loncom/lti/ltiauth.pm - diff

Return to ltiauth.pm CVS log

Up to [LON-CAPA] / loncom / lti

Diff for /loncom/lti/ltiauth.pm between versions 1.17 and 1.21

version 1.17, 2018/12/26 20:10:29	version 1.21, 2021/08/07 01:34:20
Line 42 use LONCAPA::ltiutils;	Line 42 use LONCAPA::ltiutils;
sub handler {	sub handler {
my $r = shift;	my $r = shift;
my $requri = $r->uri;	my $requri = $r->uri;
	my $hostname = $r->hostname;
#	#
# Check for existing session, and temporarily delete any form items	# Check for existing session, and temporarily delete any form items
# in %env, if session exists	# in %env, if session exists
Line 57 sub handler {	Line 58 sub handler {
}	}
}	}
#	#
# Retrieve data POSTed by LTI Consumer on launch	# Retrieve data POSTed by LTI launch
#	#
&Apache::lonacc::get_posted_cgi($r);	&Apache::lonacc::get_posted_cgi($r);
my $params = {};	my $params = {};
Line 97 sub handler {	Line 98 sub handler {
# Retrieve "internet domains" for all this institution's LON-CAPA	# Retrieve "internet domains" for all this institution's LON-CAPA
# nodes.	# nodes.
#	#
my ($udom,$uname,$uhome,$cdom,$cnum,$symb,$mapurl,@intdoms);	my @intdoms;
my $lonhost = $r->dir_config('lonHostID');	my $lonhost = $r->dir_config('lonHostID');
my $internet_names = &Apache::lonnet::get_internet_names($lonhost);	my $internet_names = &Apache::lonnet::get_internet_names($lonhost);
if (ref($internet_names) eq 'ARRAY') {	if (ref($internet_names) eq 'ARRAY') {
@intdoms = @{$internet_names};	@intdoms = @{$internet_names};
}	}
	#
	# Determine course's domain in LON-CAPA
	# for basic launch using key and secret managed
	# in LON-CAPA course (i.e., uri begins /adm/launch)
	#

	my ($cdom,$cnum);

