--- loncom/lti/ltiutils.pm 2022/03/29 20:12:46 1.18 +++ loncom/lti/ltiutils.pm 2023/06/02 01:20:28 1.19 @@ -1,7 +1,7 @@ # The LearningOnline Network with CAPA # Utility functions for managing LON-CAPA LTI interactions # -# $Id: ltiutils.pm,v 1.18 2022/03/29 20:12:46 raeburn Exp $ +# $Id: ltiutils.pm,v 1.19 2023/06/02 01:20:28 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -42,6 +42,7 @@ use Apache::lonenc(); use Apache::longroup(); use Apache::lonlocal; use Math::Round(); +use LONCAPA::Lond; use LONCAPA qw(:DEFAULT :match); # @@ -210,11 +211,30 @@ sub get_tool_secret { %{$toolsettings}=&Apache::lonnet::dump('exttool_'.$marker,$cdom,$cnum); if ($toolsettings->{'id'}) { my $idx = $toolsettings->{'id'}; - my %lti = &Apache::lonnet::get_domain_lti($cdom,'consumer'); - if (ref($lti{$idx}) eq 'HASH') { - %{$ltitools} = %{$lti{$idx}}; - if ($ltitools->{'key'} eq $key) { - $consumer_secret = $ltitools->{'secret'}; + my ($crsdef,$ltinum); + if ($idx =~ /^c(\d+)$/) { + $ltinum = $1; + $crsdef = 1; + my %crslti = &Apache::lonnet::get_course_lti($cnum,$cdom,'consumer'); + if (ref($crslti{$ltinum}) eq 'HASH') { + %{$ltitools} = %{$crslti{$ltinum}}; + } else { + undef($ltinum); + } + } elsif ($idx =~ /^\d+$/) { + my %lti = &Apache::lonnet::get_domain_lti($cdom,'consumer'); + if (ref($lti{$idx}) eq 'HASH') { + %{$ltitools} = %{$lti{$idx}}; + $ltinum = $idx; + } + } + if ($ltinum ne '') { + my $loncaparev = &Apache::lonnet::get_server_loncaparev($cdom); + my $keynum = $ltitools->{'cipher'}; + my ($poss_key,$poss_secret) = + &LONCAPA::Lond::get_lti_credentials($cdom,$cnum,$crsdef,'tools',$ltinum,$keynum,$loncaparev); + if ($poss_key eq $key) { + $consumer_secret = $poss_secret; $nonce_lifetime = $ltitools->{'lifetime'}; } else { $errors->{11} = 1; @@ -242,6 +262,8 @@ sub get_tool_secret { # secret for the specific LTI Provider. # +# FIXME Move to Lond.pm and perform on course's homeserver + sub verify_request { my ($oauthtype,$protocol,$hostname,$requri,$reqmethod,$consumer_secret,$params, $authheaders,$errors) = @_; @@ -653,14 +675,16 @@ sub lti_provider_scope { # sub get_roster { - my ($id,$url,$ckey,$secret) = @_; + my ($cdom,$cnum,$ltinum,$keynum,$id,$url) = @_; my %ltiparams = ( lti_version => 'LTI-1p0', lti_message_type => 'basic-lis-readmembershipsforcontext', ext_ims_lis_memberships_id => $id, ); - my $hashref = &sign_params($url,$ckey,$secret,\%ltiparams); - if (ref($hashref) eq 'HASH') { + my %info = (); + my ($status,$hashref) = + &Apache::lonnet::sign_lti($cdom,$cnum,'','lti','roster',$url,$ltinum,$keynum,\%ltiparams,\%info); + if (($status eq 'ok') && (ref($hashref) eq 'HASH')) { my $request=new HTTP::Request('POST',$url); $request->content(join('&',map { my $name = escape($_); @@ -718,7 +742,7 @@ sub get_roster { # sub send_grade { - my ($id,$url,$ckey,$secret,$scoretype,$sigmethod,$msgformat,$total,$possible) = @_; + my ($cdom,$cnum,$crsdef,$type,$ltinum,$keynum,$id,$url,$scoretype,$sigmethod,$msgformat,$total,$possible) = @_; my $score; if ($possible > 0) { if ($scoretype eq 'ratio') { @@ -747,8 +771,13 @@ sub send_grade { result_statusofresult => 'final', result_date => $date, ); - my $hashref = &sign_params($url,$ckey,$secret,\%ltiparams,$sigmethod); - if (ref($hashref) eq 'HASH') { + my %info = ( + method => $sigmethod, + ); + my ($status,$hashref) = + &Apache::lonnet::sign_lti($cdom,$cnum,$crsdef,$type,'grade',$url,$ltinum,$keynum, + \%ltiparams,\%info); + if (($status eq 'ok') && (ref($hashref) eq 'HASH')) { $request=new HTTP::Request('POST',$url); $request->content(join('&',map { my $name = escape($_); @@ -756,10 +785,10 @@ sub send_grade { ? join("&$name=", map {escape($_) } @{$hashref->{$_}}) : &escape($hashref->{$_}) ); } keys(%{$hashref}))); +#FIXME Need to handle case where passback failed. } } else { srand( time() ^ ($$ + ($$ << 15)) ); # Seed rand. - my $nonce = Digest::SHA::sha1_hex(sprintf("%06x%06x",rand(0xfffff0),rand(0xfffff0))); my $uniqmsgid = int(rand(2**32)); my $gradexml = < @@ -792,35 +821,36 @@ END while (length($bodyhash) % 4) { $bodyhash .