version 1.26, 2021/11/22 23:41:00
|
version 1.42, 2023/06/02 01:20:28
|
Line 30 package Apache::ltiauth;
|
Line 30 package Apache::ltiauth;
|
|
|
use strict; |
use strict; |
use LONCAPA qw(:DEFAULT :match); |
use LONCAPA qw(:DEFAULT :match); |
use Apache::Constants qw(:common :http); |
use Encode; |
use Net::OAuth; |
use Apache::Constants qw(:common :http :remotehost); |
use Apache::lonlocal; |
use Apache::lonlocal; |
use Apache::lonnet; |
use Apache::lonnet; |
use Apache::loncommon; |
use Apache::loncommon; |
Line 64 sub handler {
|
Line 64 sub handler {
|
my $params = {}; |
my $params = {}; |
foreach my $key (sort(keys(%env))) { |
foreach my $key (sort(keys(%env))) { |
if ($key =~ /^form\.(.+)$/) { |
if ($key =~ /^form\.(.+)$/) { |
$params->{$1} = $env{$key}; |
$params->{$1} = &Encode::decode('UTF-8',$env{$key}); |
} |
} |
} |
} |
# |
# |
Line 80 sub handler {
|
Line 80 sub handler {
|
} |
} |
|
|
unless (keys(%{$params})) { |
unless (keys(%{$params})) { |
&invalid_request($r,1); |
&invalid_request($r,'No parameters included in launch request'); |
return OK; |
return OK; |
} |
} |
|
|
Line 90 sub handler {
|
Line 90 sub handler {
|
$params->{'oauth_version'} && |
$params->{'oauth_version'} && |
$params->{'oauth_signature'} && |
$params->{'oauth_signature'} && |
$params->{'oauth_signature_method'}) { |
$params->{'oauth_signature_method'}) { |
&invalid_request($r,2); |
&invalid_request($r,'One or more required parameters missing from launch request'); |
return OK; |
return OK; |
} |
} |
|
|
Line 117 sub handler {
|
Line 117 sub handler {
|
# |
# |
if ($requri =~ m{^/adm/launch(|/.*)$}) { |
if ($requri =~ m{^/adm/launch(|/.*)$}) { |
my $tail = $1; |
my $tail = $1; |
if ($tail =~ m{^/tiny/($match_domain)/(\w+)$}) { |
if ($tail =~ m{^/tiny/$match_domain/\w+$}) { |
my ($urlcdom,$urlcnum) = &course_from_tinyurl($tail); |
my ($urlcdom,$urlcnum) = &course_from_tinyurl($tail); |
if (($urlcdom ne '') && ($urlcnum ne '')) { |
if (($urlcdom ne '') && ($urlcnum ne '')) { |
$cdom = $urlcdom; |
$cdom = $urlcdom; |
Line 127 sub handler {
|
Line 127 sub handler {
|
my $intdom = &Apache::lonnet::internet_dom($primary_id); |
my $intdom = &Apache::lonnet::internet_dom($primary_id); |
if (($intdom ne '') && (grep(/^\Q$intdom\E$/,@intdoms))) { |
if (($intdom ne '') && (grep(/^\Q$intdom\E$/,@intdoms))) { |
# |
# |
# Retrieve information for LTI link protectors in course |
|
# where url was /adm/launch/tiny/$cdom/$uniqueid |
|
# |
|
my (%crslti,%crslti_by_key,$itemid,$ltitype); |
|
%crslti = &Apache::lonnet::get_course_lti($cnum,$cdom,'provider'); |
|
if (keys(%crslti)) { |
|
foreach my $id (keys(%crslti)) { |
|
if (ref($crslti{$id}) eq 'HASH') { |
|
my $key = $crslti{$id}{'key'}; |
|
push(@{$crslti_by_key{$key}},$id); |
|
} |
|
} |
|
} |
|
# |
|
# Verify the signed request using the secret for LTI link |
# Verify the signed request using the secret for LTI link |
# protectors for which the key in the POSTed data matches |
# protectors for which the key in the POSTed data matches |
# keys in the course configuration. |
# keys in the course configuration. |
Line 153 sub handler {
|
Line 139 sub handler {
|
# Determine if nonce in POSTed data has expired. |
# Determine if nonce in POSTed data has expired. |
# If unexpired, confirm it has not already been used. |
# If unexpired, confirm it has not already been used. |
# |
# |
if (keys(%crslti)) { |
# Retrieve information for LTI link protectors in course |
$itemid = &get_lti_itemid($requri,$hostname,$params,\%crslti,\%crslti_by_key); |
# where url was /adm/launch/tiny/$cdom/$uniqueid |
|
# |
|
|
|
my ($itemid,$ltitype,%crslti,%lti_in_use,$ltiuser); |
|
$itemid = &get_lti_itemid($requri,$hostname,$params,$cdom,$cnum,'linkprot'); |
|
if ($itemid) { |
|
%crslti = &Apache::lonnet::get_course_lti($cnum,$cdom,'provider'); |
} |
} |
if (($itemid) && (ref($crslti{$itemid}) eq 'HASH')) { |