	# Note: "internet domain" for course's domain must be one of the
	# internet domains for the institution's LON-CAPA servers.
	#
	if ($requri =~ m{^/adm/launch(\|/.*)$}) {
	my $tail = $1;
	if ($tail =~ m{^/tiny/($match_domain)/(\w+)$}) {
	my ($urlcdom,$urlcnum) = &course_from_tinyurl($tail);
	if (($urlcdom ne '') && ($urlcnum ne '')) {
	$cdom = $urlcdom;
	$cnum = $urlcnum;
	my $primary_id = &Apache::lonnet::domain($cdom,'primary');
	if ($primary_id ne '') {
	my $intdom = &Apache::lonnet::internet_dom($primary_id);
	if (($intdom ne '') && (grep(/^\Q$intdom\E$/,@intdoms))) {
	#
	# Retrieve information for LTI link protectors in course
	# where url was /adm/launch/tiny/$cdom/$uniqueid
	#
	my (%crslti,%crslti_by_key,$itemid,$ltitype);
	%crslti = &Apache::lonnet::get_course_lti($cnum,$cdom,'provider');
	if (keys(%crslti)) {
	foreach my $id (keys(%crslti)) {
	if (ref($crslti{$id}) eq 'HASH') {
	my $key = $crslti{$id}{'key'};
	push(@{$crslti_by_key{$key}},$id);
	}
	}
	}
	#
	# Verify the signed request using the secret for LTI link
	# protectors for which the key in the POSTed data matches
	# keys in the course configuration.
	#
	# Request is invalid if the signed request could not be verified
	# for the key and secret from LON-CAPA course configuration for
	# LTI link protectors or from LON-CAPA configuration for the
	# course's domain if there are LTI Providers which may be used.
	#
	# Determine if nonce in POSTed data has expired.
	# If unexpired, confirm it has not already been used.
	#
	if (keys(%crslti)) {
	$itemid = &get_lti_itemid($requri,$hostname,$params,\%crslti,\%crslti_by_key);
	}
	if (($itemid) && (ref($crslti{$itemid}) eq 'HASH')) {
	$ltitype = 'c';
	unless (&LONCAPA::ltiutils::check_nonce($params->{'oauth_nonce'},$params->{'oauth_timestamp'},
	$crslti{$itemid}{'lifetime'},$cdom,$r->dir_config('lonLTIDir'))) {
	&invalid_request($r,3);
	return OK;
	}
	} else {
	my %lti = &Apache::lonnet::get_domain_lti($cdom,'provider');
	unless (keys(%lti) > 0) {
	&invalid_request($r,4);
	return OK;
	}
	my (%domlti_by_key,%domlti);
	foreach my $id (keys(%lti)) {
	if (ref($lti{$id}) eq 'HASH') {
	my $key = $lti{$id}{'key'};
	if (!$lti{$itemid}{'requser'}) {
	push(@{$domlti_by_key{$key}},$id);
	$domlti{$id} = $lti{$id};
	}
	}
	}
	if (keys(%domlti)) {
	$itemid = &get_lti_itemid($requri,$hostname,$params,\%domlti,\%domlti_by_key);
	}
	if (($itemid) && (ref($domlti{$itemid}) eq 'HASH')) {
	$ltitype = 'd';
	unless (&LONCAPA::ltiutils::check_nonce($params->{'oauth_nonce'},$params->{'oauth_timestamp'},
	$domlti{$itemid}{'lifetime'},$cdom,
	$r->dir_config('lonLTIDir'))) {
	&invalid_request($r,5);
	return OK;
	}
	}
	}
	if ($itemid) {
	foreach my $key (%{$params}) {
	delete($env{'form.'.$key});
	}
	my $ltoken = &Apache::lonnet::tmpput({'linkprot' => $itemid.$ltitype.':'.$tail},
	$lonhost);
	if ($ltoken) {
	$r->internal_redirect($tail.'?ltoken='.$ltoken);
	$r->set_handlers('PerlHandler'=> undef);
	} else {
	&invalid_request($r,6);
	}
	} else {
	&invalid_request($r,7);
	}
	} else {
	&invalid_request($r,8);
	}
	} else {
	&invalid_request($r,9);
	}
	} else {
	&invalid_request($r,10);
	}
	} else {
	&invalid_request($r,11);
	}
	return OK;
	}

	my ($udom,$uname,$uhome,$symb,$mapurl);

#	#
# For user who launched LTI in Consumer, determine user's domain in	# For user who launched LTI in Consumer, determine user's domain in
Line 198 sub handler {	Line 318 sub handler {
if ($tail =~ m{^/uploaded/($match_domain)/($match_courseid)/(?:default\|supplemental)(?:\|_\d+)\.(?:sequence\|page)(\|___\d+___.+)$}) {	if ($tail =~ m{^/uploaded/($match_domain)/($match_courseid)/(?:default\|supplemental)(?:\|_\d+)\.(?:sequence\|page)(\|___\d+___.+)$}) {
($urlcdom,$urlcnum,my $rest) = ($1,$2,$3);	($urlcdom,$urlcnum,my $rest) = ($1,$2,$3);
if (($cdom ne '') && ($cdom ne $urlcdom)) {	if (($cdom ne '') && ($cdom ne $urlcdom)) {
&invalid_request($r,3);	&invalid_request($r,12);
return OK;	return OK;
}	}
if ($rest eq '') {	if ($rest eq '') {
Line 217 sub handler {	Line 337 sub handler {
} elsif ($tail =~ m{^/($match_domain)/($match_courseid)$}) {	} elsif ($tail =~ m{^/($match_domain)/($match_courseid)$}) {
($urlcdom,$urlcnum) = ($1,$2);	($urlcdom,$urlcnum) = ($1,$2);
if (($cdom ne '') && ($cdom ne $urlcdom)) {	if (($cdom ne '') && ($cdom ne $urlcdom)) {
&invalid_request($r,4);	&invalid_request($r,13);
return OK;	return OK;
}	}
} elsif ($tail =~ m{^/tiny/($match_domain)/(\w+)$}) {	} elsif ($tail =~ m{^/tiny/($match_domain)/(\w+)$}) {
($urlcdom,my $key) = ($1,$2);	($urlcdom,$urlcnum) = &course_from_tinyurl($tail);
if (($cdom ne '') && ($cdom ne $urlcdom)) {	if (($urlcdom eq '') \|\| ($urlcnum eq '')) {
&invalid_request($r,5);	&invalid_request($r,14);
return OK;	return OK;
}	}
my $tinyurl;
my ($result,$cached)=&Apache::lonnet::is_cached_new('tiny',$urlcdom."\0".$key);
if (defined($cached)) {
$tinyurl = $result;
} else {
my $configuname = &Apache::lonnet::get_domainconfiguser($urlcdom);
my %currtiny = &Apache::lonnet::get('tiny',[$key],$urlcdom,$configuname);
if ($currtiny{$key} ne '') {
$tinyurl = $currtiny{$key};
&Apache::lonnet::do_cache_new('tiny',$urlcdom."\0".$key,$currtiny{$key},600);
}
}
if ($tinyurl ne '') {
$urlcnum = (split(/\&/,$tinyurl))[0];
}
}	}
if (($cdom eq '') && ($urlcdom ne '')) {	if (($cdom eq '') && ($urlcdom ne '')) {
my $cprimary_id = &Apache::lonnet::domain($urlcdom,'primary');	my $cprimary_id = &Apache::lonnet::domain($urlcdom,'primary');
Line 263 sub handler {	Line 368 sub handler {
}	}

