--- loncom/lti/ltiauth.pm 2018/05/14 20:10:15 1.12
+++ loncom/lti/ltiauth.pm 2021/08/07 20:11:53 1.22
@@ -1,7 +1,7 @@
# The LearningOnline Network
# Basic LTI Authentication Module
#
-# $Id: ltiauth.pm,v 1.12 2018/05/14 20:10:15 raeburn Exp $
+# $Id: ltiauth.pm,v 1.22 2021/08/07 20:11:53 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -42,6 +42,7 @@ use LONCAPA::ltiutils;
sub handler {
my $r = shift;
my $requri = $r->uri;
+ my $hostname = $r->hostname;
#
# Check for existing session, and temporarily delete any form items
# in %env, if session exists
@@ -57,7 +58,7 @@ sub handler {
}
}
#
-# Retrieve data POSTed by LTI Consumer on launch
+# Retrieve data POSTed by LTI launch
#
&Apache::lonacc::get_posted_cgi($r);
my $params = {};
@@ -67,7 +68,7 @@ sub handler {
}
}
#
-# Check for existing session, and restored temporarily
+# Check for existing session, and restore temporarily
# deleted form items to %env, if session exists.
#
if ($handle ne '') {
@@ -97,12 +98,131 @@ sub handler {
# Retrieve "internet domains" for all this institution's LON-CAPA
# nodes.
#
- my ($udom,$uname,$uhome,$cdom,$cnum,$symb,$mapurl,@intdoms);
+ my @intdoms;
my $lonhost = $r->dir_config('lonHostID');
my $internet_names = &Apache::lonnet::get_internet_names($lonhost);
if (ref($internet_names) eq 'ARRAY') {
@intdoms = @{$internet_names};
}
+#
+# Determine course's domain in LON-CAPA
+# for basic launch using key and secret managed
+# in LON-CAPA course (i.e., uri begins /adm/launch)
+#
+
+ my ($cdom,$cnum);
+
+# Note: "internet domain" for course's domain must be one of the
+# internet domains for the institution's LON-CAPA servers.
+#
+ if ($requri =~ m{^/adm/launch(|/.*)$}) {
+ my $tail = $1;
+ if ($tail =~ m{^/tiny/($match_domain)/(\w+)$}) {
+ my ($urlcdom,$urlcnum) = &course_from_tinyurl($tail);
+ if (($urlcdom ne '') && ($urlcnum ne '')) {
+ $cdom = $urlcdom;
+ $cnum = $urlcnum;
+ my $primary_id = &Apache::lonnet::domain($cdom,'primary');
+ if ($primary_id ne '') {
+ my $intdom = &Apache::lonnet::internet_dom($primary_id);
+ if (($intdom ne '') && (grep(/^\Q$intdom\E$/,@intdoms))) {
+#
+# Retrieve information for LTI link protectors in course
+# where url was /adm/launch/tiny/$cdom/$uniqueid
+#
+ my (%crslti,%crslti_by_key,$itemid,$ltitype);
+ %crslti = &Apache::lonnet::get_course_lti($cnum,$cdom,'provider');
+ if (keys(%crslti)) {
+ foreach my $id (keys(%crslti)) {
+ if (ref($crslti{$id}) eq 'HASH') {
+ my $key = $crslti{$id}{'key'};
+ push(@{$crslti_by_key{$key}},$id);
+ }
+ }
+ }
+#
+# Verify the signed request using the secret for LTI link
+# protectors for which the key in the POSTed data matches
+# keys in the course configuration.
+#
+# Request is invalid if the signed request could not be verified
+# for the key and secret from LON-CAPA course configuration for
+# LTI link protectors or from LON-CAPA configuration for the
+# course's domain if there are LTI Providers which may be used.
+#
+# Determine if nonce in POSTed data has expired.
+# If unexpired, confirm it has not already been used.
