|
version 1.26, 2021/11/22 23:41:00
|
version 1.31, 2022/02/02 00:31:16
|
|
Line 31 package Apache::ltiauth;
|
Line 31 package Apache::ltiauth;
|
| use strict; |
use strict; |
| use LONCAPA qw(:DEFAULT :match); |
use LONCAPA qw(:DEFAULT :match); |
| use Apache::Constants qw(:common :http); |
use Apache::Constants qw(:common :http); |
| use Net::OAuth; |
|
| use Apache::lonlocal; |
use Apache::lonlocal; |
| use Apache::lonnet; |
use Apache::lonnet; |
| use Apache::loncommon; |
use Apache::loncommon; |
|
Line 127 sub handler {
|
Line 126 sub handler {
|
| my $intdom = &Apache::lonnet::internet_dom($primary_id); |
my $intdom = &Apache::lonnet::internet_dom($primary_id); |
| if (($intdom ne '') && (grep(/^\Q$intdom\E$/,@intdoms))) { |
if (($intdom ne '') && (grep(/^\Q$intdom\E$/,@intdoms))) { |
| # |
# |
| # Retrieve information for LTI link protectors in course |
|
| # where url was /adm/launch/tiny/$cdom/$uniqueid |
|
| # |
|
| my (%crslti,%crslti_by_key,$itemid,$ltitype); |
|
| %crslti = &Apache::lonnet::get_course_lti($cnum,$cdom,'provider'); |
|
| if (keys(%crslti)) { |
|
| foreach my $id (keys(%crslti)) { |
|
| if (ref($crslti{$id}) eq 'HASH') { |
|
| my $key = $crslti{$id}{'key'}; |
|
| push(@{$crslti_by_key{$key}},$id); |
|
| } |
|
| } |
|
| } |
|
| # |
|
| # Verify the signed request using the secret for LTI link |
# Verify the signed request using the secret for LTI link |
| # protectors for which the key in the POSTed data matches |
# protectors for which the key in the POSTed data matches |
| # keys in the course configuration. |
# keys in the course configuration. |
|
Line 153 sub handler {
|
Line 138 sub handler {
|
| # Determine if nonce in POSTed data has expired. |
# Determine if nonce in POSTed data has expired. |
| # If unexpired, confirm it has not already been used. |
# If unexpired, confirm it has not already been used. |
| # |
# |
| if (keys(%crslti)) { |
# Retrieve information for LTI link protectors in course |
| $itemid = &get_lti_itemid($requri,$hostname,$params,\%crslti,\%crslti_by_key); |
# where url was /adm/launch/tiny/$cdom/$uniqueid |
| |
# |
| |
|
| |
my ($itemid,$ltitype,%crslti); |
| |
$itemid = &get_lti_itemid($requri,$hostname,$params,$cdom,$cnum,'deeplink'); |
| |
if ($itemid) { |
| |
%crslti = &Apache::lonnet::get_course_lti($cnum,$cdom,'provider'); |
| } |
} |
| if (($itemid) && (ref($crslti{$itemid}) eq 'HASH')) { |
if (($itemid) && (ref($crslti{$itemid}) eq 'HASH')) { |
| $ltitype = 'c'; |
$ltitype = 'c'; |
|
Line 164 sub handler {
|
Line 155 sub handler {
|
| return OK; |
return OK; |
| } |
} |
| } else { |
} else { |
| my %lti = &Apache::lonnet::get_domain_lti($cdom,'provider'); |
my %lti; |
| unless (keys(%lti) > 0) { |
$itemid = &get_lti_itemid($requri,$hostname,$params,$cdom,'','deeplink'); |
| &invalid_request($r,4); |
if ($itemid) { |
| return OK; |
%lti = &Apache::lonnet::get_domain_lti($cdom,'provider'); |
| } |
} |