#	#
# Retrieve information for LTI Consumers in course domain	# Retrieve information for LTI Consumers in course's domain
# and populate hash -- %lti_by_key -- for which keys	# and populate hash -- %lti_by_key -- for which keys
# are those defined in domain configuration for LTI.	# are those defined in domain configuration for LTI.
#	#

my %lti = &Apache::lonnet::get_domain_lti($cdom,'provider');	my %lti = &Apache::lonnet::get_domain_lti($cdom,'provider');
unless (keys(%lti) > 0) {	unless (keys(%lti) > 0) {
&invalid_request($r,6);	&invalid_request($r,15);
return OK;	return OK;
}	}
my %lti_by_key;	my %lti_by_key;
Line 286 sub handler {	Line 391 sub handler {
#	#
# Verify the signed request using the secret for those	# Verify the signed request using the secret for those
# Consumers for which the key in the POSTed data matches	# Consumers for which the key in the POSTed data matches
# keys in the domain configuration for LTI.	# keys in the course configuration or the domain configuration
	# for LTI.
#	#
my $hostname = $r->hostname;
my $protocol = 'http';
if ($ENV{'SERVER_PORT'} == 443) {
$protocol = 'https';
}

if (exists($params->{'oauth_callback'})) {	my $itemid = &get_lti_itemid($requri,$hostname,$params,\%lti,\%lti_by_key);
$Net::OAuth::PROTOCOL_VERSION = Net::OAuth::PROTOCOL_VERSION_1_0A;
} else {
$Net::OAuth::PROTOCOL_VERSION = Net::OAuth::PROTOCOL_VERSION_1_0;
}

my ($itemid,$consumer_key,$secret);
$consumer_key = $params->{'oauth_consumer_key'};
if (ref($lti_by_key{$consumer_key}) eq 'ARRAY') {
foreach my $id (@{$lti_by_key{$consumer_key}}) {
if (ref($lti{$id}) eq 'HASH') {
$secret = $lti{$id}{'secret'};
my $request = Net::OAuth->request('request token')->from_hash($params,
request_url => $protocol.'://'.$hostname.$requri,
request_method => $env{'request.method'},
consumer_secret => $secret,);
if ($request->verify()) {
$itemid = $id;
last;
}
}
}
}

#	#
# Request is invalid if the signed request could not be verified	# Request is invalid if the signed request could not be verified
Line 324 sub handler {	Line 403 sub handler {
# configuration in LON-CAPA for that LTI Consumer.	# configuration in LON-CAPA for that LTI Consumer.
#	#
unless (($itemid) && (ref($lti{$itemid}) eq 'HASH')) {	unless (($itemid) && (ref($lti{$itemid}) eq 'HASH')) {
&invalid_request($r,7);	&invalid_request($r,16);
return OK;	return OK;
}	}

