Annotation of loncom/lti/ltiauth.pm, revision 1.43
1.1 raeburn 1: # The LearningOnline Network
2: # Basic LTI Authentication Module
3: #
1.43 ! raeburn 4: # $Id: ltiauth.pm,v 1.42 2023/06/02 01:20:28 raeburn Exp $
1.1 raeburn 5: #
6: # Copyright Michigan State University Board of Trustees
7: #
8: # This file is part of the LearningOnline Network with CAPA (LON-CAPA).
9: #
10: # LON-CAPA is free software; you can redistribute it and/or modify
11: # it under the terms of the GNU General Public License as published by
12: # the Free Software Foundation; either version 2 of the License, or
13: # (at your option) any later version.
14: #
15: # LON-CAPA is distributed in the hope that it will be useful,
16: # but WITHOUT ANY WARRANTY; without even the implied warranty of
17: # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18: # GNU General Public License for more details.
19: #
20: # You should have received a copy of the GNU General Public License
21: # along with LON-CAPA; if not, write to the Free Software
22: # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
23: #
24: # /home/httpd/html/adm/gpl.txt
25: #
26: # http://www.lon-capa.org/
27: #
28:
29: package Apache::ltiauth;
30:
31: use strict;
32: use LONCAPA qw(:DEFAULT :match);
1.35 raeburn 33: use Encode;
1.37 raeburn 34: use Apache::Constants qw(:common :http :remotehost);
1.1 raeburn 35: use Apache::lonlocal;
36: use Apache::lonnet;
37: use Apache::loncommon;
38: use Apache::lonacc;
1.6 raeburn 39: use Apache::lonrequestcourse;
1.2 raeburn 40: use LONCAPA::ltiutils;
1.1 raeburn 41:
42: sub handler {
43: my $r = shift;
44: my $requri = $r->uri;
1.20 raeburn 45: my $hostname = $r->hostname;
1.1 raeburn 46: #
1.9 raeburn 47: # Check for existing session, and temporarily delete any form items
48: # in %env, if session exists
49: #
50: my %savedform;
51: my $handle = &Apache::lonnet::check_for_valid_session($r);
52: if ($handle ne '') {
53: foreach my $key (sort(keys(%env))) {
54: if ($key =~ /^form\.(.+)$/) {
55: $savedform{$1} = $env{$key};
56: delete($env{$key});
57: }
58: }
59: }
60: #
1.20 raeburn 61: # Retrieve data POSTed by LTI launch
1.1 raeburn 62: #
63: &Apache::lonacc::get_posted_cgi($r);
64: my $params = {};
65: foreach my $key (sort(keys(%env))) {
66: if ($key =~ /^form\.(.+)$/) {
1.35 raeburn 67: $params->{$1} = &Encode::decode('UTF-8',$env{$key});
1.1 raeburn 68: }
69: }
1.9 raeburn 70: #
1.22 raeburn 71: # Check for existing session, and restore temporarily
1.9 raeburn 72: # deleted form items to %env, if session exists.
73: #
74: if ($handle ne '') {
75: if (keys(%savedform)) {
76: foreach my $key (sort(keys(%savedform))) {
77: $env{'form.'.$key} = $savedform{$key};
78: }
79: }
80: }
1.1 raeburn 81:
82: unless (keys(%{$params})) {
1.32 raeburn 83: &invalid_request($r,'No parameters included in launch request');
1.1 raeburn 84: return OK;
85: }
86:
87: unless ($params->{'oauth_consumer_key'} &&
88: $params->{'oauth_nonce'} &&
89: $params->{'oauth_timestamp'} &&
90: $params->{'oauth_version'} &&
91: $params->{'oauth_signature'} &&
92: $params->{'oauth_signature_method'}) {
1.32 raeburn 93: &invalid_request($r,'One or more required parameters missing from launch request');
1.1 raeburn 94: return OK;
95: }
96:
97: #
98: # Retrieve "internet domains" for all this institution's LON-CAPA
99: # nodes.
100: #
1.20 raeburn 101: my @intdoms;
1.1 raeburn 102: my $lonhost = $r->dir_config('lonHostID');
103: my $internet_names = &Apache::lonnet::get_internet_names($lonhost);
104: if (ref($internet_names) eq 'ARRAY') {
105: @intdoms = @{$internet_names};
106: }
1.20 raeburn 107: #
108: # Determine course's domain in LON-CAPA
109: # for basic launch using key and secret managed
110: # in LON-CAPA course (i.e., uri begins /adm/launch)
111: #
112:
113: my ($cdom,$cnum);
114:
115: # Note: "internet domain" for course's domain must be one of the
116: # internet domains for the institution's LON-CAPA servers.
117: #
118: if ($requri =~ m{^/adm/launch(|/.*)$}) {
119: my $tail = $1;
1.37 raeburn 120: if ($tail =~ m{^/tiny/$match_domain/\w+$}) {
1.20 raeburn 121: my ($urlcdom,$urlcnum) = &course_from_tinyurl($tail);
122: if (($urlcdom ne '') && ($urlcnum ne '')) {
123: $cdom = $urlcdom;
124: $cnum = $urlcnum;
125: my $primary_id = &Apache::lonnet::domain($cdom,'primary');
126: if ($primary_id ne '') {
127: my $intdom = &Apache::lonnet::internet_dom($primary_id);
128: if (($intdom ne '') && (grep(/^\Q$intdom\E$/,@intdoms))) {
129: #
130: # Verify the signed request using the secret for LTI link
131: # protectors for which the key in the POSTed data matches
132: # keys in the course configuration.
133: #
134: # Request is invalid if the signed request could not be verified
135: # for the key and secret from LON-CAPA course configuration for
136: # LTI link protectors or from LON-CAPA configuration for the
137: # course's domain if there are LTI Providers which may be used.
138: #
139: # Determine if nonce in POSTed data has expired.
140: # If unexpired, confirm it has not already been used.