if (($itemid) && (ref($crslti{$itemid}) eq 'HASH')) { |
$ltitype = 'c'; |
$ltitype = 'c'; |
unless (&LONCAPA::ltiutils::check_nonce($params->{'oauth_nonce'},$params->{'oauth_timestamp'}, |
if (&LONCAPA::ltiutils::check_nonce($params->{'oauth_nonce'},$params->{'oauth_timestamp'}, |
$crslti{$itemid}{'lifetime'},$cdom,$r->dir_config('lonLTIDir'))) { |
$crslti{$itemid}{'lifetime'},$cdom,$r->dir_config('lonLTIDir'))) { |
&invalid_request($r,3); |
%lti_in_use = %{$crslti{$itemid}}; |
|
} else { |
|
&invalid_request($r,'Time limit exceeded for launch request credentials'); |
return OK; |
return OK; |
} |
} |
} else { |
} else { |
my %lti = &Apache::lonnet::get_domain_lti($cdom,'provider'); |
$itemid = &get_lti_itemid($requri,$hostname,$params,$cdom,'','linkprot'); |
unless (keys(%lti) > 0) { |
my %lti; |
&invalid_request($r,4); |
if ($itemid) { |
return OK; |
%lti = &Apache::lonnet::get_domain_lti($cdom,'linkprot'); |
} |
} |
my (%domlti_by_key,%domlti); |
if (($itemid) && (ref($lti{$itemid}) eq 'HASH')) { |
foreach my $id (keys(%lti)) { |
$ltitype = 'd'; |
if (ref($lti{$id}) eq 'HASH') { |
if (&LONCAPA::ltiutils::check_nonce($params->{'oauth_nonce'},$params->{'oauth_timestamp'}, |
my $key = $lti{$id}{'key'}; |
$lti{$itemid}{'lifetime'},$cdom, |
if (!$lti{$itemid}{'requser'}) { |
$r->dir_config('lonLTIDir'))) { |
push(@{$domlti_by_key{$key}},$id); |
%lti_in_use = %{$lti{$itemid}}; |
$domlti{$id} = $lti{$id}; |
} else { |
} |
&invalid_request($r,'Time limit exceeded for launch request credentials'); |
|
return OK; |
} |
} |
} |
} |
if (keys(%domlti)) { |
} |
$itemid = &get_lti_itemid($requri,$hostname,$params,\%domlti,\%domlti_by_key); |
my $exiturl; |
|
if (($itemid) && ($lti_in_use{'returnurl'} ne '')) { |
|
if (exists($params->{$lti_in_use{'returnurl'}})) { |
|
$exiturl = $params->{$lti_in_use{'returnurl'}}; |
|
} elsif (exists($params->{'custom_'.$lti_in_use{'returnurl'}})) { |
|
$exiturl = $params->{'custom_'.$lti_in_use{'returnurl'}}; |
} |
} |
if (($itemid) && (ref($domlti{$itemid}) eq 'HASH')) { |
} |
$ltitype = 'd'; |
my ($pbid,$pburl); |
unless (&LONCAPA::ltiutils::check_nonce($params->{'oauth_nonce'},$params->{'oauth_timestamp'}, |
if ($params->{'lis_result_sourcedid'}) { |
$domlti{$itemid}{'lifetime'},$cdom, |
$pbid = $params->{'lis_result_sourcedid'}; |
$r->dir_config('lonLTIDir'))) { |
} |
&invalid_request($r,5); |
if ($params->{'lis_outcome_service_url'}) { |
|
$pburl = $params->{'lis_outcome_service_url'}; |
|
} |
|
if (($itemid) && ($lti_in_use{'requser'})) { |
|
my %courseinfo = &Apache::lonnet::coursedescription($cdom.'_'.$cnum); |
|
my $ltiauth; |
|
if (exists($courseinfo{'internal.ltiauth'})) { |
|
$ltiauth = $courseinfo{'internal.ltiauth'}; |
|
} else { |
|
my %domdefs = &Apache::lonnet::get_domain_defaults($cdom); |
|
$ltiauth = $domdefs{'crsltiauth'}; |
|
} |
|
if ($ltiauth) { |
|
my $possuname; |
|
my $mapuser = $lti_in_use{'mapuser'}; |
|
if ($mapuser eq 'sourcedid') { |
|
if ($params->{'lis_person_sourcedid'} =~ /^$match_username$/) { |
|
$possuname = $params->{'lis_person_sourcedid'}; |
|
} |
|
} elsif ($mapuser eq 'email') { |
|
if ($params->{'lis_person_contact_email_primary'} =~ /^$match_username$/) { |
|
$possuname = $params->{'lis_person_contact_email_primary'}; |
|
} |
|
} elsif (exists($params->{$mapuser})) { |
|
if ($params->{$mapuser} =~ /^$match_username$/) { |
|
$possuname = $params->{$mapuser}; |
|
} |
|
} |
|
if ($possuname ne '') { |
|
my $uhome = &Apache::lonnet::homeserver($possuname,$cdom); |
|
unless ($uhome eq 'no_host') { |
|
my $uname = $possuname; |
|
my ($is_student,$is_nonstudent); |
|
my %course_roles = |
|
&Apache::lonnet::get_my_roles($uname,$cdom,,'userroles',['active'], |
|
['cc','co','in','ta','ep','ad','st','cr'], |
|
[$cdom]); |
|
foreach my $key (keys(%course_roles)) { |
|
my ($trest,$tdomain,$trole,$sec) = split(/:/,$key); |
|
if (($trest eq $cnum) && ($tdomain eq $cdom)) { |
