--- loncom/lti/ltiroster.pm 2017/12/09 16:24:03 1.2 +++ loncom/lti/ltiroster.pm 2022/03/29 20:12:46 1.6 @@ -1,7 +1,7 @@ # The LearningOnline Network with CAPA # LTI Consumer Module to respond to a course roster request. # -# $Id: ltiroster.pm,v 1.2 2017/12/09 16:24:03 raeburn Exp $ +# $Id: ltiroster.pm,v 1.6 2022/03/29 20:12:46 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -32,6 +32,7 @@ use strict; use Apache::Constants qw(:common :http); use Encode; use Digest::SHA; +use URI::Escape; use Apache::lonnet; use Apache::loncommon; use Apache::lonacc; @@ -41,14 +42,36 @@ use LONCAPA::ltiutils; sub handler { my $r = shift; my %errors; + my $params = {}; + my ($oauthtype,$authheader); +# +# Retrieve content type from headers +# + my $content_type = $r->headers_in->get('Content-Type'); + if ($content_type eq 'application/xml') { + $oauthtype = 'consumer'; +# +# Retrieve OAuth data sent by LTI Provider from Authorization header +# + $authheader = $r->headers_in->get('Authorization'); + my ($authtype,$valuestr) = ($authheader =~ /^(OAuth)\s+(.+)$/i); + if (lc($authtype) eq 'oauth') { + foreach my $pair (split(/\s*,\s*/,$valuestr)) { + my ($key,$value) = split(/=/,$pair); + $value =~ s /(^"|"$)//g; + $params->{$key} = URI::Escape::uri_unescape($value); + } + } + } else { + $oauthtype = 'request token'; # # Retrieve data POSTed by LTI Provider # - &Apache::lonacc::get_posted_cgi($r); - my $params = {}; - foreach my $key (sort(keys(%env))) { - if ($key =~ /^form\.(.+)$/) { - $params->{$1} = $env{$key}; + &Apache::lonacc::get_posted_cgi($r); + foreach my $key (sort(keys(%env))) { + if ($key =~ /^form\.(.+)$/) { + $params->{$1} = $env{$key}; + } } } @@ -122,9 +145,9 @@ sub handler { if ($ENV{'SERVER_PORT'} == 443) { $protocol = 'https'; } - unless (LONCAPA::ltiutils::verify_request($params,$protocol,$r->hostname,$r->uri, + unless (LONCAPA::ltiutils::verify_request($oauthtype,$protocol,$r->hostname,$r->uri, $env{'request.method'},$consumer_secret, - \%errors)) { + $params,$authheader,\%errors)) { &invalid_request($r,\%errors); return OK; } @@ -180,7 +203,7 @@ sub handler { \%toolsettings,\%ltitools) eq 'ok') { if ($toolsettings{'gradesecret'} ne '') { $needsresult = 1; - $gradesecret = $ltitools{'gradesecret'}; + $gradesecret = $toolsettings{'gradesecret'}; } } } @@ -257,7 +280,7 @@ END } $r->print(" \n"); my ($uname,$udom) = split(/:/,$user); - my $digest_user = &Encode::decode_utf8($uname.':'.$udom); + my $digest_user = &Encode::decode('UTF-8',$uname.':'.$udom); $digest_user = &Digest::SHA::sha1_hex($digest_user); $r->print(' '.$digest_user.''."\n"); if (exists($students{$user})) { @@ -325,7 +348,7 @@ END next unless ($students{$user}[$statusidx] eq 'Active'); $r->print(" \n"); my ($uname,$udom) = split(/:/,$user); - my $digest_user = &Encode::decode_utf8($uname.':'.$udom); + my $digest_user = &Encode::decode('UTF-8',$uname.':'.$udom); $digest_user = &Digest::SHA::sha1_hex($digest_user); $r->print(' '.$digest_user.''."\n"); if ($needroles) {