141: #
1.30 raeburn 142: # Retrieve information for LTI link protectors in course
143: # where url was /adm/launch/tiny/$cdom/$uniqueid
144: #
145:
1.37 raeburn 146: my ($itemid,$ltitype,%crslti,%lti_in_use,$ltiuser);
1.34 raeburn 147: $itemid = &get_lti_itemid($requri,$hostname,$params,$cdom,$cnum,'linkprot');
1.30 raeburn 148: if ($itemid) {
1.41 raeburn 149: %crslti = &Apache::lonnet::get_course_lti($cnum,$cdom,'provider');
1.20 raeburn 150: }
151: if (($itemid) && (ref($crslti{$itemid}) eq 'HASH')) {
152: $ltitype = 'c';
1.32 raeburn 153: if (&LONCAPA::ltiutils::check_nonce($params->{'oauth_nonce'},$params->{'oauth_timestamp'},
154: $crslti{$itemid}{'lifetime'},$cdom,$r->dir_config('lonLTIDir'))) {
155: %lti_in_use = %{$crslti{$itemid}};
156: } else {
157: &invalid_request($r,'Time limit exceeded for launch request credentials');
1.20 raeburn 158: return OK;
159: }
160: } else {
1.34 raeburn 161: $itemid = &get_lti_itemid($requri,$hostname,$params,$cdom,'','linkprot');
1.30 raeburn 162: my %lti;
163: if ($itemid) {
1.34 raeburn 164: %lti = &Apache::lonnet::get_domain_lti($cdom,'linkprot');
1.20 raeburn 165: }
1.30 raeburn 166: if (($itemid) && (ref($lti{$itemid}) eq 'HASH')) {
1.20 raeburn 167: $ltitype = 'd';
1.32 raeburn 168: if (&LONCAPA::ltiutils::check_nonce($params->{'oauth_nonce'},$params->{'oauth_timestamp'},
1.30 raeburn 169: $lti{$itemid}{'lifetime'},$cdom,
1.20 raeburn 170: $r->dir_config('lonLTIDir'))) {
1.32 raeburn 171: %lti_in_use = %{$lti{$itemid}};
172: } else {
173: &invalid_request($r,'Time limit exceeded for launch request credentials');
1.20 raeburn 174: return OK;
175: }
176: }
177: }
1.39 raeburn 178: my $exiturl;
179: if (($itemid) && ($lti_in_use{'returnurl'} ne '')) {
180: if (exists($params->{$lti_in_use{'returnurl'}})) {
181: $exiturl = $params->{$lti_in_use{'returnurl'}};
182: } elsif (exists($params->{'custom_'.$lti_in_use{'returnurl'}})) {
183: $exiturl = $params->{'custom_'.$lti_in_use{'returnurl'}};
184: }
185: }
1.42 raeburn 186: my ($pbid,$pburl);
187: if ($params->{'lis_result_sourcedid'}) {
188: $pbid = $params->{'lis_result_sourcedid'};
189: }
190: if ($params->{'lis_outcome_service_url'}) {
191: $pburl = $params->{'lis_outcome_service_url'};
192: }
1.32 raeburn 193: if (($itemid) && ($lti_in_use{'requser'})) {
194: my %courseinfo = &Apache::lonnet::coursedescription($cdom.'_'.$cnum);
195: my $ltiauth;
196: if (exists($courseinfo{'internal.ltiauth'})) {
197: $ltiauth = $courseinfo{'internal.ltiauth'};
198: } else {
199: my %domdefs = &Apache::lonnet::get_domain_defaults($cdom);
200: $ltiauth = $domdefs{'crsltiauth'};
201: }
202: if ($ltiauth) {
203: my $possuname;
1.34 raeburn 204: my $mapuser = $lti_in_use{'mapuser'};
1.32 raeburn 205: if ($mapuser eq 'sourcedid') {
206: if ($params->{'lis_person_sourcedid'} =~ /^$match_username$/) {
207: $possuname = $params->{'lis_person_sourcedid'};
208: }
209: } elsif ($mapuser eq 'email') {
210: if ($params->{'lis_person_contact_email_primary'} =~ /^$match_username$/) {
211: $possuname = $params->{'lis_person_contact_email_primary'};
212: }
213: } elsif (exists($params->{$mapuser})) {
214: if ($params->{$mapuser} =~ /^$match_username$/) {
215: $possuname = $params->{$mapuser};
216: }
217: }
218: if ($possuname ne '') {
219: my $uhome = &Apache::lonnet::homeserver($possuname,$cdom);
220: unless ($uhome eq 'no_host') {
221: my $uname = $possuname;
222: my ($is_student,$is_nonstudent);
223: my %course_roles =
1.43 ! raeburn 224: &Apache::lonnet::get_my_roles($uname,$cdom,'userroles',['active'],
1.32 raeburn 225: ['cc','co','in','ta','ep','ad','st','cr'],
226: [$cdom]);
227: foreach my $key (keys(%course_roles)) {
228: my ($trest,$tdomain,$trole,$sec) = split(/:/,$key);
229: if (($trest eq $cnum) && ($tdomain eq $cdom)) {
230: if ($trole eq 'st') {
231: $is_student = 1;
232: } else {
233: $is_nonstudent = 1;
234: last;
235: }
236: }
237: }
238: if (($is_student) && (!$is_nonstudent)) {
239: unless (&Apache::lonnet::is_advanced_user($uname,$cdom)) {
240: foreach my $key (%{$params}) {
241: delete($env{'form.'.$key});
242: }
1.42 raeburn 243: &linkprot_session($r,$uname,$cnum,$cdom,$uhome,$itemid,$ltitype,
244: $tail,$lonhost,$exiturl,$pbid,$pburl);
1.32 raeburn 245: return OK;
246: }
247: }
1.37 raeburn 248: $ltiuser = $uname.':'.$cdom;
1.32 raeburn 249: }
250: }
251: if ($lti_in_use{'notstudent'} eq 'reject') {
252: &invalid_request($r,'Information for valid user missing from launch request');
1.36 raeburn 253: return OK;
1.32 raeburn 254: }
255: }
256: }
1.20 raeburn 257: if ($itemid) {
258: foreach my $key (%{$params}) {
259: delete($env{'form.'.$key});
260: }
1.37 raeburn 261: my %info = (
262: 'linkprot' => $itemid.$ltitype.':'.$tail,
263: );
264: if ($ltiuser ne '') {
265: $info{'linkprotuser'} = $ltiuser;
266: }
1.39 raeburn 267: if ($exiturl ne '') {
268: $info{'linkprotexit'} = $exiturl;
269: }
1.42 raeburn 270: if ($pbid ne '') {
271: $info{'linkprotpbid'} = $pbid;
272: }
273: if ($pburl ne '') {
274: $info{'linkprotpburl'} = $pburl;
275: }
1.37 raeburn 276: my $ltoken = &Apache::lonnet::tmpput(\%info,$lonhost,'link');
277: if (($ltoken eq 'con_lost') || ($ltoken eq 'refused') || ($ltoken =~ /^error:/) ||
278: ($ltoken eq 'unknown_cmd') || ($ltoken eq 'no_such_host') ||
279: ($ltoken eq '')) {
280: &invalid_request($r,'Failed to store information from launch request');
281: } else {
1.20 raeburn 282: $r->internal_redirect($tail.'?ltoken='.$ltoken);
283: $r->set_handlers('PerlHandler'=> undef);
284: }
285: } else {
1.32 raeburn 286: &invalid_request($r,'Launch request could not be validated');
1.20 raeburn 287: }
288: } else {
1.32 raeburn 289: &invalid_request($r,'Launch unavailable on this LON-CAPA server');
1.20 raeburn 290: }
291: } else {
1.32 raeburn 292: &invalid_request($r,'Launch unavailable for this domain');
1.20 raeburn 293: }
294: } else {
1.32 raeburn 295: &invalid_request($r,'Invalid launch URL');
1.20 raeburn 296: }
297: } else {
1.32 raeburn 298: &invalid_request($r,'Invalid launch URL');
1.20 raeburn 299: }
300: return OK;
301: }
302:
303: my ($udom,$uname,$uhome,$symb,$mapurl);
1.1 raeburn 304:
305: #
306: # For user who launched LTI in Consumer, determine user's domain in
307: # LON-CAPA.
308: #
309: # Order is:
310: #
311: # (a) from custom_userdomain item in POSTed data
312: # (b) from lis_person_sourcedid in POSTed data
313: # (c) from default "log-in" domain for node
314: # (can support multidomain servers, where specific domain is
315: # first part of hostname).
316: #
317: # Note: "internet domain" for user's domain must be one of the
318: # "internet domain(s)" for the institution's LON-CAPA servers.