|
if ($trole eq 'st') { |
|
$is_student = 1; |
|
} else { |
|
$is_nonstudent = 1; |
|
last; |
|
} |
|
} |
|
} |
|
if (($is_student) && (!$is_nonstudent)) { |
|
unless (&Apache::lonnet::is_advanced_user($uname,$cdom)) { |
|
foreach my $key (%{$params}) { |
|
delete($env{'form.'.$key}); |
|
} |
|
&linkprot_session($r,$uname,$cnum,$cdom,$uhome,$itemid,$ltitype, |
|
$tail,$lonhost,$exiturl,$pbid,$pburl); |
|
return OK; |
|
} |
|
} |
|
$ltiuser = $uname.':'.$cdom; |
|
} |
|
} |
|
if ($lti_in_use{'notstudent'} eq 'reject') { |
|
&invalid_request($r,'Information for valid user missing from launch request'); |
return OK; |
return OK; |
} |
} |
} |
} |
Line 196 sub handler {
|
Line 258 sub handler {
|
foreach my $key (%{$params}) { |
foreach my $key (%{$params}) { |
delete($env{'form.'.$key}); |
delete($env{'form.'.$key}); |
} |
} |
my $ltoken = &Apache::lonnet::tmpput({'linkprot' => $itemid.$ltitype.':'.$tail}, |
my %info = ( |
$lonhost,'link'); |
'linkprot' => $itemid.$ltitype.':'.$tail, |
if ($ltoken) { |
); |
|
if ($ltiuser ne '') { |
|
$info{'linkprotuser'} = $ltiuser; |
|
} |
|
if ($exiturl ne '') { |
|
$info{'linkprotexit'} = $exiturl; |
|
} |
|
if ($pbid ne '') { |
|
$info{'linkprotpbid'} = $pbid; |
|
} |
|
if ($pburl ne '') { |
|
$info{'linkprotpburl'} = $pburl; |
|
} |
|
my $ltoken = &Apache::lonnet::tmpput(\%info,$lonhost,'link'); |
|
if (($ltoken eq 'con_lost') || ($ltoken eq 'refused') || ($ltoken =~ /^error:/) || |
|
($ltoken eq 'unknown_cmd') || ($ltoken eq 'no_such_host') || |
|
($ltoken eq '')) { |
|
&invalid_request($r,'Failed to store information from launch request'); |
|
} else { |
$r->internal_redirect($tail.'?ltoken='.$ltoken); |
$r->internal_redirect($tail.'?ltoken='.$ltoken); |
$r->set_handlers('PerlHandler'=> undef); |
$r->set_handlers('PerlHandler'=> undef); |
} else { |
|
&invalid_request($r,6); |
|
} |
} |
} else { |
} else { |
&invalid_request($r,7); |
&invalid_request($r,'Launch request could not be validated'); |
} |
} |
} else { |
} else { |
&invalid_request($r,8); |
&invalid_request($r,'Launch unavailable on this LON-CAPA server'); |
} |
} |
} else { |
} else { |
&invalid_request($r,9); |
&invalid_request($r,'Launch unavailable for this domain'); |
} |
} |
} else { |
} else { |
&invalid_request($r,10); |
&invalid_request($r,'Invalid launch URL'); |
} |
} |
} else { |
} else { |
&invalid_request($r,11); |
&invalid_request($r,'Invalid launch URL'); |
} |
} |
return OK; |
return OK; |
} |
} |
Line 318 sub handler {
|
Line 396 sub handler {
|
if ($tail =~ m{^/uploaded/($match_domain)/($match_courseid)/(?:default|supplemental)(?:|_\d+)\.(?:sequence|page)(|___\d+___.+)$}) { |
if ($tail =~ m{^/uploaded/($match_domain)/($match_courseid)/(?:default|supplemental)(?:|_\d+)\.(?:sequence|page)(|___\d+___.+)$}) { |
($urlcdom,$urlcnum,my $rest) = ($1,$2,$3); |
($urlcdom,$urlcnum,my $rest) = ($1,$2,$3); |
if (($cdom ne '') && ($cdom ne $urlcdom)) { |
if (($cdom ne '') && ($cdom ne $urlcdom)) { |
&invalid_request($r,12); |
&invalid_request($r,'Incorrect domain in requested URL'); |
return OK; |
return OK; |
} |
} |
if ($rest eq '') { |
if ($rest eq '') { |
Line 337 sub handler {
|
Line 415 sub handler {
|
} elsif ($tail =~ m{^/($match_domain)/($match_courseid)$}) { |
} elsif ($tail =~ m{^/($match_domain)/($match_courseid)$}) { |
($urlcdom,$urlcnum) = ($1,$2); |
($urlcdom,$urlcnum) = ($1,$2); |
if (($cdom ne '') && ($cdom ne $urlcdom)) { |
if (($cdom ne '') && ($cdom ne $urlcdom)) { |
&invalid_request($r,13); |
&invalid_request($r,'Incorrect domain in requested URL'); |
return OK; |
return OK; |
} |
} |
} elsif ($tail =~ m{^/tiny/($match_domain)/(\w+)$}) { |
} elsif ($tail =~ m{^/tiny/($match_domain)/(\w+)$}) { |
($urlcdom,$urlcnum) = &course_from_tinyurl($tail); |
($urlcdom,$urlcnum) = &course_from_tinyurl($tail); |
if (($urlcdom eq '') || ($urlcnum eq '')) { |
if (($urlcdom eq '') || ($urlcnum eq '')) { |
