--- loncom/lti/ltiauth.pm 2018/05/08 00:44:14 1.10 +++ loncom/lti/ltiauth.pm 2022/02/02 00:31:16 1.31 @@ -1,7 +1,7 @@ # The LearningOnline Network # Basic LTI Authentication Module # -# $Id: ltiauth.pm,v 1.10 2018/05/08 00:44:14 raeburn Exp $ +# $Id: ltiauth.pm,v 1.31 2022/02/02 00:31:16 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -31,7 +31,6 @@ package Apache::ltiauth; use strict; use LONCAPA qw(:DEFAULT :match); use Apache::Constants qw(:common :http); -use Net::OAuth; use Apache::lonlocal; use Apache::lonnet; use Apache::loncommon; @@ -42,6 +41,7 @@ use LONCAPA::ltiutils; sub handler { my $r = shift; my $requri = $r->uri; + my $hostname = $r->hostname; # # Check for existing session, and temporarily delete any form items # in %env, if session exists @@ -57,7 +57,7 @@ sub handler { } } # -# Retrieve data POSTed by LTI Consumer on launch +# Retrieve data POSTed by LTI launch # &Apache::lonacc::get_posted_cgi($r); my $params = {}; @@ -67,7 +67,7 @@ sub handler { } } # -# Check for existing session, and restored temporarily +# Check for existing session, and restore temporarily # deleted form items to %env, if session exists. # if ($handle ne '') { @@ -97,12 +97,110 @@ sub handler { # Retrieve "internet domains" for all this institution's LON-CAPA # nodes. # - my ($udom,$uname,$uhome,$cdom,$cnum,$symb,$mapurl,@intdoms); + my @intdoms; my $lonhost = $r->dir_config('lonHostID'); my $internet_names = &Apache::lonnet::get_internet_names($lonhost); if (ref($internet_names) eq 'ARRAY') { @intdoms = @{$internet_names}; } +# +# Determine course's domain in LON-CAPA +# for basic launch using key and secret managed +# in LON-CAPA course (i.e., uri begins /adm/launch) +# + + my ($cdom,$cnum); + +# Note: "internet domain" for course's domain must be one of the +# internet domains for the institution's LON-CAPA servers. +# + if ($requri =~ m{^/adm/launch(|/.*)$}) { + my $tail = $1; + if ($tail =~ m{^/tiny/($match_domain)/(\w+)$}) { + my ($urlcdom,$urlcnum) = &course_from_tinyurl($tail); + if (($urlcdom ne '') && ($urlcnum ne '')) { + $cdom = $urlcdom; + $cnum = $urlcnum; + my $primary_id = &Apache::lonnet::domain($cdom,'primary'); + if ($primary_id ne '') { + my $intdom = &Apache::lonnet::internet_dom($primary_id); + if (($intdom ne '') && (grep(/^\Q$intdom\E$/,@intdoms))) { +# +# Verify the signed request using the secret for LTI link +# protectors for which the key in the POSTed data matches +# keys in the course configuration. +# +# Request is invalid if the signed request could not be verified +# for the key and secret from LON-CAPA course configuration for +# LTI link protectors or from LON-CAPA configuration for the +# course's domain if there are LTI Providers which may be used. +# +# Determine if nonce in POSTed data has expired. +# If unexpired, confirm it has not already been used. +# +# Retrieve information for LTI link protectors in course +# where url was /adm/launch/tiny/$cdom/$uniqueid +# + + my ($itemid,$ltitype,%crslti); + $itemid = &get_lti_itemid($requri,$hostname,$params,$cdom,$cnum,'deeplink'); + if ($itemid) { + %crslti = &Apache::lonnet::get_course_lti($cnum,$cdom,'provider'); + } + if (($itemid) && (ref($crslti{$itemid}) eq 'HASH')) { + $ltitype = 'c'; + unless (&LONCAPA::ltiutils::check_nonce($params->{'oauth_nonce'},$params->{'oauth_timestamp'}, + $crslti{$itemid}{'lifetime'},$cdom,$r->dir_config('lonLTIDir'))) { + &invalid_request($r,3); + return OK; + } + } else { + my %lti; + $itemid = &get_lti_itemid($requri,$hostname,$params,$cdom,'','deeplink'); + if ($itemid) { + %lti = &Apache::lonnet::get_domain_lti($cdom,'provider'); + } + if (($itemid) && (ref($lti{$itemid}) eq 'HASH')) { + $ltitype = 'd'; + unless (&LONCAPA::ltiutils::check_nonce($params->{'oauth_nonce'},$params->{'oauth_timestamp'}, + $lti{$itemid}{'lifetime'},$cdom, + $r->dir_config('lonLTIDir'))) { + &invalid_request($r,4); + return OK; + } + } + } + if ($itemid) { + foreach my $key (%{$params}) { + delete($env{'form.'.$key}); + } + my $ltoken = &Apache::lonnet::tmpput({'linkprot' => $itemid.$ltitype.':'.$tail}, + $lonhost,'link'); + if ($ltoken) { + $r->internal_redirect($tail.'?ltoken='.$ltoken); + $r->set_handlers('PerlHandler'=> undef); + } else { + &invalid_request($r,5); + } + } else { + &invalid_request($r,6); + } + } else { + &invalid_request($r,7); + } + } else { + &invalid_request($r,8); + } + } else { + &invalid_request($r,9); + } + } else { + &invalid_request($r,10); + } + return OK; + } + + my ($udom,$uname,$uhome,$symb,$mapurl); # # For user who launched LTI in Consumer, determine user's domain in @@ -198,49 +296,34 @@ sub handler { if ($tail =~ m{^/uploaded/($match_domain)/($match_courseid)/(?:default|supplemental)(?:|_\d+)\.(?:sequence|page)(|___\d+___.+)$}) { ($urlcdom,$urlcnum,my $rest) = ($1,$2,$3); if (($cdom ne '') && ($cdom ne $urlcdom)) { - &invalid_request($r,3); + &invalid_request($r,11); return OK; } if ($rest eq '') { $mapurl = $tail; } else { $symb = $tail; - $symb =~ s{^/+}{}; + $symb =~ s{^/}{}; } } elsif ($tail =~ m{^/res/(?:$match_domain)/(?:$match_username)/.+\.(?:sequence|page)(|___\d+___.+)$}) { if ($1 eq '') { $mapurl = $tail; } else { $symb = $tail; - $symb =~ s{^/+}{}; + $symb =~ s{^/res/}{}; } } elsif ($tail =~ m{^/($match_domain)/($match_courseid)$}) { ($urlcdom,$urlcnum) = ($1,$2); if (($cdom ne '') && ($cdom ne $urlcdom)) { - &invalid_request($r,4); + &invalid_request($r,12); return OK; } } elsif ($tail =~ m{^/tiny/($match_domain)/(\w+)$}) { - ($urlcdom,my $key) = ($1,$2); - if (($cdom ne '') && ($cdom ne $urlcdom)) { - &invalid_request($r,5); + ($urlcdom,$urlcnum) = &course_from_tinyurl($tail); + if (($urlcdom eq '') || ($urlcnum eq '')) { + &invalid_request($r,13); return OK; } - my $tinyurl; - my ($result,$cached)=&Apache::lonnet::is_cached_new('tiny',$urlcdom."\0".$key); - if (defined($cached)) { - $tinyurl = $result; - } else { - my $configuname = &Apache::lonnet::get_domainconfiguser($urlcdom); - my %currtiny = &Apache::lonnet::get('tiny',[$key],$urlcdom,$configuname); - if ($currtiny{$key} ne '') { - $tinyurl = $currtiny{$key}; - &Apache::lonnet::do_cache_new('tiny',$urlcdom."\0".