Diff for /loncom/lti/ltiutils.pm between versions 1.17.2.6 and 1.19

version 1.17.2.6, 2025/01/16 21:52:05 version 1.19, 2023/06/02 01:20:28
Line 34  use Digest::SHA; Line 34  use Digest::SHA;
 use Digest::MD5 qw(md5_hex);  use Digest::MD5 qw(md5_hex);
 use Encode;  use Encode;
 use UUID::Tiny ':std';  use UUID::Tiny ':std';
 use HTTP::Status;  
 use LWP::UserAgent();   
 use Apache::lonnet;  use Apache::lonnet;
 use Apache::loncommon;  use Apache::loncommon;
 use Apache::loncoursedata;  use Apache::loncoursedata;
Line 100  sub check_nonce { Line 98  sub check_nonce {
 # LON-CAPA as LTI Consumer  # LON-CAPA as LTI Consumer
 #  #
 # Determine the domain and the courseID of the LON-CAPA course  # Determine the domain and the courseID of the LON-CAPA course
 # for which access is needed by a Tool Provider -- either to  # for which access is needed by a Tool Provider -- either to 
 # retrieve a roster or store the grade for an instance of an  # retrieve a roster or store the grade for an instance of an 
 # external tool in the course.  # external tool in the course.
 #  #
   
Line 146  sub get_loncapa_course { Line 144  sub get_loncapa_course {
 #  #
 # LON-CAPA as LTI Consumer  # LON-CAPA as LTI Consumer
 #  #
 # Determine the symb and (optionally) LON-CAPA user for an  # Determine the symb and (optionally) LON-CAPA user for an 
 # instance of an external tool in a course -- either to  # instance of an external tool in a course -- either to 
 # to retrieve a roster or store a grade.  # to retrieve a roster or store a grade.
 #  #
 # Use the digested symb to lookup the real symb in exttools.db  # Use the digested symb to lookup the real symb in exttools.db
Line 159  sub get_tool_instance { Line 157  sub get_tool_instance {
     my ($cdom,$cnum,$digsymb,$diguser,$errors) = @_;      my ($cdom,$cnum,$digsymb,$diguser,$errors) = @_;
     return unless (ref($errors) eq 'HASH');      return unless (ref($errors) eq 'HASH');
     my ($marker,$symb,$uname,$udom);      my ($marker,$symb,$uname,$udom);
     my @keys = ($digsymb);      my @keys = ($digsymb); 
     if ($diguser) {      if ($diguser) {
         push(@keys,$diguser);          push(@keys,$diguser);
     }      }
Line 190  sub get_tool_instance { Line 188  sub get_tool_instance {
 # LON-CAPA as LTI Consumer  # LON-CAPA as LTI Consumer
 #  #
 # Retrieve data needed to validate a request from a Tool Provider  # Retrieve data needed to validate a request from a Tool Provider
 # for a roster or to store a grade for an instance of an external  # for a roster or to store a grade for an instance of an external 
 # tool in a LON-CAPA course.  # tool in a LON-CAPA course.
 #  #
 # Retrieve the Consumer key and Consumer secret from the domain  # Retrieve the Consumer key and Consumer secret from the domain 
 # configuration or the Tool Provider ID stored in the  # configuration or the Tool Provider ID stored in the
 # exttool_$marker db file and compare the Consumer key with the  # exttool_$marker db file and compare the Consumer key with the
 # one in the POSTed data.  # one in the POSTed data.
 #  #
 # Side effect is to populate the $toolsettings hashref with the  # Side effect is to populate the $toolsettings hashref with the 
 # contents of the .db file (instance of tool in course) and the  # contents of the .db file (instance of tool in course) and the
 # $ltitools hashref with the configuration for the tool (at  # $ltitools hashref with the configuration for the tool (at
 # domain level).  # domain level).
Line 311  sub verify_request { Line 309  sub verify_request {
   
