--- loncom/lti/ltiauth.pm 2022/02/17 22:35:51 1.34
+++ loncom/lti/ltiauth.pm 2023/08/18 22:14:34 1.43
@@ -1,7 +1,7 @@
# The LearningOnline Network
# Basic LTI Authentication Module
#
-# $Id: ltiauth.pm,v 1.34 2022/02/17 22:35:51 raeburn Exp $
+# $Id: ltiauth.pm,v 1.43 2023/08/18 22:14:34 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -30,7 +30,8 @@ package Apache::ltiauth;
use strict;
use LONCAPA qw(:DEFAULT :match);
-use Apache::Constants qw(:common :http);
+use Encode;
+use Apache::Constants qw(:common :http :remotehost);
use Apache::lonlocal;
use Apache::lonnet;
use Apache::loncommon;
@@ -63,7 +64,7 @@ sub handler {
my $params = {};
foreach my $key (sort(keys(%env))) {
if ($key =~ /^form\.(.+)$/) {
- $params->{$1} = $env{$key};
+ $params->{$1} = &Encode::decode('UTF-8',$env{$key});
}
}
#
@@ -116,7 +117,7 @@ sub handler {
#
if ($requri =~ m{^/adm/launch(|/.*)$}) {
my $tail = $1;
- if ($tail =~ m{^/tiny/($match_domain)/(\w+)$}) {
+ if ($tail =~ m{^/tiny/$match_domain/\w+$}) {
my ($urlcdom,$urlcnum) = &course_from_tinyurl($tail);
if (($urlcdom ne '') && ($urlcnum ne '')) {
$cdom = $urlcdom;
@@ -142,10 +143,10 @@ sub handler {
# where url was /adm/launch/tiny/$cdom/$uniqueid
#
- my ($itemid,$ltitype,%crslti,%lti_in_use);
+ my ($itemid,$ltitype,%crslti,%lti_in_use,$ltiuser);
$itemid = &get_lti_itemid($requri,$hostname,$params,$cdom,$cnum,'linkprot');
if ($itemid) {
- %crslti = &Apache::lonnet::get_course_lti($cnum,$cdom);
+ %crslti = &Apache::lonnet::get_course_lti($cnum,$cdom,'provider');
}
if (($itemid) && (ref($crslti{$itemid}) eq 'HASH')) {
$ltitype = 'c';
@@ -174,6 +175,21 @@ sub handler {
}
}
}
+ my $exiturl;
+ if (($itemid) && ($lti_in_use{'returnurl'} ne '')) {
+ if (exists($params->{$lti_in_use{'returnurl'}})) {
+ $exiturl = $params->{$lti_in_use{'returnurl'}};
+ } elsif (exists($params->{'custom_'.$lti_in_use{'returnurl'}})) {
+ $exiturl = $params->{'custom_'.$lti_in_use{'returnurl'}};
+ }
+ }
+ my ($pbid,$pburl);
+ if ($params->{'lis_result_sourcedid'}) {
+ $pbid = $params->{'lis_result_sourcedid'};
+ }
+ if ($params->{'lis_outcome_service_url'}) {
+ $pburl = $params->{'lis_outcome_service_url'};
+ }
if (($itemid) && ($lti_in_use{'requser'})) {
my %courseinfo = &Apache::lonnet::coursedescription($cdom.'_'.$cnum);
my $ltiauth;
@@ -205,7 +221,7 @@ sub handler {
my $uname = $possuname;
my ($is_student,$is_nonstudent);
my %course_roles =
- &Apache::lonnet::get_my_roles($uname,$cdom,,'userroles',['active'],
+ &Apache::lonnet::get_my_roles($uname,$cdom,'userroles',['active'],
['cc','co','in','ta','ep','ad','st','cr'],
[$cdom]);
foreach my $key (keys(%course_roles)) {
@@ -224,14 +240,17 @@ sub handler {
foreach my $key (%{$params}) {
delete($env{'form.'.$key});
}
- &linkprot_session($r,$uname,$cnum,$cdom,$uhome,$itemid,$ltitype,$tail,$lonhost);