$key,$currtiny{$key},600); - } - } - if ($tinyurl ne '') { - $urlcnum = (split(/\&/,$tinyurl))[0]; - } } if (($cdom eq '') && ($urlcdom ne '')) { my $cprimary_id = &Apache::lonnet::domain($urlcdom,'primary'); @@ -263,53 +346,19 @@ sub handler { } # -# Retrieve information for LTI Consumers in course domain -# and populate hash -- %lti_by_key -- for which keys -# are those defined in domain configuration for LTI. -# - - my %lti = &Apache::lonnet::get_domain_lti($cdom,'provider'); - unless (keys(%lti) > 0) { - &invalid_request($r,6); - return OK; - } - my %lti_by_key; - if (keys(%lti)) { - foreach my $id (keys(%lti)) { - if (ref($lti{$id}) eq 'HASH') { - my $key = $lti{$id}{'key'}; - push(@{$lti_by_key{$key}},$id); - } - } - } - +# Retrieve information for LTI Consumers in course's domain +# defined in domain configuration for LTI. # # Verify the signed request using the secret for those -# Consumers for which the key in the POSTed data matches -# keys in the domain configuration for LTI. +# Consumers for which the key in the POSTed data matches +# keys in the course configuration or the domain configuration +# for LTI. # - my $hostname = $r->hostname; - my $protocol = 'http'; - if ($ENV{'SERVER_PORT'} == 443) { - $protocol = 'https'; - } - my ($itemid,$consumer_key,$secret); - $consumer_key = $params->{'oauth_consumer_key'}; - if (ref($lti_by_key{$consumer_key}) eq 'ARRAY') { - foreach my $id (@{$lti_by_key{$consumer_key}}) { - if (ref($lti{$id}) eq 'HASH') { - $secret = $lti{$id}{'secret'}; - my $request = Net::OAuth->request('request token')->from_hash($params, - request_url => $protocol.'://'.$hostname.$requri, - request_method => $env{'request.method'}, - consumer_secret => $secret,); - if ($request->verify()) { - $itemid = $id; - last; - } - } - } + my %lti; + my $itemid = &get_lti_itemid($requri,$hostname,$params,$cdom); + if ($itemid) { + %lti = &Apache::lonnet::get_domain_lti($cdom,'provider'); } # @@ -318,7 +367,7 @@ sub handler { # configuration in LON-CAPA for that LTI Consumer. # unless (($itemid) && (ref($lti{$itemid}) eq 'HASH')) { - &invalid_request($r,7); + &invalid_request($r,14); return OK; } @@ -328,7 +377,32 @@ sub handler { # unless (&LONCAPA::ltiutils::check_nonce($params->{'oauth_nonce'},$params->{'oauth_timestamp'}, $lti{$itemid}{'lifetime'},$cdom,$r->dir_config('lonLTIDir'))) { - &invalid_request($r,8); + &invalid_request($r,15); + return OK; + } + +# +# Determine if a username is required from the domain +# configuration for the specific LTI Consumer +# + + if (!$lti{$itemid}{'requser'}) { + if ($tail =~ m{^/tiny/($match_domain)/(\w+)$}) { + my $ltitype = 'd'; + foreach my $key (%{$params}) { + delete($env{'form.'.$key}); + } + my $ltoken = &Apache::lonnet::tmpput({'linkprot' => $itemid.$ltitype.':'.$tail}, + $lonhost); + if ($ltoken) { + $r->internal_redirect($tail.'?ltoken='.