&invalid_request($r,14); |
&invalid_request($r,'Invalid URL shortcut'); |
return OK; |
return OK; |
} |
} |
} |
} |
Line 369 sub handler {
|
Line 447 sub handler {
|
|
|
# |
# |
# Retrieve information for LTI Consumers in course's domain |
# Retrieve information for LTI Consumers in course's domain |
# and populate hash -- %lti_by_key -- for which keys |
# defined in domain configuration for LTI. |
# are those defined in domain configuration for LTI. |
|
# |
|
|
|
my %lti = &Apache::lonnet::get_domain_lti($cdom,'provider'); |
|
unless (keys(%lti) > 0) { |
|
&invalid_request($r,15); |
|
return OK; |
|
} |
|
my %lti_by_key; |
|
if (keys(%lti)) { |
|
foreach my $id (keys(%lti)) { |
|
if (ref($lti{$id}) eq 'HASH') { |
|
my $key = $lti{$id}{'key'}; |
|
push(@{$lti_by_key{$key}},$id); |
|
} |
|
} |
|
} |
|
|
|
# |
# |
# Verify the signed request using the secret for those |
# Verify the signed request using the secret for those |
# Consumers for which the key in the POSTed data matches |
# Consumers for which the key in the POSTed data matches |
# keys in the course configuration or the domain configuration |
# keys in the course configuration or the domain configuration |
# for LTI. |
# for LTI. |
# |
# |
|
|
my $itemid = &get_lti_itemid($requri,$hostname,$params,\%lti,\%lti_by_key); |
my %lti; |
|
my $itemid = &get_lti_itemid($requri,$hostname,$params,$cdom,'','provider'); |
|
if ($itemid) { |
|
%lti = &Apache::lonnet::get_domain_lti($cdom,'provider'); |
|
} |
|
|
# |
# |
# Request is invalid if the signed request could not be verified |
# Request is invalid if the signed request could not be verified |
Line 403 sub handler {
|
Line 467 sub handler {
|
# configuration in LON-CAPA for that LTI Consumer. |
# configuration in LON-CAPA for that LTI Consumer. |
# |
# |
unless (($itemid) && (ref($lti{$itemid}) eq 'HASH')) { |
unless (($itemid) && (ref($lti{$itemid}) eq 'HASH')) { |
&invalid_request($r,16); |
&invalid_request($r,'Launch request could not be validated'); |
return OK; |
return OK; |
} |
} |
|
|
Line 413 sub handler {
|
Line 477 sub handler {
|
# |
# |
unless (&LONCAPA::ltiutils::check_nonce($params->{'oauth_nonce'},$params->{'oauth_timestamp'}, |
unless (&LONCAPA::ltiutils::check_nonce($params->{'oauth_nonce'},$params->{'oauth_timestamp'}, |
$lti{$itemid}{'lifetime'},$cdom,$r->dir_config('lonLTIDir'))) { |
$lti{$itemid}{'lifetime'},$cdom,$r->dir_config('lonLTIDir'))) { |
&invalid_request($r,17); |
&invalid_request($r,'Time limit exceeded for launch request credentials'); |
return OK; |
return OK; |
} |
} |
|
|
Line 434 sub handler {
|
Line 498 sub handler {
|
$r->internal_redirect($tail.'?ltoken='.$ltoken); |
$r->internal_redirect($tail.'?ltoken='.$ltoken); |
$r->set_handlers('PerlHandler'=> undef); |
$r->set_handlers('PerlHandler'=> undef); |
} else { |
} else { |
&invalid_request($r,18); |
&invalid_request($r,'Failed to store information from launch request'); |
} |
} |
} else { |
} else { |
&invalid_request($r,19); |
&invalid_request($r,'Launch URL invalid for matched launch credentials'); |
} |
} |
return OK; |
return OK; |
} |
} |
Line 495 sub handler {
|
Line 559 sub handler {
|
if ($sourcecrs ne '') { |
if ($sourcecrs ne '') { |
%consumers = &Apache::lonnet::get_dom('lticonsumers',[$sourcecrs],$cdom); |
%consumers = &Apache::lonnet::get_dom('lticonsumers',[$sourcecrs],$cdom); |
if (exists($consumers{$sourcecrs})) { |
if (exists($consumers{$sourcecrs})) { |
if ($consumers{$sourcecrs} =~ /^$match_courseid$/) { |
if ($consumers{$sourcecrs} =~ /^\Q$itemid:\E($match_courseid)$/) { |
my $crshome = &Apache::lonnet::homeserver($consumers{$sourcecrs},$cdom); |
my $storedcnum = $1; |
|
my $crshome = &Apache::lonnet::homeserver($storedcnum,$cdom); |
if ($crshome =~ /(con_lost|no_host|no_such_host)/) { |
if ($crshome =~ /(con_lost|no_host|no_such_host)/) { |
&invalid_request($r,20); |