+ &linkprot_session($r,$uname,$cnum,$cdom,$uhome,$itemid,$ltitype,
+ $tail,$lonhost,$exiturl,$pbid,$pburl);
return OK;
}
}
+ $ltiuser = $uname.':'.$cdom;
}
}
if ($lti_in_use{'notstudent'} eq 'reject') {
&invalid_request($r,'Information for valid user missing from launch request');
+ return OK;
}
}
}
@@ -239,13 +258,29 @@ sub handler {
foreach my $key (%{$params}) {
delete($env{'form.'.$key});
}
- my $ltoken = &Apache::lonnet::tmpput({'linkprot' => $itemid.$ltitype.':'.$tail},
- $lonhost,'link');
- if ($ltoken) {
+ my %info = (
+ 'linkprot' => $itemid.$ltitype.':'.$tail,
+ );
+ if ($ltiuser ne '') {
+ $info{'linkprotuser'} = $ltiuser;
+ }
+ if ($exiturl ne '') {
+ $info{'linkprotexit'} = $exiturl;
+ }
+ if ($pbid ne '') {
+ $info{'linkprotpbid'} = $pbid;
+ }
+ if ($pburl ne '') {
+ $info{'linkprotpburl'} = $pburl;
+ }
+ my $ltoken = &Apache::lonnet::tmpput(\%info,$lonhost,'link');
+ if (($ltoken eq 'con_lost') || ($ltoken eq 'refused') || ($ltoken =~ /^error:/) ||
+ ($ltoken eq 'unknown_cmd') || ($ltoken eq 'no_such_host') ||
+ ($ltoken eq '')) {
+ &invalid_request($r,'Failed to store information from launch request');
+ } else {
$r->internal_redirect($tail.'?ltoken='.$ltoken);
$r->set_handlers('PerlHandler'=> undef);
- } else {
- &invalid_request($r,'Failed to store information from launch request');
}
} else {
&invalid_request($r,'Launch request could not be validated');
@@ -421,7 +456,7 @@ sub handler {
#
my %lti;
- my $itemid = &get_lti_itemid($requri,$hostname,$params,$cdom);
+ my $itemid = &get_lti_itemid($requri,$hostname,$params,$cdom,'','provider');
if ($itemid) {
%lti = &Apache::lonnet::get_domain_lti($cdom,'provider');
}
@@ -902,9 +937,8 @@ sub lti_session {
# login but immediately go to switch server.
&Apache::lonauth::success($r,$uname,$udom,$uhome,'noredirect');
if (($ltihash->{'callback'}) && ($params->{$ltihash->{'callback'}})) {
- &LONCAPA::ltiutils::setup_logout_callback($uname,$udom,$otherserver,
- $ltihash->{'key'},
- $ltihash->{'secret'},
+ &LONCAPA::ltiutils::setup_logout_callback($cdom,$cnum,'',$itemid,$ltihash->{'cipher'},
+ $uname,$udom,$otherserver,
$params->{$ltihash->{'callback'}},
$r->dir_config('ltiIDsDir'),
$protocol,$r->hostname);
@@ -977,14 +1011,13 @@ sub lti_session {
delete($env{'form.'.$key});
}
if (($ltihash->{'callback'}) && ($params->{$ltihash->{'callback'}})) {
- &LONCAPA::ltiutils::setup_logout_callback($uname,$udom,$lonhost,
- $ltihash->{'key'},
- $ltihash->{'secret'},
+ &LONCAPA::ltiutils::setup_logout_callback($cdom,$cnum,'',$itemid,$ltihash->{'cipher'},
+ $uname,$udom,$lonhost,
$params->{$ltihash->{'callback'}},
$r->dir_config('ltiIDsDir'),
$protocol,$r->hostname);
}
- my $ip = $r->get_remote_host();
+ my $ip = &Apache::lonnet::get_requestor_ip($r,REMOTE_NOLOOKUP);