+#
+ if (keys(%crslti)) {
+ $itemid = &get_lti_itemid($requri,$hostname,$params,\%crslti,\%crslti_by_key);
+ }
+ if (($itemid) && (ref($crslti{$itemid}) eq 'HASH')) {
+ $ltitype = 'c';
+ unless (&LONCAPA::ltiutils::check_nonce($params->{'oauth_nonce'},$params->{'oauth_timestamp'},
+ $crslti{$itemid}{'lifetime'},$cdom,$r->dir_config('lonLTIDir'))) {
+ &invalid_request($r,3);
+ return OK;
+ }
+ } else {
+ my %lti = &Apache::lonnet::get_domain_lti($cdom,'provider');
+ unless (keys(%lti) > 0) {
+ &invalid_request($r,4);
+ return OK;
+ }
+ my (%domlti_by_key,%domlti);
+ foreach my $id (keys(%lti)) {
+ if (ref($lti{$id}) eq 'HASH') {
+ my $key = $lti{$id}{'key'};
+ if (!$lti{$itemid}{'requser'}) {
+ push(@{$domlti_by_key{$key}},$id);
+ $domlti{$id} = $lti{$id};
+ }
+ }
+ }
+ if (keys(%domlti)) {
+ $itemid = &get_lti_itemid($requri,$hostname,$params,\%domlti,\%domlti_by_key);
+ }
+ if (($itemid) && (ref($domlti{$itemid}) eq 'HASH')) {
+ $ltitype = 'd';
+ unless (&LONCAPA::ltiutils::check_nonce($params->{'oauth_nonce'},$params->{'oauth_timestamp'},
+ $domlti{$itemid}{'lifetime'},$cdom,
+ $r->dir_config('lonLTIDir'))) {
+ &invalid_request($r,5);
+ return OK;
+ }
+ }
+ }
+ if ($itemid) {
+ foreach my $key (%{$params}) {
+ delete($env{'form.'.$key});
+ }
+ my $ltoken = &Apache::lonnet::tmpput({'linkprot' => $itemid.$ltitype.':'.$tail},
+ $lonhost);
+ if ($ltoken) {
+ $r->internal_redirect($tail.'?ltoken='.$ltoken);
+ $r->set_handlers('PerlHandler'=> undef);
+ } else {
+ &invalid_request($r,6);
+ }
+ } else {
+ &invalid_request($r,7);
+ }
+ } else {
+ &invalid_request($r,8);
+ }
+ } else {
+ &invalid_request($r,9);
+ }
+ } else {
+ &invalid_request($r,10);
+ }
+ } else {
+ &invalid_request($r,11);
+ }
+ return OK;
+ }
+
+ my ($udom,$uname,$uhome,$symb,$mapurl);
#
# For user who launched LTI in Consumer, determine user's domain in
@@ -198,49 +318,34 @@ sub handler {
if ($tail =~ m{^/uploaded/($match_domain)/($match_courseid)/(?:default|supplemental)(?:|_\d+)\.(?:sequence|page)(|___\d+___.+)$}) {
($urlcdom,$urlcnum,my $rest) = ($1,$2,$3);
if (($cdom ne '') && ($cdom ne $urlcdom)) {
- &invalid_request($r,3);
+ &invalid_request($r,12);
return OK;
}
if ($rest eq '') {
$mapurl = $tail;
} else {
$symb = $tail;
- $symb =~ s{^/+}{};
+ $symb =~ s{^/}{};
}
} elsif ($tail =~ m{^/res/(?:$match_domain)/(?:$match_username)/.+\.(?:sequence|page)(|___\d+___.+)$}) {
if ($1 eq '') {
$mapurl = $tail;
} else {
$symb = $tail;
- $symb =~ s{^/+}{};
+ $symb =~ s{^/res/}{};
}
} elsif ($tail =~ m{^/($match_domain)/($match_courseid)$}) {
($urlcdom,$urlcnum) = ($1,$2);
if (($cdom ne '') && ($cdom ne $urlcdom)) {
- &invalid_request($r,4);
+ &invalid_request($r,13);
return OK;
}
} elsif ($tail =~ m{^/tiny/($match_domain)/(\w+)$}) {
- ($urlcdom,my $key) = ($1,$2);
- if (($cdom ne '') && ($cdom ne $urlcdom)) {
- &invalid_request($r,5);
+ ($urlcdom,$urlcnum) = &course_from_tinyurl($tail);
+ if (($urlcdom eq '') || ($urlcnum eq '')) {
+ &invalid_request($r,14);
return OK;
}
- my $tinyurl;
- my ($result,$cached)=&Apache::lonnet::is_cached_new('tiny',$urlcdom."\0".$key);
- if (defined($cached)) {
- $tinyurl = $result;
- } else {
- my $configuname = &Apache::lonnet::get_domainconfiguser($urlcdom);
- my %currtiny = &Apache::lonnet::get('tiny',[$key],$urlcdom,$configuname);
- if ($currtiny{$key} ne '') {
- $tinyurl = $currtiny{$key};
- &Apache::lonnet::do_cache_new('tiny',$urlcdom."\0".$key,$currtiny{$key},600);
- }
- }
- if ($tinyurl ne '') {
- $urlcnum = (split(/\&/,$tinyurl))[0];
- }
}
if (($cdom eq '') && ($urlcdom ne '')) {
my $cprimary_id = &Apache::lonnet::domain($urlcdom,'primary');