$ltoken); + $r->set_handlers('PerlHandler'=> undef); + } else { + &invalid_request($r,16); + } + } else { + &invalid_request($r,17); + } return OK; } @@ -385,13 +459,14 @@ sub handler { if ($sourcecrs ne '') { %consumers = &Apache::lonnet::get_dom('lticonsumers',[$sourcecrs],$cdom); if (exists($consumers{$sourcecrs})) { - if ($consumers{$sourcecrs} =~ /^$match_courseid$/) { - my $crshome = &Apache::lonnet::homeserver($consumers{$sourcecrs},$cdom); + if ($consumers{$sourcecrs} =~ /^\Q$itemid:\E($match_courseid)$/) { + my $storedcnum = $1; + my $crshome = &Apache::lonnet::homeserver($storedcnum,$cdom); if ($crshome =~ /(con_lost|no_host|no_such_host)/) { - &invalid_request($r,9); + &invalid_request($r,18); return OK; } else { - $posscnum = $consumers{$sourcecrs}; + $posscnum = $storedcnum; } } } @@ -400,7 +475,7 @@ sub handler { if ($urlcnum ne '') { if ($posscnum ne '') { if ($posscnum ne $urlcnum) { - &invalid_request($r,10); + &invalid_request($r,19); return OK; } else { $cnum = $posscnum; @@ -408,7 +483,7 @@ sub handler { } else { my $crshome = &Apache::lonnet::homeserver($urlcnum,$cdom); if ($crshome =~ /(con_lost|no_host|no_such_host)/) { - &invalid_request($r,11); + &invalid_request($r,20); return OK; } else { $cnum = $urlcnum; @@ -428,35 +503,16 @@ sub handler { # my (@ltiroles,@lcroles); - my @lcroleorder = ('cc','in','ta','ep','st'); - my @ltiroleorder = ('Instructor','TeachingAssistant','Mentor','Learner'); - if ($params->{'roles'} =~ /,/) { - my @possltiroles = split(/\s*,\s*/,$params->{'role'}); - foreach my $ltirole (@ltiroleorder) { - if (grep(/^\Q$ltirole\E$/,@possltiroles)) { - push(@ltiroles,$ltirole); - } - } - } else { - my $singlerole = $params->{'roles'}; - $singlerole =~ s/^\s|\s+$//g; - if (grep(/^\Q$singlerole\E$/,@ltiroleorder)) { - @ltiroles = ($singlerole); - } + my ($lcrolesref,$ltirolesref) = + &LONCAPA::ltiutils::get_lc_roles($params->{'roles'}, + \@lcroleorder, + $lti{$itemid}{maproles}); + if (ref($lcrolesref) eq 'ARRAY') { + @lcroles = @{$lcrolesref}; } - if (@ltiroles) { - if (ref($lti{$itemid}{maproles}) eq 'HASH') { - my %possroles; - map { $possroles{$lti{$itemid}{maproles}{$_}} = 1; } @ltiroles; - if (keys(%possroles) > 0) { - foreach my $item (@lcroleorder) { - if ($possroles{$item}) { - push(@lcroles,$item); - } - } - } - } + if (ref($ltirolesref) eq 'ARRAY') { + @ltiroles = @{$ltirolesref}; } # @@ -479,102 +535,21 @@ sub handler { } } if ($selfcreate) { - my (%rulematch,%inst_results,%curr_rules,%got_rules,%alerts,%info); - my $checkhash = { "$uname:$udom" => { 'newuser' => 1, }, }; - my $checks = { 'username' => 1, }; - &Apache::loncommon::user_rule_check($checkhash,$checks,\%alerts,\%rulematch, - \%inst_results,\%curr_rules,\%got_rules); - my ($userchkmsg,$lcauth,$lcauthparm); - my $allowed = 1; - if (ref($alerts{'username'}) eq 'HASH') { - if (ref($alerts{'username'}{$udom}) eq 'HASH') { - my $domdesc = - &Apache::lonnet::domain($udom,'description'); - if ($alerts{'username'}{$udom}{$uname}) { - if (ref($curr_rules{$udom}) eq 'HASH') { - $userchkmsg = - &Apache::loncommon::instrule_disallow_msg('username',$domdesc,1). - &Apache::loncommon::user_rule_formats($udom,$domdesc, - $curr_rules{$udom}{'username'}, - 'username'); - } - $allowed = 0; - } - } - } - if ($allowed) { - if (ref($rulematch{$uname.':'.$udom}) eq 'HASH') { - my $matchedrule = $rulematch{$uname.':'.