coregrade/CoreGradeLearning
1
0
Fork 0
Code Issues Pull Requests Releases Activity

first commit

Browse Source
This commit is contained in:
CHIEFSOFT\ameye
2024-09-30 18:11:26 -04:00
commit e592ca6823
27270 changed files with 5002257 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
mod/lti/classes/local/ltiopenid/jwks_helper.php
+138
View File
@@ -0,0 +1,138 @@
<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
/**
* This files exposes functions for LTI 1.3 Key Management.
*
* @package mod_lti
* @copyright 2020 Claude Vervoort (Cengage)
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
namespace mod_lti\local\ltiopenid;
use Firebase\JWT\JWT;
/**
* This class exposes functions for LTI 1.3 Key Management.
*
* @package mod_lti
* @copyright 2020 Claude Vervoort (Cengage)
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
class jwks_helper {
/**
*
* See https://www.imsglobal.org/spec/security/v1p1#approved-jwt-signing-algorithms.
* @var string[]
*/
private static $ltisupportedalgs = [
'RS256' => 'RSA',
'RS384' => 'RSA',
'RS512' => 'RSA',
'ES256' => 'EC',
'ES384' => 'EC',
'ES512' => 'EC'
];
/**
* Returns the private key to use to sign outgoing JWT.
*
* @return array keys are kid and key in PEM format.
*/
public static function get_private_key() {
$privatekey = get_config('mod_lti', 'privatekey');
$kid = get_config('mod_lti', 'kid');
return [
"key" => $privatekey,
"kid" => $kid
];
}
/**
* Returns the JWK Key Set for this site.
* @return array keyset exposting the site public key.
*/
public static function get_jwks() {
$jwks = array('keys' => array());
$privatekey = self::get_private_key();
$res = openssl_pkey_get_private($privatekey['key']);
$details = openssl_pkey_get_details($res);
// Avoid passing null values to base64_encode.
if (!isset($details['rsa']['e']) || !isset($details['rsa']['n'])) {
throw new \moodle_exception('Error: essential openssl keys not set');
}
$jwk = array();
$jwk['kty'] = 'RSA';
$jwk['alg'] = 'RS256';
$jwk['kid'] = $privatekey['kid'];
$jwk['e'] = rtrim(strtr(base64_encode($details['rsa']['e']), '+/', '-_'), '=');
$jwk['n'] = rtrim(strtr(base64_encode($details['rsa']['n']), '+/', '-_'), '=');
$jwk['use'] = 'sig';
$jwks['keys'][] = $jwk;
return $jwks;
}
/**
* Take an array of JWKS keys and infer the 'alg' property for a single key, if missing, based on an input JWT.
*
* This only sets the 'alg' property for a single key when all the following conditions are met:
* - The key's 'kid' matches the 'kid' provided in the JWT's header.
* - The key's 'alg' is missing.
* - The JWT's header 'alg' matches the algorithm family of the key (the key's kty).
* - The JWT's header 'alg' matches one of the approved LTI asymmetric algorithms.
*
* Keys not matching the above are left unchanged.
*
* @param array $jwks the keyset array.
* @param string $jwt the JWT string.
* @return array the fixed keyset array.
*/
public static function fix_jwks_alg(array $jwks, string $jwt): array {
$jwtparts = explode('.', $jwt);
$jwtheader = json_decode(JWT::urlsafeB64Decode($jwtparts[0]), true);
if (!isset($jwtheader['kid'])) {
throw new \moodle_exception('Error: kid must be provided in JWT header.');
}
foreach ($jwks['keys'] as $index => $key) {
// Only fix the key being referred to in the JWT.
if ($jwtheader['kid'] != $key['kid']) {
continue;
}
// Only fix the key if the alg is missing.
if (!empty($key['alg'])) {
continue;
}
// The header alg must match the key type (family) specified in the JWK's kty.
if (!isset(static::$ltisupportedalgs[$jwtheader['alg']]) ||
static::$ltisupportedalgs[$jwtheader['alg']] != $key['kty']) {
throw new \moodle_exception('Error: Alg specified in the JWT header is incompatible with the JWK key type');
}
$jwks['keys'][$index]['alg'] = $jwtheader['alg'];
}
return $jwks;
}
}
mod/lti/classes/local/ltiopenid/registration_exception.php
+32
View File
@@ -0,0 +1,32 @@
<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
/**
* This library exposes functions for LTI Dynamic Registration.
*
* @package mod_lti
* @copyright 2020 Claude Vervoort (Cengage), Carlos Costa, Adrian Hutchinson (Macgraw Hill)
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
namespace mod_lti\local\ltiopenid;
/**
* Exception when transforming the registration to LTI config.
*
* Code is the HTTP Error code.
*/
class registration_exception extends \Exception {
}
mod/lti/classes/local/ltiopenid/registration_helper.php
+449
View File
@@ -0,0 +1,449 @@
<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
/**
* A Helper for LTI Dynamic Registration.
*
* @package mod_lti
* @copyright 2020 Claude Vervoort (Cengage), Carlos Costa, Adrian Hutchinson (Macgraw Hill)
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
namespace mod_lti\local\ltiopenid;
defined('MOODLE_INTERNAL') || die;
require_once($CFG->dirroot . '/mod/lti/locallib.php');
use Firebase\JWT\JWK;
use Firebase\JWT\JWT;
use Firebase\JWT\Key;
use stdClass;
/**
* This class exposes functions for LTI Dynamic Registration.
