--- loncom/lti/ltiauth.pm 2022/02/01 19:47:20 1.28
+++ loncom/lti/ltiauth.pm 2022/02/01 23:13:20 1.30
@@ -1,7 +1,7 @@
# The LearningOnline Network
# Basic LTI Authentication Module
#
-# $Id: ltiauth.pm,v 1.28 2022/02/01 19:47:20 raeburn Exp $
+# $Id: ltiauth.pm,v 1.30 2022/02/01 23:13:20 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -31,7 +31,6 @@ package Apache::ltiauth;
use strict;
use LONCAPA qw(:DEFAULT :match);
use Apache::Constants qw(:common :http);
-use Net::OAuth;
use Apache::lonlocal;
use Apache::lonnet;
use Apache::loncommon;
@@ -127,20 +126,6 @@ sub handler {
my $intdom = &Apache::lonnet::internet_dom($primary_id);
if (($intdom ne '') && (grep(/^\Q$intdom\E$/,@intdoms))) {
#
-# Retrieve information for LTI link protectors in course
-# where url was /adm/launch/tiny/$cdom/$uniqueid
-#
- my (%crslti,%crslti_by_key,$itemid,$ltitype);
- %crslti = &Apache::lonnet::get_course_lti($cnum,$cdom,'provider');
- if (keys(%crslti)) {
- foreach my $id (keys(%crslti)) {
- if (ref($crslti{$id}) eq 'HASH') {
- my $key = $crslti{$id}{'key'};
- push(@{$crslti_by_key{$key}},$id);
- }
- }
- }
-#
# Verify the signed request using the secret for LTI link
# protectors for which the key in the POSTed data matches
# keys in the course configuration.
@@ -153,8 +138,14 @@ sub handler {
# Determine if nonce in POSTed data has expired.
# If unexpired, confirm it has not already been used.
#
- if (keys(%crslti)) {
- $itemid = &get_lti_itemid($requri,$hostname,$params,\%crslti,\%crslti_by_key);
+# Retrieve information for LTI link protectors in course
+# where url was /adm/launch/tiny/$cdom/$uniqueid
+#
+
+ my ($itemid,$ltitype,%crslti);
+ $itemid = &get_lti_itemid($requri,$hostname,$params,$cdom,$cnum,'deeplink');
+ if ($itemid) {
+ %crslti = &Apache::lonnet::get_course_lti($cnum,$cdom,'provider');
}
if (($itemid) && (ref($crslti{$itemid}) eq 'HASH')) {
$ltitype = 'c';
@@ -164,30 +155,17 @@ sub handler {
return OK;
}
} else {
- my %lti = &Apache::lonnet::get_domain_lti($cdom,'provider');
- unless (keys(%lti) > 0) {
- &invalid_request($r,4);
- return OK;
- }
- my (%domlti_by_key,%domlti);
- foreach my $id (keys(%lti)) {
- if (ref($lti{$id}) eq 'HASH') {
- my $key = $lti{$id}{'key'};
- if (!$lti{$itemid}{'requser'}) {
- push(@{$domlti_by_key{$key}},$id);
- $domlti{$id} = $lti{$id};
- }
- }
- }
- if (keys(%domlti)) {
- $itemid = &get_lti_itemid($requri,$hostname,$params,\%domlti,\%domlti_by_key);
+ my %lti;
+ $itemid = &get_lti_itemid($requri,$hostname,$params,$cdom,'','deeplink');
+ if ($itemid) {
+ %lti = &Apache::lonnet::get_domain_lti($cdom,'provider');
}
- if (($itemid) && (ref($domlti{$itemid}) eq 'HASH')) {
+ if (($itemid) && (ref($lti{$itemid}) eq 'HASH')) {
$ltitype = 'd';
unless (&LONCAPA::ltiutils::check_nonce($params->{'oauth_nonce'},$params->{'oauth_timestamp'},
- $domlti{$itemid}{'lifetime'},$cdom,
+ $lti{$itemid}{'lifetime'},$cdom,
$r->dir_config('lonLTIDir'))) {
- &invalid_request($r,5);
+ &invalid_request($r,4);
return OK;
}
}
@@ -202,22 +180,22 @@ sub handler {
$r->internal_redirect($tail.'?ltoken='.$ltoken);
$r->set_handlers('PerlHandler'=> undef);
} else {
- &invalid_request($r,6);
+ &invalid_request($r,5);
}
} else {
- &invalid_request($r,7);
+ &invalid_request($r,6);
}
} else {
- &invalid_request($r,8);
+ &invalid_request($r,7);
}
} else {
- &invalid_request($r,9);
+ &invalid_request($r,8);
}
} else {