$udom}{'username'}; - my ($rules,$ruleorder) = - &Apache::lonnet::inst_userrules($udom,'username'); - if (ref($rules) eq 'HASH') { - if (ref($rules->{$matchedrule}) eq 'HASH') { - $lcauth = $rules->{$matchedrule}{'authtype'}; - $lcauthparm = $rules->{$matchedrule}{'authparm'}; - } - } - } - if ($lcauth eq '') { - $lcauth = $lti{$itemid}{'lcauth'}; - if ($lcauth eq 'internal') { - $lcauthparm = &create_passwd(); - } else { - $lcauthparm = $lti{$itemid}{'lcauthparm'}; - } - } - } else { - &invalid_request($r,12); - } - my @userinfo = ('firstname','middlename','lastname','generation', - 'permanentemail','id'); - my %useinstdata; - if (ref($lti{$itemid}{'instdata'}) eq 'ARRAY') { - map { $useinstdata{$_} = 1; } @{$lti{$itemid}{'instdata'}}; - } - foreach my $item (@userinfo) { - if (($useinstdata{$item}) && (ref($inst_results{$uname.':'.$udom}) eq 'HASH') && - ($inst_results{$uname.':'.$udom}{$item} ne '')) { - $info{$item} = $inst_results{$uname.':'.$udom}{$item}; - } else { - if ($item eq 'permanentemail') { - if ($env{'form.lis_person_contact_email_primary'} =~/^[^\@]+\@[^@]+$/) { - $info{$item} = $env{'form.lis_person_contact_email_primary'}; - } - } elsif ($item eq 'firstname') { - $info{$item} = $env{'form.lis_person_name_given'}; - } elsif ($item eq 'lastname') { - $info{$item} = $env{'form.lis_person_name_family'}; - } - } - } - if (($info{'middlename'} eq '') && ($env{'form.lis_person_name_full'} ne '')) { - unless ($useinstdata{'middlename'}) { - my $fullname = $env{'form.lis_person_name_full'}; - if ($info{'firstname'}) { - $fullname =~ s/^\s*\Q$info{'firstname'}\E\s*//i; - } - if ($info{'lastname'}) { - $fullname =~ s/\s*\Q$info{'lastname'}\E\s*$//i; - } - if ($fullname ne '') { - $fullname =~ s/^\s+|\s+$//g; - if ($fullname ne '') { - $info{'middlename'} = $fullname; - } - } - } - } - if (ref($inst_results{$uname.':'.$udom}{'inststatus'}) eq 'ARRAY') { - my @inststatuses = @{$inst_results{$uname.':'.$udom}{'inststatus'}}; - $info{'inststatus'} = join(':',map { &escape($_); } @inststatuses); - } + my (%rulematch,%inst_results,%curr_rules,%got_rules,%alerts); + my $domdesc = &Apache::lonnet::domain($udom,'description'); + my %data = ( + 'permanentemail' => $env{'form.lis_person_contact_email_primary'}, + 'firstname' => $env{'form.lis_person_name_given'}, + 'lastname' => $env{'form.lis_person_name_family'}, + 'fullname' => $env{'form.lis_person_name_full'}, + ); my $result = - &Apache::lonnet::modifyuser($udom,$uname,$info{'id'}, - $lcauth,$lcauthparm,$info{'firstname'}, - $info{'middlename'},$info{'lastname'}, - $info{'generation'},undef,undef, - $info{'permanentemail'},$info{'inststatus'}); - if ($result eq 'ok') { + &LONCAPA::ltiutils::create_user($lti{$itemid},$uname,$udom, + $domdesc,\%data,\%alerts,\%rulematch, + \%inst_results,\%curr_rules,%got_rules); + if ($result eq 'notallowed') { + &invalid_request($r,21); + } elsif ($result eq 'ok') { if (($ltiroles[0] eq 'Instructor') && ($lcroles[0] eq 'cc') && ($lti{$itemid}{'mapcrs'}) && ($lti{$itemid}{'makecrs'})) { unless (&Apache::lonnet::usertools_access($uname,$udom,'lti','reload','requestcourses')) { @@ -582,16 +557,16 @@ sub handler { } } } else { - &invalid_request($r,13); + &invalid_request($r,22); return OK; } } else { - &invalid_request($r,14); + &invalid_request($r,23); return OK; } } } else { - &invalid_request($r,15); + &invalid_request($r,24); return OK; } @@ -603,20 +578,26 @@ sub handler { my $reqcrs; if ($cnum eq '') { - if ((@ltiroles) && ($lti{$itemid}{'mapcrs'}) && - ($ltiroles[0] eq 'Instructor') && ($lcroles[0] eq 'cc') && ($lti{$itemid}{'makecrs'})) { - my (%can_request,%request_domains); - &Apache::lonnet::check_can_request($cdom,\%can_request,\%request_domains,$uname,$udom); - if ($can_request{'lti'}) { - $reqcrs = 1; - <i_session($r,$itemid,$uname,$udom,$uhome,$lonhost,undef,$mapurl,$tail, - $symb,$cdom,$cnum,$params,\@ltiroles,$lti{$itemid},\@lcroles, - $reqcrs,$sourcecrs); + if ($lti{$itemid}{'crsinc'}) { + if ((@ltiroles) && ($lti{$itemid}{'mapcrs'}) && + ($ltiroles[0] eq 'Instructor') && ($lcroles[0] eq 'cc') && ($lti{$itemid}{'makecrs'})) { + my (%can_request,%request_domains); + &Apache::lonnet::check_can_request($cdom,\%can_request,\%request_domains,$uname,$udom); + if ($can_request{'lti'}) { + $reqcrs = 1; + <i_session($r,$itemid,$uname,$udom,$uhome,$lonhost,undef,$mapurl,$tail, + $symb,$cdom,$cnum,$params,\@ltiroles,$lti{$itemid},\@lcroles, + $reqcrs,$sourcecrs); + } else { + &invalid_request($r,25); + } } else { - &invalid_request($r,16); + &invalid_request($r,26); } } else { - &invalid_request($r,17); + <i_session($r,$itemid,$uname,$udom,$uhome,$lonhost,undef,$mapurl,$tail, + $symb,$cdom,$cnum,$params,\@ltiroles,$lti{$itemid},\@lcroles, + $reqcrs,$sourcecrs); } return OK; } @@ -624,7 +605,7 @@ sub handler { # # If LON-CAPA course is a Community, and LON-CAPA role # indicated is cc, change role indicated to co. -# +# my %crsenv; if ($lcroles[0] eq 'cc') { @@ -702,7 +683,7 @@ sub handler { } } if ($reqrole eq '') { - &invalid_request($r,18); + &invalid_request($r,27); return OK; } else { unless (%crsenv) { @@ -712,10 +693,10 @@ sub handler { my $default_enrollment_end_date = $crsenv{'default_enrollment_end_date'}; my $now = time; if ($default_enrollment_end_date && $default_enrollment_end_date <= $now) { - &invalid_request($r,19); + &invalid_request($r,28); return OK; } elsif ($default_enrollment_start_date && $default_enrollment_start_date >$now) { - &invalid_request($r,20); + &invalid_request($r,29); return OK; } else { $selfenrollrole = $reqrole.'./'.$cdom.'/'.$cnum; @@ -729,11 +710,41 @@ sub handler { } # -# Store consumer-to-LON-CAPA course mapping +# Retrieve course type of LON-CAPA course to check if mapping from a Consumer +# course identifier permitted for this type of course (one of: official, +# unofficial, community, textbook, placement or lti. +# + + unless (%crsenv) { + %crsenv = &Apache::lonnet::coursedescription($cdom.'_'.