@@ -263,14 +368,14 @@ sub handler {
}
#
-# Retrieve information for LTI Consumers in course domain
+# Retrieve information for LTI Consumers in course's domain
# and populate hash -- %lti_by_key -- for which keys
# are those defined in domain configuration for LTI.
#
my %lti = &Apache::lonnet::get_domain_lti($cdom,'provider');
unless (keys(%lti) > 0) {
- &invalid_request($r,6);
+ &invalid_request($r,15);
return OK;
}
my %lti_by_key;
@@ -286,37 +391,11 @@ sub handler {
#
# Verify the signed request using the secret for those
# Consumers for which the key in the POSTed data matches
-# keys in the domain configuration for LTI.
+# keys in the course configuration or the domain configuration
+# for LTI.
#
- my $hostname = $r->hostname;
- my $protocol = 'http';
- if ($ENV{'SERVER_PORT'} == 443) {
- $protocol = 'https';
- }
- if (exists($params->{'oauth_callback'})) {
- $Net::OAuth::PROTOCOL_VERSION = Net::OAuth::PROTOCOL_VERSION_1_0A;
- } else {
- $Net::OAuth::PROTOCOL_VERSION = Net::OAuth::PROTOCOL_VERSION_1_0;
- }
-
- my ($itemid,$consumer_key,$secret);
- $consumer_key = $params->{'oauth_consumer_key'};
- if (ref($lti_by_key{$consumer_key}) eq 'ARRAY') {
- foreach my $id (@{$lti_by_key{$consumer_key}}) {
- if (ref($lti{$id}) eq 'HASH') {
- $secret = $lti{$id}{'secret'};
- my $request = Net::OAuth->request('request token')->from_hash($params,
- request_url => $protocol.'://'.$hostname.$requri,
- request_method => $env{'request.method'},
- consumer_secret => $secret,);
- if ($request->verify()) {
- $itemid = $id;
- last;
- }
- }
- }
- }
+ my $itemid = &get_lti_itemid($requri,$hostname,$params,\%lti,\%lti_by_key);
#
# Request is invalid if the signed request could not be verified
@@ -324,7 +403,7 @@ sub handler {
# configuration in LON-CAPA for that LTI Consumer.
#
unless (($itemid) && (ref($lti{$itemid}) eq 'HASH')) {
- &invalid_request($r,7);
+ &invalid_request($r,16);
return OK;
}
@@ -334,7 +413,32 @@ sub handler {
#
unless (&LONCAPA::ltiutils::check_nonce($params->{'oauth_nonce'},$params->{'oauth_timestamp'},
$lti{$itemid}{'lifetime'},$cdom,$r->dir_config('lonLTIDir'))) {
- &invalid_request($r,8);
+ &invalid_request($r,17);
+ return OK;
+ }
+
+#
+# Determine if a username is required from the domain
+# configuration for the specific LTI Consumer
+#
+
+ if (!$lti{$itemid}{'requser'}) {
+ if ($tail =~ m{^/tiny/($match_domain)/(\w+)$}) {
+ my $ltitype = 'd';
+ foreach my $key (%{$params}) {
+ delete($env{'form.'.$key});
+ }
+ my $ltoken = &Apache::lonnet::tmpput({'linkprot' => $itemid.$ltitype.':'.$tail},
+ $lonhost);
+ if ($ltoken) {
+ $r->internal_redirect($tail.'?ltoken='.$ltoken);
+ $r->set_handlers('PerlHandler'=> undef);
+ } else {
+ &invalid_request($r,18);