- &invalid_request($r,10);
+ &invalid_request($r,9);
}
} else {
- &invalid_request($r,11);
+ &invalid_request($r,10);
}
return OK;
}
@@ -318,7 +296,7 @@ sub handler {
if ($tail =~ m{^/uploaded/($match_domain)/($match_courseid)/(?:default|supplemental)(?:|_\d+)\.(?:sequence|page)(|___\d+___.+)$}) {
($urlcdom,$urlcnum,my $rest) = ($1,$2,$3);
if (($cdom ne '') && ($cdom ne $urlcdom)) {
- &invalid_request($r,12);
+ &invalid_request($r,11);
return OK;
}
if ($rest eq '') {
@@ -337,13 +315,13 @@ sub handler {
} elsif ($tail =~ m{^/($match_domain)/($match_courseid)$}) {
($urlcdom,$urlcnum) = ($1,$2);
if (($cdom ne '') && ($cdom ne $urlcdom)) {
- &invalid_request($r,13);
+ &invalid_request($r,12);
return OK;
}
} elsif ($tail =~ m{^/tiny/($match_domain)/(\w+)$}) {
($urlcdom,$urlcnum) = &course_from_tinyurl($tail);
if (($urlcdom eq '') || ($urlcnum eq '')) {
- &invalid_request($r,14);
+ &invalid_request($r,13);
return OK;
}
}
@@ -369,33 +347,19 @@ sub handler {
#
# Retrieve information for LTI Consumers in course's domain
-# and populate hash -- %lti_by_key -- for which keys
-# are those defined in domain configuration for LTI.
-#
-
- my %lti = &Apache::lonnet::get_domain_lti($cdom,'provider');
- unless (keys(%lti) > 0) {
- &invalid_request($r,15);
- return OK;
- }
- my %lti_by_key;
- if (keys(%lti)) {
- foreach my $id (keys(%lti)) {
- if (ref($lti{$id}) eq 'HASH') {
- my $key = $lti{$id}{'key'};
- push(@{$lti_by_key{$key}},$id);
- }
- }
- }
-
+# defined in domain configuration for LTI.
#
# Verify the signed request using the secret for those
-# Consumers for which the key in the POSTed data matches
+# Consumers for which the key in the POSTed data matches
# keys in the course configuration or the domain configuration
# for LTI.
#
- my $itemid = &get_lti_itemid($requri,$hostname,$params,\%lti,\%lti_by_key);
+ my %lti;
+ my $itemid = &get_lti_itemid($requri,$hostname,$params,$cdom);
+ if ($itemid) {
+ %lti = &Apache::lonnet::get_domain_lti($cdom,'provider');
+ }
#
# Request is invalid if the signed request could not be verified
@@ -403,7 +367,7 @@ sub handler {
# configuration in LON-CAPA for that LTI Consumer.
#
unless (($itemid) && (ref($lti{$itemid}) eq 'HASH')) {
- &invalid_request($r,16);
+ &invalid_request($r,14);
return OK;
}
@@ -413,7 +377,7 @@ sub handler {
#
unless (&LONCAPA::ltiutils::check_nonce($params->{'oauth_nonce'},$params->{'oauth_timestamp'},
$lti{$itemid}{'lifetime'},$cdom,$r->dir_config('lonLTIDir'))) {
- &invalid_request($r,17);
+ &invalid_request($r,15);
return OK;
}
@@ -434,10 +398,10 @@ sub handler {
$r->internal_redirect($tail.'?ltoken='.$ltoken);
$r->set_handlers('PerlHandler'=> undef);
} else {
- &invalid_request($r,18);
+ &invalid_request($r,16);
}
} else {
- &invalid_request($r,19);
+ &invalid_request($r,17);
}
return OK;
}
@@ -496,10 +460,10 @@ sub handler {
%consumers = &Apache::lonnet::get_dom('lticonsumers',[$sourcecrs],$cdom);
if (exists($consumers{$sourcecrs})) {
if ($consumers{$sourcecrs} =~ /^\Q$itemid:\E($match_courseid)$/) {
- $storedcnum = $1;
+ my $storedcnum = $1;
my $crshome = &Apache::lonnet::homeserver($storedcnum,$cdom);
if ($crshome =~ /(con_lost|no_host|no_such_host)/) {
- &invalid_request($r,20);
+ &invalid_request($r,18);
return OK;
} else {
$posscnum = $storedcnum;
@@ -511,7 +475,7 @@ sub handler {
if ($urlcnum ne '') {
if ($posscnum ne '') {
if ($posscnum ne $urlcnum) {