*
* @package mod_lti
* @copyright 2020 Claude Vervoort (Cengage), Carlos Costa, Adrian Hutchinson (Macgraw Hill)
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
class registration_helper {
/** score scope */
const SCOPE_SCORE = 'https://purl.imsglobal.org/spec/lti-ags/scope/score';
/** result scope */
const SCOPE_RESULT = 'https://purl.imsglobal.org/spec/lti-ags/scope/result.readonly';
/** lineitem read-only scope */
const SCOPE_LINEITEM_RO = 'https://purl.imsglobal.org/spec/lti-ags/scope/lineitem.readonly';
/** lineitem full access scope */
const SCOPE_LINEITEM = 'https://purl.imsglobal.org/spec/lti-ags/scope/lineitem';
/** Names and Roles (membership) scope */
const SCOPE_NRPS = 'https://purl.imsglobal.org/spec/lti-nrps/scope/contextmembership.readonly';
/** Tool Settings scope */
const SCOPE_TOOL_SETTING = 'https://purl.imsglobal.org/spec/lti-ts/scope/toolsetting';
/** Indicates the token is to create a new registration */
const REG_TOKEN_OP_NEW_REG = 'reg';
/** Indicates the token is to update an existing registration */
const REG_TOKEN_OP_UPDATE_REG = 'reg-update';
/**
* Get an instance of this helper
*
* @return object
*/
public static function get() {
return new registration_helper();
}
/**
* Function used to validate parameters.
*
* This function is needed because the payload contains nested
* objects, and optional_param() does not support arrays of arrays.
*
* @param array $payload that may contain the parameter key
* @param string $key the key of the value to be looked for in the payload
* @param bool $required if required, not finding a value will raise a registration_exception
*
* @return mixed
*/
private function get_parameter(array $payload, string $key, bool $required) {
if (!isset($payload[$key]) || empty($payload[$key])) {
if ($required) {
throw new registration_exception('missing required attribute '.$key, 400);
}
return null;
}
$parameter = $payload[$key];
// Cleans parameters to avoid XSS and other issues.
if (is_array($parameter)) {
return clean_param_array($parameter, PARAM_TEXT, true);
}
return clean_param($parameter, PARAM_TEXT);
}
/**
* Transforms an LTI 1.3 Registration to a Moodle LTI Config.
*
* @param array $registrationpayload the registration data received from the tool.
* @param string $clientid the clientid to be issued for that tool.
*
* @return object the Moodle LTI config.
*/
public function registration_to_config(array $registrationpayload, string $clientid): object {
$responsetypes = $this->get_parameter($registrationpayload, 'response_types', true);
$initiateloginuri = $this->get_parameter($registrationpayload, 'initiate_login_uri', true);
$redirecturis = $this->get_parameter($registrationpayload, 'redirect_uris', true);
$clientname = $this->get_parameter($registrationpayload, 'client_name', true);
$jwksuri = $this->get_parameter($registrationpayload, 'jwks_uri', true);
$tokenendpointauthmethod = $this->get_parameter($registrationpayload, 'token_endpoint_auth_method', true);
$applicationtype = $this->get_parameter($registrationpayload, 'application_type', false);
$logouri = $this->get_parameter($registrationpayload, 'logo_uri', false);
$ltitoolconfiguration = $this->get_parameter($registrationpayload,
'https://purl.imsglobal.org/spec/lti-tool-configuration', true);
$domain = $this->get_parameter($ltitoolconfiguration, 'domain', false);
$targetlinkuri = $this->get_parameter($ltitoolconfiguration, 'target_link_uri', false);
$customparameters = $this->get_parameter($ltitoolconfiguration, 'custom_parameters', false);
$scopes = explode(" ", $this->get_parameter($registrationpayload, 'scope', false) ?? '');
$claims = $this->get_parameter($ltitoolconfiguration, 'claims', false);
$messages = $ltitoolconfiguration['messages'] ?? [];
$description = $this->get_parameter($ltitoolconfiguration, 'description', false);
// Validate domain and target link.
if (empty($domain)) {
throw new registration_exception('missing_domain', 400);
}
$targetlinkuri = $targetlinkuri ?: 'https://'.$domain;
// Stripping www as this is ignored for domain matching.
$domain = lti_get_domain_from_url($domain);
if ($domain !== lti_get_domain_from_url($targetlinkuri)) {
throw new registration_exception('domain_targetlinkuri_mismatch', 400);
}
// Validate response type.
// According to specification, for this scenario, id_token must be explicitly set.
if (!in_array('id_token', $responsetypes)) {
throw new registration_exception('invalid_response_types', 400);
}
// According to specification, this parameter needs to be an array.
if (!is_array($redirecturis)) {
throw new registration_exception('invalid_redirect_uris', 400);
}
// According to specification, for this scenario private_key_jwt must be explicitly set.
if ($tokenendpointauthmethod !== 'private_key_jwt') {
throw new registration_exception('invalid_token_endpoint_auth_method', 400);
}
if (!empty($applicationtype) && $applicationtype !== 'web') {
throw new registration_exception('invalid_application_type', 400);
}
$config = new stdClass();
$config->lti_clientid = $clientid;
$config->lti_toolurl = $targetlinkuri;
$config->lti_tooldomain = $domain;
$config->lti_typename = $clientname;
$config->lti_description = $description;
$config->lti_ltiversion = LTI_VERSION_1P3;
$config->lti_organizationid_default = LTI_DEFAULT_ORGID_SITEID;
$config->lti_icon = $logouri;
$config->lti_coursevisible = LTI_COURSEVISIBLE_PRECONFIGURED;
$config->lti_contentitem = 0;
// Sets Content Item.
if (!empty($messages)) {
$messagesresponse = [];
foreach ($messages as $value) {
if ($value['type'] === 'LtiDeepLinkingRequest') {
$config->lti_contentitem = 1;
$config->lti_toolurl_ContentItemSelectionRequest = $value['target_link_uri'] ?? '';
array_push($messagesresponse, $value);
}
}
}
$config->lti_keytype = 'JWK_KEYSET';
$config->lti_publickeyset = $jwksuri;
$config->lti_initiatelogin = $initiateloginuri;
$config->lti_redirectionuris = implode(PHP_EOL, $redirecturis);
$config->lti_customparameters = '';
// Sets custom parameters.
if (isset($customparameters)) {
$paramssarray = [];
foreach ($customparameters as $key => $value) {
array_push($paramssarray, $key . '=' . $value);
}
$config->lti_customparameters = implode(PHP_EOL, $paramssarray);
}
// Sets launch container.