+ }
+ } else {
+ &invalid_request($r,19);
+ }
return OK;
}
@@ -394,7 +498,7 @@ sub handler {
if ($consumers{$sourcecrs} =~ /^$match_courseid$/) {
my $crshome = &Apache::lonnet::homeserver($consumers{$sourcecrs},$cdom);
if ($crshome =~ /(con_lost|no_host|no_such_host)/) {
- &invalid_request($r,9);
+ &invalid_request($r,20);
return OK;
} else {
$posscnum = $consumers{$sourcecrs};
@@ -406,7 +510,7 @@ sub handler {
if ($urlcnum ne '') {
if ($posscnum ne '') {
if ($posscnum ne $urlcnum) {
- &invalid_request($r,10);
+ &invalid_request($r,21);
return OK;
} else {
$cnum = $posscnum;
@@ -414,7 +518,7 @@ sub handler {
} else {
my $crshome = &Apache::lonnet::homeserver($urlcnum,$cdom);
if ($crshome =~ /(con_lost|no_host|no_such_host)/) {
- &invalid_request($r,11);
+ &invalid_request($r,22);
return OK;
} else {
$cnum = $urlcnum;
@@ -434,35 +538,16 @@ sub handler {
#
my (@ltiroles,@lcroles);
-
my @lcroleorder = ('cc','in','ta','ep','st');
- my @ltiroleorder = ('Instructor','TeachingAssistant','Mentor','Learner');
- if ($params->{'roles'} =~ /,/) {
- my @possltiroles = split(/\s*,\s*/,$params->{'roles'});
- foreach my $ltirole (@ltiroleorder) {
- if (grep(/^\Q$ltirole\E$/,@possltiroles)) {
- push(@ltiroles,$ltirole);
- }
- }
- } else {
- my $singlerole = $params->{'roles'};
- $singlerole =~ s/^\s|\s+$//g;
- if (grep(/^\Q$singlerole\E$/,@ltiroleorder)) {
- @ltiroles = ($singlerole);
- }
+ my ($lcrolesref,$ltirolesref) =
+ &LONCAPA::ltiutils::get_lc_roles($params->{'roles'},
+ \@lcroleorder,
+ $lti{$itemid}{maproles});
+ if (ref($lcrolesref) eq 'ARRAY') {
+ @lcroles = @{$lcrolesref};
}
- if (@ltiroles) {
- if (ref($lti{$itemid}{maproles}) eq 'HASH') {
- my %possroles;
- map { $possroles{$lti{$itemid}{maproles}{$_}} = 1; } @ltiroles;
- if (keys(%possroles) > 0) {
- foreach my $item (@lcroleorder) {
- if ($possroles{$item}) {
- push(@lcroles,$item);
- }
- }
- }
- }
+ if (ref($ltirolesref) eq 'ARRAY') {
+ @ltiroles = @{$ltirolesref};
}
#
@@ -485,102 +570,21 @@ sub handler {
}
}
if ($selfcreate) {
- my (%rulematch,%inst_results,%curr_rules,%got_rules,%alerts,%info);
- my $checkhash = { "$uname:$udom" => { 'newuser' => 1, }, };
- my $checks = { 'username' => 1, };
- &Apache::loncommon::user_rule_check($checkhash,$checks,\%alerts,\%rulematch,
- \%inst_results,\%curr_rules,\%got_rules);
- my ($userchkmsg,$lcauth,$lcauthparm);
- my $allowed = 1;
- if (ref($alerts{'username'}) eq 'HASH') {
- if (ref($alerts{'username'}{$udom}) eq 'HASH') {
- my $domdesc =
- &Apache::lonnet::domain($udom,'description');
- if ($alerts{'username'}{$udom}{$uname}) {
- if (ref($curr_rules{$udom}) eq 'HASH') {
- $userchkmsg =
- &Apache::loncommon::instrule_disallow_msg('username',$domdesc,1).