- &invalid_request($r,21);
+ &invalid_request($r,19);
return OK;
} else {
$cnum = $posscnum;
@@ -519,7 +483,7 @@ sub handler {
} else {
my $crshome = &Apache::lonnet::homeserver($urlcnum,$cdom);
if ($crshome =~ /(con_lost|no_host|no_such_host)/) {
- &invalid_request($r,22);
+ &invalid_request($r,20);
return OK;
} else {
$cnum = $urlcnum;
@@ -584,7 +548,7 @@ sub handler {
$domdesc,\%data,\%alerts,\%rulematch,
\%inst_results,\%curr_rules,%got_rules);
if ($result eq 'notallowed') {
- &invalid_request($r,23);
+ &invalid_request($r,21);
} elsif ($result eq 'ok') {
if (($ltiroles[0] eq 'Instructor') && ($lcroles[0] eq 'cc') && ($lti{$itemid}{'mapcrs'}) &&
($lti{$itemid}{'makecrs'})) {
@@ -593,16 +557,16 @@ sub handler {
}
}
} else {
- &invalid_request($r,24);
+ &invalid_request($r,22);
return OK;
}
} else {
- &invalid_request($r,25);
+ &invalid_request($r,23);
return OK;
}
}
} else {
- &invalid_request($r,26);
+ &invalid_request($r,24);
return OK;
}
@@ -625,10 +589,10 @@ sub handler {
$symb,$cdom,$cnum,$params,\@ltiroles,$lti{$itemid},\@lcroles,
$reqcrs,$sourcecrs);
} else {
- &invalid_request($r,27);
+ &invalid_request($r,25);
}
} else {
- &invalid_request($r,28);
+ &invalid_request($r,26);
}
} else {
<i_session($r,$itemid,$uname,$udom,$uhome,$lonhost,undef,$mapurl,$tail,
@@ -719,7 +683,7 @@ sub handler {
}
}
if ($reqrole eq '') {
- &invalid_request($r,29);
+ &invalid_request($r,27);
return OK;
} else {
unless (%crsenv) {
@@ -729,10 +693,10 @@ sub handler {
my $default_enrollment_end_date = $crsenv{'default_enrollment_end_date'};
my $now = time;
if ($default_enrollment_end_date && $default_enrollment_end_date <= $now) {
- &invalid_request($r,30);
+ &invalid_request($r,28);
return OK;
} elsif ($default_enrollment_start_date && $default_enrollment_start_date >$now) {
- &invalid_request($r,31);
+ &invalid_request($r,29);
return OK;
} else {
$selfenrollrole = $reqrole.'./'.$cdom.'/'.$cnum;
@@ -794,38 +758,19 @@ sub handler {
}
sub get_lti_itemid {
- my ($requri,$hostname,$params,$lti,$lti_by_key) = @_;
- return unless ((ref($params) eq 'HASH') && (ref($lti) eq 'HASH') && (ref($lti_by_key) eq 'HASH'));
-
- if (exists($params->{'oauth_callback'})) {
- $Net::OAuth::PROTOCOL_VERSION = Net::OAuth::PROTOCOL_VERSION_1_0A;
- } else {
- $Net::OAuth::PROTOCOL_VERSION = Net::OAuth::PROTOCOL_VERSION_1_0;
- }
-
+ my ($requri,$hostname,$params,$cdom,$cnum,$context) = @_;
+ return unless ((ref($params) eq 'HASH');
my $protocol = 'http';
if ($ENV{'SERVER_PORT'} == 443) {
$protocol = 'https';
}
-
- my ($itemid,$consumer_key,$secret);
- my $consumer_key = $params->{'oauth_consumer_key'};
- if (ref($lti_by_key->{$consumer_key}) eq 'ARRAY') {
- foreach my $id (@{$lti_by_key->{$consumer_key}}) {
- if (ref($lti->{$id}) eq 'HASH') {
- $secret = $lti->{$id}{'secret'};
- my $request = Net::OAuth->request('request token')->from_hash($params,
- request_url => $protocol.'://'.$hostname.$requri,
- request_method => $env{'request.method'},
- consumer_secret => $secret,);
- if ($request->verify()) {
- $itemid = $id;
- last;
- }
- }
- }
+ my $url = $protocol.'://'.$hostname.$requri;
+ my $method = $env{'request.method'};
+ if ($cnum ne '') {
+ return &Apache::lonnet::courselti_itemid($cnum,$cdom,$url,$method,$params,$context);
+ } else {
+ return &Apache::lonnet::domainlti_itemid($cdom,$url,$method,$params,$context);
}
- return $itemid;
}
sub lti_enroll {