canvas_course_id', None),
-            'custom_canvas_user_login_id': request.POST.get('custom_canvas_user_login_id', None),
-            'roles': request.POST.get('roles', '').split(','),
-        }
-
-        request.session['LTI_LAUNCH'] = lti_launch
-
         return user
 
     def clean_username(self, username):

django_auth_lti/middleware.py

@@ -44,6 +44,7 @@ class LTIAuthMiddleware(object):
             if user is not None:
                 # User is valid.  Set request.user and persist user in the session
                 # by logging the user in.
+
                 logger.debug('user was successfully authenticated; now log them in')
                 request.user = user
                 with Timer() as t:
@@ -51,6 +52,48 @@ class LTIAuthMiddleware(object):
     
                 logger.debug('login() took %s s' % t.secs)
 
+                lti_launch = {
+                    'custom_canvas_account_id': request.POST.get('custom_canvas_account_id', None),
+                    'lis_outcome_service_url': request.POST.get('lis_outcome_service_url', None),
+                    'lti_message_type': request.POST.get('lti_message_type', None),
+                    'resource_link_id': request.POST.get('resource_link_id', None),
+                    'user_image': request.POST.get('user_image', None),
+                    'lis_outcome_service_url': request.POST.get('lis_outcome_service_url', None),
+                    'lis_course_offering_sourcedid': request.POST.get('lis_course_offering_sourcedid', None),
+                    'selection_directive': request.POST.get('selection_directive', None),
+                    'resource_link_title': request.POST.get('resource_link_title', None),
+                    'resource_link_description': request.POST.get('resource_link_description', None),
+                    'context_id': request.POST.get('context_id', None),
+                    'context_type': request.POST.get('context_type', None),
+                    'context_title': request.POST.get('context_title', None),
+                    'context_label': request.POST.get('context_label', None),
+                    'launch_presentation_locale': request.POST.get('launch_presentation_locale', None),
+                    'launch_presentation_css_url': request.POST.get('launch_presentation_css_url', None),
+                    'launch_presentation_width': request.POST.get('launch_presentation_width', None),
+                    'launch_presentation_height': request.POST.get('launch_presentation_height', None),
+                    'launch_presentation_return_url': request.POST.get('launch_presentation_return_url', None),
+                    'launch_presentation_document_target': request.POST.get('launch_presentation_document_target', None),
+                    'tool_consumer_info_product_family_code': request.POST.get('tool_consumer_info_product_family_code', None),
+                    'tool_consumer_info_version': request.POST.get('tool_consumer_info_version', None),
+                    'tool_consumer_instance_guid': request.POST.get('tool_consumer_instance_guid', None),
+                    'tool_consumer_instance_name': request.POST.get('tool_consumer_instance_name', None),
+                    'tool_consumer_instance_description': request.POST.get('tool_consumer_instance_description', None),
+                    'tool_consumer_instance_url': request.POST.get('tool_consumer_instance_url', None),
+                    'tool_consumer_instance_contact_email': request.POST.get('tool_consumer_instance_contact_email', None),
+                    'lis_person_name_given': request.POST.get('lis_person_name_given', None),
+                    'lis_person_name_family': request.POST.get('lis_person_name_family', None),
+                    'lis_person_contact_email_primary': request.POST.get('lis_person_contact_email_primary', None),
+                    'user_id': request.POST.get('user_id', None),
+                    'custom_canvas_user_id': request.POST.get('custom_canvas_user_id', None),
+                    'custom_canvas_api_domain': request.POST.get('custom_canvas_api_domain', None),
+                    'custom_canvas_enrollment_state': request.POST.get('custom_canvas_enrollment_state', None),
+                    'custom_canvas_course_id': request.POST.get('custom_canvas_course_id', None),
+                    'custom_canvas_user_login_id': request.POST.get('custom_canvas_user_login_id', None),
+                    'roles': request.POST.get('roles', '').split(','),
+                }
+
+                request.session['LTI_LAUNCH'] = lti_launch
+
             else:
                 # User could not be authenticated!
                 logger.warning('user could not be authenticated via LTI params; let the request continue in case another auth plugin is configured')