- &Apache::loncommon::user_rule_formats($udom,$domdesc,
- $curr_rules{$udom}{'username'},
- 'username');
- }
- $allowed = 0;
- }
- }
- }
- if ($allowed) {
- if (ref($rulematch{$uname.':'.$udom}) eq 'HASH') {
- my $matchedrule = $rulematch{$uname.':'.$udom}{'username'};
- my ($rules,$ruleorder) =
- &Apache::lonnet::inst_userrules($udom,'username');
- if (ref($rules) eq 'HASH') {
- if (ref($rules->{$matchedrule}) eq 'HASH') {
- $lcauth = $rules->{$matchedrule}{'authtype'};
- $lcauthparm = $rules->{$matchedrule}{'authparm'};
- }
- }
- }
- if ($lcauth eq '') {
- $lcauth = $lti{$itemid}{'lcauth'};
- if ($lcauth eq 'internal') {
- $lcauthparm = &create_passwd();
- } else {
- $lcauthparm = $lti{$itemid}{'lcauthparm'};
- }
- }
- } else {
- &invalid_request($r,12);
- }
- my @userinfo = ('firstname','middlename','lastname','generation',
- 'permanentemail','id');
- my %useinstdata;
- if (ref($lti{$itemid}{'instdata'}) eq 'ARRAY') {
- map { $useinstdata{$_} = 1; } @{$lti{$itemid}{'instdata'}};
- }
- foreach my $item (@userinfo) {
- if (($useinstdata{$item}) && (ref($inst_results{$uname.':'.$udom}) eq 'HASH') &&
- ($inst_results{$uname.':'.$udom}{$item} ne '')) {
- $info{$item} = $inst_results{$uname.':'.$udom}{$item};
- } else {
- if ($item eq 'permanentemail') {
- if ($env{'form.lis_person_contact_email_primary'} =~/^[^\@]+\@[^@]+$/) {
- $info{$item} = $env{'form.lis_person_contact_email_primary'};
- }
- } elsif ($item eq 'firstname') {
- $info{$item} = $env{'form.lis_person_name_given'};
- } elsif ($item eq 'lastname') {
- $info{$item} = $env{'form.lis_person_name_family'};
- }
- }
- }
- if (($info{'middlename'} eq '') && ($env{'form.lis_person_name_full'} ne '')) {
- unless ($useinstdata{'middlename'}) {
- my $fullname = $env{'form.lis_person_name_full'};
- if ($info{'firstname'}) {
- $fullname =~ s/^\s*\Q$info{'firstname'}\E\s*//i;
- }
- if ($info{'lastname'}) {
- $fullname =~ s/\s*\Q$info{'lastname'}\E\s*$//i;
- }
- if ($fullname ne '') {
- $fullname =~ s/^\s+|\s+$//g;
- if ($fullname ne '') {
- $info{'middlename'} = $fullname;
- }
- }
- }
- }
- if (ref($inst_results{$uname.':'.$udom}{'inststatus'}) eq 'ARRAY') {
- my @inststatuses = @{$inst_results{$uname.':'.$udom}{'inststatus'}};
- $info{'inststatus'} = join(':',map { &escape($_); } @inststatuses);
- }
+ my (%rulematch,%inst_results,%curr_rules,%got_rules,%alerts);
+ my $domdesc = &Apache::lonnet::domain($udom,'description');
+ my %data = (
+ 'permanentemail' => $env{'form.lis_person_contact_email_primary'},
+ 'firstname' => $env{'form.lis_person_name_given'},
+ 'lastname' => $env{'form.lis_person_name_family'},
+ 'fullname' => $env{'form.lis_person_name_full'},
+ );
my $result =
- &Apache::lonnet::modifyuser($udom,$uname,$info{'id'},
- $lcauth,$lcauthparm,$info{'firstname'},
- $info{'middlename'},$info{'lastname'},
- $info{'generation'},undef,undef,
- $info{'permanentemail'},$info{'inststatus'});
- if ($result eq 'ok') {
+ &LONCAPA::ltiutils::create_user($lti{$itemid},$uname,$udom,
+ $domdesc,\%data,\%alerts,\%rulematch,
+ \%inst_results,\%curr_rules,%got_rules);
+ if ($result eq 'notallowed') {
+ &invalid_request($r,23);
+ } elsif ($result eq 'ok') {
if (($ltiroles[0] eq 'Instructor') && ($lcroles[0] eq 'cc') && ($lti{$itemid}{'mapcrs'}) &&
($lti{$itemid}{'makecrs'})) {
unless (&Apache::lonnet::usertools_access($uname,$udom,'lti','reload','requestcourses')) {
@@ -588,16 +592,16 @@ sub handler {
}
}
} else {
- &invalid_request($r,13);
+ &invalid_request($r,24);
return OK;
}
} else {
- &invalid_request($r,14);