319: #
320: if (exists($params->{'custom_userdomain'})) {
321: if ($params->{'custom_userdomain'} =~ /^$match_domain$/) {
322: my $uprimary_id = &Apache::lonnet::domain($params->{'custom_userdomain'},'primary');
323: if ($uprimary_id ne '') {
324: my $uintdom = &Apache::lonnet::internet_dom($uprimary_id);
325: if (($uintdom ne '') && (grep(/^\Q$uintdom\E$/,@intdoms))) {
326: $udom = $params->{'custom_userdomain'};
327: }
328: }
329: }
330: }
331: my $defdom = &Apache::lonnet::default_login_domain();
332: my ($domain,$possuname,$possudom,$possmapuser);
333: if ($env{'form.lis_person_sourcedid'} =~ /^($match_username)\:($match_domain)$/) {
334: ($possuname,$possudom) = ($1,$2);
335: if ($udom eq '') {
336: my $uintdom = &Apache::lonnet::domain($possudom,'primary');
337: if (($uintdom ne '') && (grep(/^\Q$uintdom\E$/,@intdoms))) {
338: $udom = $possudom;
339: $possmapuser = 'lis_person_sourcedid';
340: } else {
341: $udom = $defdom;
342: }
343: } elsif ($udom eq $possudom) {
344: $possmapuser = 'lis_person_sourcedid';
345: }
346: }
347: unless ($possuname) {
348: if ($env{'form.lis_person_sourcedid'} =~ /^$match_username$/) {
349: $possuname = $env{'form.lis_person_sourcedid'};
350: $possmapuser = 'lis_person_sourcedid';
351: } elsif ($env{'form.lis_person_contact_email_primary'} =~ /^$match_username$/) {
352: $possuname = $env{'form.lis_person_contact_email_primary'};
353: $possmapuser = 'lis_person_contact_email_primary';
354: }
355: unless ($udom) {
356: $udom = $defdom;
357: }
358: }
359:
360: #
361: # Determine course's domain in LON-CAPA
362: #
363: # Order is:
364: #
365: # (a) from custom_coursedomain item in POSTed data
1.9 raeburn 366: # (b) from tail of requested URL (after /adm/lti/) if it has format of a symb
1.1 raeburn 367: # (c) from tail of requested URL (after /adm/lti) if it has format of a map
368: # (d) from tail of requested URL (after /adm/lti) if it has format /domain/courseID
1.5 raeburn 369: # (e) from tail of requested URL (after /adm/lti) if it has format /tiny/domain/\w+
370: # i.e., a shortened URL (see bug #6400).
1.1 raeburn 371: # (f) same as user's domain
372: #
373: # Request invalid if custom_coursedomain is defined and is inconsistent with
374: # domain contained in requested URL.
375: #
376: # Note: "internet domain" for course's domain must be one of the
377: # internet domains for the institution's LON-CAPA servers.
378: #
379:
380: if (exists($params->{'custom_coursedomain'})) {
381: if ($params->{'custom_coursedomain'} =~ /^$match_domain$/) {
382: my $cprimary_id = &Apache::lonnet::domain($params->{'custom_coursedomain'},'primary');
383: if ($cprimary_id ne '') {
384: my $cintdom = &Apache::lonnet::internet_dom($cprimary_id);
385: if (($cintdom ne '') && (grep(/^\Q$cintdom\E$/,@intdoms))) {
386: $cdom = $params->{'custom_coursedomain'};
387: }
388: }
389: }
390: }
391:
392: my ($tail) = ($requri =~ m{^/adm/lti(|/.*)$});
393: my $urlcnum;
394: if ($tail ne '') {
395: my $urlcdom;
396: if ($tail =~ m{^/uploaded/($match_domain)/($match_courseid)/(?:default|supplemental)(?:|_\d+)\.(?:sequence|page)(|___\d+___.+)$}) {
397: ($urlcdom,$urlcnum,my $rest) = ($1,$2,$3);
398: if (($cdom ne '') && ($cdom ne $urlcdom)) {
1.32 raeburn 399: &invalid_request($r,'Incorrect domain in requested URL');
1.1 raeburn 400: return OK;
401: }
402: if ($rest eq '') {
403: $mapurl = $tail;
404: } else {
405: $symb = $tail;
1.16 raeburn 406: $symb =~ s{^/}{};
1.1 raeburn 407: }
1.9 raeburn 408: } elsif ($tail =~ m{^/res/(?:$match_domain)/(?:$match_username)/.+\.(?:sequence|page)(|___\d+___.+)$}) {
409: if ($1 eq '') {
410: $mapurl = $tail;
411: } else {
412: $symb = $tail;
1.16 raeburn 413: $symb =~ s{^/res/}{};
1.9 raeburn 414: }
1.1 raeburn 415: } elsif ($tail =~ m{^/($match_domain)/($match_courseid)$}) {
416: ($urlcdom,$urlcnum) = ($1,$2);
417: if (($cdom ne '') && ($cdom ne $urlcdom)) {
1.32 raeburn 418: &invalid_request($r,'Incorrect domain in requested URL');
1.1 raeburn 419: return OK;
420: }
1.5 raeburn 421: } elsif ($tail =~ m{^/tiny/($match_domain)/(\w+)$}) {
1.20 raeburn 422: ($urlcdom,$urlcnum) = &course_from_tinyurl($tail);
423: if (($urlcdom eq '') || ($urlcnum eq '')) {
1.32 raeburn 424: &invalid_request($r,'Invalid URL shortcut');
1.5 raeburn 425: return OK;
426: }
1.1 raeburn 427: }
428: if (($cdom eq '') && ($urlcdom ne '')) {
429: my $cprimary_id = &Apache::lonnet::domain($urlcdom,'primary');
430: if ($cprimary_id ne '') {
431: my $cintdom = &Apache::lonnet::internet_dom($cprimary_id);
432: if (($cintdom ne '') && (grep(/^\Q$cintdom\E$/,@intdoms))) {
433: $cdom = $urlcdom;
434: }
435: } else {
436: $urlcnum = '';
437: }
438: }
439: }
440: if ($cdom eq '') {
441: if ($udom ne '') {
442: $cdom = $udom;
443: } else {
444: $cdom = $defdom;
445: }
446: }
447:
448: #
1.20 raeburn 449: # Retrieve information for LTI Consumers in course's domain
1.30 raeburn 450: # defined in domain configuration for LTI.
1.1 raeburn 451: #
452: # Verify the signed request using the secret for those
1.30 raeburn 453: # Consumers for which the key in the POSTed data matches
1.20 raeburn 454: # keys in the course configuration or the domain configuration
455: # for LTI.
1.1 raeburn 456: #
457:
1.30 raeburn 458: my %lti;
1.42 raeburn 459: my $itemid = &get_lti_itemid($requri,$hostname,$params,$cdom,'','provider');
1.30 raeburn 460: if ($itemid) {
461: %lti = &Apache::lonnet::get_domain_lti($cdom,'provider');
462: }
1.1 raeburn 463:
464: #
465: # Request is invalid if the signed request could not be verified
466: # for the Consumer key and Consumer secret from the domain
467: # configuration in LON-CAPA for that LTI Consumer.
468: #
469: unless (($itemid) && (ref($lti{$itemid}) eq 'HASH')) {
1.32 raeburn 470: &invalid_request($r,'Launch request could not be validated');
1.1 raeburn 471: return OK;
472: }
473:
474: #
475: # Determine if nonce in POSTed data has expired.
476: # If unexpired, confirm it has not already been used.