Line 334 sub handler {	Line 413 sub handler {
#	#
unless (&LONCAPA::ltiutils::check_nonce($params->{'oauth_nonce'},$params->{'oauth_timestamp'},	unless (&LONCAPA::ltiutils::check_nonce($params->{'oauth_nonce'},$params->{'oauth_timestamp'},
$lti{$itemid}{'lifetime'},$cdom,$r->dir_config('lonLTIDir'))) {	$lti{$itemid}{'lifetime'},$cdom,$r->dir_config('lonLTIDir'))) {
&invalid_request($r,8);	&invalid_request($r,17);
return OK;	return OK;
}	}

Line 345 sub handler {	Line 424 sub handler {

if (!$lti{$itemid}{'requser'}) {	if (!$lti{$itemid}{'requser'}) {
if ($tail =~ m{^/tiny/($match_domain)/(\w+)$}) {	if ($tail =~ m{^/tiny/($match_domain)/(\w+)$}) {
	my $ltitype = 'd';
foreach my $key (%{$params}) {	foreach my $key (%{$params}) {
delete($env{'form.'.$key});	delete($env{'form.'.$key});
}	}
my $ltoken = &Apache::lonnet::tmpput({'linkprot' => $itemid.':'.$tail},	my $ltoken = &Apache::lonnet::tmpput({'linkprot' => $itemid.$ltitype.':'.$tail},
$lonhost);	$lonhost);
if ($ltoken) {	if ($ltoken) {
$r->internal_redirect($tail.'?ltoken='.$ltoken);	$r->internal_redirect($tail.'?ltoken='.$ltoken);
$r->set_handlers('PerlHandler'=> undef);	$r->set_handlers('PerlHandler'=> undef);
} else {	} else {
&invalid_request($r,9);	&invalid_request($r,18);
}	}
} else {	} else {
&invalid_request($r,10);	&invalid_request($r,19);
}	}
return OK;	return OK;
}	}
Line 418 sub handler {	Line 498 sub handler {
if ($consumers{$sourcecrs} =~ /^$match_courseid$/) {	if ($consumers{$sourcecrs} =~ /^$match_courseid$/) {
my $crshome = &Apache::lonnet::homeserver($consumers{$sourcecrs},$cdom);	my $crshome = &Apache::lonnet::homeserver($consumers{$sourcecrs},$cdom);
if ($crshome =~ /(con_lost\|no_host\|no_such_host)/) {	if ($crshome =~ /(con_lost\|no_host\|no_such_host)/) {
&invalid_request($r,11);	&invalid_request($r,20);
return OK;	return OK;
} else {	} else {
$posscnum = $consumers{$sourcecrs};	$posscnum = $consumers{$sourcecrs};
Line 430 sub handler {	Line 510 sub handler {
if ($urlcnum ne '') {	if ($urlcnum ne '') {
if ($posscnum ne '') {	if ($posscnum ne '') {
if ($posscnum ne $urlcnum) {	if ($posscnum ne $urlcnum) {
&invalid_request($r,12);	&invalid_request($r,21);
return OK;	return OK;
} else {	} else {
$cnum = $posscnum;	$cnum = $posscnum;
Line 438 sub handler {	Line 518 sub handler {
} else {	} else {
my $crshome = &Apache::lonnet::homeserver($urlcnum,$cdom);	my $crshome = &Apache::lonnet::homeserver($urlcnum,$cdom);
if ($crshome =~ /(con_lost\|no_host\|no_such_host)/) {	if ($crshome =~ /(con_lost\|no_host\|no_such_host)/) {
&invalid_request($r,13);	&invalid_request($r,22);
return OK;	return OK;
} else {	} else {
$cnum = $urlcnum;	$cnum = $urlcnum;
Line 503 sub handler {	Line 583 sub handler {
$domdesc,\%data,\%alerts,\%rulematch,	$domdesc,\%data,\%alerts,\%rulematch,
\%inst_results,\%curr_rules,%got_rules);	\%inst_results,\%curr_rules,%got_rules);
if ($result eq 'notallowed') {	if ($result eq 'notallowed') {
&invalid_request($r,14);	&invalid_request($r,23);
} elsif ($result eq 'ok') {	} elsif ($result eq 'ok') {
if (($ltiroles[0] eq 'Instructor') && ($lcroles[0] eq 'cc') && ($lti{$itemid}{'mapcrs'}) &&	if (($ltiroles[0] eq 'Instructor') && ($lcroles[0] eq 'cc') && ($lti{$itemid}{'mapcrs'}) &&
($lti{$itemid}{'makecrs'})) {	($lti{$itemid}{'makecrs'})) {
Line 512 sub handler {	Line 592 sub handler {
}	}
}	}
} else {	} else {
&invalid_request($r,15);	&invalid_request($r,24);
return OK;	return OK;
}	}
} else {	} else {
&invalid_request($r,16);	&invalid_request($r,25);
return OK;	return OK;
}	}
}	}
} else {	} else {
&invalid_request($r,17);	&invalid_request($r,26);
return OK;	return OK;
}	}