+ &invalid_request($r,25);
return OK;
}
}
} else {
- &invalid_request($r,15);
+ &invalid_request($r,26);
return OK;
}
@@ -619,10 +623,10 @@ sub handler {
$symb,$cdom,$cnum,$params,\@ltiroles,$lti{$itemid},\@lcroles,
$reqcrs,$sourcecrs);
} else {
- &invalid_request($r,16);
+ &invalid_request($r,27);
}
} else {
- &invalid_request($r,17);
+ &invalid_request($r,28);
}
return OK;
}
@@ -708,7 +712,7 @@ sub handler {
}
}
if ($reqrole eq '') {
- &invalid_request($r,18);
+ &invalid_request($r,29);
return OK;
} else {
unless (%crsenv) {
@@ -718,10 +722,10 @@ sub handler {
my $default_enrollment_end_date = $crsenv{'default_enrollment_end_date'};
my $now = time;
if ($default_enrollment_end_date && $default_enrollment_end_date <= $now) {
- &invalid_request($r,19);
+ &invalid_request($r,30);
return OK;
} elsif ($default_enrollment_start_date && $default_enrollment_start_date >$now) {
- &invalid_request($r,20);
+ &invalid_request($r,31);
return OK;
} else {
$selfenrollrole = $reqrole.'./'.$cdom.'/'.$cnum;
@@ -752,6 +756,41 @@ sub handler {
return OK;
}
+sub get_lti_itemid {
+ my ($requri,$hostname,$params,$lti,$lti_by_key) = @_;
+ return unless ((ref($params) eq 'HASH') && (ref($lti) eq 'HASH') && (ref($lti_by_key) eq 'HASH'));
+
+ if (exists($params->{'oauth_callback'})) {
+ $Net::OAuth::PROTOCOL_VERSION = Net::OAuth::PROTOCOL_VERSION_1_0A;
+ } else {
+ $Net::OAuth::PROTOCOL_VERSION = Net::OAuth::PROTOCOL_VERSION_1_0;
+ }
+
+ my $protocol = 'http';
+ if ($ENV{'SERVER_PORT'} == 443) {
+ $protocol = 'https';
+ }
+
+ my ($itemid,$consumer_key,$secret);
+ my $consumer_key = $params->{'oauth_consumer_key'};
+ if (ref($lti_by_key->{$consumer_key}) eq 'ARRAY') {
+ foreach my $id (@{$lti_by_key->{$consumer_key}}) {
+ if (ref($lti->{$id}) eq 'HASH') {
+ $secret = $lti->{$id}{'secret'};
+ my $request = Net::OAuth->request('request token')->from_hash($params,
+ request_url => $protocol.'://'.$hostname.$requri,
+ request_method => $env{'request.method'},
+ consumer_secret => $secret,);
+ if ($request->verify()) {
+ $itemid = $id;
+ last;
+ }
+ }
+ }
+ }
+ return $itemid;
+}
+
sub lti_enroll {
my ($uname,$udom,$selfenrollrole) = @_;
my $enrollresult;
@@ -763,31 +802,8 @@ sub lti_enroll {
my %coursehash = &Apache::lonnet::coursedescription($cdom.'_'.$cnum);
my $start = $coursehash{'default_enrollment_start_date'};
my $end = $coursehash{'default_enrollment_end_date'};
- my $area = "/$cdom/$cnum";
- if (($role ne 'cc') && ($role ne 'co') && ($sec ne '')) {
- $area .= '/'.$sec;
- }
- my $spec = $role.'.'.$area;
- my $instcid;
- if ($role eq 'st') {
- $enrollresult =
- &Apache::lonnet::modify_student_enrollment($udom,$uname,undef,undef,undef,
- undef,undef,$sec,$end,$start,
- 'ltienroll',undef,$cdom.'_'.$cnum,1,
- 'ltienroll','',$instcid);
- } elsif ($role =~ /^(cc|in|ta|ep)$/) {
- $enrollresult =
- &Apache::lonnet::assignrole($udom,$uname,$area,$role,$end,$start,
- undef,1,'ltienroll');
- }
- if ($enrollresult eq 'ok') {
- my (%userroles,%newrole,%newgroups);
- &Apache::lonnet::standard_roleprivs(\%newrole,$role,$cdom,$spec,$cnum,
- $area);
- &Apache::lonnet::set_userprivs(\%userroles,\%newrole,\%newgroups);
- $userroles{'user.role.'.$spec} = $start.'.'.$end;
- &Apache::lonnet::appenv(\%userroles,[$role,'cm']);
- }
+ $enrollresult = &LONCAPA::ltiutils::enrolluser($udom,$uname,$role,$cdom,$cnum,$sec,
+ $start,$end,1);
}
}
return $enrollresult;
@@ -848,12 +864,24 @@ sub lti_session {
}
}
}
+ my $protocol = 'http';
+ if ($ENV{'SERVER_PORT'} == 443) {
+ $protocol = 'https';