$cnum); + } + my $crstype = lc($crsenv{'type'}); + if ($crstype eq '') { + $crstype = 'course'; + } + if ($crstype eq 'course') { + if ($crsenv{'internal.coursecode'}) { + $crstype = 'official'; + } elsif ($crsenv{'internal.textbook'}) { + $crstype = 'textbook'; + } elsif ($crsenv{'internal.lti'}) { + $crstype = 'lti'; + } else { + $crstype = 'unofficial'; + } + } + +# +# Store consumer-to-LON-CAPA course mapping if permitted # - if (($sourcecrs ne '') && ($consumers{$sourcecrs} eq '') && ($cnum ne '')) { - &Apache::lonnet::put_dom('lticonsumers',{ $sourcecrs => $cnum },$cdom); + if (($lti{$itemid}{'storecrs'}) && ($sourcecrs ne '') && + ($consumers{$sourcecrs} eq '') && ($cnum ne '')) { + if (ref($lti{$itemid}{'mapcrstype'}) eq 'ARRAY') { + if (grep(/^$crstype$/,@{$lti{$itemid}{'mapcrstype'}})) { + &Apache::lonnet::put_dom('lticonsumers',{ $sourcecrs => $itemid.':'.$cnum },$cdom); + } + } } # @@ -746,6 +757,22 @@ sub handler { return OK; } +sub get_lti_itemid { + my ($requri,$hostname,$params,$cdom,$cnum,$context) = @_; + return unless (ref($params) eq 'HASH'); + my $protocol = 'http'; + if ($ENV{'SERVER_PORT'} == 443) { + $protocol = 'https'; + } + my $url = $protocol.'://'.$hostname.$requri; + my $method = $env{'request.method'}; + if ($cnum ne '') { + return &Apache::lonnet::courselti_itemid($cnum,$cdom,$url,$method,$params,$context); + } else { + return &Apache::lonnet::domainlti_itemid($cdom,$url,$method,$params,$context); + } +} + sub lti_enroll { my ($uname,$udom,$selfenrollrole) = @_; my $enrollresult; @@ -757,31 +784,8 @@ sub lti_enroll { my %coursehash = &Apache::lonnet::coursedescription($cdom.'_'.$cnum); my $start = $coursehash{'default_enrollment_start_date'}; my $end = $coursehash{'default_enrollment_end_date'}; - my $area = "/$cdom/$cnum"; - if (($role ne 'cc') && ($role ne 'co') && ($sec ne '')) { - $area .= '/'.$sec; - } - my $spec = $role.'.'.$area; - my $instcid; - if ($role eq 'st') { - $enrollresult = - &Apache::lonnet::modify_student_enrollment($udom,$uname,undef,undef,undef, - undef,undef,$sec,$end,$start, - 'ltienroll',undef,$cdom.'_'.$cnum,1, - 'ltienroll','',$instcid); - } elsif ($role =~ /^(cc|in|ta|ep)$/) { - $enrollresult = - &Apache::lonnet::assignrole($udom,$uname,$area,$role,$end,$start, - undef,1,'ltienroll'); - } - if ($enrollresult eq 'ok') { - my (%userroles,%newrole,%newgroups); - &Apache::lonnet::standard_roleprivs(\%newrole,$role,$cdom,$spec,$cnum, - $area); - &Apache::lonnet::set_userprivs(\%userroles,\%newrole,\%newgroups); - $userroles{'user.role.'.$spec} = $start.'.'.$end; - &Apache::lonnet::appenv(\%userroles,[$role,'cm']); - } + $enrollresult = &LONCAPA::ltiutils::enrolluser($udom,$uname,$role,$cdom,$cnum,$sec, + $start,$end,1); } } return $enrollresult; @@ -832,7 +836,7 @@ sub lti_session { my $lowest_load; ($otherserver,undef,undef,undef,$lowest_load) = &Apache::lonnet::choose_server($udom); if ($lowest_load > 100) { - $otherserver = &Apache::lonnet::spareserver($lowest_load,$lowest_load,1,$udom); + $otherserver = &Apache::lonnet::spareserver($r,$lowest_load,$lowest_load,1,$udom); } } if ($otherserver ne '') { @@ -842,12 +846,24 @@ sub lti_session { } } } + my $protocol = 'http'; + if ($ENV{'SERVER_PORT'} == 443) { + $protocol = 'https'; + } if (($is_balancer) && (!