 sub verify_lis_item {  sub verify_lis_item {
     my ($sigrec,$context,$digsymb,$diguser,$cdom,$cnum,$toolsettings,$ltitools,$errors) = @_;      my ($sigrec,$context,$digsymb,$diguser,$cdom,$cnum,$toolsettings,$ltitools,$errors) = @_;
     return unless ((ref($toolsettings) eq 'HASH') && (ref($ltitools) eq 'HASH') &&      return unless ((ref($toolsettings) eq 'HASH') && (ref($ltitools) eq 'HASH') && 
                    (ref($errors) eq 'HASH'));                     (ref($errors) eq 'HASH'));
     my ($has_action, $valid_for);      my ($has_action, $valid_for);
     if ($context eq 'grade') {      if ($context eq 'grade') {
Line 332  sub verify_lis_item { Line 330  sub verify_lis_item {
             my $expected_sig;              my $expected_sig;
             if ($context eq 'grade') {              if ($context eq 'grade') {
                 my $uniqid = $digsymb.':::'.$diguser.':::'.$cdom.'_'.$cnum;                  my $uniqid = $digsymb.':::'.$diguser.':::'.$cdom.'_'.$cnum;
                 $expected_sig = (split(/:::/,&get_service_id($secret,$uniqid)))[0];                  $expected_sig = (split(/:::/,&get_service_id($secret,$uniqid)))[0]; 
                 if ($expected_sig eq $sigrec) {                  if ($expected_sig eq $sigrec) {
                     return 1;                      return 1;
                 } else {                  } else {
Line 340  sub verify_lis_item { Line 338  sub verify_lis_item {
                 }                  }
             } elsif ($context eq 'roster') {              } elsif ($context eq 'roster') {
                 my $uniqid = $digsymb.':::'.$cdom.'_'.$cnum;                  my $uniqid = $digsymb.':::'.$cdom.'_'.$cnum;
                 $expected_sig = (split(/:::/,&get_service_id($secret,$uniqid)))[0];                  $expected_sig = (split(/:::/,&get_service_id($secret,$uniqid)))[0]; 
                 if ($expected_sig eq $sigrec) {                  if ($expected_sig eq $sigrec) {
                     return 1;                      return 1;
                 } else {                  } else {
Line 419  sub get_service_id { Line 417  sub get_service_id {
 # grade store). An existing secret past its expiration date  # grade store). An existing secret past its expiration date
 # will be stored as old<service name>secret, and a new secret  # will be stored as old<service name>secret, and a new secret
 # <service name>secret will be stored.  # <service name>secret will be stored.
 #  # 
 # Secrets are specific to service name and to the tool instance  # Secrets are specific to service name and to the tool instance 
 # (and are stored in the exttool_$marker db file).  # (and are stored in the exttool_$marker db file).
 # The time period a secret remains valid is determined by the  # The time period a secret remains valid is determined by the 
 # domain configuration for the specific tool and the service.  # domain configuration for the specific tool and the service.
 #  # 
   
 sub set_service_secret {  sub set_service_secret {
     my ($cdom,$cnum,$marker,$name,$now,$toolsettings,$ltitools) = @_;      my ($cdom,$cnum,$marker,$name,$now,$toolsettings,$ltitools) = @_;
Line 474  sub set_service_secret { Line 472  sub set_service_secret {
 #  #
 # LON-CAPA as LTI Consumer  # LON-CAPA as LTI Consumer
 #  #
 # Add a lock key to exttools.db for the instance of an external tool  # Add a lock key to exttools.db for the instance of an external tool 
 # when generating and storing a service secret.  # when generating and storing a service secret.
 #  #
   
