|
version 1.1, 2017/12/06 01:53:56
|
version 1.2, 2017/12/07 15:36:25
|
|
Line 36 use Apache::lonlocal;
|
Line 36 use Apache::lonlocal;
|
| use Apache::lonnet; |
use Apache::lonnet; |
| use Apache::loncommon; |
use Apache::loncommon; |
| use Apache::lonacc; |
use Apache::lonacc; |
| |
use LONCAPA::ltiutils; |
| |
|
| sub handler { |
sub handler { |
| my $r = shift; |
my $r = shift; |
|
Line 240 sub handler {
|
Line 241 sub handler {
|
| $protocol = 'https'; |
$protocol = 'https'; |
| } |
} |
| |
|
| my $itemid; |
my ($itemid,$key,$secret,@ltiroles); |
| my $key = $params->{'oauth_consumer_key'}; |
$key = $params->{'oauth_consumer_key'}; |
| my @ltiroles; |
|
| if (ref($lti_by_key{$key}) eq 'ARRAY') { |
if (ref($lti_by_key{$key}) eq 'ARRAY') { |
| foreach my $id (@{$lti_by_key{$key}}) { |
foreach my $id (@{$lti_by_key{$key}}) { |
| if (ref($lti{$id}) eq 'HASH') { |
if (ref($lti{$id}) eq 'HASH') { |
| my $secret = $lti{$id}{'secret'}; |
$secret = $lti{$id}{'secret'}; |
| my $request = Net::OAuth->request('request token')->from_hash($params, |
my $request = Net::OAuth->request('request token')->from_hash($params, |
| request_url => $protocol.'://'.$hostname.$requri, |
request_url => $protocol.'://'.$hostname.$requri, |
| request_method => $env{'request.method'}, |
request_method => $env{'request.method'}, |
|
Line 273 sub handler {
|
Line 273 sub handler {
|
| # Determine if nonce in POSTed data has expired. |
# Determine if nonce in POSTed data has expired. |
| # If unexpired, confirm it has not already been used. |
# If unexpired, confirm it has not already been used. |
| # |
# |
| unless (&check_nonce($r,$params->{'oauth_nonce'},$params->{'oauth_timestamp'},$lti{$itemid}{'lifetime'},$cdom)) { |
unless (&LONCAPA::ltiutils::check_nonce($params->{'oauth_nonce'},$params->{'oauth_timestamp'}, |
| |
$lti{$itemid}{'lifetime'},$cdom,$r->dir_config('lonLTIDir'))) { |
| &invalid_request($r,7); |
&invalid_request($r,7); |
| return OK; |
return OK; |
| } |
} |
|
Line 609 sub handler {
|
Line 610 sub handler {
|
| return OK; |
return OK; |
| } |
} |
| |
|
| sub check_nonce { |
|
| my ($r,$nonce,$timestamp,$lifetime,$domain) = @_; |
|
| if (($timestamp eq '') || ($timestamp =~ /^\D/) || ($lifetime eq '') || ($lifetime =~ /\D/) || ($domain eq '')) { |
|
| return 0; |
|
| } |
|
| my $now = time; |
|
| if (($timestamp) && ($timestamp < ($now - $lifetime))) { |
|
| return 0; |
|
| } |
|
| if ($nonce eq '') { |
|
| return 0; |
|
| } |
|
| my $lonltidir = $r->dir_config('lonLTIDir'); |
|
| if (-e "$lonltidir/$domain/$nonce") { |
|
| return 0; |
|
| } else { |
|
| unless (-e "$lonltidir/$domain") { |
|
| mkdir("$lonltidir/$domain",0755); |
|
| } |
|
| if (open(my $fh,'>',"$lonltidir/$domain/$nonce")) { |
|
| print $fh $now; |
|
| close($fh); |
|
| } else { |
|
| return 0; |
|
| } |
|
| } |
|
| return 1; |
|
| } |
|
| |
|
| sub invalid_request { |
sub invalid_request { |
| my ($r,$num) = @_; |
my ($r,$num) = @_; |
| &Apache::loncommon::content_type($r,'text/html'); |
&Apache::loncommon::content_type($r,'text/html'); |
![[BACK]](/icons/back.gif){kind=icon}
Return to ltiauth.pm CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [LON-CAPA] / loncom / lti