&invalid_request($r,'Invalid courseID included in launch data'); |
return OK; |
return OK; |
} else { |
} else { |
$posscnum = $consumers{$sourcecrs}; |
$posscnum = $storedcnum; |
} |
} |
} |
} |
} |
} |
Line 510 sub handler {
|
Line 575 sub handler {
|
if ($urlcnum ne '') { |
if ($urlcnum ne '') { |
if ($posscnum ne '') { |
if ($posscnum ne '') { |
if ($posscnum ne $urlcnum) { |
if ($posscnum ne $urlcnum) { |
&invalid_request($r,21); |
&invalid_request($r,'Course ID included in launch data incompatible with URL'); |
return OK; |
return OK; |
} else { |
} else { |
$cnum = $posscnum; |
$cnum = $posscnum; |
Line 518 sub handler {
|
Line 583 sub handler {
|
} else { |
} else { |
my $crshome = &Apache::lonnet::homeserver($urlcnum,$cdom); |
my $crshome = &Apache::lonnet::homeserver($urlcnum,$cdom); |
if ($crshome =~ /(con_lost|no_host|no_such_host)/) { |
if ($crshome =~ /(con_lost|no_host|no_such_host)/) { |
&invalid_request($r,22); |
&invalid_request($r,'Valid course ID could not be extracted from requested URL'); |
return OK; |
return OK; |
} else { |
} else { |
$cnum = $urlcnum; |
$cnum = $urlcnum; |
Line 583 sub handler {
|
Line 648 sub handler {
|
$domdesc,\%data,\%alerts,\%rulematch, |
$domdesc,\%data,\%alerts,\%rulematch, |
\%inst_results,\%curr_rules,%got_rules); |
\%inst_results,\%curr_rules,%got_rules); |
if ($result eq 'notallowed') { |
if ($result eq 'notallowed') { |
&invalid_request($r,23); |
&invalid_request($r,'Account creation not permitted for this user'); |
} elsif ($result eq 'ok') { |
} elsif ($result eq 'ok') { |
if (($ltiroles[0] eq 'Instructor') && ($lcroles[0] eq 'cc') && ($lti{$itemid}{'mapcrs'}) && |
if (($ltiroles[0] eq 'Instructor') && ($lcroles[0] eq 'cc') && ($lti{$itemid}{'mapcrs'}) && |
($lti{$itemid}{'makecrs'})) { |
($lti{$itemid}{'makecrs'})) { |
Line 592 sub handler {
|
Line 657 sub handler {
|
} |
} |
} |
} |
} else { |
} else { |
&invalid_request($r,24); |
&invalid_request($r,'An error occurred during account creation'); |
return OK; |
return OK; |
} |
} |
} else { |
} else { |
&invalid_request($r,25); |
&invalid_request($r,'Account creation not permitted'); |
return OK; |
return OK; |
} |
} |
} |
} |
} else { |
} else { |
&invalid_request($r,26); |
&invalid_request($r,'Could not determine username and/or domain for user'); |
return OK; |
return OK; |
} |
} |
|
|
Line 624 sub handler {
|
Line 689 sub handler {
|
$symb,$cdom,$cnum,$params,\@ltiroles,$lti{$itemid},\@lcroles, |
$symb,$cdom,$cnum,$params,\@ltiroles,$lti{$itemid},\@lcroles, |
$reqcrs,$sourcecrs); |
$reqcrs,$sourcecrs); |
} else { |
} else { |
&invalid_request($r,27); |
&invalid_request($r,'No LON-CAPA course available, and creation is not permitted for this user'); |
} |
} |
} else { |
} else { |
&invalid_request($r,28); |
&invalid_request($r,'No LON-CAPA course available, and creation is not permitted'); |
} |
} |
} else { |
} else { |
<i_session($r,$itemid,$uname,$udom,$uhome,$lonhost,undef,$mapurl,$tail, |
<i_session($r,$itemid,$uname,$udom,$uhome,$lonhost,undef,$mapurl,$tail, |
Line 640 sub handler {
|
Line 705 sub handler {
|
# |
# |
# If LON-CAPA course is a Community, and LON-CAPA role |
# If LON-CAPA course is a Community, and LON-CAPA role |
# indicated is cc, change role indicated to co. |
# indicated is cc, change role indicated to co. |
# |
# |
|
|
my %crsenv; |
my %crsenv; |
if ($lcroles[0] eq 'cc') { |
if ($lcroles[0] eq 'cc') { |
Line 718 sub handler {
|
Line 783 sub handler {
|
} |
} |
} |
} |
if ($reqrole eq '') { |
if ($reqrole eq '') { |
&invalid_request($r,29); |
&invalid_request($r,'No matching role available in LON-CAPA course, and not permitted to self-enroll'); |
return OK; |
return OK; |
} else { |
} else { |
unless (%crsenv) { |
unless (%crsenv) { |
Line 728 sub handler {
|
Line 793 sub handler {
|
my $default_enrollment_end_date = $crsenv{'default_enrollment_end_date'}; |
my $default_enrollment_end_date = $crsenv{'default_enrollment_end_date'}; |