Line 541  sub parse_grade_xml { Line 539  sub parse_grade_xml {
                 my ($text) = @_;                  my ($text) = @_;
                 if ("@state" eq "imsx_POXEnvelopeRequest imsx_POXBody replaceResultRequest resultRecord sourcedGUID sourcedId") {                  if ("@state" eq "imsx_POXEnvelopeRequest imsx_POXBody replaceResultRequest resultRecord sourcedGUID sourcedId") {
                     $data{$count}{sourcedid} = $text;                      $data{$count}{sourcedid} = $text;
                 } elsif ("@state" eq "imsx_POXEnvelopeRequest imsx_POXBody replaceResultRequest resultRecord result resultScore textString") {                  } elsif ("@state" eq "imsx_POXEnvelopeRequest imsx_POXBody replaceResultRequest resultRecord result resultScore textString") {                               
                     $data{$count}{score} = $text;                      $data{$count}{score} = $text;
                 }                  }
             }, "dtext"],              }, "dtext"],
Line 694  sub get_roster { Line 692  sub get_roster {
                           ? join("&$name=", map {escape($_) } @{$hashref->{$_}})                            ? join("&$name=", map {escape($_) } @{$hashref->{$_}})
                           : &escape($hashref->{$_}) );                            : &escape($hashref->{$_}) );
         } keys(%{$hashref})));          } keys(%{$hashref})));
         my $ua=new LWP::UserAgent;          my $response = &LONCAPA::LWPReq::makerequest('',$request,'','',10);
         $ua->timeout(10);  
         my $response=$ua->request($request);  
         my $message=$response->status_line;          my $message=$response->status_line;
         if (($response->is_success) && ($response->content ne '')) {          if (($response->is_success) && ($response->content ne '')) {
             my %data = ();              my %data = ();
Line 756  sub send_grade { Line 752  sub send_grade {
             $score = Math::Round::round($score);              $score = Math::Round::round($score);
         } else {          } else {
             $score = $total/$possible;              $score = $total/$possible;
             $score = sprintf("%.4f",$score);              $score = sprintf("%.2f",$score);
         }          }
     }      }
     if ($sigmethod eq '') {      if ($sigmethod eq '') {
         $sigmethod = 'HMAC-SHA1';          $sigmethod = 'HMAC-SHA1';
     }      }
     my ($request,$sendit,$respcode,$result);      my $request;
     if ($msgformat eq '1.0') {      if ($msgformat eq '1.0') {
         my $date = &Apache::loncommon::utc_string(time);          my $date = &Apache::loncommon::utc_string(time);
         my %ltiparams = (          my %ltiparams = (
Line 777  sub send_grade { Line 773  sub send_grade {
         );          );
         my %info = (          my %info = (
                         method => $sigmethod,                          method => $sigmethod,
                    );                     ); 
         my ($status,$hashref) =          my ($status,$hashref) =
             &Apache::lonnet::sign_lti($cdom,$cnum,$crsdef,$type,'grade',$url,$ltinum,$keynum,              &Apache::lonnet::sign_lti($cdom,$cnum,$crsdef,$type,'grade',$url,$ltinum,$keynum,
                                       \%ltiparams,\%info);                                        \%ltiparams,\%info);   
         if (($status eq 'ok') && (ref($hashref) eq 'HASH')) {          if (($status eq 'ok') && (ref($hashref) eq 'HASH')) {
             $request=new HTTP::Request('POST',$url);              $request=new HTTP::Request('POST',$url);
             $request->content(join('&',map {              $request->content(join('&',map {
Line 789  sub send_grade { Line 785  sub send_grade {
                               ? join("&$name=", map {escape($_) } @{$hashref->{$_}})                                ? join("&$name=", map {escape($_) } @{$hashref->{$_}})
                               : &escape($hashref->{$_}) );                                : &escape($hashref->{$_}) );
                               } keys(%{$hashref})));                                } keys(%{$hashref})));
             $sendit = 1;  #FIXME Need to handle case where passback failed.
         }          }
     } else {      } else {
         srand( time() ^ ($$ + ($$ << 15))  ); # Seed rand.          srand( time() ^ ($$ + ($$ << 15))  ); # Seed rand.
Line 806  sub send_grade { Line 802  sub send_grade {
   <imsx_POXBody>    <imsx_POXBody>
     <replaceResultRequest>      <replaceResultRequest>
       <resultRecord>        <resultRecord>
         <sourcedGUID>   <sourcedGUID>
           <sourcedId>$id</sourcedId>    <sourcedId>$id</sourcedId>
         </sourcedGUID>   </sourcedGUID>
         <result>   <result>
           <resultScore>    <resultScore>
             <language>en</language>      <language>en</language>
             <textString>$score</textString>      <textString>$score</textString>
           </resultScore>    </resultScore>
         </result>   </result>
       </resultRecord>        </resultRecord>
     </replaceResultRequest>      </replaceResultRequest>
   </imsx_POXBody>    </imsx_POXBody>
Line 838  END Line 834  END
             &Apache::lonnet::sign_lti($cdom,$cnum,$crsdef,$type,'grade',$url,$ltinum,$keynum,\%params,\%info);              &Apache::lonnet::sign_lti($cdom,$cnum,$crsdef,$type,'grade',$url,$ltinum,$keynum,\%params,\%info);
         if (($status eq 'ok') && ($authheader ne '')) {          if (($status eq 'ok') && ($authheader ne '')) {
             $request = HTTP::Request->new(              $request = HTTP::Request->new(
                            $reqmethod,                     $reqmethod,
                            $url,                     $url,
                            [                     [
                               'Authorization' => $authheader,                'Authorization' => $authheader,
                               'Content-Type'  => 'application/xml',                'Content-Type'  => 'application/xml',
                            ],                     ],
                            $gradexml,                     $gradexml,
             );              );
             $sendit = 1;              my $response = &LONCAPA::LWPReq::makerequest('',$request,'','',10);
               my $message=$response->status_line;
   #FIXME Handle case where pass back of score to LTI Consumer failed.
         }          }
     }      }
     if ($sendit) {   
         my $ua=new LWP::UserAgent;  
         $ua->timeout(10);  
         my $response=$ua->request($request);  
         my $message=$response->status_line;  
         $respcode = $response->code;  
         $result = HTTP::Status::status_message($respcode);  
     }  
     return ($sendit,$score,$respcode,$result);  
 }  }
   