477: #
1.2 raeburn 478: unless (&LONCAPA::ltiutils::check_nonce($params->{'oauth_nonce'},$params->{'oauth_timestamp'},
479: $lti{$itemid}{'lifetime'},$cdom,$r->dir_config('lonLTIDir'))) {
1.32 raeburn 480: &invalid_request($r,'Time limit exceeded for launch request credentials');
1.1 raeburn 481: return OK;
482: }
483:
484: #
1.17 raeburn 485: # Determine if a username is required from the domain
486: # configuration for the specific LTI Consumer
487: #
488:
489: if (!$lti{$itemid}{'requser'}) {
490: if ($tail =~ m{^/tiny/($match_domain)/(\w+)$}) {
1.20 raeburn 491: my $ltitype = 'd';
1.17 raeburn 492: foreach my $key (%{$params}) {
493: delete($env{'form.'.$key});
494: }
1.20 raeburn 495: my $ltoken = &Apache::lonnet::tmpput({'linkprot' => $itemid.$ltitype.':'.$tail},
1.17 raeburn 496: $lonhost);
497: if ($ltoken) {
498: $r->internal_redirect($tail.'?ltoken='.$ltoken);
499: $r->set_handlers('PerlHandler'=> undef);
500: } else {
1.32 raeburn 501: &invalid_request($r,'Failed to store information from launch request');
1.17 raeburn 502: }
503: } else {
1.32 raeburn 504: &invalid_request($r,'Launch URL invalid for matched launch credentials');
1.17 raeburn 505: }
506: return OK;
507: }
508:
509: #
1.6 raeburn 510: # Determine if source of username matches requirement from the
1.1 raeburn 511: # domain configuration for the specific LTI Consumer.
512: #
513:
514: if ($lti{$itemid}{'mapuser'} eq $possmapuser) {
515: $uname = $possuname;
516: } elsif ($lti{$itemid}{'mapuser'} eq 'lis_person_sourcedid') {
517: if ($params->{'lis_person_sourcedid'} =~ /^$match_username$/) {
518: $uname = $possuname;
519: }
520: } elsif ($lti{$itemid}{'mapuser'} eq 'lis_person_contact_email_primary') {
521: if ($params->{'lis_person_contact_email_primary'} =~ /^$match_username$/) {
522: $uname = $params->{'lis_person_contact_email_primary'};
523: }
524: } elsif (exists($params->{$lti{$itemid}{'mapuser'}})) {
525: if ($params->{$lti{$itemid}{'mapuser'}} =~ /^$match_username$/) {
526: $uname = $params->{$lti{$itemid}{'mapuser'}};
527: }
528: }
529:
530: #
531: # Determine the courseID of the LON-CAPA course to which the
532: # launch of LON-CAPA should provide access.
533: #
534: # Order is:
535: #
536: # (a) from course mapping (if the link between Consumer "course" and
537: # Provider "course" has been established previously).
1.9 raeburn 538: # (b) from tail of requested URL (after /adm/lti/) if it has format of a symb
1.1 raeburn 539: # (c) from tail of requested URL (after /adm/lti) if it has format of a map
540: # (d) from tail of requested URL (after /adm/lti) if it has format /domain/courseID
1.5 raeburn 541: # (e) from tail of requested URL (after /adm/lti) if it has format /tiny/domain/\w+
542: # i.e., a shortened URL (see bug #6400).
1.1 raeburn 543: #
544: # If Consumer course included in POSTed data points as a target course which
545: # has a format which matches a LON-CAPA courseID, but the course does not
546: # exist, the request is invalid.
547: #
548:
549: my ($sourcecrs,%consumers);
550: if ($lti{$itemid}{'mapcrs'} eq 'course_offering_sourcedid') {
551: $sourcecrs = $params->{'course_offering_sourcedid'};
552: } elsif ($lti{$itemid}{'mapcrs'} eq 'context_id') {
553: $sourcecrs = $params->{'context_id'};
554: } elsif ($lti{$itemid}{'mapcrs'} ne '') {
555: $sourcecrs = $params->{$lti{$itemid}{'mapcrs'}};
556: }
557:
558: my $posscnum;
559: if ($sourcecrs ne '') {
560: %consumers = &Apache::lonnet::get_dom('lticonsumers',[$sourcecrs],$cdom);
561: if (exists($consumers{$sourcecrs})) {
1.28 raeburn 562: if ($consumers{$sourcecrs} =~ /^\Q$itemid:\E($match_courseid)$/) {
1.29 raeburn 563: my $storedcnum = $1;
1.28 raeburn 564: my $crshome = &Apache::lonnet::homeserver($storedcnum,$cdom);
1.1 raeburn 565: if ($crshome =~ /(con_lost|no_host|no_such_host)/) {
1.32 raeburn 566: &invalid_request($r,'Invalid courseID included in launch data');
1.1 raeburn 567: return OK;
568: } else {
1.28 raeburn 569: $posscnum = $storedcnum;
1.1 raeburn 570: }
571: }
572: }
573: }
574:
575: if ($urlcnum ne '') {
576: if ($posscnum ne '') {
577: if ($posscnum ne $urlcnum) {
1.32 raeburn 578: &invalid_request($r,'Course ID included in launch data incompatible with URL');
1.1 raeburn 579: return OK;
580: } else {
581: $cnum = $posscnum;
582: }
583: } else {
584: my $crshome = &Apache::lonnet::homeserver($urlcnum,$cdom);
585: if ($crshome =~ /(con_lost|no_host|no_such_host)/) {
1.32 raeburn 586: &invalid_request($r,'Valid course ID could not be extracted from requested URL');
1.1 raeburn 587: return OK;
588: } else {
589: $cnum = $urlcnum;
590: }
591: }
592: } elsif ($posscnum ne '') {
593: $cnum = $posscnum;
594: }
595:
596: #
1.6 raeburn 597: # Get LON-CAPA role(s) to use from role-mapping of Consumer roles
1.1 raeburn 598: # defined in domain configuration for the appropriate LTI
599: # Consumer.
600: #
1.6 raeburn 601: # If multiple LON-CAPA roles are indicated for the current user,
602: # ordering (from first to last) is: cc/co, in, ta, ep, st.
1.1 raeburn 603: #
604:
1.6 raeburn 605: my (@ltiroles,@lcroles);
606: my @lcroleorder = ('cc','in','ta','ep','st');
1.15 raeburn 607: my ($lcrolesref,$ltirolesref) =
608: &LONCAPA::ltiutils::get_lc_roles($params->{'roles'},
609: \@lcroleorder,
610: $lti{$itemid}{maproles});
1.13 raeburn 611: if (ref($lcrolesref) eq 'ARRAY') {
612: @lcroles = @{$lcrolesref};
1.1 raeburn 613: }
1.13 raeburn 614: if (ref($ltirolesref) eq 'ARRAY') {
615: @ltiroles = @{$ltirolesref};
1.1 raeburn 616: }
617:
618: #
619: # If no LON-CAPA username -- is user allowed to create one?