$config->lti_launchcontainer = LTI_LAUNCH_CONTAINER_EMBED_NO_BLOCKS;
// Sets Service info based on scopes.
$config->lti_acceptgrades = LTI_SETTING_NEVER;
$config->ltiservice_gradesynchronization = 0;
$config->ltiservice_memberships = 0;
$config->ltiservice_toolsettings = 0;
if (isset($scopes)) {
// Sets Assignment and Grade Services info.
if (in_array(self::SCOPE_SCORE, $scopes)) {
$config->lti_acceptgrades = LTI_SETTING_DELEGATE;
$config->ltiservice_gradesynchronization = 1;
}
if (in_array(self::SCOPE_RESULT, $scopes)) {
$config->lti_acceptgrades = LTI_SETTING_DELEGATE;
$config->ltiservice_gradesynchronization = 1;
}
if (in_array(self::SCOPE_LINEITEM_RO, $scopes)) {
$config->lti_acceptgrades = LTI_SETTING_DELEGATE;
$config->ltiservice_gradesynchronization = 1;
}
if (in_array(self::SCOPE_LINEITEM, $scopes)) {
$config->lti_acceptgrades = LTI_SETTING_DELEGATE;
$config->ltiservice_gradesynchronization = 2;
}
// Sets Names and Role Provisioning info.
if (in_array(self::SCOPE_NRPS, $scopes)) {
$config->ltiservice_memberships = 1;
}
// Sets Tool Settings info.
if (in_array(self::SCOPE_TOOL_SETTING, $scopes)) {
$config->ltiservice_toolsettings = 1;
}
}
// Sets privacy settings.
$config->lti_sendname = LTI_SETTING_NEVER;
$config->lti_sendemailaddr = LTI_SETTING_NEVER;
if (isset($claims)) {
// Sets name privacy settings.
if (in_array('name', $claims)) {
$config->lti_sendname = LTI_SETTING_ALWAYS;
}
if (in_array('given_name', $claims)) {
$config->lti_sendname = LTI_SETTING_ALWAYS;
}
if (in_array('family_name', $claims)) {
$config->lti_sendname = LTI_SETTING_ALWAYS;
}
// Sets email privacy settings.
if (in_array('email', $claims)) {
$config->lti_sendemailaddr = LTI_SETTING_ALWAYS;
}
}
return $config;
}
/**
* Adds to the config the LTI 1.1 key and sign it with the 1.1 secret.
*
* @param array $lticonfig reference to lticonfig to which to add the 1.1 OAuth info.
* @param string $key - LTI 1.1 OAuth Key
* @param string $secret - LTI 1.1 OAuth Secret
*
*/
private function add_previous_key_claim(array &$lticonfig, string $key, string $secret) {
if ($key) {
$oauthconsumer = [];
$oauthconsumer['key'] = $key;
$oauthconsumer['nonce'] = random_string(random_int(10, 20));
$oauthconsumer['sign'] = hash('sha256', $key.$secret.$oauthconsumer['nonce']);
$lticonfig['oauth_consumer'] = $oauthconsumer;
}
}
/**
* Transforms a moodle LTI 1.3 Config to an OAuth/LTI Client Registration.
*
* @param object $config Moodle LTI Config.
* @param int $typeid which is the LTI deployment id.
* @param object $type tool instance in case the tool already exists.
*
* @return array the Client Registration as an associative array.
*/
public function config_to_registration(object $config, int $typeid, object $type = null): array {
$configarray = [];
foreach ((array)$config as $k => $v) {
if (substr($k, 0, 4) == 'lti_') {
$k = substr($k, 4);
}
$configarray[$k] = $v;
}
$config = (object) $configarray;
$registrationresponse = [];
$lticonfigurationresponse = [];
$ltiversion = $type ? $type->ltiversion : $config->ltiversion;
$lticonfigurationresponse['version'] = $ltiversion;
if ($ltiversion === LTI_VERSION_1P3) {
$registrationresponse['client_id'] = $type ? $type->clientid : $config->clientid;
$registrationresponse['response_types'] = ['id_token'];
$registrationresponse['jwks_uri'] = $config->publickeyset;
$registrationresponse['initiate_login_uri'] = $config->initiatelogin;
$registrationresponse['grant_types'] = ['client_credentials', 'implicit'];
$registrationresponse['redirect_uris'] = explode(PHP_EOL, $config->redirectionuris);
$registrationresponse['application_type'] = 'web';
$registrationresponse['token_endpoint_auth_method'] = 'private_key_jwt';
} else if ($ltiversion === LTI_VERSION_1 && $type) {
$this->add_previous_key_claim($lticonfigurationresponse, $config->resourcekey, $config->password);
} else if ($ltiversion === LTI_VERSION_2 && $type) {
$toolproxy = $this->get_tool_proxy($type->toolproxyid);
$this->add_previous_key_claim($lticonfigurationresponse, $toolproxy['guid'], $toolproxy['secret']);
}
$registrationresponse['client_name'] = $type ? $type->name : $config->typename;
$registrationresponse['logo_uri'] = $type ? ($type->secureicon ?? $type->icon ?? '') : $config->icon ?? '';
$lticonfigurationresponse['deployment_id'] = strval($typeid);
$lticonfigurationresponse['target_link_uri'] = $type ? $type->baseurl : $config->toolurl ?? '';
$lticonfigurationresponse['domain'] = $type ? $type->tooldomain : $config->tooldomain ?? '';
$lticonfigurationresponse['description'] = $type ? $type->description ?? '' : $config->description ?? '';
if ($config->contentitem ?? 0 == 1) {
$contentitemmessage = [];
$contentitemmessage['type'] = 'LtiDeepLinkingRequest';
if (isset($config->toolurl_ContentItemSelectionRequest)) {
$contentitemmessage['target_link_uri'] = $config->toolurl_ContentItemSelectionRequest;
}
$lticonfigurationresponse['messages'] = [$contentitemmessage];
}
if (isset($config->customparameters) && !empty($config->customparameters)) {
$params = [];
foreach (explode(PHP_EOL, $config->customparameters) as $param) {
$split = explode('=', $param);
$params[$split[0]] = $split[1];
}
$lticonfigurationresponse['custom_parameters'] = $params;
}
$scopesresponse = [];
if ($config->ltiservice_gradesynchronization ?? 0 > 0) {