| my (%domlti_by_key,%domlti); |
if (($itemid) && (ref($lti{$itemid}) eq 'HASH')) { |
| foreach my $id (keys(%lti)) { |
|
| if (ref($lti{$id}) eq 'HASH') { |
|
| my $key = $lti{$id}{'key'}; |
|
| if (!$lti{$itemid}{'requser'}) { |
|
| push(@{$domlti_by_key{$key}},$id); |
|
| $domlti{$id} = $lti{$id}; |
|
| } |
|
| } |
|
| } |
|
| if (keys(%domlti)) { |
|
| $itemid = &get_lti_itemid($requri,$hostname,$params,\%domlti,\%domlti_by_key); |
|
| } |
|
| if (($itemid) && (ref($domlti{$itemid}) eq 'HASH')) { |
|
| $ltitype = 'd'; |
$ltitype = 'd'; |
| unless (&LONCAPA::ltiutils::check_nonce($params->{'oauth_nonce'},$params->{'oauth_timestamp'}, |
unless (&LONCAPA::ltiutils::check_nonce($params->{'oauth_nonce'},$params->{'oauth_timestamp'}, |
| $domlti{$itemid}{'lifetime'},$cdom, |
$lti{$itemid}{'lifetime'},$cdom, |
| $r->dir_config('lonLTIDir'))) { |
$r->dir_config('lonLTIDir'))) { |
| &invalid_request($r,5); |
&invalid_request($r,4); |
| return OK; |
return OK; |
| } |
} |
| } |
} |
|
Line 202 sub handler {
|
Line 180 sub handler {
|
| $r->internal_redirect($tail.'?ltoken='.$ltoken); |
$r->internal_redirect($tail.'?ltoken='.$ltoken); |
| $r->set_handlers('PerlHandler'=> undef); |
$r->set_handlers('PerlHandler'=> undef); |
| } else { |
} else { |
| &invalid_request($r,6); |
&invalid_request($r,5); |
| } |
} |
| } else { |
} else { |
| &invalid_request($r,7); |
&invalid_request($r,6); |
| } |
} |
| } else { |
} else { |
| &invalid_request($r,8); |
&invalid_request($r,7); |
| } |
} |
| } else { |
} else { |
| &invalid_request($r,9); |
&invalid_request($r,8); |
| } |
} |
| } else { |
} else { |
| &invalid_request($r,10); |
&invalid_request($r,9); |
| } |
} |
| } else { |
} else { |
| &invalid_request($r,11); |
&invalid_request($r,10); |
| } |
} |
| return OK; |
return OK; |
| } |
} |
|
Line 318 sub handler {
|
Line 296 sub handler {
|
| if ($tail =~ m{^/uploaded/($match_domain)/($match_courseid)/(?:default|supplemental)(?:|_\d+)\.(?:sequence|page)(|___\d+___.+)$}) { |
if ($tail =~ m{^/uploaded/($match_domain)/($match_courseid)/(?:default|supplemental)(?:|_\d+)\.(?:sequence|page)(|___\d+___.+)$}) { |
| ($urlcdom,$urlcnum,my $rest) = ($1,$2,$3); |
($urlcdom,$urlcnum,my $rest) = ($1,$2,$3); |
| if (($cdom ne '') && ($cdom ne $urlcdom)) { |
if (($cdom ne '') && ($cdom ne $urlcdom)) { |
| &invalid_request($r,12); |
&invalid_request($r,11); |
| return OK; |
return OK; |
| } |
} |
| if ($rest eq '') { |
if ($rest eq '') { |
|
Line 337 sub handler {
|
Line 315 sub handler {
|
| } elsif ($tail =~ m{^/($match_domain)/($match_courseid)$}) { |
} elsif ($tail =~ m{^/($match_domain)/($match_courseid)$}) { |
| ($urlcdom,$urlcnum) = ($1,$2); |
($urlcdom,$urlcnum) = ($1,$2); |
| if (($cdom ne '') && ($cdom ne $urlcdom)) { |
if (($cdom ne '') && ($cdom ne $urlcdom)) { |
| &invalid_request($r,13); |
&invalid_request($r,12); |
| return OK; |
return OK; |
| } |
} |
| } elsif ($tail =~ m{^/tiny/($match_domain)/(\w+)$}) { |
