--- loncom/lti/ltiroster.pm 2017/12/18 23:59:31 1.3 +++ loncom/lti/ltiroster.pm 2018/08/14 21:42:36 1.4 @@ -1,7 +1,7 @@ # The LearningOnline Network with CAPA # LTI Consumer Module to respond to a course roster request. # -# $Id: ltiroster.pm,v 1.3 2017/12/18 23:59:31 raeburn Exp $ +# $Id: ltiroster.pm,v 1.4 2018/08/14 21:42:36 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -32,6 +32,7 @@ use strict; use Apache::Constants qw(:common :http); use Encode; use Digest::SHA; +use URI::Escape; use Apache::lonnet; use Apache::loncommon; use Apache::lonacc; @@ -41,14 +42,36 @@ use LONCAPA::ltiutils; sub handler { my $r = shift; my %errors; + my $params = {}; + my ($oauthtype,$authheader); +# +# Retrieve content type from headers +# + my $content_type = $r->headers_in->get('Content-Type'); + if ($content_type eq 'application/xml') { + $oauthtype = 'consumer'; +# +# Retrieve OAuth data sent by LTI Provider from Authorization header +# + $authheader = $r->headers_in->get('Authorization'); + my ($authtype,$valuestr) = ($authheader =~ /^(OAuth)\s+(.+)$/i); + if (lc($authtype) eq 'oauth') { + foreach my $pair (split(/\s*,\s*/,$valuestr)) { + my ($key,$value) = split(/=/,$pair); + $value =~ s /(^"|"$)//g; + $params->{$key} = URI::Escape::uri_unescape($value); + } + } + } else { + $oauthtype = 'request token'; # # Retrieve data POSTed by LTI Provider # - &Apache::lonacc::get_posted_cgi($r); - my $params = {}; - foreach my $key (sort(keys(%env))) { - if ($key =~ /^form\.(.+)$/) { - $params->{$1} = $env{$key}; + &Apache::lonacc::get_posted_cgi($r); + foreach my $key (sort(keys(%env))) { + if ($key =~ /^form\.(.+)$/) { + $params->{$1} = $env{$key}; + } } } @@ -124,7 +147,7 @@ sub handler { } unless (LONCAPA::ltiutils::verify_request($params,$protocol,$r->hostname,$r->uri, $env{'request.method'},$consumer_secret, - \%errors)) { + $params,$authheader,\%errors)) { &invalid_request($r,\%errors); return OK; }