$hosthere)) { # login but immediately go to switch server. &Apache::lonauth::success($r,$uname,$udom,$uhome,'noredirect'); + if (($ltihash->{'callback'}) && ($params->{$ltihash->{'callback'}})) { + &LONCAPA::ltiutils::setup_logout_callback($uname,$udom,$otherserver, + $ltihash->{'key'}, + $ltihash->{'secret'}, + $params->{$ltihash->{'callback'}}, + $r->dir_config('ltiIDsDir'), + $protocol,$r->hostname); + } if ($symb) { $env{'form.symb'} = $symb; - $env{'request.lti.uri'} = $symb; + $env{'request.lti.uri'} = $tail; } else { if ($mapurl) { $env{'form.origurl'} = $mapurl; @@ -860,7 +876,9 @@ sub lti_session { $env{'request.lti.uri'} = $tail; } else { unless ($tail eq '/adm/roles') { - $env{'form.origurl'} = '/adm/navmaps'; + if ($cnum) { + $env{'form.origurl'} = '/adm/navmaps'; + } } } } @@ -873,7 +891,7 @@ sub lti_session { $env{'request.lti.sourcecrs'} = $sourcecrs; } if ($selfenrollrole) { - $env{'request.lti.selfenroll'} = $selfenrollrole; + $env{'request.lti.selfenrollrole'} = $selfenrollrole; $env{'request.lti.sourcecrs'} = $sourcecrs; } if ($ltihash->{'passback'}) { @@ -896,7 +914,7 @@ sub lti_session { if ($params->{'launch_presentation_document_target'}) { $env{'request.lti.target'} = $params->{'launch_presentation_document_target'}; } - foreach my $key (%{$params}) { + foreach my $key (keys(%{$params})) { delete($env{'form.'.$key}); } my $redirecturl = '/adm/switchserver'; @@ -908,9 +926,17 @@ sub lti_session { } else { # need to login them in, so generate the need data that # migrate expects to do login - foreach my $key (%{$params}) { + foreach my $key (keys(%{$params})) { delete($env{'form.'.$key}); } + if (($ltihash->{'callback'}) && ($params->{$ltihash->{'callback'}})) { + &LONCAPA::ltiutils::setup_logout_callback($uname,$udom,$lonhost, + $ltihash->{'key'}, + $ltihash->{'secret'}, + $params->{$ltihash->{'callback'}}, + $r->dir_config('ltiIDsDir'), + $protocol,$r->hostname); + } my $ip = $r->get_remote_host(); my %info=('ip' => $ip, 'domain' => $udom, @@ -960,7 +986,9 @@ sub lti_session { $info{'origurl'} = $tail; } else { unless ($tail eq '/adm/roles') { - $info{'origurl'} = '/adm/navmaps'; + if ($cnum) { + $info{'origurl'} = '/adm/navmaps'; + } } } } @@ -990,24 +1018,28 @@ sub invalid_request { return; } -sub create_passwd { - my $passwd = ''; - my @letts = ("a".."z"); - for (my $i=0; $i<8; $i++) { - my $lettnum = int(rand(2)); - my $item = ''; - if ($lettnum) { - $item = $letts[int(rand(26))]; - my $uppercase = int(rand(2)); - if ($uppercase) { - $item =~ tr/a-z/A-Z/; - } +sub course_from_tinyurl { + my ($tail) = @_; + my ($urlcdom,$urlcnum); + if ($tail =~ m{^/tiny/($match_domain)/(\w+)$}) { + ($urlcdom,my $key) = ($1,$2); + my $tinyurl; + my ($result,$cached)=&Apache::lonnet::is_cached_new('tiny',$urlcdom."\0".$key); + if (defined($cached)) { + $tinyurl = $result; } else { - $item = int(rand(10)); + my $configuname = &Apache::lonnet::get_domainconfiguser($urlcdom); + my %currtiny = &Apache::lonnet::get('tiny',[$key],$urlcdom,$configuname); + if ($currtiny{$key} ne '') { + $tinyurl = $currtiny{$key}; + &Apache::lonnet::do_cache_new('tiny',$urlcdom."\0".$key,$currtiny{$key},600); + } + } + if ($tinyurl ne '') { + $urlcnum = (split(/\&/,$tinyurl))[0]; } - $passwd .= $item; } - return ($passwd); + return ($urlcdom,$urlcnum); } 1;