} elsif ($tail =~ m{^/tiny/($match_domain)/(\w+)$}) { |
| ($urlcdom,$urlcnum) = &course_from_tinyurl($tail); |
($urlcdom,$urlcnum) = &course_from_tinyurl($tail); |
| if (($urlcdom eq '') || ($urlcnum eq '')) { |
if (($urlcdom eq '') || ($urlcnum eq '')) { |
| &invalid_request($r,14); |
&invalid_request($r,13); |
| return OK; |
return OK; |
| } |
} |
| } |
} |
|
Line 369 sub handler {
|
Line 347 sub handler {
|
| |
|
| # |
# |
| # Retrieve information for LTI Consumers in course's domain |
# Retrieve information for LTI Consumers in course's domain |
| # and populate hash -- %lti_by_key -- for which keys |
# defined in domain configuration for LTI. |
| # are those defined in domain configuration for LTI. |
|
| # |
|
| |
|
| my %lti = &Apache::lonnet::get_domain_lti($cdom,'provider'); |
|
| unless (keys(%lti) > 0) { |
|
| &invalid_request($r,15); |
|
| return OK; |
|
| } |
|
| my %lti_by_key; |
|
| if (keys(%lti)) { |
|
| foreach my $id (keys(%lti)) { |
|
| if (ref($lti{$id}) eq 'HASH') { |
|
| my $key = $lti{$id}{'key'}; |
|
| push(@{$lti_by_key{$key}},$id); |
|
| } |
|
| } |
|
| } |
|
| |
|
| # |
# |
| # Verify the signed request using the secret for those |
# Verify the signed request using the secret for those |
| # Consumers for which the key in the POSTed data matches |
# Consumers for which the key in the POSTed data matches |
| # keys in the course configuration or the domain configuration |
# keys in the course configuration or the domain configuration |
| # for LTI. |
# for LTI. |
| # |
# |
| |
|
| my $itemid = &get_lti_itemid($requri,$hostname,$params,\%lti,\%lti_by_key); |
my %lti; |
| |
my $itemid = &get_lti_itemid($requri,$hostname,$params,$cdom); |
| |
if ($itemid) { |
| |
%lti = &Apache::lonnet::get_domain_lti($cdom,'provider'); |
| |
} |
| |
|
| # |
# |
| # Request is invalid if the signed request could not be verified |
# Request is invalid if the signed request could not be verified |
|
Line 403 sub handler {
|
Line 367 sub handler {
|
| # configuration in LON-CAPA for that LTI Consumer. |
# configuration in LON-CAPA for that LTI Consumer. |
| # |
# |
| unless (($itemid) && (ref($lti{$itemid}) eq 'HASH')) { |
unless (($itemid) && (ref($lti{$itemid}) eq 'HASH')) { |
| &invalid_request($r,16); |
&invalid_request($r,14); |
| return OK; |
return OK; |
| } |
} |
| |
|
|
Line 413 sub handler {
|
Line 377 sub handler {
|
| # |
# |
| unless (&LONCAPA::ltiutils::check_nonce($params->{'oauth_nonce'},$params->{'oauth_timestamp'}, |
unless (&LONCAPA::ltiutils::check_nonce($params->{'oauth_nonce'},$params->{'oauth_timestamp'}, |
| $lti{$itemid}{'lifetime'},$cdom,$r->dir_config('lonLTIDir'))) { |
$lti{$itemid}{'lifetime'},$cdom,$r->dir_config('lonLTIDir'))) { |
| &invalid_request($r,17); |
&invalid_request($r,15); |
| return OK; |
return OK; |
| } |
} |
| |
|
|
Line 434 sub handler {
|
Line 398 sub handler {
|
| $r->internal_redirect($tail.'?ltoken='.$ltoken); |