= '='; } - my $gradereq = Net::OAuth->request('consumer')->new( - consumer_key => $ckey, - consumer_secret => $secret, - request_url => $url, - request_method => 'POST', - signature_method => $sigmethod, - timestamp => time(), - nonce => $nonce, - body_hash => $bodyhash, - ); - $gradereq->add_required_message_params('body_hash'); - $gradereq->sign(); - $request = HTTP::Request->new( - $gradereq->request_method, - $gradereq->request_url, - [ - 'Authorization' => $gradereq->to_authorization_header, - 'Content-Type' => 'application/xml', - ], - $gradexml, - ); - } - my $response = &LONCAPA::LWPReq::makerequest('',$request,'','',10); - my $message=$response->status_line; + my $reqmethod = 'POST'; + my %info = ( + body_hash => $bodyhash, + method => $sigmethod, + reqtype => 'consumer', + reqmethod => $reqmethod, + respfmt => 'to_authorization_header', + ); + my %params; + my ($status,$authheader) = + &Apache::lonnet::sign_lti($cdom,$cnum,$crsdef,$type,'grade',$url,$ltinum,$keynum,\%params,\%info); + if (($status eq 'ok') && ($authheader ne '')) { + $request = HTTP::Request->new( + $reqmethod, + $url, + [ + 'Authorization' => $authheader, + 'Content-Type' => 'application/xml', + ], + $gradexml, + ); + my $response = &LONCAPA::LWPReq::makerequest('',$request,'','',10); + my $message=$response->status_line; #FIXME Handle case where pass back of score to LTI Consumer failed. + } + } } sub setup_logout_callback { - my ($uname,$udom,$server,$ckey,$secret,$service_url,$idsdir,$protocol,$hostname) = @_; + my ($cdom,$cnum,$crstool,$idx,$keynum,$uname,$udom,$server,$service_url,$idsdir,$protocol,$hostname) = @_; if ($service_url =~ m{^https?://[^/]+/}) { my $digest_user = &Encode::decode('UTF-8',$uname.':'.$udom); my $loginfile = &Digest::SHA::sha1_hex($digest_user).&md5_hex(&md5_hex(time.{}.rand().$$)); @@ -831,11 +861,17 @@ sub setup_logout_callback { my %ltiparams = ( callback => $callback, ); - my $post = &sign_params($service_url,$ckey,$secret,\%ltiparams, - '','','',1); - my $request=new HTTP::Request('POST',$service_url); - $request->content($post); - my $response = &LONCAPA::LWPReq::makerequest('',$request,'','',10); + my %info = ( + respfmt => 'to_post_body', + ); + my ($status,$post) = + &Apache::lonnet::sign_lti($cdom,$cnum,$crstool,'lti','logout',$service_url,$idx, + $keynum,\%ltiparams,\%info); + if (($status eq 'ok') && ($post ne '')) { + my $request=new HTTP::Request('POST',$service_url); + $request->content($post); + my $response = &LONCAPA::LWPReq::makerequest('',$request,'','',10); + } } } return; @@ -1066,20 +1102,21 @@ sub enrolluser { sub batchaddroster { my ($item) = @_; - return unless(ref($item) eq 'HASH'); - return unless (ref($item->{'ltiref'}) eq 'HASH'); + return unless((ref($item) eq 'HASH') && + (ref($item->{'ltiref'}) eq 'HASH')); my ($cdom,$cnum) = split(/_/,$item->{'cid'}); + return if (($cdom eq '') || ($cnum eq '')); my $udom = $cdom; my $id = $item->{'id'}; my $url = $item->{'url'}; + my $ltinum = $item->{'lti'}; + my $keynum = $item->{'ltiref'}->{'cipher'}; my @intdoms; my $intdomsref = $item->{'intdoms'}; if (ref($intdomsref) eq 'ARRAY') { @intdoms = @{$intdomsref}; } my $uriscope = $item->{'uriscope'}; - my $ckey = $item->{'ltiref'}->{'key'}; - my $secret = $item->{'ltiref'}->{'secret'}; my $section = $item->{'ltiref'}->{'section'}; $section =~ s/\W//g; if ($section eq 'none') { @@ -1098,8 +1135,8 @@ sub batchaddroster { if (ref($item->{'possroles'}) eq 'ARRAY') { @possroles = @{$item->{'possroles'}}; } - if (($ckey ne '') && ($secret ne '') && ($id ne '') && ($url ne '')) { - my %data = &get_roster($id,$url,$ckey,$secret); + if (($id ne '') && ($url ne '')) { + my %data = &get_roster($cdom,$cnum,$ltinum,$keynum,$id,$url); if (keys(%data) > 0) { my (%rulematch,%inst_results,%curr_rules,%got_rules,%alerts,%info); my %coursehash = &Apache::lonnet::coursedescription($cdom.'_'.$cnum);