620: #
621:
622: my $selfcreate;
623: if (($uname ne '') && ($udom ne '')) {
624: $uhome = &Apache::lonnet::homeserver($uname,$udom);
625: if ($uhome =~ /(con_lost|no_host|no_such_host)/) {
626: &Apache::lonnet::logthis(" LTI authorized unknown user $uname:$udom ");
627: if (ref($lti{$itemid}{'makeuser'}) eq 'ARRAY') {
628: if (@{$lti{$itemid}{'makeuser'}} > 0) {
629: foreach my $ltirole (@ltiroles) {
630: if (grep(/^\Q$ltirole\E$/,@{$lti{$itemid}{'makeuser'}})) {
631: $selfcreate = 1;
1.6 raeburn 632: last;
1.1 raeburn 633: }
634: }
635: }
636: }
637: if ($selfcreate) {
1.13 raeburn 638: my (%rulematch,%inst_results,%curr_rules,%got_rules,%alerts);
639: my $domdesc = &Apache::lonnet::domain($udom,'description');
640: my %data = (
641: 'permanentemail' => $env{'form.lis_person_contact_email_primary'},
642: 'firstname' => $env{'form.lis_person_name_given'},
643: 'lastname' => $env{'form.lis_person_name_family'},
644: 'fullname' => $env{'form.lis_person_name_full'},
645: );
646: my $result =
647: &LONCAPA::ltiutils::create_user($lti{$itemid},$uname,$udom,
648: $domdesc,\%data,\%alerts,\%rulematch,
649: \%inst_results,\%curr_rules,%got_rules);
650: if ($result eq 'notallowed') {
1.32 raeburn 651: &invalid_request($r,'Account creation not permitted for this user');
1.13 raeburn 652: } elsif ($result eq 'ok') {
1.6 raeburn 653: if (($ltiroles[0] eq 'Instructor') && ($lcroles[0] eq 'cc') && ($lti{$itemid}{'mapcrs'}) &&
654: ($lti{$itemid}{'makecrs'})) {
655: unless (&Apache::lonnet::usertools_access($uname,$udom,'lti','reload','requestcourses')) {
1.10 raeburn 656: &Apache::lonnet::put('environment',{ 'requestcourses.lti' => 'autolimit=', },$udom,$uname);
1.6 raeburn 657: }
658: }
659: } else {
1.32 raeburn 660: &invalid_request($r,'An error occurred during account creation');
1.6 raeburn 661: return OK;
662: }
1.1 raeburn 663: } else {
1.32 raeburn 664: &invalid_request($r,'Account creation not permitted');
1.1 raeburn 665: return OK;
1.6 raeburn 666: }
667: }
1.1 raeburn 668: } else {
1.32 raeburn 669: &invalid_request($r,'Could not determine username and/or domain for user');
1.1 raeburn 670: return OK;
671: }
672:
673: #
674: # If no LON-CAPA course available, check if domain's configuration
675: # for the specific LTI Consumer allows a new course to be created
1.6 raeburn 676: # (requires role in Consumer to be: Instructor and Instructor to map to CC)
1.1 raeburn 677: #
678:
1.6 raeburn 679: my $reqcrs;
1.1 raeburn 680: if ($cnum eq '') {
1.26 raeburn 681: if ($lti{$itemid}{'crsinc'}) {
682: if ((@ltiroles) && ($lti{$itemid}{'mapcrs'}) &&
683: ($ltiroles[0] eq 'Instructor') && ($lcroles[0] eq 'cc') && ($lti{$itemid}{'makecrs'})) {
684: my (%can_request,%request_domains);
685: &Apache::lonnet::check_can_request($cdom,\%can_request,\%request_domains,$uname,$udom);
686: if ($can_request{'lti'}) {
687: $reqcrs = 1;
688: <i_session($r,$itemid,$uname,$udom,$uhome,$lonhost,undef,$mapurl,$tail,
689: $symb,$cdom,$cnum,$params,\@ltiroles,$lti{$itemid},\@lcroles,
690: $reqcrs,$sourcecrs);
691: } else {
1.32 raeburn 692: &invalid_request($r,'No LON-CAPA course available, and creation is not permitted for this user');
1.26 raeburn 693: }
1.6 raeburn 694: } else {
1.32 raeburn 695: &invalid_request($r,'No LON-CAPA course available, and creation is not permitted');
1.6 raeburn 696: }
1.1 raeburn 697: } else {
1.26 raeburn 698: <i_session($r,$itemid,$uname,$udom,$uhome,$lonhost,undef,$mapurl,$tail,
699: $symb,$cdom,$cnum,$params,\@ltiroles,$lti{$itemid},\@lcroles,
700: $reqcrs,$sourcecrs);
1.1 raeburn 701: }
1.6 raeburn 702: return OK;
1.1 raeburn 703: }
704:
705: #
706: # If LON-CAPA course is a Community, and LON-CAPA role
707: # indicated is cc, change role indicated to co.
1.27 raeburn 708: #
1.1 raeburn 709:
1.6 raeburn 710: my %crsenv;
711: if ($lcroles[0] eq 'cc') {
1.1 raeburn 712: if (($cdom ne '') && ($cnum ne '')) {
1.6 raeburn 713: %crsenv = &Apache::lonnet::coursedescription($cdom.'_'.$cnum,{ 'one_time' => 1,});
1.1 raeburn 714: if ($crsenv{'type'} eq 'Community') {
1.6 raeburn 715: $lcroles[0] = 'co';
716: }
717: }
718: }
719:
720: #
721: # Determine if user has a LON-CAPA role in the mapped LON-CAPA course.
722: # If multiple LON-CAPA roles are available for the user's assigned LTI roles,
723: # choose the first available LON-CAPA role in the order: cc/co, in, ta, ep, st
724: #
725:
726: my ($role,$usec,$withsec);
727: unless ((($lcroles[0] eq 'cc') || ($lcroles[0] eq 'co')) && (@lcroles == 1)) {
728: if ($lti{$itemid}{'section'} ne '') {
729: if ($lti{$itemid}{'section'} eq 'course_section_sourcedid') {
730: if ($env{'form.course_section_sourcedid'} !~ /\W/) {
731: $usec = $env{'form.course_section_sourcedid'};
732: }
733: } elsif ($env{'form.'.$lti{$itemid}{'section'}} !~ /\W/) {
734: $usec = $env{'form.'.$lti{$itemid}{'section'}};
735: }
736: }
737: if ($usec ne '') {
738: $withsec = 1;
739: }
740: }
741:
742: if (@lcroles) {
743: my %crsroles = &Apache::lonnet::get_my_roles($uname,$udom,'userroles',undef,\@lcroles,
744: [$cdom],$withsec);
745: foreach my $reqrole (@lcroles) {
746: if ($withsec) {
747: my $incsec;
748: if (($reqrole eq 'cc') || ($reqrole eq 'co')) {
749: $incsec = '';
750: } else {
751: $incsec = $usec;
752: }
753: if (exists($crsroles{$cnum.':'.$cdom.':'.$reqrole.':'.$incsec})) {
754: $role = $reqrole.'./'.$cdom.'/'.$cnum;
755: if ($incsec ne '') {
756: $role .= '/'.$usec;
757: }
758: last;
759: }
760: } else {
761: if (exists($crsroles{$cnum.':'.$cdom.':'.$reqrole})) {
762: $role = $reqrole.'./'.$cdom.'/'.$cnum;
763: last;
764: }
1.1 raeburn 765: }
766: }
767: }
768:
769: #
1.6 raeburn 770: # Determine if user can selfenroll
1.1 raeburn 771: #
772:
1.6 raeburn 773: my ($reqrole,$selfenrollrole);
774: if ($role eq '') {
775: if ((@ltiroles) && (ref($lti{$itemid}{'selfenroll'}) eq 'ARRAY')) {
776: foreach my $ltirole (@ltiroles) {
777: if (grep(/^\Q$ltirole\E$/,@{$lti{$itemid}{'selfenroll'}})) {
778: if (ref($lti{$itemid}{maproles}) eq 'HASH') {
779: $reqrole = $lti{$itemid}{maproles}{$ltirole};
780: last;
781: }
782: }
783: }
784: }
785: if ($reqrole eq '') {
1.32 raeburn 786: &invalid_request($r,'No matching role available in LON-CAPA course, and not permitted to self-enroll');
1.1 raeburn 787: return OK;
788: } else {
1.6 raeburn 789: unless (%crsenv) {
790: %crsenv = &Apache::lonnet::coursedescription($cdom.'_'.$cnum);
791: }
792: my $default_enrollment_start_date = $crsenv{'default_enrollment_start_date'};
793: my $default_enrollment_end_date = $crsenv{'default_enrollment_end_date'};
794: my $now = time;
795: if ($default_enrollment_end_date && $default_enrollment_end_date <= $now) {
1.32 raeburn 796: &invalid_request($r,'No active role available in LON-CAPA course, and past end date for self-enrollment');
1.6 raeburn 797: return OK;
798: } elsif ($default_enrollment_start_date && $default_enrollment_start_date >$now) {
1.32 raeburn 799: &invalid_request($r,'No active role available in LON-CAPA course, and brefor start date for self-enrollment');
1.6 raeburn 800: return OK;
801: } else {
802: $selfenrollrole = $reqrole.'./'.$cdom.'/'.$cnum;
803: if (($withsec) && ($reqrole ne 'cc') && ($reqrole ne 'co')) {
804: if ($usec ne '') {
805: $selfenrollrole .= '/'.$usec;
806: }
807: }
808: }
1.1 raeburn 809: }
810: }
811:
812: #
1.27 raeburn 813: # Retrieve course type of LON-CAPA course to check if mapping from a Consumer
814: # course identifier permitted for this type of course (one of: official,
815: # unofficial, community, textbook, placement or lti.