$scopesresponse[] = self::SCOPE_SCORE;
$scopesresponse[] = self::SCOPE_RESULT;
$scopesresponse[] = self::SCOPE_LINEITEM_RO;
}
if ($config->ltiservice_gradesynchronization ?? 0 == 2) {
$scopesresponse[] = self::SCOPE_LINEITEM;
}
if ($config->ltiservice_memberships ?? 0 == 1) {
$scopesresponse[] = self::SCOPE_NRPS;
}
if ($config->ltiservice_toolsettings ?? 0 == 1) {
$scopesresponse[] = self::SCOPE_TOOL_SETTING;
}
$registrationresponse['scope'] = implode(' ', $scopesresponse);
$claimsresponse = ['sub', 'iss'];
if ($config->sendname ?? '' == LTI_SETTING_ALWAYS) {
$claimsresponse[] = 'name';
$claimsresponse[] = 'family_name';
$claimsresponse[] = 'given_name';
}
if ($config->sendemailaddr ?? '' == LTI_SETTING_ALWAYS) {
$claimsresponse[] = 'email';
}
$lticonfigurationresponse['claims'] = $claimsresponse;
$registrationresponse['https://purl.imsglobal.org/spec/lti-tool-configuration'] = $lticonfigurationresponse;
return $registrationresponse;
}
/**
* Validates the registration token is properly signed and not used yet.
* Return the client id to use for this registration.
*
* @param string $registrationtokenjwt registration token
*
* @return array with 2 keys: clientid for the registration, type but only if it's an update
*/
public function validate_registration_token(string $registrationtokenjwt): array {
global $DB;
// JWK::parseKeySet uses RS256 algorithm by default.
$keys = JWK::parseKeySet(jwks_helper::get_jwks());
$registrationtoken = JWT::decode($registrationtokenjwt, $keys);
$response = [];
// Get clientid from registrationtoken.
$clientid = $registrationtoken->sub;
if ($registrationtoken->scope == self::REG_TOKEN_OP_NEW_REG) {
// Checks if clientid is already registered.
if (!empty($DB->get_record('lti_types', array('clientid' => $clientid)))) {
throw new registration_exception("token_already_used", 401);
}
$response['clientid'] = $clientid;
} else if ($registrationtoken->scope == self::REG_TOKEN_OP_UPDATE_REG) {
$tool = lti_get_type($registrationtoken->sub);
if (!$tool) {
throw new registration_exception("Unknown client", 400);
}
$response['clientid'] = $tool->clientid ?? $this->new_clientid();
$response['type'] = $tool;
} else {
throw new registration_exception("Incorrect scope", 403);
}
return $response;
}
/**
* Initializes an array with the scopes for services supported by the LTI module
*
* @return array List of scopes
*/
public function lti_get_service_scopes() {
$services = lti_get_services();
$scopes = array();
foreach ($services as $service) {
$servicescopes = $service->get_scopes();
if (!empty($servicescopes)) {
$scopes = array_merge($scopes, $servicescopes);
}
}
return $scopes;
}
/**
* Generates a new client id string.
*
* @return string generated client id
*/
public function new_clientid(): string {
return random_string(15);
}
/**
* Base64 encoded signature for LTI 1.1 migration.
* @param string $key LTI 1.1 key
* @param string $salt Salt value
* @param string $secret LTI 1.1 secret
*
* @return string base64encoded hash
*/
public function sign(string $key, string $salt, string $secret): string {
return base64_encode(hash_hmac('sha-256', $key.$salt, $secret, true));
}
/**
* Returns a tool proxy
*
* @param int $proxyid
*
* @return mixed Tool Proxy details
*/
public function get_tool_proxy(int $proxyid): array {
return lti_get_tool_proxy($proxyid);
}
}
mod/lti/classes/local/ltiservice/resource_base.php
+389
View File
@@ -0,0 +1,389 @@
<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
/**
* This file contains an abstract definition of an LTI resource
*
* @package mod_lti
* @copyright 2014 Vital Source Technologies http://vitalsource.com
* @author Stephen Vickers
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
namespace mod_lti\local\ltiservice;
defined('MOODLE_INTERNAL') || die();
global $CFG;
require_once($CFG->dirroot . '/mod/lti/locallib.php');
/**
* The mod_lti\local\ltiservice\resource_base class.
*
* @package mod_lti
* @since Moodle 2.8
* @copyright 2014 Vital Source Technologies http://vitalsource.com
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
abstract class resource_base {
/** HTTP Post method */
const HTTP_POST = 'POST';
/** HTTP Get method */
const HTTP_GET = 'GET';
/** HTTP Put method */
const HTTP_PUT = 'PUT';
/** HTTP Delete method */
const HTTP_DELETE = 'DELETE';
/** @var service_base Service associated with this resource. */
private $service;
/** @var string Type for this resource. */
protected $type;
/** @var string ID for this resource. */
protected $id;
/** @var string Template for this resource. */
protected $template;
/** @var array Custom parameter substitution variables associated with this resource. */
protected $variables;
/** @var array Media types supported by this resource. */
protected $formats;
/** @var array HTTP actions supported by this resource. */
protected $methods;
/** @var array Template variables parsed from the resource template. */
protected $params;
/**
* Class constructor.
*
* @param service_base $service Service instance
*/
public function __construct($service) {
$this->service = $service;
$this->type = 'RestService';
$this->id = null;
$this->template = null;
$this->methods = array();
$this->variables = array();
$this->formats = array();
$this->methods = array();
$this->params = null;
}
/**
* Get the resource ID.