Line 543 sub handler {	Line 623 sub handler {
$symb,$cdom,$cnum,$params,\@ltiroles,$lti{$itemid},\@lcroles,	$symb,$cdom,$cnum,$params,\@ltiroles,$lti{$itemid},\@lcroles,
$reqcrs,$sourcecrs);	$reqcrs,$sourcecrs);
} else {	} else {
&invalid_request($r,18);	&invalid_request($r,27);
}	}
} else {	} else {
&invalid_request($r,19);	&invalid_request($r,28);
}	}
return OK;	return OK;
}	}
Line 632 sub handler {	Line 712 sub handler {
}	}
}	}
if ($reqrole eq '') {	if ($reqrole eq '') {
&invalid_request($r,20);	&invalid_request($r,29);
return OK;	return OK;
} else {	} else {
unless (%crsenv) {	unless (%crsenv) {
Line 642 sub handler {	Line 722 sub handler {
my $default_enrollment_end_date = $crsenv{'default_enrollment_end_date'};	my $default_enrollment_end_date = $crsenv{'default_enrollment_end_date'};
my $now = time;	my $now = time;
if ($default_enrollment_end_date && $default_enrollment_end_date <= $now) {	if ($default_enrollment_end_date && $default_enrollment_end_date <= $now) {
&invalid_request($r,21);	&invalid_request($r,30);
return OK;	return OK;
} elsif ($default_enrollment_start_date && $default_enrollment_start_date >$now) {	} elsif ($default_enrollment_start_date && $default_enrollment_start_date >$now) {
&invalid_request($r,22);	&invalid_request($r,31);
return OK;	return OK;
} else {	} else {
$selfenrollrole = $reqrole.'./'.$cdom.'/'.$cnum;	$selfenrollrole = $reqrole.'./'.$cdom.'/'.$cnum;
Line 676 sub handler {	Line 756 sub handler {
return OK;	return OK;
}	}

	sub get_lti_itemid {
	my ($requri,$hostname,$params,$lti,$lti_by_key) = @_;
	return unless ((ref($params) eq 'HASH') && (ref($lti) eq 'HASH') && (ref($lti_by_key) eq 'HASH'));

	if (exists($params->{'oauth_callback'})) {
	$Net::OAuth::PROTOCOL_VERSION = Net::OAuth::PROTOCOL_VERSION_1_0A;
	} else {
	$Net::OAuth::PROTOCOL_VERSION = Net::OAuth::PROTOCOL_VERSION_1_0;
	}

	my $protocol = 'http';
	if ($ENV{'SERVER_PORT'} == 443) {
	$protocol = 'https';
	}

	my ($itemid,$consumer_key,$secret);
	my $consumer_key = $params->{'oauth_consumer_key'};
	if (ref($lti_by_key->{$consumer_key}) eq 'ARRAY') {
	foreach my $id (@{$lti_by_key->{$consumer_key}}) {
	if (ref($lti->{$id}) eq 'HASH') {
	$secret = $lti->{$id}{'secret'};
	my $request = Net::OAuth->request('request token')->from_hash($params,
	request_url => $protocol.'://'.$hostname.$requri,
	request_method => $env{'request.method'},
	consumer_secret => $secret,);
	if ($request->verify()) {
	$itemid = $id;
	last;
	}
	}
	}
	}
	return $itemid;
	}