$r->internal_redirect($tail.'?ltoken='.$ltoken); |
| $r->set_handlers('PerlHandler'=> undef); |
$r->set_handlers('PerlHandler'=> undef); |
| } else { |
} else { |
| &invalid_request($r,18); |
&invalid_request($r,16); |
| } |
} |
| } else { |
} else { |
| &invalid_request($r,19); |
&invalid_request($r,17); |
| } |
} |
| return OK; |
return OK; |
| } |
} |
|
Line 495 sub handler {
|
Line 459 sub handler {
|
| if ($sourcecrs ne '') { |
if ($sourcecrs ne '') { |
| %consumers = &Apache::lonnet::get_dom('lticonsumers',[$sourcecrs],$cdom); |
%consumers = &Apache::lonnet::get_dom('lticonsumers',[$sourcecrs],$cdom); |
| if (exists($consumers{$sourcecrs})) { |
if (exists($consumers{$sourcecrs})) { |
| if ($consumers{$sourcecrs} =~ /^$match_courseid$/) { |
if ($consumers{$sourcecrs} =~ /^\Q$itemid:\E($match_courseid)$/) { |
| my $crshome = &Apache::lonnet::homeserver($consumers{$sourcecrs},$cdom); |
my $storedcnum = $1; |
| |
my $crshome = &Apache::lonnet::homeserver($storedcnum,$cdom); |
| if ($crshome =~ /(con_lost|no_host|no_such_host)/) { |
if ($crshome =~ /(con_lost|no_host|no_such_host)/) { |
| &invalid_request($r,20); |
&invalid_request($r,18); |
| return OK; |
return OK; |
| } else { |
} else { |
| $posscnum = $consumers{$sourcecrs}; |
$posscnum = $storedcnum; |
| } |
} |
| } |
} |
| } |
} |
|
Line 510 sub handler {
|
Line 475 sub handler {
|
| if ($urlcnum ne '') { |
if ($urlcnum ne '') { |
| if ($posscnum ne '') { |
if ($posscnum ne '') { |
| if ($posscnum ne $urlcnum) { |
if ($posscnum ne $urlcnum) { |
| &invalid_request($r,21); |
&invalid_request($r,19); |
| return OK; |
return OK; |
| } else { |
} else { |
| $cnum = $posscnum; |
$cnum = $posscnum; |
|
Line 518 sub handler {
|
Line 483 sub handler {
|
| } else { |
} else { |
| my $crshome = &Apache::lonnet::homeserver($urlcnum,$cdom); |
my $crshome = &Apache::lonnet::homeserver($urlcnum,$cdom); |
| if ($crshome =~ /(con_lost|no_host|no_such_host)/) { |
if ($crshome =~ /(con_lost|no_host|no_such_host)/) { |
| &invalid_request($r,22); |
&invalid_request($r,20); |
| return OK; |
return OK; |
| } else { |
} else { |
| $cnum = $urlcnum; |
$cnum = $urlcnum; |
|
Line 583 sub handler {
|
Line 548 sub handler {
|
| $domdesc,\%data,\%alerts,\%rulematch, |
$domdesc,\%data,\%alerts,\%rulematch, |
| \%inst_results,\%curr_rules,%got_rules); |
\%inst_results,\%curr_rules,%got_rules); |
| if ($result eq 'notallowed') { |
if ($result eq 'notallowed') { |
| &invalid_request($r,23); |
&invalid_request($r,21); |
| } elsif ($result eq 'ok') { |
} elsif ($result eq 'ok') { |
| if (($ltiroles[0] eq 'Instructor') && ($lcroles[0] eq 'cc') && ($lti{$itemid}{'mapcrs'}) && |
if (($ltiroles[0] eq 'Instructor') && ($lcroles[0] eq 'cc') && ($lti{$itemid}{'mapcrs'}) && |
| ($lti{$itemid}{'makecrs'})) { |
($lti{$itemid}{'makecrs'})) { |
|
Line 592 sub handler {
|
Line 557 sub handler {
|
| } |
} |
| } |
} |
| } else { |
} else { |