816: #
817:
818: unless (%crsenv) {
819: %crsenv = &Apache::lonnet::coursedescription($cdom.'_'.$cnum);
820: }
821: my $crstype = lc($crsenv{'type'});
822: if ($crstype eq '') {
823: $crstype = 'course';
824: }
825: if ($crstype eq 'course') {
826: if ($crsenv{'internal.coursecode'}) {
827: $crstype = 'official';
828: } elsif ($crsenv{'internal.textbook'}) {
829: $crstype = 'textbook';
830: } elsif ($crsenv{'internal.lti'}) {
831: $crstype = 'lti';
832: } else {
833: $crstype = 'unofficial';
834: }
835: }
836:
837: #
838: # Store consumer-to-LON-CAPA course mapping if permitted
1.1 raeburn 839: #
1.6 raeburn 840:
1.27 raeburn 841: if (($lti{$itemid}{'storecrs'}) && ($sourcecrs ne '') &&
842: ($consumers{$sourcecrs} eq '') && ($cnum ne '')) {
843: if (ref($lti{$itemid}{'mapcrstype'}) eq 'ARRAY') {
844: if (grep(/^$crstype$/,@{$lti{$itemid}{'mapcrstype'}})) {
1.28 raeburn 845: &Apache::lonnet::put_dom('lticonsumers',{ $sourcecrs => $itemid.':'.$cnum },$cdom);
1.27 raeburn 846: }
847: }
1.1 raeburn 848: }
849:
850: #
1.6 raeburn 851: # Start user session
852: #
853:
854: <i_session($r,$itemid,$uname,$udom,$uhome,$lonhost,$role,$mapurl,$tail,$symb,
855: $cdom,$cnum,$params,\@ltiroles,$lti{$itemid},\@lcroles,undef,$sourcecrs,
856: $selfenrollrole);
857: return OK;
858: }
859:
1.20 raeburn 860: sub get_lti_itemid {
1.30 raeburn 861: my ($requri,$hostname,$params,$cdom,$cnum,$context) = @_;
1.31 raeburn 862: return unless (ref($params) eq 'HASH');
1.20 raeburn 863: my $protocol = 'http';
864: if ($ENV{'SERVER_PORT'} == 443) {
865: $protocol = 'https';
866: }
1.30 raeburn 867: my $url = $protocol.'://'.$hostname.$requri;
868: my $method = $env{'request.method'};
869: if ($cnum ne '') {
870: return &Apache::lonnet::courselti_itemid($cnum,$cdom,$url,$method,$params,$context);
871: } else {
872: return &Apache::lonnet::domainlti_itemid($cdom,$url,$method,$params,$context);
1.20 raeburn 873: }
874: }
875:
1.6 raeburn 876: sub lti_enroll {
877: my ($uname,$udom,$selfenrollrole) = @_;
878: my $enrollresult;
879: my ($role,$cdom,$cnum,$sec) =
880: ($selfenrollrole =~ m{^(\w+)\./($match_domain)/($match_courseid)(?:|/(\w*))$});
881: if (($cnum ne '') && ($cdom ne '')) {
882: my $chome = &Apache::lonnet::homeserver($cnum,$cdom);
883: if ($chome ne 'no_host') {
884: my %coursehash = &Apache::lonnet::coursedescription($cdom.'_'.$cnum);
885: my $start = $coursehash{'default_enrollment_start_date'};
886: my $end = $coursehash{'default_enrollment_end_date'};
1.14 raeburn 887: $enrollresult = &LONCAPA::ltiutils::enrolluser($udom,$uname,$role,$cdom,$cnum,$sec,
888: $start,$end,1);
1.6 raeburn 889: }
890: }
891: return $enrollresult;
892: }
893:
894: sub lti_reqcrs {
895: my ($r,$cdom,$form,$uname,$udom) = @_;
896: my (%can_request,%request_domains);
897: &Apache::lonnet::check_can_request($cdom,\%can_request,\%request_domains,$uname,$udom);
898: if ($can_request{'lti'}) {
899: my %domconfig = &Apache::lonnet::get_dom('configuration',['requestcourses'],$cdom);
900: my %domdefs = &Apache::lonnet::get_domain_defaults($cdom);
901: &Apache::lonrequestcourse::print_textbook_form($r,$cdom,[$cdom],\%domdefs,
902: $domconfig{'requestcourses'},
903: \%can_request,'lti',$form);
904: } else {
905: $r->print(
906: &Apache::loncommon::start_page('Invalid LTI call',undef,{'only_body' => 1}).
907: &mt('Invalid LTI call').
908: &Apache::loncommon::end_page()
909: );
910: }
911: }
912:
913: sub lti_session {
914: my ($r,$itemid,$uname,$udom,$uhome,$lonhost,$role,$mapurl,$tail,$symb,$cdom,$cnum,
915: $params,$ltiroles,$ltihash,$lcroles,$reqcrs,$sourcecrs,$selfenrollrole) = @_;
916: return unless ((ref($params) eq 'HASH') && (ref($ltiroles) eq 'ARRAY') &&
917: (ref($ltihash) eq 'HASH') && (ref($lcroles) eq 'ARRAY'));
918: #
1.1 raeburn 919: # Check if user should be hosted here or switched to another server.
920: #
921: $r->user($uname);
1.6 raeburn 922: if ($cnum) {
923: if ($role) {
924: &Apache::lonnet::logthis(" LTI authorized user ($itemid): $uname:$udom, role: $role, course: $cdom\_$cnum");
925: } elsif ($selfenrollrole =~ m{^(\w+)\./$cdom/$cnum}) {
926: &Apache::lonnet::logthis(" LTI authorized user ($itemid): $uname:$udom, desired role: $1 course: $cdom\_$cnum");
927: }
928: } else {
929: &Apache::lonnet::logthis(" LTI authorized user ($itemid): $uname:$udom, course dom: $cdom");
930: }
1.32 raeburn 931: my ($is_balancer,$otherserver,$hosthere) = &check_balancer($r,$uname,$udom);
1.19 raeburn 932: my $protocol = 'http';
933: if ($ENV{'SERVER_PORT'} == 443) {
934: $protocol = 'https';
935: }
1.1 raeburn 936: if (($is_balancer) && (!$hosthere)) {
937: # login but immediately go to switch server.