*
* @return string
*/
public function get_id() {
return $this->id;
}
/**
* Get the resource template.
*
* @return string
*/
public function get_template() {
return $this->template;
}
/**
* Get the resource path.
*
* @return string
*/
public function get_path() {
return $this->get_template();
}
/**
* Get the resource type.
*
* @return string
*/
public function get_type() {
return $this->type;
}
/**
* Get the resource's service.
*
* @return service_base
*/
public function get_service() {
return $this->service;
}
/**
* Get the resource methods.
*
* @return array
*/
public function get_methods() {
return $this->methods;
}
/**
* Get the resource media types.
*
* @return array
*/
public function get_formats() {
return $this->formats;
}
/**
* Get the resource template variables.
*
* @return array
*/
public function get_variables() {
return $this->variables;
}
/**
* Get the resource fully qualified endpoint.
*
* @return string
*/
public function get_endpoint() {
$this->parse_template();
$template = preg_replace('/[\(\)]/', '', $this->get_template());
$url = $this->get_service()->get_service_path() . $template;
foreach ($this->params as $key => $value) {
$url = str_replace('{' . $key . '}', $value, $url);
}
$toolproxy = $this->get_service()->get_tool_proxy();
if (!empty($toolproxy)) {
$url = str_replace('{config_type}', 'toolproxy', $url);
$url = str_replace('{tool_proxy_id}', $toolproxy->guid, $url);
} else {
$url = str_replace('{config_type}', 'tool', $url);
$url = str_replace('{tool_proxy_id}', $this->get_service()->get_type()->id, $url);
}
return $url;
}
/**
* Execute the request for this resource.
*
* @param response $response Response object for this request.
*/
abstract public function execute($response);
/**
* Check to make sure the request is valid.
*
* @param int $typeid The typeid we want to use
* @param string $body Body of HTTP request message
* @param string[] $scopes Array of scope(s) required for incoming request
*
* @return boolean
*/
public function check_tool($typeid, $body = null, $scopes = null) {
$ok = $this->get_service()->check_tool($typeid, $body, $scopes);
if ($ok) {
if ($this->get_service()->get_tool_proxy()) {
$toolproxyjson = $this->get_service()->get_tool_proxy()->toolproxy;
}
if (!empty($toolproxyjson)) {
// Check tool proxy to ensure service being requested is included.
$toolproxy = json_decode($toolproxyjson);
if (!empty($toolproxy) && isset($toolproxy->security_contract->tool_service)) {
$contexts = lti_get_contexts($toolproxy);
$tpservices = $toolproxy->security_contract->tool_service;
foreach ($tpservices as $service) {
$fqid = lti_get_fqid($contexts, $service->service);
$id = explode('#', $fqid, 2);
if ($this->get_id() === $id[1]) {
$ok = true;
break;
}
}
}
if (!$ok) {
debugging('Requested service not permitted: ' . $this->get_id(), DEBUG_DEVELOPER);
}
} else {
// Check that the scope required for the service request is included in those granted for the
// access token being used.
$permittedscopes = $this->get_service()->get_permitted_scopes();
$ok = is_null($permittedscopes) || empty($scopes) || !empty(array_intersect($permittedscopes, $scopes));
}
}
return $ok;
}
/**
* Check to make sure the request is valid.
*
* @param string $toolproxyguid Consumer key
* @param string $body Body of HTTP request message
*
* @return boolean
* @deprecated since Moodle 3.7 MDL-62599 - please do not use this function any more.
* @see resource_base::check_tool()
*/
public function check_tool_proxy($toolproxyguid, $body = null) {
debugging('check_tool_proxy() is deprecated to allow LTI 1 connections to support services. ' .
'Please use resource_base::check_tool() instead.', DEBUG_DEVELOPER);
$ok = false;
if ($this->get_service()->check_tool_proxy($toolproxyguid, $body)) {
$toolproxyjson = $this->get_service()->get_tool_proxy()->toolproxy;
if (empty($toolproxyjson)) {
$ok = true;
} else {
$toolproxy = json_decode($toolproxyjson);
if (!empty($toolproxy) && isset($toolproxy->security_contract->tool_service)) {
$contexts = lti_get_contexts($toolproxy);
$tpservices = $toolproxy->security_contract->tool_service;
foreach ($tpservices as $service) {
$fqid = lti_get_fqid($contexts, $service->service);
$id = explode('#', $fqid, 2);
if ($this->get_id() === $id[1]) {
$ok = true;
break;
}
}
}
if (!$ok) {
debugging('Requested service not included in tool proxy: ' . $this->get_id());
}
}
}
return $ok;
}
/**
* Check to make sure the request is valid.
*
* @param int $typeid The typeid we want to use
* @param int $contextid The course we are at
* @param string $permissionrequested The permission to be checked
* @param string $body Body of HTTP request message
*
* @return boolean
* @deprecated since Moodle 3.7 MDL-62599 - please do not use this function any more.
* @see resource_base::check_tool()
*/
public function check_type($typeid, $contextid, $permissionrequested, $body = null) {
debugging('check_type() is deprecated to allow LTI 1 connections to support services. ' .
'Please use resource_base::check_tool() instead.', DEBUG_DEVELOPER);
$ok = false;
if ($this->get_service()->check_type($typeid, $contextid, $body)) {
$neededpermissions = $this->get_permissions($typeid);
foreach ($neededpermissions as $permission) {
if ($permission == $permissionrequested) {
$ok = true;
break;
}
}
if (!$ok) {
debugging('Requested service ' . $permissionrequested . ' not included in tool type: ' . $typeid,
DEBUG_DEVELOPER);
}
}
return $ok;
}
/**
* get permissions from the config of the tool for that resource
*
* @param int $ltitype Type of LTI
* @return array with the permissions related to this resource by the $ltitype or empty if none.