 sub setup_logout_callback {  sub setup_logout_callback {
Line 875  sub setup_logout_callback { Line 864  sub setup_logout_callback {
             my %info = (              my %info = (
                 respfmt => 'to_post_body',                  respfmt => 'to_post_body',
             );              );
             my ($status,$post) =              my ($status,$post) = 
                 &Apache::lonnet::sign_lti($cdom,$cnum,$crstool,'lti','logout',$service_url,$idx,                  &Apache::lonnet::sign_lti($cdom,$cnum,$crstool,'lti','logout',$service_url,$idx,
                                           $keynum,\%ltiparams,\%info);                                            $keynum,\%ltiparams,\%info);
             if (($status eq 'ok') && ($post ne '')) {              if (($status eq 'ok') && ($post ne '')) {
                 my $ua=new LWP::UserAgent;  
                 $ua->timeout(10);  
                 my $request=new HTTP::Request('POST',$service_url);                  my $request=new HTTP::Request('POST',$service_url);
                 $request->content($post);                  $request->content($post);
                 my $response=$ua->request($request);                  my $response = &LONCAPA::LWPReq::makerequest('',$request,'','',10);
             }              }
         }          }
     }      }
Line 1078  sub enrolluser { Line 1065  sub enrolluser {
 # with LTI Instructor status.  # with LTI Instructor status.
 #  #
 # A list of users is obtained by a call to get_roster()  # A list of users is obtained by a call to get_roster()
 # if the calling Consumer support the LTI extension:  # if the calling Consumer support the LTI extension: 
 # Context Memberships Service.  # Context Memberships Service. 
 #  #
 # If a user included in the retrieved list does not currently  # If a user included in the retrieved list does not currently
 # have a user account in LON-CAPA, an account will be created.  # have a user account in LON-CAPA, an account will be created.
Line 1383  sub get_lc_roles { Line 1370  sub get_lc_roles {
 # LON-CAPA as LTI Provider  # LON-CAPA as LTI Provider
 #  #
 # Compares current start and dates for a user's role  # Compares current start and dates for a user's role
 # with dates to apply for the same user/role to  # with dates to apply for the same user/role to 
 # determine if there is a change between the current  # determine if there is a change between the current
 # ones and the updated ones.  # ones and the updated ones.
 #  # 
   
 sub datechange_check {  sub datechange_check {
     my ($oldstart,$oldend,$startdate,$enddate) = @_;      my ($oldstart,$oldend,$startdate,$enddate) = @_;

Removed from v.1.17.2.6  
changed lines
  Added in v.1.19


FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>