my $now = time; |
my $now = time; |
if ($default_enrollment_end_date && $default_enrollment_end_date <= $now) { |
if ($default_enrollment_end_date && $default_enrollment_end_date <= $now) { |
&invalid_request($r,30); |
&invalid_request($r,'No active role available in LON-CAPA course, and past end date for self-enrollment'); |
return OK; |
return OK; |
} elsif ($default_enrollment_start_date && $default_enrollment_start_date >$now) { |
} elsif ($default_enrollment_start_date && $default_enrollment_start_date >$now) { |
&invalid_request($r,31); |
&invalid_request($r,'No active role available in LON-CAPA course, and brefor start date for self-enrollment'); |
return OK; |
return OK; |
} else { |
} else { |
$selfenrollrole = $reqrole.'./'.$cdom.'/'.$cnum; |
$selfenrollrole = $reqrole.'./'.$cdom.'/'.$cnum; |
Line 745 sub handler {
|
Line 810 sub handler {
|
} |
} |
|
|
# |
# |
# Store consumer-to-LON-CAPA course mapping |
# Retrieve course type of LON-CAPA course to check if mapping from a Consumer |
|
# course identifier permitted for this type of course (one of: official, |
|
# unofficial, community, textbook, placement or lti. |
|
# |
|
|
|
unless (%crsenv) { |
|
%crsenv = &Apache::lonnet::coursedescription($cdom.'_'.$cnum); |
|
} |
|
my $crstype = lc($crsenv{'type'}); |
|
if ($crstype eq '') { |
|
$crstype = 'course'; |
|
} |
|
if ($crstype eq 'course') { |
|
if ($crsenv{'internal.coursecode'}) { |
|
$crstype = 'official'; |
|
} elsif ($crsenv{'internal.textbook'}) { |
|
$crstype = 'textbook'; |
|
} elsif ($crsenv{'internal.lti'}) { |
|
$crstype = 'lti'; |
|
} else { |
|
$crstype = 'unofficial'; |
|
} |
|
} |
|
|
|
# |
|
# Store consumer-to-LON-CAPA course mapping if permitted |
# |
# |
|
|
if (($sourcecrs ne '') && ($consumers{$sourcecrs} eq '') && ($cnum ne '')) { |
if (($lti{$itemid}{'storecrs'}) && ($sourcecrs ne '') && |
&Apache::lonnet::put_dom('lticonsumers',{ $sourcecrs => $cnum },$cdom); |
($consumers{$sourcecrs} eq '') && ($cnum ne '')) { |
|
if (ref($lti{$itemid}{'mapcrstype'}) eq 'ARRAY') { |
|
if (grep(/^$crstype$/,@{$lti{$itemid}{'mapcrstype'}})) { |
|
&Apache::lonnet::put_dom('lticonsumers',{ $sourcecrs => $itemid.':'.$cnum },$cdom); |
|
} |
|
} |
} |
} |
|
|
# |
# |
Line 763 sub handler {
|
Line 858 sub handler {
|
} |
} |
|
|
sub get_lti_itemid { |
sub get_lti_itemid { |
my ($requri,$hostname,$params,$lti,$lti_by_key) = @_; |
my ($requri,$hostname,$params,$cdom,$cnum,$context) = @_; |
return unless ((ref($params) eq 'HASH') && (ref($lti) eq 'HASH') && (ref($lti_by_key) eq 'HASH')); |
return unless (ref($params) eq 'HASH'); |
|
|
if (exists($params->{'oauth_callback'})) { |
|
$Net::OAuth::PROTOCOL_VERSION = Net::OAuth::PROTOCOL_VERSION_1_0A; |
|
} else { |
|
$Net::OAuth::PROTOCOL_VERSION = Net::OAuth::PROTOCOL_VERSION_1_0; |
|
} |
|
|
|
my $protocol = 'http'; |
my $protocol = 'http'; |
if ($ENV{'SERVER_PORT'} == 443) { |
if ($ENV{'SERVER_PORT'} == 443) { |
$protocol = 'https'; |
$protocol = 'https'; |
} |
} |
|
my $url = $protocol.'://'.$hostname.$requri; |
my ($itemid,$consumer_key,$secret); |
my $method = $env{'request.method'}; |
my $consumer_key = $params->{'oauth_consumer_key'}; |
if ($cnum ne '') { |
if (ref($lti_by_key->{$consumer_key}) eq 'ARRAY') { |
return &Apache::lonnet::courselti_itemid($cnum,$cdom,$url,$method,$params,$context); |
foreach my $id (@{$lti_by_key->{$consumer_key}}) { |
} else { |
if (ref($lti->{$id}) eq 'HASH') { |
return &Apache::lonnet::domainlti_itemid($cdom,$url,$method,$params,$context); |
$secret = $lti->{$id}{'secret'}; |
|
my $request = Net::OAuth->request('request token')->from_hash($params, |
|
request_url => $protocol.'://'.$hostname.$requri, |
|
request_method => $env{'request.method'}, |
|
consumer_secret => $secret,); |
|
if ($request->verify()) { |
|
$itemid = $id; |
|
last; |
|
} |
|
} |
|
} |
|
} |
} |
return $itemid; |
|
} |
} |
|