my %info=('ip' => $ip,
'domain' => $udom,
'username' => $uname,
@@ -1051,7 +1084,7 @@ sub lti_session {
}
sub linkprot_session {
- my ($r,$uname,$cnum,$cdom,$uhome,$itemid,$ltitype,$dest,$lonhost) = @_;
+ my ($r,$uname,$cnum,$cdom,$uhome,$itemid,$ltitype,$dest,$lonhost,$exiturl,$pbid,$pburl) = @_;
$r->user($uname);
if ($ltitype eq 'c') {
&Apache::lonnet::logthis("Course Link Protector ($itemid) authorized student: $uname:$cdom, course: $cdom\_$cnum");
@@ -1064,7 +1097,17 @@ sub linkprot_session {
&Apache::lonauth::success($r,$uname,$cdom,$uhome,'noredirect');
$env{'form.origurl'} = $dest;
$env{'request.linkprot'} = $itemid.$ltitype.':'.$dest;
+ $env{'request.linkprotuser'} = $uname.':'.$cdom;
$env{'request.deeplink.login'} = $dest;
+ if ($exiturl ne '') {
+ $env{'request.linkprotexit'} = $exiturl;
+ }
+ if ($pbid ne '') {
+ $env{'request.linkprotpbid'} = $pbid;
+ }
+ if ($pburl ne '') {
+ $env{'request.linkprotpburl'} = $pburl;
+ }
my $redirecturl = '/adm/switchserver';
if ($otherserver ne '') {
$redirecturl .= '?otherserver='.$otherserver;
@@ -1073,16 +1116,26 @@ sub linkprot_session {
$r->set_handlers('PerlHandler'=> undef);
} else {
# need to login them in, so generate the data migrate expects to do login
- my $ip = $r->get_remote_host();
+ my $ip = &Apache::lonnet::get_requestor_ip($r,REMOTE_NOLOOKUP);
my %info=('ip' => $ip,
'domain' => $cdom,
'username' => $uname,
'server' => $lonhost,
'linkprot' => $itemid.$ltitype.':'.$dest,
+ 'linkprotuser' => $uname.':'.$cdom,
'home' => $uhome,
'origurl' => $dest,
'deeplink.login' => $dest,
);
+ if ($pbid ne '') {
+ $info{'linkprotpbid'} = $pbid;
+ }
+ if ($pburl ne '') {
+ $info{'linkprotpburl'} = $pburl;
+ }
+ if ($exiturl ne '') {
+ $info{'linkprotexit'} = $exiturl;
+ }
my $token = &Apache::lonnet::tmpput(\%info,$lonhost);
$env{'form.token'} = $token;
$r->internal_redirect('/adm/migrateuser');
@@ -1097,6 +1150,11 @@ sub check_balancer {
($is_balancer,$otherserver) =
&Apache::lonnet::check_loadbalancing($uname,$udom,'login');
if ($is_balancer) {
+ # Check if browser sent a LON-CAPA load balancer cookie (and this is a balancer)
+ my ($found_server,$balancer_cookie) = &Apache::lonnet::check_for_balancer_cookie($r);
+ if (($found_server) && ($balancer_cookie =~ /^\Q$udom\E_\Q$uname\E_/)) {
+ $otherserver = $found_server;
+ }
if ($otherserver eq '') {
my $lowest_load;
($otherserver,undef,undef,undef,$lowest_load) = &Apache::lonnet::choose_server($udom);
@@ -1127,7 +1185,7 @@ sub invalid_request {
''.&mt('Invalid LTI launch request').'
'.
''.
&mt('Launch of LON-CAPA is unavailable from the "external tool" link you had followed in another web application.').
- &mt('Launch failed for the following reason:').
+ ' '.&mt('Launch failed for the following reason:').
'
'.
''.$msg.'
'.
&Apache::loncommon::end_page());