* @deprecated since Moodle 3.7 MDL-62599 - please do not use this function any more.
* @see resource_base::check_tool()
*/
public function get_permissions($ltitype) {
debugging('get_permissions() is deprecated to allow LTI 1 connections to support services. ' .
'Please use resource_base::check_tool() instead.', DEBUG_DEVELOPER);
return array();
}
/**
* Parse a value for custom parameter substitution variables.
*
* @param string $value String to be parsed
*
* @return string
*/
public function parse_value($value) {
return $value;
}
/**
* Parse the template for variables.
*
* @return array
*/
protected function parse_template() {
if (empty($this->params)) {
$this->params = array();
if (!empty($_SERVER['PATH_INFO'])) {
$path = explode('/', $_SERVER['PATH_INFO']);
$template = preg_replace('/\([0-9a-zA-Z_\-,\/]+\)/', '', $this->get_template());
$parts = explode('/', $template);
for ($i = 0; $i < count($parts); $i++) {
if ((substr($parts[$i], 0, 1) == '{') && (substr($parts[$i], -1) == '}')) {
$value = '';
if ($i < count($path)) {
$value = $path[$i];
}
$this->params[substr($parts[$i], 1, -1)] = $value;
}
}
}
}
return $this->params;
}
}
mod/lti/classes/local/ltiservice/response.php
+263
View File
@@ -0,0 +1,263 @@
<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
/**
* This file contains an abstract definition of an LTI service
*
* @package mod_lti
* @copyright 2014 Vital Source Technologies http://vitalsource.com
* @author Stephen Vickers
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
namespace mod_lti\local\ltiservice;
defined('MOODLE_INTERNAL') || die;
/**
* The mod_lti\local\ltiservice\response class.
*
* @package mod_lti
* @since Moodle 2.8
* @copyright 2014 Vital Source Technologies http://vitalsource.com
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
class response {
/** @var int HTTP response code. */
private $code;
/** @var string HTTP response reason. */
private $reason;
/** @var string HTTP request method. */
private $requestmethod;
/** @var string HTTP request accept header. */
private $accept;
/** @var string HTTP response content type. */
private $contenttype;
/** @var string HTTP request body. */
private $data;
/** @var string HTTP response body. */
private $body;
/** @var array HTTP response codes. */
private $responsecodes;
/** @var array HTTP additional headers. */
private $additionalheaders;
/**
* Class constructor.
*/
public function __construct() {
$this->code = 200;
$this->reason = '';
$this->requestmethod = $_SERVER['REQUEST_METHOD'];
$this->accept = '';
$this->contenttype = '';
$this->data = '';
$this->body = '';
$this->responsecodes = array(
200 => 'OK',
201 => 'Created',
202 => 'Accepted',
300 => 'Multiple Choices',
400 => 'Bad Request',
401 => 'Unauthorized',
402 => 'Payment Required',
403 => 'Forbidden',
404 => 'Not Found',
405 => 'Method Not Allowed',
406 => 'Not Acceptable',
415 => 'Unsupported Media Type',
500 => 'Internal Server Error',
501 => 'Not Implemented'
);
$this->additionalheaders = array();
}
/**
* Get the response code.
*
* @return int
*/
public function get_code() {
return $this->code;
}
/**
* Set the response code.
*
* @param int $code Response code
*/
public function set_code($code) {
$this->code = $code;
$this->reason = '';
}
/**
* Get the response reason.
*
* @return string
*/
public function get_reason() {
$code = $this->code;
if (($code < 200) || ($code >= 600)) {
$code = 500; // Status code must be between 200 and 599.
}
if (empty($this->reason) && array_key_exists($code, $this->responsecodes)) {
$this->reason = $this->responsecodes[$code];
}
// Use generic reason for this category (based on first digit) if a specific reason is not defined.
if (empty($this->reason)) {
$this->reason = $this->responsecodes[intval($code / 100) * 100];
}
return $this->reason;
}
/**
* Set the response reason.
*
* @param string $reason Reason
*/
public function set_reason($reason) {
$this->reason = $reason;
}
/**
* Get the request method.
*
* @return string
*/
public function get_request_method() {
return $this->requestmethod;
}
/**
* Get the request accept header.
*
* @return string
*/
public function get_accept() {
return $this->accept;
}
/**
* Set the request accept header.
*
* @param string $accept Accept header value
*/
public function set_accept($accept) {
$this->accept = $accept;
}
/**
* Get the response content type.
*
* @return string
*/
public function get_content_type() {
return $this->contenttype;
}
/**
* Set the response content type.
*
* @param string $contenttype Content type
*/
public function set_content_type($contenttype) {
$this->contenttype = $contenttype;
}
/**
* Get the request body.
*
* @return string
*/
public function get_request_data() {
return $this->data;
}
/**
* Set the response body.
*
* @param string $data Body data
*/
public function set_request_data($data) {
$this->data = $data;
}
/**
* Get the response body.
*
* @return string
*/
public function get_body() {
return $this->body;
}
/**
* Set the response body.
*
* @param string $body Body data
*/
public function set_body($body) {
$this->body = $body;
}
/**
* Add an additional header.
*
* @param string $header The new header
*/
public function add_additional_header($header) {
array_push($this->additionalheaders, $header);
}
/**
* Send the response.