|
sub lti_enroll { |
sub lti_enroll { |
Line 852 sub lti_session {
|
Line 928 sub lti_session {
|
} else { |
} else { |
&Apache::lonnet::logthis(" LTI authorized user ($itemid): $uname:$udom, course dom: $cdom"); |
&Apache::lonnet::logthis(" LTI authorized user ($itemid): $uname:$udom, course dom: $cdom"); |
} |
} |
my ($is_balancer,$otherserver,$hosthere); |
my ($is_balancer,$otherserver,$hosthere) = &check_balancer($r,$uname,$udom); |
($is_balancer,$otherserver) = |
|
&Apache::lonnet::check_loadbalancing($uname,$udom,'login'); |
|
if ($is_balancer) { |
|
if ($otherserver eq '') { |
|
my $lowest_load; |
|
($otherserver,undef,undef,undef,$lowest_load) = &Apache::lonnet::choose_server($udom); |
|
if ($lowest_load > 100) { |
|
$otherserver = &Apache::lonnet::spareserver($r,$lowest_load,$lowest_load,1,$udom); |
|
} |
|
} |
|
if ($otherserver ne '') { |
|
my @hosts = &Apache::lonnet::current_machine_ids(); |
|
if (grep(/^\Q$otherserver\E$/,@hosts)) { |
|
$hosthere = $otherserver; |
|
} |
|
} |
|
} |
|
my $protocol = 'http'; |
my $protocol = 'http'; |
if ($ENV{'SERVER_PORT'} == 443) { |
if ($ENV{'SERVER_PORT'} == 443) { |
$protocol = 'https'; |
$protocol = 'https'; |
Line 878 sub lti_session {
|
Line 937 sub lti_session {
|
# login but immediately go to switch server. |
# login but immediately go to switch server. |
&Apache::lonauth::success($r,$uname,$udom,$uhome,'noredirect'); |
&Apache::lonauth::success($r,$uname,$udom,$uhome,'noredirect'); |
if (($ltihash->{'callback'}) && ($params->{$ltihash->{'callback'}})) { |
if (($ltihash->{'callback'}) && ($params->{$ltihash->{'callback'}})) { |
&LONCAPA::ltiutils::setup_logout_callback($uname,$udom,$otherserver, |
&LONCAPA::ltiutils::setup_logout_callback($cdom,$cnum,'',$itemid,$ltihash->{'cipher'}, |
$ltihash->{'key'}, |
$uname,$udom,$otherserver, |
$ltihash->{'secret'}, |
|
$params->{$ltihash->{'callback'}}, |
$params->{$ltihash->{'callback'}}, |
$r->dir_config('ltiIDsDir'), |
$r->dir_config('ltiIDsDir'), |
$protocol,$r->hostname); |
$protocol,$r->hostname); |
Line 948 sub lti_session {
|
Line 1006 sub lti_session {
|
$r->internal_redirect($redirecturl); |
$r->internal_redirect($redirecturl); |
$r->set_handlers('PerlHandler'=> undef); |
$r->set_handlers('PerlHandler'=> undef); |
} else { |
} else { |
# need to login them in, so generate the need data that |
# need to login them in, so generate the data migrate expects to do login |
# migrate expects to do login |
|
foreach my $key (keys(%{$params})) { |
foreach my $key (keys(%{$params})) { |
delete($env{'form.'.$key}); |
delete($env{'form.'.$key}); |
} |
} |
if (($ltihash->{'callback'}) && ($params->{$ltihash->{'callback'}})) { |
if (($ltihash->{'callback'}) && ($params->{$ltihash->{'callback'}})) { |
&LONCAPA::ltiutils::setup_logout_callback($uname,$udom,$lonhost, |
&LONCAPA::ltiutils::setup_logout_callback($cdom,$cnum,'',$itemid,$ltihash->{'cipher'}, |
$ltihash->{'key'}, |
$uname,$udom,$lonhost, |
$ltihash->{'secret'}, |
|
$params->{$ltihash->{'callback'}}, |
$params->{$ltihash->{'callback'}}, |
$r->dir_config('ltiIDsDir'), |
$r->dir_config('ltiIDsDir'), |
$protocol,$r->hostname); |
$protocol,$r->hostname); |
} |
} |
my $ip = $r->get_remote_host(); |
my $ip = &Apache::lonnet::get_requestor_ip($r,REMOTE_NOLOOKUP); |
my %info=('ip' => $ip, |
my %info=('ip' => $ip, |
'domain' => $udom, |
'domain' => $udom, |
'username' => $uname, |
'username' => $uname, |
Line 1027 sub lti_session {
|
Line 1083 sub lti_session {
|
return; |
return; |
} |
} |
|
|
|
sub linkprot_session { |
|
my ($r,$uname,$cnum,$cdom,$uhome,$itemid,$ltitype,$dest,$lonhost,$exiturl,$pbid,$pburl) = @_; |
|
$r->user($uname); |
|
if ($ltitype eq 'c') { |
|
&Apache::lonnet::logthis("Course Link Protector ($itemid) authorized student: $uname:$cdom, course: $cdom\_$cnum"); |
|
} elsif ($ltitype eq 'd') { |
|