| &invalid_request($r,24); |
&invalid_request($r,22); |
| return OK; |
return OK; |
| } |
} |
| } else { |
} else { |
| &invalid_request($r,25); |
&invalid_request($r,23); |
| return OK; |
return OK; |
| } |
} |
| } |
} |
| } else { |
} else { |
| &invalid_request($r,26); |
&invalid_request($r,24); |
| return OK; |
return OK; |
| } |
} |
| |
|
|
Line 624 sub handler {
|
Line 589 sub handler {
|
| $symb,$cdom,$cnum,$params,\@ltiroles,$lti{$itemid},\@lcroles, |
$symb,$cdom,$cnum,$params,\@ltiroles,$lti{$itemid},\@lcroles, |
| $reqcrs,$sourcecrs); |
$reqcrs,$sourcecrs); |
| } else { |
} else { |
| &invalid_request($r,27); |
&invalid_request($r,25); |
| } |
} |
| } else { |
} else { |
| &invalid_request($r,28); |
&invalid_request($r,26); |
| } |
} |
| } else { |
} else { |
| <i_session($r,$itemid,$uname,$udom,$uhome,$lonhost,undef,$mapurl,$tail, |
<i_session($r,$itemid,$uname,$udom,$uhome,$lonhost,undef,$mapurl,$tail, |
|
Line 640 sub handler {
|
Line 605 sub handler {
|
| # |
# |
| # If LON-CAPA course is a Community, and LON-CAPA role |
# If LON-CAPA course is a Community, and LON-CAPA role |
| # indicated is cc, change role indicated to co. |
# indicated is cc, change role indicated to co. |
| # |
# |
| |
|
| my %crsenv; |
my %crsenv; |
| if ($lcroles[0] eq 'cc') { |
if ($lcroles[0] eq 'cc') { |
|
Line 718 sub handler {
|
Line 683 sub handler {
|
| } |
} |
| } |
} |
| if ($reqrole eq '') { |
if ($reqrole eq '') { |
| &invalid_request($r,29); |
&invalid_request($r,27); |
| return OK; |
return OK; |
| } else { |
} else { |
| unless (%crsenv) { |
unless (%crsenv) { |
|
Line 728 sub handler {
|
Line 693 sub handler {
|
| my $default_enrollment_end_date = $crsenv{'default_enrollment_end_date'}; |
my $default_enrollment_end_date = $crsenv{'default_enrollment_end_date'}; |
| my $now = time; |
my $now = time; |
| if ($default_enrollment_end_date && $default_enrollment_end_date <= $now) { |
if ($default_enrollment_end_date && $default_enrollment_end_date <= $now) { |
| &invalid_request($r,30); |
&invalid_request($r,28); |
| return OK; |
return OK; |
| } elsif ($default_enrollment_start_date && $default_enrollment_start_date >$now) { |
} elsif ($default_enrollment_start_date && $default_enrollment_start_date >$now) { |
| &invalid_request($r,31); |
&invalid_request($r,29); |
| return OK; |
return OK; |
| } else { |
} else { |
| $selfenrollrole = $reqrole.'./'.$cdom.'/'.$cnum; |
$selfenrollrole = $reqrole.'./'.$cdom.'/'.$cnum; |
|
Line 745 sub handler {
|
Line 710 sub handler {
|
| } |
} |
| |
|
| # |
# |
| # Store consumer-to-LON-CAPA course mapping |
# Retrieve course type of LON-CAPA course to check if mapping from a Consumer |
| |
# course identifier permitted for this type of course (one of: official, |
| |
# unofficial, community, textbook, placement or lti. |
| |
# |
| |
|
| |
unless (%crsenv) { |
| |
%crsenv = &Apache::lonnet::coursedescription($cdom.'_'.$cnum); |
| |
} |
| |
