--- loncom/lti/ltiauth.pm 2018/03/23 01:01:47 1.6 +++ loncom/lti/ltiauth.pm 2018/06/30 23:58:14 1.15 @@ -1,7 +1,7 @@ # The LearningOnline Network # Basic LTI Authentication Module # -# $Id: ltiauth.pm,v 1.6 2018/03/23 01:01:47 raeburn Exp $ +# $Id: ltiauth.pm,v 1.15 2018/06/30 23:58:14 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -43,7 +43,21 @@ sub handler { my $r = shift; my $requri = $r->uri; # -# Retrieve data POSTed by LTI Consumer on launch +# Check for existing session, and temporarily delete any form items +# in %env, if session exists +# + my %savedform; + my $handle = &Apache::lonnet::check_for_valid_session($r); + if ($handle ne '') { + foreach my $key (sort(keys(%env))) { + if ($key =~ /^form\.(.+)$/) { + $savedform{$1} = $env{$key}; + delete($env{$key}); + } + } + } +# +# Retrieve data POSTed by LTI Consumer on launch # &Apache::lonacc::get_posted_cgi($r); my $params = {}; @@ -52,6 +66,17 @@ sub handler { $params->{$1} = $env{$key}; } } +# +# Check for existing session, and restored temporarily +# deleted form items to %env, if session exists. +# + if ($handle ne '') { + if (keys(%savedform)) { + foreach my $key (sort(keys(%savedform))) { + $env{'form.'.$key} = $savedform{$key}; + } + } + } unless (keys(%{$params})) { &invalid_request($r,1); @@ -140,7 +165,7 @@ sub handler { # Order is: # # (a) from custom_coursedomain item in POSTed data -# (b) from tail of requested URL (after /adm/lti) if it has format of a symb +# (b) from tail of requested URL (after /adm/lti/) if it has format of a symb # (c) from tail of requested URL (after /adm/lti) if it has format of a map # (d) from tail of requested URL (after /adm/lti) if it has format /domain/courseID # (e) from tail of requested URL (after /adm/lti) if it has format /tiny/domain/\w+ @@ -182,6 +207,13 @@ sub handler { $symb = $tail; $symb =~ s{^/+}{}; } + } elsif ($tail =~ m{^/res/(?:$match_domain)/(?:$match_username)/.+\.(?:sequence|page)(|___\d+___.+)$}) { + if ($1 eq '') { + $mapurl = $tail; + } else { + $symb = $tail; + $symb =~ s{^/+}{}; + } } elsif ($tail =~ m{^/($match_domain)/($match_courseid)$}) { ($urlcdom,$urlcnum) = ($1,$2); if (($cdom ne '') && ($cdom ne $urlcdom)) { @@ -262,6 +294,12 @@ sub handler { $protocol = 'https'; } + if (exists($params->{'oauth_callback'})) { + $Net::OAuth::PROTOCOL_VERSION = Net::OAuth::PROTOCOL_VERSION_1_0A; + } else { + $Net::OAuth::PROTOCOL_VERSION = Net::OAuth::PROTOCOL_VERSION_1_0; + } + my ($itemid,$consumer_key,$secret); $consumer_key = $params->{'oauth_consumer_key'}; if (ref($lti_by_key{$consumer_key}) eq 'ARRAY') { @@ -329,7 +367,7 @@ sub handler { # # (a) from course mapping (if the link between Consumer "course" and # Provider "course" has been established previously). -# (b) from tail of requested URL (after /adm/lti) if it has format of a symb +# (b) from tail of requested URL (after /adm/lti/) if it has format of a symb # (c) from tail of requested URL (after /adm/lti) if it has format of a map # (d) from tail of requested URL (after /adm/lti) if it has format /domain/courseID # (e) from tail of requested URL (after /adm/lti) if it has format /tiny/domain/\w+ @@ -396,35 +434,16 @@ sub handler { # my (@ltiroles,@lcroles); - my @lcroleorder = ('cc','in','ta','ep','st'); - my @ltiroleorder = ('Instructor','TeachingAssistant','Mentor','Learner'); - if ($params->{'roles'} =~ /,/) { - my @possltiroles = split(/\s*,\s*/,$params->{'role'}); - foreach my $ltirole (@ltiroleorder) { - if (grep(/^\Q$ltirole\E$/,@possltiroles)) { - push(@ltiroles,$ltirole); - } - } - } else { - my $singlerole = $params->{'roles'}; - $singlerole =~ s/^\s|\s+$//g; - if (grep(/^\Q$singlerole\E$/,@ltiroleorder)) { - @ltiroles = ($singlerole); - } + my ($lcrolesref,$ltirolesref) = + &LONCAPA::ltiutils::get_lc_roles($params->{'roles'}, + \@lcroleorder, + $lti{$itemid}{maproles}); + if (ref($lcrolesref) eq 'ARRAY') { + @lcroles = @{$lcrolesref}; } - if (@ltiroles) { - if (ref($lti{$itemid}{maproles}) eq 'HASH') { - my %possroles; - map { $possroles{$lti{$itemid}{maproles}{$_}} = 1; } @ltiroles; - if (keys(%possroles) > 0) { - foreach my $item (@lcroleorder) { - if ($possroles{$item}) { - push(@lcroles,$item); - } - } - } - } + if (ref($ltirolesref) eq 'ARRAY') { + @ltiroles = @{$ltirolesref}; } # @@ -447,102 +466,25 @@ sub handler { } } if ($selfcreate) { - my (%rulematch,%inst_results,%curr_rules,%got_rules,%alerts,%info); - my $checkhash = { "$uname:$udom" => { 'newuser' => 1, }, }; - my $checks = { 'username' => 1, }; - &Apache::loncommon::user_rule_check($checkhash,$checks,\%alerts,\%rulematch, - \%inst_results,\%curr_rules,\%got_rules); - my ($userchkmsg,$lcauth,$lcauthparm); - my $allowed = 1; - if (ref($alerts{'username'}) eq 'HASH') { - if (ref($alerts{'username'}{$udom}) eq 'HASH') { - my $domdesc = - &Apache::lonnet::domain($udom,'description'); - if ($alerts{'username'}{$udom}{$uname}) { - if (ref($curr_rules{$udom}) eq 'HASH') { - $userchkmsg = - &Apache::loncommon::instrule_disallow_msg('username',$domdesc,1). - &Apache::loncommon::user_rule_formats($udom,$domdesc, - $curr_rules{$udom}{'username'}, - 'username'); - } - $allowed = 0; - } - } - } - if ($allowed) { - if (ref($rulematch{$uname.':'.$udom}) eq 'HASH') { - my $matchedrule = $rulematch{$uname.':'.$udom}{'username'}; - my ($rules,$ruleorder) = - &Apache::lonnet::inst_userrules($udom,'username'); - if (ref($rules) eq 'HASH') { - if (ref($rules->{$matchedrule}) eq 'HASH') { - $lcauth = $rules->{$matchedrule}{'authtype'}; - $lcauthparm = $rules->{$matchedrule}{'authparm'}; - } - } - } - if ($lcauth eq '') { - $lcauth = $lti{$itemid}{'lcauth'}; - $lcauthparm = $lti{$itemid}{'lcauthparm'}; - } - } else { - &invalid_request($r,12); - } - my @userinfo = ('firstname','middlename','lastname','generation', - 'permanentemail','id'); - my %useinstdata; - if (ref($lti{$itemid}{'instdata'}) eq 'ARRAY') { - map { $useinstdata{$_} = 1; } @{$lti{$itemid}{'instdata'}}; - } - foreach my $item (@userinfo) { - if (($useinstdata{$item}) && (ref($inst_results{$uname.':'.$udom}) eq 'HASH') && - ($inst_results{$uname.':'.$udom}{$item} ne '')) { - $info{$item} = $inst_results{$uname.':'.$udom}{$item}; - } else { - if ($item eq 'permanentemail') { - if ($env{'form.lis_person_contact_email_primary'} =~/^[^\@]+\@[^@]+$/) { - $info{$item} = $env{'form.lis_person_contact_email_primary'}; - } - } elsif ($item eq 'firstname') { - $info{$item} = $env{'form.lis_person_name_given'}; - } elsif ($item eq 'lastname') { - $info{$item} = $env{'form.lis_person_name_family'}; - } - } - } - if (($info{'middlename'} eq '') && ($env{'form.lis_person_name_full'} ne '')) { - unless ($useinstdata{'middlename'}) { - my $fullname = $env{'form.lis_person_name_full'}; - if ($info{'firstname'}) { - $fullname =~ s/^\s*\Q$info{'firstname'}\E\s*//i; - } - if ($info{'lastname'}) { - $fullname =~ s/\s*\Q$info{'lastname'}\E\s*$//i; - } - if ($fullname ne '') { - $fullname =~ s/^\s+|\s+$//g; - if ($fullname ne '') { - $info{'middlename'} = $fullname; - } - } - } - } - if (ref($inst_results{$uname.':'.$udom}{'inststatus'}) eq 'ARRAY') { - my @inststatuses = @{$inst_results{$uname.':'.