&Apache::lonnet::logthis("Domain LTI for link protection ($itemid) authorized student: $uname:$cdom, course: $cdom\_$cnum"); |
|
} |
|
my ($is_balancer,$otherserver,$hosthere) = &check_balancer($r,$uname,$cdom); |
|
if (($is_balancer) && (!$hosthere)) { |
|
# login but immediately go to switch server |
|
&Apache::lonauth::success($r,$uname,$cdom,$uhome,'noredirect'); |
|
$env{'form.origurl'} = $dest; |
|
$env{'request.linkprot'} = $itemid.$ltitype.':'.$dest; |
|
$env{'request.linkprotuser'} = $uname.':'.$cdom; |
|
$env{'request.deeplink.login'} = $dest; |
|
if ($exiturl ne '') { |
|
$env{'request.linkprotexit'} = $exiturl; |
|
} |
|
if ($pbid ne '') { |
|
$env{'request.linkprotpbid'} = $pbid; |
|
} |
|
if ($pburl ne '') { |
|
$env{'request.linkprotpburl'} = $pburl; |
|
} |
|
my $redirecturl = '/adm/switchserver'; |
|
if ($otherserver ne '') { |
|
$redirecturl .= '?otherserver='.$otherserver; |
|
} |
|
$r->internal_redirect($redirecturl); |
|
$r->set_handlers('PerlHandler'=> undef); |
|
} else { |
|
# need to login them in, so generate the data migrate expects to do login |
|
my $ip = &Apache::lonnet::get_requestor_ip($r,REMOTE_NOLOOKUP); |
|
my %info=('ip' => $ip, |
|
'domain' => $cdom, |
|
'username' => $uname, |
|
'server' => $lonhost, |
|
'linkprot' => $itemid.$ltitype.':'.$dest, |
|
'linkprotuser' => $uname.':'.$cdom, |
|
'home' => $uhome, |
|
'origurl' => $dest, |
|
'deeplink.login' => $dest, |
|
); |
|
if ($pbid ne '') { |
|
$info{'linkprotpbid'} = $pbid; |
|
} |
|
if ($pburl ne '') { |
|
$info{'linkprotpburl'} = $pburl; |
|
} |
|
if ($exiturl ne '') { |
|
$info{'linkprotexit'} = $exiturl; |
|
} |
|
my $token = &Apache::lonnet::tmpput(\%info,$lonhost); |
|
$env{'form.token'} = $token; |
|
$r->internal_redirect('/adm/migrateuser'); |
|
$r->set_handlers('PerlHandler'=> undef); |
|
} |
|
return; |
|
} |
|
|
|
sub check_balancer { |
|
my ($r,$uname,$udom) = @_; |
|
my ($is_balancer,$otherserver,$hosthere); |
|
($is_balancer,$otherserver) = |
|
&Apache::lonnet::check_loadbalancing($uname,$udom,'login'); |
|
if ($is_balancer) { |
|
# Check if browser sent a LON-CAPA load balancer cookie (and this is a balancer) |
|
my ($found_server,$balancer_cookie) = &Apache::lonnet::check_for_balancer_cookie($r); |
|
if (($found_server) && ($balancer_cookie =~ /^\Q$udom\E_\Q$uname\E_/)) { |
|
$otherserver = $found_server; |
|
} |
|
if ($otherserver eq '') { |
|
my $lowest_load; |
|
($otherserver,undef,undef,undef,$lowest_load) = &Apache::lonnet::choose_server($udom); |
|
if ($lowest_load > 100) { |
|
$otherserver = &Apache::lonnet::spareserver($r,$lowest_load,$lowest_load,1,$udom); |
|
} |
|
} |
|
if ($otherserver ne '') { |
|
my @hosts = &Apache::lonnet::current_machine_ids(); |
|
if (grep(/^\Q$otherserver\E$/,@hosts)) { |
|
$hosthere = $otherserver; |
|
} |
|
} |
|
} |
|
return ($is_balancer,$otherserver,$hosthere); |
|
} |
|
|
sub invalid_request { |
sub invalid_request { |
my ($r,$num) = @_; |
my ($r,$msg) = @_; |
&Apache::loncommon::content_type($r,'text/html'); |
&Apache::loncommon::content_type($r,'text/html'); |
$r->send_http_header; |
$r->send_http_header; |
if ($r->header_only) { |
if ($r->header_only) { |
Line 1037 sub invalid_request {
|
Line 1182 sub invalid_request {
|
&Apache::lonlocal::get_language_handle($r); |
&Apache::lonlocal::get_language_handle($r); |
$r->print( |
$r->print( |
&Apache::loncommon::start_page('Invalid LTI call','',{ 'only_body' => 1,}). |
&Apache::loncommon::start_page('Invalid LTI call','',{ 'only_body' => 1,}). |
&mt('Invalid LTI call [_1]',$num). |
'<h3>'.&mt('Invalid LTI launch request').'</h3>'. |
|
'<p class="LC_warning">'. |
|
&mt('Launch of LON-CAPA is unavailable from the "external tool" link you had followed in another web application.'). |
|
' '.&mt('Launch failed for the following reason:'). |
|
'</p>'. |
|
'<p class="LC_error">'.$msg.'</p>'. |
&Apache::loncommon::end_page()); |
&Apache::loncommon::end_page()); |
return; |
return; |
} |
} |