From 8b1eeda28f71457a5199c0fce2ba34e911553fb2 Mon Sep 17 00:00:00 2001
From: Charles Severance <csev@umich.edu>
Date: Tue, 17 May 2022 12:24:18 -0400
Subject: [PATCH] Improve _sha256 field handling

---
 src/Core/LTIX.php   |  3 ++-
 src/UI/CrudForm.php | 22 +++++++++++++++++++++-
 2 files changed, 23 insertions(+), 2 deletions(-)

diff --git a/src/Core/LTIX.php b/src/Core/LTIX.php
index 637b44f2..fac951a1 100644
--- a/src/Core/LTIX.php
+++ b/src/Core/LTIX.php
@@ -1,5 +1,6 @@
 <?php
 
+
 namespace Tsugi\Core;
 
 use \Tsugi\OAuth\TrivialOAuthDataStore;
@@ -1369,7 +1370,7 @@ public static function loadAllData($p, $profile_table, $post) {
             $sql .= "\nWHERE (k.deploy_key = :deployment_id OR k.deploy_key IS NULL)
                 AND (
                     (i.issuer_sha256 = :issuer_sha256 AND i.issuer_client = :issuer_client)
-                    OR ( lms_issuer_sha256 = :issuer_sha256 AND lms_client = :issuer_client )
+                    OR ( (lms_issuer_sha256 IS NULL OR lms_issuer_sha256 = :issuer_sha256 ) AND lms_client = :issuer_client )
                 )
             ";
         } else {
diff --git a/src/UI/CrudForm.php b/src/UI/CrudForm.php
index f2fcbd5c..593f9486 100644
--- a/src/UI/CrudForm.php
+++ b/src/UI/CrudForm.php
@@ -118,6 +118,16 @@ public static function handleInsert($tablename, $fields) {
                 // Set the sha256 value if it is not there
                 if ( strpos($field, "_sha256") !== false && ! isset($_POST[$field])) {
                     $key = str_replace("_sha256", "_key", $field);
+                    $key2 = str_replace("_sha256", "", $field);
+                    // Allow nulls
+                    if ( array_key_exists($key, $_POST)) {
+                        // All good
+                    } else if ( array_key_exists($key2, $_POST)) {
+                        $key = $key2;
+                    } else {
+                        continue;
+                    }
+
                     // Nulls allowed
                     if ( !array_key_exists($key, $_POST) ) {
                         $_SESSION['error'] = "Missing POST field: ".$key;
@@ -352,10 +362,20 @@ public static function handleUpdate($tablename, $fields, $where_clause=false,
                 }
 
                 // Update the sha256 value if we have a corresponding _key value
+                // xyz => xyz_sha256
+                // xyz_key => xyz_sha256
                 if ( strpos($field, "_sha256") !== false && ! isset($_POST[$field])) {
                     $key = str_replace("_sha256", "_key", $field);
+                    $key2 = str_replace("_sha256", "", $field);
                     // Allow nulls
-                    if ( ! array_key_exists($key, $_POST) ) continue;
+                    if ( array_key_exists($key, $_POST)) {
+                        // All good
+                    } else if ( array_key_exists($key2, $_POST)) {
+                        $key = $key2;
+                    } else {
+                        continue;
+                    }
+
                     if ( $_POST[$key] === null ) {
                         $value = null;
                     } else {