*/
public function send() {
header("HTTP/1.0 {$this->code} {$this->get_reason()}");
foreach ($this->additionalheaders as $header) {
header($header);
}
if ((($this->code >= 200) && ($this->code < 300)) || !empty($this->body)) {
if (!empty($this->contenttype)) {
header("Content-Type: {$this->contenttype}; charset=utf-8");
}
if (!empty($this->body)) {
echo $this->body;
}
} else if ($this->code >= 400) {
header("Content-Type: application/json; charset=utf-8");
$body = new \stdClass();
$body->status = $this->code;
$body->reason = $this->get_reason();
$body->request = new \stdClass();
$body->request->method = $_SERVER['REQUEST_METHOD'];
$body->request->url = $_SERVER['REQUEST_URI'];
if (isset($_SERVER['HTTP_ACCEPT'])) {
$body->request->accept = $_SERVER['HTTP_ACCEPT'];
}
if (isset($_SERVER['CONTENT_TYPE'])) {
$body->request->contentType = explode(';', $_SERVER['CONTENT_TYPE'], 2)[0];
}
echo json_encode($body, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES);
}
}
}
mod/lti/classes/local/ltiservice/service_base.php
+548
View File
@@ -0,0 +1,548 @@
<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
/**
* This file contains an abstract definition of an LTI service
*
* @package mod_lti
* @copyright 2014 Vital Source Technologies http://vitalsource.com
* @author Stephen Vickers
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
namespace mod_lti\local\ltiservice;
defined('MOODLE_INTERNAL') || die();
global $CFG;
require_once($CFG->dirroot . '/mod/lti/locallib.php');
require_once($CFG->dirroot . '/mod/lti/OAuthBody.php');
// TODO: Switch to core oauthlib once implemented - MDL-30149.
use moodle\mod\lti as lti;
use stdClass;
/**
* The mod_lti\local\ltiservice\service_base class.
*
* @package mod_lti
* @since Moodle 2.8
* @copyright 2014 Vital Source Technologies http://vitalsource.com
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
abstract class service_base {
/** Label representing an LTI 2 message type */
const LTI_VERSION2P0 = 'LTI-2p0';
/** Service enabled */
const SERVICE_ENABLED = 1;
/** @var string ID for the service. */
protected $id;
/** @var string Human readable name for the service. */
protected $name;
/** @var boolean <code>true</code> if requests for this service do not need to be signed. */
protected $unsigned;
/** @var stdClass Tool proxy object for the current service request. */
private $toolproxy;
/** @var stdClass LTI type object for the current service request. */
private $type;
/** @var array LTI type config array for the current service request. */
private $typeconfig;
/** @var array Instances of the resources associated with this service. */
protected $resources;
/**
* Class constructor.
*/
public function __construct() {
$this->id = null;
$this->name = null;
$this->unsigned = false;
$this->toolproxy = null;
$this->type = null;
$this->typeconfig = null;
$this->resources = null;
}
/**
* Get the service ID.
*
* @return string
*/
public function get_id() {
return $this->id;
}
/**
* Get the service compoent ID.
*
* @return string
*/
public function get_component_id() {
return 'ltiservice_' . $this->id;
}
/**
* Get the service name.
*
* @return string
*/
public function get_name() {
return $this->name;
}
/**
* Get whether the service requests need to be signed.
*
* @return boolean
*/
public function is_unsigned() {
return $this->unsigned;
}
/**
* Get the tool proxy object.
*
* @return stdClass
*/
public function get_tool_proxy() {
return $this->toolproxy;
}
/**
* Set the tool proxy object.
*
* @param object $toolproxy The tool proxy for this service request
*
* @var stdClass
*/
public function set_tool_proxy($toolproxy) {
$this->toolproxy = $toolproxy;
}
/**
* Get the type object.
*
* @return stdClass
*/
public function get_type() {
return $this->type;
}
/**
* Set the LTI type object.
*
* @param object $type The LTI type for this service request
*
* @var stdClass
*/
public function set_type($type) {
$this->type = $type;
}
/**
* Get the type config array.
*
* @return array|null
*/
public function get_typeconfig() {
return $this->typeconfig;
}
/**
* Set the LTI type config object.
*
* @param array $typeconfig The LTI type config for this service request
*
* @var array
*/
public function set_typeconfig($typeconfig) {
$this->typeconfig = $typeconfig;
}
/**
* Get the resources for this service.
*
* @return resource_base[]
*/
abstract public function get_resources();
/**
* Get the scope(s) permitted for this service in the context of a particular tool type.
*
* A null value indicates that no scopes are required to access the service.
*
* @return array|null
*/
public function get_permitted_scopes() {
return null;
}
/**
* Get the scope(s) permitted for this service.
*
* A null value indicates that no scopes are required to access the service.
*
* @return array|null
*/
public function get_scopes() {
return null;
}
/**
* Returns the configuration options for this service.
*
* @param \MoodleQuickForm $mform Moodle quickform object definition
*/
public function get_configuration_options(&$mform) {
}
/**
* Called when a new LTI Instance is added.
*
* @param object $lti LTI Instance.
*/
public function instance_added(object $lti): void {
}
/**
* Called when a new LTI Instance is updated.
*
* @param object $lti LTI Instance.
*/
public function instance_updated(object $lti): void {
}
/**
* Called when the launch data is created, offering a possibility to alter the
* target link URI.
*
* @param string $messagetype message type for this launch
* @param string $targetlinkuri current target link uri
* @param null|string $customstr concatenated list of custom parameters
* @param int $courseid
* @param null|object $lti LTI Instance.
*
* @return array containing the target link URL and the custom params string to use.
*/
public function override_endpoint(string $messagetype, string $targetlinkuri,
?string $customstr, int $courseid, ?object $lti = null): array {
return [$targetlinkuri, $customstr];
}
/**
* Called when a new LTI Instance is deleted.
*
* @param int $id LTI Instance.
*/
public function instance_deleted(int $id): void {
}
/**
* Set the form data when displaying the LTI Instance form.
*
* @param object $defaultvalues Default form values.
*/
public function set_instance_form_values(object $defaultvalues): void {
}
/**
* Return an array with the names of the parameters that the service will be saving in the configuration
*
* @return array Names list of the parameters that the service will be saving in the configuration
* @deprecated since Moodle 3.7 - please do not use this function any more.
*/
public function get_configuration_parameter_names() {
debugging('get_configuration_parameter_names() has been deprecated.', DEBUG_DEVELOPER);
return array();
}
/**
* Default implementation will check for the existence of at least one mod_lti entry for that tool and context.
*
* It may be overridden if other inferences can be done.
