|
version 1.1, 2017/12/07 15:36:25
|
version 1.5, 2018/08/14 23:50:20
|
|
Line 32 use strict;
|
Line 32 use strict;
|
| use Apache::Constants qw(:common :http); |
use Apache::Constants qw(:common :http); |
| use Encode; |
use Encode; |
| use Digest::SHA; |
use Digest::SHA; |
| |
use URI::Escape; |
| use Apache::lonnet; |
use Apache::lonnet; |
| use Apache::loncommon; |
use Apache::loncommon; |
| use Apache::lonacc; |
use Apache::lonacc; |
|
Line 41 use LONCAPA::ltiutils;
|
Line 42 use LONCAPA::ltiutils;
|
| sub handler { |
sub handler { |
| my $r = shift; |
my $r = shift; |
| my %errors; |
my %errors; |
| |
my $params = {}; |
| |
my ($oauthtype,$authheader); |
| |
# |
| |
# Retrieve content type from headers |
| |
# |
| |
my $content_type = $r->headers_in->get('Content-Type'); |
| |
if ($content_type eq 'application/xml') { |
| |
$oauthtype = 'consumer'; |
| |
# |
| |
# Retrieve OAuth data sent by LTI Provider from Authorization header |
| |
# |
| |
$authheader = $r->headers_in->get('Authorization'); |
| |
my ($authtype,$valuestr) = ($authheader =~ /^(OAuth)\s+(.+)$/i); |
| |
if (lc($authtype) eq 'oauth') { |
| |
foreach my $pair (split(/\s*,\s*/,$valuestr)) { |
| |
my ($key,$value) = split(/=/,$pair); |
| |
$value =~ s /(^"|"$)//g; |
| |
$params->{$key} = URI::Escape::uri_unescape($value); |
| |
} |
| |
} |
| |
} else { |
| |
$oauthtype = 'request token'; |
| # |
# |
| # Retrieve data POSTed by LTI Provider |
# Retrieve data POSTed by LTI Provider |
| # |
# |
| &Apache::lonacc::get_posted_cgi($r); |
&Apache::lonacc::get_posted_cgi($r); |
| my $params = {}; |
foreach my $key (sort(keys(%env))) { |
| foreach my $key (sort(keys(%env))) { |
if ($key =~ /^form\.(.+)$/) { |
| if ($key =~ /^form\.(.+)$/) { |
$params->{$1} = $env{$key}; |
| $params->{$1} = $env{$key}; |
} |
| } |
} |
| } |
} |
| |
|
|
Line 85 sub handler {
|
Line 108 sub handler {
|
| ($cdom,$cnum) = &LONCAPA::ltiutils::get_loncapa_course($r->dir_config('lonHostID'), |
($cdom,$cnum) = &LONCAPA::ltiutils::get_loncapa_course($r->dir_config('lonHostID'), |
| $cid,\%errors); |
$cid,\%errors); |
| unless ($cdom && $cnum) { |
unless ($cdom && $cnum) { |
| $errors{4} = 1; |
|
| &invalid_request($r,\%errors); |
&invalid_request($r,\%errors); |
| return OK; |
return OK; |
| } |
} |
|
Line 98 sub handler {
|
Line 120 sub handler {
|
| &LONCAPA::ltiutils::get_tool_instance($cdom,$cnum,$digsymb,undef,\%errors); |
&LONCAPA::ltiutils::get_tool_instance($cdom,$cnum,$digsymb,undef,\%errors); |
| |
|
| unless ($marker) { |
unless ($marker) { |
| $errors{5} = 1; |
$errors{4} = 1; |
| &invalid_request($r,\%errors); |
&invalid_request($r,\%errors); |
| return OK; |
return OK; |
| } |
} |
|
Line 123 sub handler {
|
Line 145 sub handler {
|
| if ($ENV{'SERVER_PORT'} == 443) { |
if ($ENV{'SERVER_PORT'} == 443) { |
| $protocol = 'https'; |
$protocol = 'https'; |
| } |
} |
| unless (LONCAPA::ltiutils::verify_request($params,$protocol,$r->hostname,$r->uri, |
unless (LONCAPA::ltiutils::verify_request($oauthtype,$protocol,$r->hostname,$r->uri, |
| $env{'request.method'},$consumer_secret, |
$env{'request.method'},$consumer_secret, |
| \%errors)) { |
$params,$authheader,\%errors)) { |
| $errors{6} = 1; |
|
| &invalid_request($r,\%errors); |
&invalid_request($r,\%errors); |
| return OK; |
return OK; |
| } |
} |
|
Line 137 sub handler {
|
Line 158 sub handler {
|
| |
|
| unless (&LONCAPA::ltiutils::check_nonce($params->{'oauth_nonce'},$params->{'oauth_timestamp'}, |
unless (&LONCAPA::ltiutils::check_nonce($params->{'oauth_nonce'},$params->{'oauth_timestamp'}, |
| $nonce_lifetime,$cdom,$r->dir_config('lonLTIDir'))) { |
$nonce_lifetime,$cdom,$r->dir_config('lonLTIDir'))) { |
| $errors{7} = 1; |
$errors{16} = 1; |
| &invalid_request($r,\%errors); |
&invalid_request($r,\%errors); |
| return OK; |
return OK; |
| } |
} |
|
Line 149 sub handler {
|
Line 170 sub handler {
|
| |
|
| unless (&LONCAPA::ltiutils::verify_lis_item($rostersig,'roster',$digsymb,undef,$cdom,$cnum, |
unless (&LONCAPA::ltiutils::verify_lis_item($rostersig,'roster',$digsymb,undef,$cdom,$cnum, |
| \%toolsettings,\%ltitools,\%errors)) { |
\%toolsettings,\%ltitools,\%errors)) { |
| $errors{8} = 1; |
|
| &invalid_request($r,\%errors); |
&invalid_request($r,\%errors); |
| return OK; |
return OK; |
| } |
} |
|
Line 165 sub handler {
|
Line 185 sub handler {
|
| } |
} |
| |
|
| unless (keys(%maproles)) { |
unless (keys(%maproles)) { |
| $errors{9} = 1; |
$errors{21} = 1; |
| &invalid_request($r,\%errors); |
&invalid_request($r,\%errors); |
| return OK; |
return OK; |
| } |
} |
|
Line 183 sub handler {
|
Line 203 sub handler {
|
| \%toolsettings,\%ltitools) eq 'ok') { |
\%toolsettings,\%ltitools) eq 'ok') { |
| if ($toolsettings{'gradesecret'} ne '') { |
if ($toolsettings{'gradesecret'} ne '') { |
| $needsresult = 1; |
$needsresult = 1; |
| $gradesecret = $ltitools{'gradesecret'}; |
$gradesecret = $toolsettings{'gradesecret'}; |
| } |
} |
| } |
} |
| } |
} |
|
Line 392 sub invalid_request {
|
Line 412 sub invalid_request {
|
| my ($r,$errors) = @_; |
my ($r,$errors) = @_; |
| my $errormsg; |
my $errormsg; |
| if (ref($errors) eq 'HASH') { |
if (ref($errors) eq 'HASH') { |
| $errormsg = join('&&',keys(%{$errors})); |
$errormsg = join(',',keys(%{$errors})); |
| } |
} |
| &Apache::loncommon::content_type($r,'text/xml'); |
&Apache::loncommon::content_type($r,'text/xml'); |
| $r->send_http_header; |
$r->send_http_header; |
![[BACK]](/icons/back.gif){kind=icon}
Return to ltiroster.pm CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [LON-CAPA] / loncom / lti