sub lti_enroll {	sub lti_enroll {
my ($uname,$udom,$selfenrollrole) = @_;	my ($uname,$udom,$selfenrollrole) = @_;
my $enrollresult;	my $enrollresult;
Line 749 sub lti_session {	Line 864 sub lti_session {
}	}
}	}
}	}
	my $protocol = 'http';
	if ($ENV{'SERVER_PORT'} == 443) {
	$protocol = 'https';
	}
if (($is_balancer) && (!$hosthere)) {	if (($is_balancer) && (!$hosthere)) {
# login but immediately go to switch server.	# login but immediately go to switch server.
&Apache::lonauth::success($r,$uname,$udom,$uhome,'noredirect');	&Apache::lonauth::success($r,$uname,$udom,$uhome,'noredirect');
	if (($ltihash->{'callback'}) && ($params->{$ltihash->{'callback'}})) {
	&LONCAPA::ltiutils::setup_logout_callback($uname,$udom,$otherserver,
	$ltihash->{'key'},
	$ltihash->{'secret'},
	$params->{$ltihash->{'callback'}},
	$r->dir_config('ltiIDsDir'),
	$protocol,$r->hostname);
	}
if ($symb) {	if ($symb) {
$env{'form.symb'} = $symb;	$env{'form.symb'} = $symb;
$env{'request.lti.uri'} = $tail;	$env{'request.lti.uri'} = $tail;
Line 780 sub lti_session {	Line 907 sub lti_session {
$env{'request.lti.sourcecrs'} = $sourcecrs;	$env{'request.lti.sourcecrs'} = $sourcecrs;
}	}
if ($selfenrollrole) {	if ($selfenrollrole) {
$env{'request.lti.selfenroll'} = $selfenrollrole;	$env{'request.lti.selfenrollrole'} = $selfenrollrole;
$env{'request.lti.sourcecrs'} = $sourcecrs;	$env{'request.lti.sourcecrs'} = $sourcecrs;
}	}
if ($ltihash->{'passback'}) {	if ($ltihash->{'passback'}) {
Line 818 sub lti_session {	Line 945 sub lti_session {
foreach my $key (%{$params}) {	foreach my $key (%{$params}) {
delete($env{'form.'.$key});	delete($env{'form.'.$key});
}	}
	if (($ltihash->{'callback'}) && ($params->{$ltihash->{'callback'}})) {
	&LONCAPA::ltiutils::setup_logout_callback($uname,$udom,$lonhost,
	$ltihash->{'key'},
	$ltihash->{'secret'},
	$params->{$ltihash->{'callback'}},
	$r->dir_config('ltiIDsDir'),
	$protocol,$r->hostname);
	}
my $ip = $r->get_remote_host();	my $ip = $r->get_remote_host();
my %info=('ip' => $ip,	my %info=('ip' => $ip,
'domain' => $udom,	'domain' => $udom,
Line 897 sub invalid_request {	Line 1032 sub invalid_request {
return;	return;
}	}

	sub course_from_tinyurl {
	my ($tail) = @_;
	my ($urlcdom,$urlcnum);
	if ($tail =~ m{^/tiny/($match_domain)/(\w+)$}) {
	($urlcdom,my $key) = ($1,$2);
	my $tinyurl;
	my ($result,$cached)=&Apache::lonnet::is_cached_new('tiny',$urlcdom."\0".$key);
	if (defined($cached)) {
	$tinyurl = $result;
	} else {
	my $configuname = &Apache::lonnet::get_domainconfiguser($urlcdom);
	my %currtiny = &Apache::lonnet::get('tiny',[$key],$urlcdom,$configuname);
	if ($currtiny{$key} ne '') {
	$tinyurl = $currtiny{$key};
	&Apache::lonnet::do_cache_new('tiny',$urlcdom."\0".$key,$currtiny{$key},600);
	}
	}
	if ($tinyurl ne '') {
	$urlcnum = (split(/\&/,$tinyurl))[0];
	}
	}
	return ($urlcdom,$urlcnum);
	}

1;	1;

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>

Removed from v.1.17
changed lines
	Added in v.1.21