+ }
if (($is_balancer) && (!$hosthere)) {
# login but immediately go to switch server.
&Apache::lonauth::success($r,$uname,$udom,$uhome,'noredirect');
+ if (($ltihash->{'callback'}) && ($params->{$ltihash->{'callback'}})) {
+ &LONCAPA::ltiutils::setup_logout_callback($uname,$udom,$otherserver,
+ $ltihash->{'key'},
+ $ltihash->{'secret'},
+ $params->{$ltihash->{'callback'}},
+ $r->dir_config('ltiIDsDir'),
+ $protocol,$r->hostname);
+ }
if ($symb) {
$env{'form.symb'} = $symb;
- $env{'request.lti.uri'} = $symb;
+ $env{'request.lti.uri'} = $tail;
} else {
if ($mapurl) {
$env{'form.origurl'} = $mapurl;
@@ -879,7 +907,7 @@ sub lti_session {
$env{'request.lti.sourcecrs'} = $sourcecrs;
}
if ($selfenrollrole) {
- $env{'request.lti.selfenroll'} = $selfenrollrole;
+ $env{'request.lti.selfenrollrole'} = $selfenrollrole;
$env{'request.lti.sourcecrs'} = $sourcecrs;
}
if ($ltihash->{'passback'}) {
@@ -917,6 +945,14 @@ sub lti_session {
foreach my $key (%{$params}) {
delete($env{'form.'.$key});
}
+ if (($ltihash->{'callback'}) && ($params->{$ltihash->{'callback'}})) {
+ &LONCAPA::ltiutils::setup_logout_callback($uname,$udom,$lonhost,
+ $ltihash->{'key'},
+ $ltihash->{'secret'},
+ $params->{$ltihash->{'callback'}},
+ $r->dir_config('ltiIDsDir'),
+ $protocol,$r->hostname);
+ }
my $ip = $r->get_remote_host();
my %info=('ip' => $ip,
'domain' => $udom,
@@ -996,24 +1032,28 @@ sub invalid_request {
return;
}
-sub create_passwd {
- my $passwd = '';
- my @letts = ("a".."z");
- for (my $i=0; $i<8; $i++) {
- my $lettnum = int(rand(2));
- my $item = '';
- if ($lettnum) {
- $item = $letts[int(rand(26))];
- my $uppercase = int(rand(2));
- if ($uppercase) {
- $item =~ tr/a-z/A-Z/;
- }
+sub course_from_tinyurl {
+ my ($tail) = @_;
+ my ($urlcdom,$urlcnum);
+ if ($tail =~ m{^/tiny/($match_domain)/(\w+)$}) {
+ ($urlcdom,my $key) = ($1,$2);
+ my $tinyurl;
+ my ($result,$cached)=&Apache::lonnet::is_cached_new('tiny',$urlcdom."\0".$key);
+ if (defined($cached)) {
+ $tinyurl = $result;
} else {
- $item = int(rand(10));
+ my $configuname = &Apache::lonnet::get_domainconfiguser($urlcdom);
+ my %currtiny = &Apache::lonnet::get('tiny',[$key],$urlcdom,$configuname);
+ if ($currtiny{$key} ne '') {
+ $tinyurl = $currtiny{$key};
+ &Apache::lonnet::do_cache_new('tiny',$urlcdom."\0".$key,$currtiny{$key},600);
+ }
+ }
+ if ($tinyurl ne '') {
+ $urlcnum = (split(/\&/,$tinyurl))[0];
}
- $passwd .= $item;
}
- return ($passwd);
+ return ($urlcdom,$urlcnum);
}
1;