$udom}{'inststatus'}}; - $info{'inststatus'} = join(':',map { &escape($_); } @inststatuses); - } + my (%rulematch,%inst_results,%curr_rules,%got_rules,%alerts); + my $domdesc = &Apache::lonnet::domain($udom,'description'); + my %data = ( + 'permanentemail' => $env{'form.lis_person_contact_email_primary'}, + 'firstname' => $env{'form.lis_person_name_given'}, + 'lastname' => $env{'form.lis_person_name_family'}, + 'fullname' => $env{'form.lis_person_name_full'}, + ); my $result = - &Apache::lonnet::modifyuser($udom,$uname,$info{'id'}, - $lcauth,$lcauthparm,$info{'firstname'}, - $info{'middlename'},$info{'lastname'}, - $info{'generation'},undef,undef, - $info{'permanentemail'},$info{'inststatus'}); - if ($result eq 'ok') { + &LONCAPA::ltiutils::create_user($lti{$itemid},$uname,$udom, + $domdesc,\%data,\%alerts,\%rulematch, + \%inst_results,\%curr_rules,%got_rules); + if ($result eq 'notallowed') { + &invalid_request($r,12); + } elsif ($result eq 'ok') { if (($ltiroles[0] eq 'Instructor') && ($lcroles[0] eq 'cc') && ($lti{$itemid}{'mapcrs'}) && ($lti{$itemid}{'makecrs'})) { unless (&Apache::lonnet::usertools_access($uname,$udom,'lti','reload','requestcourses')) { - &Apache::lonnet::put('environment',{ 'requestcourses.lti' => 1, },$udom,$uname); + &Apache::lonnet::put('environment',{ 'requestcourses.lti' => 'autolimit=', },$udom,$uname); } } } else { @@ -721,31 +663,8 @@ sub lti_enroll { my %coursehash = &Apache::lonnet::coursedescription($cdom.'_'.$cnum); my $start = $coursehash{'default_enrollment_start_date'}; my $end = $coursehash{'default_enrollment_end_date'}; - my $area = "/$cdom/$cnum"; - if (($role ne 'cc') && ($role ne 'co') && ($sec ne '')) { - $area .= '/'.$sec; - } - my $spec = $role.'.'.$area; - my $instcid; - if ($role eq 'st') { - $enrollresult = - &Apache::lonnet::modify_student_enrollment($udom,$uname,undef,undef,undef, - undef,undef,$sec,$end,$start, - 'ltienroll',undef,$cdom.'_'.$cnum,1, - 'ltienroll','',$instcid); - } elsif ($role =~ /^(cc|in|ta|ep)$/) { - $enrollresult = - &Apache::lonnet::assignrole($udom,$uname,$area,$role,$end,$start, - undef,1,'ltienroll'); - } - if ($enrollresult eq 'ok') { - my (%userroles,%newrole,%newgroups); - &Apache::lonnet::standard_roleprivs(\%newrole,$role,$cdom,$spec,$cnum, - $area); - &Apache::lonnet::set_userprivs(\%userroles,\%newrole,\%newgroups); - $userroles{'user.role.'.$spec} = $start.'.'.$end; - &Apache::lonnet::appenv(\%userroles,[$role,'cm']); - } + $enrollresult = &LONCAPA::ltiutils::enrolluser($udom,$uname,$role,$cdom,$cnum,$sec, + $start,$end,1); } } return $enrollresult; @@ -811,11 +730,17 @@ sub lti_session { &Apache::lonauth::success($r,$uname,$udom,$uhome,'noredirect'); if ($symb) { $env{'form.symb'} = $symb; + $env{'request.lti.uri'} = $symb; } else { if ($mapurl) { $env{'form.origurl'} = $mapurl; + $env{'request.lti.uri'} = $mapurl; } elsif ($tail =~ m{^\Q/tiny/$cdom/\E\w+$}) { $env{'form.origurl'} = $tail; + $env{'request.lti.uri'} = $tail; + } elsif ($tail eq "/$cdom/$cnum") { + $env{'form.origurl'} = '/adm/navmaps'; + $env{'request.lti.uri'} = $tail; } else { unless ($tail eq '/adm/roles') { $env{'form.origurl'} = '/adm/navmaps'; @@ -850,7 +775,10 @@ sub lti_session { $env{'request.lti.rosterurl'} = $params->{'ext_ims_lis_memberships_url'}; } } - $env{'request.lti.login'} = 1; + $env{'request.lti.login'} = $itemid; + if ($params->{'launch_presentation_document_target'}) { + $env{'request.lti.target'} = $params->{'launch_presentation_document_target'}; + } foreach my $key (%{$params}) { delete($env{'form.'.$key}); } @@ -871,7 +799,8 @@ sub lti_session { 'domain' => $udom, 'username' => $uname, 'server' => $lonhost, - 'lti.login' => 1, + 'lti.login' => $itemid, + 'lti.uri' => $tail, ); if ($role) { $info{'role'} = $role; @@ -903,6 +832,10 @@ sub lti_session { $info{'lti.rosterurl'} = $params->{'ext_ims_lis_memberships_url'}; } } + if ($params->{'launch_presentation_document_target'}) { + $info{'lti.target'} = $params->{'launch_presentation_document_target'}; + } + unless ($info{'symb'}) { if ($mapurl) { $info{'origurl'} = $mapurl; @@ -934,7 +867,7 @@ sub invalid_request { } &Apache::lonlocal::get_language_handle($r); $r->print( - &Apache::loncommon::start_page('Invalid LTI call'). + &Apache::loncommon::start_page('Invalid LTI call','',{ 'only_body' => 1,}). &mt('Invalid LTI call [_1]',$num). &Apache::loncommon::end_page()); return;