--- loncom/lti/ltiauth.pm 2018/03/23 01:01:47 1.6 +++ loncom/lti/ltiauth.pm 2018/05/14 19:56:05 1.11 @@ -1,7 +1,7 @@ # The LearningOnline Network # Basic LTI Authentication Module # -# $Id: ltiauth.pm,v 1.6 2018/03/23 01:01:47 raeburn Exp $ +# $Id: ltiauth.pm,v 1.11 2018/05/14 19:56:05 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -43,6 +43,20 @@ sub handler { my $r = shift; my $requri = $r->uri; # +# Check for existing session, and temporarily delete any form items +# in %env, if session exists +# + my %savedform; + my $handle = &Apache::lonnet::check_for_valid_session($r); + if ($handle ne '') { + foreach my $key (sort(keys(%env))) { + if ($key =~ /^form\.(.+)$/) { + $savedform{$1} = $env{$key}; + delete($env{$key}); + } + } + } +# # Retrieve data POSTed by LTI Consumer on launch # &Apache::lonacc::get_posted_cgi($r); @@ -52,6 +66,17 @@ sub handler { $params->{$1} = $env{$key}; } } +# +# Check for existing session, and restored temporarily +# deleted form items to %env, if session exists. +# + if ($handle ne '') { + if (keys(%savedform)) { + foreach my $key (sort(keys(%savedform))) { + $env{'form.'.$key} = $savedform{$key}; + } + } + } unless (keys(%{$params})) { &invalid_request($r,1); @@ -140,7 +165,7 @@ sub handler { # Order is: # # (a) from custom_coursedomain item in POSTed data -# (b) from tail of requested URL (after /adm/lti) if it has format of a symb +# (b) from tail of requested URL (after /adm/lti/) if it has format of a symb # (c) from tail of requested URL (after /adm/lti) if it has format of a map # (d) from tail of requested URL (after /adm/lti) if it has format /domain/courseID # (e) from tail of requested URL (after /adm/lti) if it has format /tiny/domain/\w+ @@ -182,6 +207,13 @@ sub handler { $symb = $tail; $symb =~ s{^/+}{}; } + } elsif ($tail =~ m{^/res/(?:$match_domain)/(?:$match_username)/.+\.(?:sequence|page)(|___\d+___.+)$}) { + if ($1 eq '') { + $mapurl = $tail; + } else { + $symb = $tail; + $symb =~ s{^/+}{}; + } } elsif ($tail =~ m{^/($match_domain)/($match_courseid)$}) { ($urlcdom,$urlcnum) = ($1,$2); if (($cdom ne '') && ($cdom ne $urlcdom)) { @@ -329,7 +361,7 @@ sub handler { # # (a) from course mapping (if the link between Consumer "course" and # Provider "course" has been established previously). -# (b) from tail of requested URL (after /adm/lti) if it has format of a symb +# (b) from tail of requested URL (after /adm/lti/) if it has format of a symb # (c) from tail of requested URL (after /adm/lti) if it has format of a map # (d) from tail of requested URL (after /adm/lti) if it has format /domain/courseID # (e) from tail of requested URL (after /adm/lti) if it has format /tiny/domain/\w+ @@ -400,7 +432,7 @@ sub handler { my @lcroleorder = ('cc','in','ta','ep','st'); my @ltiroleorder = ('Instructor','TeachingAssistant','Mentor','Learner'); if ($params->{'roles'} =~ /,/) { - my @possltiroles = split(/\s*,\s*/,$params->{'role'}); + my @possltiroles = split(/\s*,\s*/,$params->{'roles'}); foreach my $ltirole (@ltiroleorder) { if (grep(/^\Q$ltirole\E$/,@possltiroles)) { push(@ltiroles,$ltirole); @@ -484,7 +516,11 @@ sub handler { } if ($lcauth eq '') { $lcauth = $lti{$itemid}{'lcauth'}; - $lcauthparm = $lti{$itemid}{'lcauthparm'}; + if ($lcauth eq 'internal') { + $lcauthparm = &create_passwd(); + } else { + $lcauthparm = $lti{$itemid}{'lcauthparm'}; + } } } else { &invalid_request($r,12); @@ -542,7 +578,7 @@ sub handler { if (($ltiroles[0] eq 'Instructor') && ($lcroles[0] eq 'cc') && ($lti{$itemid}{'mapcrs'}) && ($lti{$itemid}{'makecrs'})) { unless (&Apache::lonnet::usertools_access($uname,$udom,'lti','reload','requestcourses')) { - &Apache::lonnet::put('environment',{ 'requestcourses.lti' => 1, },$udom,$uname); + &Apache::lonnet::put('environment',{ 'requestcourses.lti' => 'autolimit=', },$udom,$uname); } } } else { @@ -811,11 +847,17 @@ sub lti_session { &Apache::lonauth::success($r,$uname,$udom,$uhome,'noredirect'); if ($symb) { $env{'form.symb'} = $symb; + $env{'request.lti.uri'} = $symb; } else { if ($mapurl) { $env{'form.origurl'} = $mapurl; + $env{'request.lti.uri'} = $mapurl; } elsif ($tail =~ m{^\Q/tiny/$cdom/\E\w+$}) { $env{'form.origurl'} = $tail; + $env{'request.lti.uri'} = $tail; + } elsif ($tail eq "/$cdom/$cnum") { + $env{'form.origurl'} = '/adm/navmaps'; + $env{'request.lti.uri'} = $tail; } else { unless ($tail eq '/adm/roles') { $env{'form.origurl'} = '/adm/navmaps'; @@ -850,7 +892,10 @@ sub lti_session { $env{'request.lti.rosterurl'} = $params->{'ext_ims_lis_memberships_url'}; } } - $env{'request.lti.login'} = 1; + $env{'request.lti.login'} = $itemid; + if ($params->{'launch_presentation_document_target'}) { + $env{'request.lti.target'} = $params->{'launch_presentation_document_target'}; + } foreach my $key (%{$params}) { delete($env{'form.'.$key}); } @@ -871,7 +916,8 @@ sub lti_session { 'domain' => $udom, 'username' => $uname, 'server' => $lonhost, - 'lti.login' => 1, + 'lti.login' => $itemid, + 'lti.uri' => $tail, ); if ($role) { $info{'role'} = $role; @@ -903,6 +949,10 @@ sub lti_session { $info{'lti.rosterurl'} = $params->{'ext_ims_lis_memberships_url'}; } } + if ($params->{'launch_presentation_document_target'}) { + $info{'lti.target'} = $params->{'launch_presentation_document_target'}; + } + unless ($info{'symb'}) { if ($mapurl) { $info{'origurl'} = $mapurl; @@ -934,10 +984,30 @@ sub invalid_request { } &Apache::lonlocal::get_language_handle($r); $r->print( - &Apache::loncommon::start_page('Invalid LTI call'). + &Apache::loncommon::start_page('Invalid LTI call','',{ 'only_body' => 1,}). &mt('Invalid LTI call [_1]',$num). &Apache::loncommon::end_page()); return; } +sub create_passwd { + my $passwd = ''; + my @letts = ("a".."z"); + for (my $i=0; $i<8; $i++) { + my $lettnum = int(rand(2)); + my $item = ''; + if ($lettnum) { + $item = $letts[int(rand(26))]; + my $uppercase = int(rand(2)); + if ($uppercase) { + $item =~ tr/a-z/A-Z/; + } + } else { + $item = int(rand(10)); + } + $passwd .= $item; + } + return ($passwd); +} + 1;