my $crstype = lc($crsenv{'type'}); |
| |
if ($crstype eq '') { |
| |
$crstype = 'course'; |
| |
} |
| |
if ($crstype eq 'course') { |
| |
if ($crsenv{'internal.coursecode'}) { |
| |
$crstype = 'official'; |
| |
} elsif ($crsenv{'internal.textbook'}) { |
| |
$crstype = 'textbook'; |
| |
} elsif ($crsenv{'internal.lti'}) { |
| |
$crstype = 'lti'; |
| |
} else { |
| |
$crstype = 'unofficial'; |
| |
} |
| |
} |
| |
|
| |
# |
| |
# Store consumer-to-LON-CAPA course mapping if permitted |
| # |
# |
| |
|
| if (($sourcecrs ne '') && ($consumers{$sourcecrs} eq '') && ($cnum ne '')) { |
if (($lti{$itemid}{'storecrs'}) && ($sourcecrs ne '') && |
| &Apache::lonnet::put_dom('lticonsumers',{ $sourcecrs => $cnum },$cdom); |
($consumers{$sourcecrs} eq '') && ($cnum ne '')) { |
| |
if (ref($lti{$itemid}{'mapcrstype'}) eq 'ARRAY') { |
| |
if (grep(/^$crstype$/,@{$lti{$itemid}{'mapcrstype'}})) { |
| |
&Apache::lonnet::put_dom('lticonsumers',{ $sourcecrs => $itemid.':'.$cnum },$cdom); |
| |
} |
| |
} |
| } |
} |
| |
|
| # |
# |
|
Line 763 sub handler {
|
Line 758 sub handler {
|
| } |
} |
| |
|
| sub get_lti_itemid { |
sub get_lti_itemid { |
| my ($requri,$hostname,$params,$lti,$lti_by_key) = @_; |
my ($requri,$hostname,$params,$cdom,$cnum,$context) = @_; |
| return unless ((ref($params) eq 'HASH') && (ref($lti) eq 'HASH') && (ref($lti_by_key) eq 'HASH')); |
return unless (ref($params) eq 'HASH'); |
| |
|
| if (exists($params->{'oauth_callback'})) { |
|
| $Net::OAuth::PROTOCOL_VERSION = Net::OAuth::PROTOCOL_VERSION_1_0A; |
|
| } else { |
|
| $Net::OAuth::PROTOCOL_VERSION = Net::OAuth::PROTOCOL_VERSION_1_0; |
|
| } |
|
| |
|
| my $protocol = 'http'; |
my $protocol = 'http'; |
| if ($ENV{'SERVER_PORT'} == 443) { |
if ($ENV{'SERVER_PORT'} == 443) { |
| $protocol = 'https'; |
$protocol = 'https'; |
| } |
} |
| |
my $url = $protocol.'://'.$hostname.$requri; |
| my ($itemid,$consumer_key,$secret); |
my $method = $env{'request.method'}; |
| my $consumer_key = $params->{'oauth_consumer_key'}; |
if ($cnum ne '') { |
| if (ref($lti_by_key->{$consumer_key}) eq 'ARRAY') { |
return &Apache::lonnet::courselti_itemid($cnum,$cdom,$url,$method,$params,$context); |
| foreach my $id (@{$lti_by_key->{$consumer_key}}) { |
} else { |
| if (ref($lti->{$id}) eq 'HASH') { |
return &Apache::lonnet::domainlti_itemid($cdom,$url,$method,$params,$context); |
| $secret = $lti->{$id}{'secret'}; |
|
| my $request = Net::OAuth->request('request token')->from_hash($params, |
|
| request_url => $protocol.'://'.$hostname.$requri, |
|
| request_method => $env{'request.method'}, |
|
| consumer_secret => $secret,); |
|
| if ($request->verify()) { |
|
| $itemid = $id; |
|
| last; |
|
| } |
|
| } |
|
| } |
|
| } |
} |
| return $itemid; |
|
| } |
} |
| |
|
| sub lti_enroll { |
sub lti_enroll { |
![[BACK]](/icons/back.gif){kind=icon}
Return to ltiauth.pm CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [LON-CAPA] / loncom / lti