938: &Apache::lonauth::success($r,$uname,$udom,$uhome,'noredirect');
1.19 raeburn 939: if (($ltihash->{'callback'}) && ($params->{$ltihash->{'callback'}})) {
1.42 raeburn 940: &LONCAPA::ltiutils::setup_logout_callback($cdom,$cnum,'',$itemid,$ltihash->{'cipher'},
941: $uname,$udom,$otherserver,
1.19 raeburn 942: $params->{$ltihash->{'callback'}},
943: $r->dir_config('ltiIDsDir'),
944: $protocol,$r->hostname);
945: }
1.1 raeburn 946: if ($symb) {
947: $env{'form.symb'} = $symb;
1.16 raeburn 948: $env{'request.lti.uri'} = $tail;
1.6 raeburn 949: } else {
950: if ($mapurl) {
951: $env{'form.origurl'} = $mapurl;
1.8 raeburn 952: $env{'request.lti.uri'} = $mapurl;
1.6 raeburn 953: } elsif ($tail =~ m{^\Q/tiny/$cdom/\E\w+$}) {
954: $env{'form.origurl'} = $tail;
1.8 raeburn 955: $env{'request.lti.uri'} = $tail;
1.9 raeburn 956: } elsif ($tail eq "/$cdom/$cnum") {
957: $env{'form.origurl'} = '/adm/navmaps';
958: $env{'request.lti.uri'} = $tail;
1.6 raeburn 959: } else {
960: unless ($tail eq '/adm/roles') {
1.26 raeburn 961: if ($cnum) {
962: $env{'form.origurl'} = '/adm/navmaps';
963: }
1.6 raeburn 964: }
965: }
1.1 raeburn 966: }
967: if ($role) {
968: $env{'form.role'} = $role;
969: }
1.6 raeburn 970: if (($lcroles->[0] eq 'cc') && ($reqcrs)) {
971: $env{'request.lti.reqcrs'} = 1;
972: $env{'request.lti.reqrole'} = 'cc';
973: $env{'request.lti.sourcecrs'} = $sourcecrs;
974: }
975: if ($selfenrollrole) {
1.18 raeburn 976: $env{'request.lti.selfenrollrole'} = $selfenrollrole;
1.6 raeburn 977: $env{'request.lti.sourcecrs'} = $sourcecrs;
978: }
979: if ($ltihash->{'passback'}) {
1.1 raeburn 980: if ($params->{'lis_result_sourcedid'}) {
981: $env{'request.lti.passbackid'} = $params->{'lis_result_sourcedid'};
982: }
983: if ($params->{'lis_outcome_service_url'}) {
984: $env{'request.lti.passbackurl'} = $params->{'lis_outcome_service_url'};
985: }
986: }
1.6 raeburn 987: if (($ltihash->{'roster'}) && (grep(/^Instructor$/,@{$ltiroles}))) {
1.1 raeburn 988: if ($params->{'ext_ims_lis_memberships_id'}) {
1.6 raeburn 989: $env{'request.lti.rosterid'} = $params->{'ext_ims_lis_memberships_id'};
1.1 raeburn 990: }
991: if ($params->{'ext_ims_lis_memberships_url'}) {
992: $env{'request.lti.rosterurl'} = $params->{'ext_ims_lis_memberships_url'};
993: }
994: }
1.10 raeburn 995: $env{'request.lti.login'} = $itemid;
1.8 raeburn 996: if ($params->{'launch_presentation_document_target'}) {
997: $env{'request.lti.target'} = $params->{'launch_presentation_document_target'};
998: }
1.25 raeburn 999: foreach my $key (keys(%{$params})) {
1.1 raeburn 1000: delete($env{'form.'.$key});
1001: }
1002: my $redirecturl = '/adm/switchserver';
1003: if ($otherserver ne '') {
1004: $redirecturl .= '?otherserver='.$otherserver;
1005: }
1006: $r->internal_redirect($redirecturl);
1007: $r->set_handlers('PerlHandler'=> undef);
1008: } else {
1.32 raeburn 1009: # need to login them in, so generate the data migrate expects to do login
1.25 raeburn 1010: foreach my $key (keys(%{$params})) {
1.1 raeburn 1011: delete($env{'form.'.$key});
1012: }
1.19 raeburn 1013: if (($ltihash->{'callback'}) && ($params->{$ltihash->{'callback'}})) {
1.42 raeburn 1014: &LONCAPA::ltiutils::setup_logout_callback($cdom,$cnum,'',$itemid,$ltihash->{'cipher'},
1015: $uname,$udom,$lonhost,
1.19 raeburn 1016: $params->{$ltihash->{'callback'}},
1017: $r->dir_config('ltiIDsDir'),
1018: $protocol,$r->hostname);
1019: }
1.37 raeburn 1020: my $ip = &Apache::lonnet::get_requestor_ip($r,REMOTE_NOLOOKUP);
1.1 raeburn 1021: my %info=('ip' => $ip,
1022: 'domain' => $udom,
1023: 'username' => $uname,
1024: 'server' => $lonhost,
1.10 raeburn 1025: 'lti.login' => $itemid,
1.8 raeburn 1026: 'lti.uri' => $tail,
1.1 raeburn 1027: );
1028: if ($role) {
1029: $info{'role'} = $role;
1030: }
1031: if ($symb) {
1.6 raeburn 1032: $info{'symb'} = $symb;
1033: }
1034: if (($lcroles->[0] eq 'cc') && ($reqcrs)) {
1035: $info{'lti.reqcrs'} = 1;
1036: $info{'lti.reqrole'} = 'cc';
1037: $info{'lti.sourcecrs'} = $sourcecrs;
1038: }
1039: if ($selfenrollrole) {
1040: $info{'lti.selfenrollrole'} = $selfenrollrole;
1.1 raeburn 1041: }
1.6 raeburn 1042: if ($ltihash->{'passback'}) {
1.1 raeburn 1043: if ($params->{'lis_result_sourcedid'}) {
1044: $info{'lti.passbackid'} = $params->{'lis_result_sourcedid'}
1045: }
1046: if ($params->{'lis_outcome_service_url'}) {
1047: $info{'lti.passbackurl'} = $params->{'lis_outcome_service_url'}
1048: }
1049: }
1.6 raeburn 1050: if (($ltihash->{'roster'}) && (grep(/^Instructor$/,@{$ltiroles}))) {
1.1 raeburn 1051: if ($params->{'ext_ims_lis_memberships_id'}) {
1052: $info{'lti.rosterid'} = $params->{'ext_ims_lis_memberships_id'};
1053: }
1054: if ($params->{'ext_ims_lis_memberships_url'}) {
1055: $info{'lti.rosterurl'} = $params->{'ext_ims_lis_memberships_url'};
1056: }
1057: }
1.8 raeburn 1058: if ($params->{'launch_presentation_document_target'}) {
1059: $info{'lti.target'} = $params->{'launch_presentation_document_target'};
1060: }
1061:
1.1 raeburn 1062: unless ($info{'symb'}) {
1063: if ($mapurl) {
1064: $info{'origurl'} = $mapurl;
1.6 raeburn 1065: } elsif ($tail =~ m{^\Q/tiny/$cdom/\E\w+$}) {
1066: $info{'origurl'} = $tail;
1.1 raeburn 1067: } else {
1068: unless ($tail eq '/adm/roles') {
1.26 raeburn 1069: if ($cnum) {
1070: $info{'origurl'} = '/adm/navmaps';
1071: }
1.1 raeburn 1072: }
1073: }
1074: }
1075: if (($is_balancer) && ($hosthere)) {
1076: $info{'noloadbalance'} = $hosthere;
1077: }
1078: my $token = &Apache::lonnet::tmpput(\%info,$lonhost);
1079: $env{'form.token'} = $token;
1080: $r->internal_redirect('/adm/migrateuser');
1081: $r->set_handlers('PerlHandler'=> undef);
1082: }
1.6 raeburn 1083: return;
1.1 raeburn 1084: }
1085:
1.32 raeburn 1086: sub linkprot_session {
1.42 raeburn 1087: my ($r,$uname,$cnum,$cdom,$uhome,$itemid,$ltitype,$dest,$lonhost,$exiturl,$pbid,$pburl) = @_;
1.32 raeburn 1088: $r->user($uname);
1089: if ($ltitype eq 'c') {
1.34 raeburn 1090: &Apache::lonnet::logthis("Course Link Protector ($itemid) authorized student: $uname:$cdom, course: $cdom\_$cnum");
1.32 raeburn 1091: } elsif ($ltitype eq 'd') {
1.34 raeburn 1092: &Apache::lonnet::logthis("Domain LTI for link protection ($itemid) authorized student: $uname:$cdom, course: $cdom\_$cnum");
1.32 raeburn 1093: }
1094: my ($is_balancer,$otherserver,$hosthere) = &check_balancer($r,$uname,$cdom);
1095: if (($is_balancer) && (!$hosthere)) {
1096: # login but immediately go to switch server
1.33 raeburn 1097: &Apache::lonauth::success($r,$uname,$cdom,$uhome,'noredirect');
1.32 raeburn 1098: $env{'form.origurl'} = $dest;
1099: $env{'request.linkprot'} = $itemid.$ltitype.':'.$dest;
1.38 raeburn 1100: $env{'request.linkprotuser'} = $uname.':'.$cdom;
1.32 raeburn 1101: $env{'request.deeplink.login'} = $dest;
1.39 raeburn 1102: if ($exiturl ne '') {
1103: $env{'request.linkprotexit'} = $exiturl;
1104: }
1.42 raeburn 1105: if ($pbid ne '') {
1106: $env{'request.linkprotpbid'} = $pbid;
1107: }
1108: if ($pburl ne '') {
1109: $env{'request.linkprotpburl'} = $pburl;
1110: }
1.32 raeburn 1111: my $redirecturl = '/adm/switchserver';
1112: if ($otherserver ne '') {
1113: $redirecturl .= '?otherserver='.$otherserver;
1114: }
1115: $r->internal_redirect($redirecturl);
1116: $r->set_handlers('PerlHandler'=> undef);
1117: } else {
1118: # need to login them in, so generate the data migrate expects to do login
1.37 raeburn 1119: my $ip = &Apache::lonnet::get_requestor_ip($r,REMOTE_NOLOOKUP);
1.32 raeburn 1120: my %info=('ip' => $ip,
1121: 'domain' => $cdom,
1122: 'username' => $uname,
1123: 'server' => $lonhost,
1124: 'linkprot' => $itemid.$ltitype.':'.$dest,
1.38 raeburn 1125: 'linkprotuser' => $uname.':'.$cdom,
1.32 raeburn 1126: 'home' => $uhome,
1127: 'origurl' => $dest,
1128: 'deeplink.login' => $dest,
1129: );
1.42 raeburn 1130: if ($pbid ne '') {
1131: $info{'linkprotpbid'} = $pbid;
1132: }
1133: if ($pburl ne '') {
1134: $info{'linkprotpburl'} = $pburl;
1135: }
1.39 raeburn 1136: if ($exiturl ne '') {
1137: $info{'linkprotexit'} = $exiturl;
1138: }
1.32 raeburn 1139: my $token = &Apache::lonnet::tmpput(\%info,$lonhost);
1140: $env{'form.token'} = $token;
1141: $r->internal_redirect('/adm/migrateuser');
1142: $r->set_handlers('PerlHandler'=> undef);
1143: }
1144: return;
1145: }
1146:
1147: sub check_balancer {
1148: my ($r,$uname,$udom) = @_;
1149: my ($is_balancer,$otherserver,$hosthere);
1150: ($is_balancer,$otherserver) =
1151: &Apache::lonnet::check_loadbalancing($uname,$udom,'login');
1152: if ($is_balancer) {
1.40 raeburn 1153: # Check if browser sent a LON-CAPA load balancer cookie (and this is a balancer)
1154: my ($found_server,$balancer_cookie) = &Apache::lonnet::check_for_balancer_cookie($r);
1155: if (($found_server) && ($balancer_cookie =~ /^\Q$udom\E_\Q$uname\E_/)) {
1156: $otherserver = $found_server;
1157: }
1.32 raeburn 1158: if ($otherserver eq '') {
1159: my $lowest_load;
1160: ($otherserver,undef,undef,undef,$lowest_load) = &Apache::lonnet::choose_server($udom);
1161: if ($lowest_load > 100) {
1162: $otherserver = &Apache::lonnet::spareserver($r,$lowest_load,$lowest_load,1,$udom);
1163: }
1164: }
1165: if ($otherserver ne '') {
1166: my @hosts = &Apache::lonnet::current_machine_ids();
1167: if (grep(/^\Q$otherserver\E$/,@hosts)) {
1168: $hosthere = $otherserver;
1169: }
1170: }
1171: }
1172: return ($is_balancer,$otherserver,$hosthere);
1173: }
1174:
1.1 raeburn 1175: sub invalid_request {
1.32 raeburn 1176: my ($r,$msg) = @_;
1.1 raeburn 1177: &Apache::loncommon::content_type($r,'text/html');
1178: $r->send_http_header;
1179: if ($r->header_only) {
1180: return;
1181: }
1182: &Apache::lonlocal::get_language_handle($r);
1183: $r->print(
1.10 raeburn 1184: &Apache::loncommon::start_page('Invalid LTI call','',{ 'only_body' => 1,}).
1.32 raeburn 1185: '<h3>'.&mt('Invalid LTI launch request').'</h3>'.
1186: '<p class="LC_warning">'.
1187: &mt('Launch of LON-CAPA is unavailable from the "external tool" link you had followed in another web application.').
1.36 raeburn 1188: ' '.&mt('Launch failed for the following reason:').
1.32 raeburn 1189: '</p>'.
1.33 raeburn 1190: '<p class="LC_error">'.$msg.'</p>'.
1.1 raeburn 1191: &Apache::loncommon::end_page());
1192: return;
1193: }
1194:
1.20 raeburn 1195: sub course_from_tinyurl {
1196: my ($tail) = @_;
1197: my ($urlcdom,$urlcnum);
1198: if ($tail =~ m{^/tiny/($match_domain)/(\w+)$}) {
1.21 raeburn 1199: ($urlcdom,my $key) = ($1,$2);
1.20 raeburn 1200: my $tinyurl;
1201: my ($result,$cached)=&Apache::lonnet::is_cached_new('tiny',$urlcdom."\0".$key);
1202: if (defined($cached)) {
1203: $tinyurl = $result;
1204: } else {
1205: my $configuname = &Apache::lonnet::get_domainconfiguser($urlcdom);
1206: my %currtiny = &Apache::lonnet::get('tiny',[$key],$urlcdom,$configuname);
1207: if ($currtiny{$key} ne '') {
1208: $tinyurl = $currtiny{$key};
1209: &Apache::lonnet::do_cache_new('tiny',$urlcdom."\0".$key,$currtiny{$key},600);
1210: }
1211: }
1212: if ($tinyurl ne '') {
1213: $urlcnum = (split(/\&/,$tinyurl))[0];
1214: }
1215: }
1216: return ($urlcdom,$urlcnum);
1217: }
1218:
1.1 raeburn 1219: 1;
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/back.gif){kind=icon}
Return to ltiauth.pm CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [LON-CAPA] / loncom / lti