*
* Ideally a Site Tool should be explicitly engaged with a course, the check on the presence of a link is a proxy
* to infer a Site Tool engagement until an explicit Site Tool - Course relationship exists.
*
* @param int $typeid The tool lti type id.
* @param int $courseid The course id.
* @return bool returns True if tool is used in context, false otherwise.
*/
public function is_used_in_context($typeid, $courseid) {
global $DB;
$ok = $DB->record_exists('lti', array('course' => $courseid, 'typeid' => $typeid));
return $ok || $DB->record_exists('lti_types', array('course' => $courseid, 'id' => $typeid));
}
/**
* Checks if there is a site tool or a course tool for this site.
*
* @param int $typeid The tool lti type id.
* @param int $courseid The course id.
* @return bool returns True if tool is allowed in context, false otherwise.
*/
public function is_allowed_in_context($typeid, $courseid) {
global $DB;
// Check if it is a Course tool for this course or a Site tool.
$type = $DB->get_record('lti_types', array('id' => $typeid));
return $type && ($type->course == $courseid || $type->course == SITEID);
}
/**
* Return an array of key/values to add to the launch parameters.
*
* @param string $messagetype 'basic-lti-launch-request' or 'ContentItemSelectionRequest'.
* @param string $courseid The course id.
* @param string $userid The user id.
* @param string $typeid The tool lti type id.
* @param string $modlti The id of the lti activity.
*
* The type is passed to check the configuration and not return parameters for services not used.
*
* @return array Key/value pairs to add as launch parameters.
*/
public function get_launch_parameters($messagetype, $courseid, $userid, $typeid, $modlti = null) {
return array();
}
/**
* Return an array of key/claim mapping allowing LTI 1.1 custom parameters
* to be transformed to LTI 1.3 claims.
*
* @return array Key/value pairs of params to claim mapping.
*/
public function get_jwt_claim_mappings(): array {
return [];
}
/**
* Get the path for service requests.
*
* @return string
*/
public static function get_service_path() {
$url = new \moodle_url('/mod/lti/services.php');
return $url->out(false);
}
/**
* Parse a string for custom substitution parameter variables supported by this service's resources.
*
* @param string $value Value to be parsed
*
* @return string
*/
public function parse_value($value) {
if (empty($this->resources)) {
$this->resources = $this->get_resources();
}
if (!empty($this->resources)) {
foreach ($this->resources as $resource) {
$value = $resource->parse_value($value);
}
}
return $value;
}
/**
* Check that the request has been properly signed and is permitted.
*
* @param string $typeid LTI type ID
* @param string $body Request body (null if none)
* @param string[] $scopes Array of required scope(s) for incoming request
*
* @return boolean
*/
public function check_tool($typeid, $body = null, $scopes = null) {
$ok = true;
$toolproxy = null;
$consumerkey = lti\get_oauth_key_from_headers($typeid, $scopes);
if ($consumerkey === false) {
$ok = $this->is_unsigned();
} else {
if (empty($typeid) && is_int($consumerkey)) {
$typeid = $consumerkey;
}
if (!empty($typeid)) {
$this->type = lti_get_type($typeid);
$this->typeconfig = lti_get_type_config($typeid);
$ok = !empty($this->type->id);
if ($ok && !empty($this->type->toolproxyid)) {
$this->toolproxy = lti_get_tool_proxy($this->type->toolproxyid);
}
} else {
$toolproxy = lti_get_tool_proxy_from_guid($consumerkey);
if ($toolproxy !== false) {
$this->toolproxy = $toolproxy;
}
}
}
if ($ok && is_string($consumerkey)) {
if (!empty($this->toolproxy)) {
$key = $this->toolproxy->guid;
$secret = $this->toolproxy->secret;
} else {
$key = $this->typeconfig['resourcekey'];
$secret = $this->typeconfig['password'];
}
if (!$this->is_unsigned() && ($key == $consumerkey)) {
$ok = $this->check_signature($key, $secret, $body);
} else {
$ok = $this->is_unsigned();
}
}
return $ok;
}
/**
* Check that the request has been properly signed.
*
* @param string $toolproxyguid Tool Proxy GUID
* @param string $body Request body (null if none)
*
* @return boolean
* @deprecated since Moodle 3.7 MDL-62599 - please do not use this function any more.
* @see service_base::check_tool()
*/
public function check_tool_proxy($toolproxyguid, $body = null) {
debugging('check_tool_proxy() is deprecated to allow LTI 1 connections to support services. ' .
'Please use service_base::check_tool() instead.', DEBUG_DEVELOPER);
$ok = false;
$toolproxy = null;
$consumerkey = lti\get_oauth_key_from_headers();
if (empty($toolproxyguid)) {
$toolproxyguid = $consumerkey;
}
if (!empty($toolproxyguid)) {
$toolproxy = lti_get_tool_proxy_from_guid($toolproxyguid);
if ($toolproxy !== false) {
if (!$this->is_unsigned() && ($toolproxy->guid == $consumerkey)) {
$ok = $this->check_signature($toolproxy->guid, $toolproxy->secret, $body);
} else {
$ok = $this->is_unsigned();
}
}
}
if ($ok) {
$this->toolproxy = $toolproxy;
}
return $ok;
}
/**
* Check that the request has been properly signed.
*
* @param int $typeid The tool id
* @param int $courseid The course we are at
* @param string $body Request body (null if none)
*
* @return bool
* @deprecated since Moodle 3.7 MDL-62599 - please do not use this function any more.
* @see service_base::check_tool()
*/
public function check_type($typeid, $courseid, $body = null) {
debugging('check_type() is deprecated to allow LTI 1 connections to support services. ' .
'Please use service_base::check_tool() instead.', DEBUG_DEVELOPER);
$ok = false;
$tool = null;
$consumerkey = lti\get_oauth_key_from_headers();
if (empty($typeid)) {
return $ok;
} else if ($this->is_allowed_in_context($typeid, $courseid)) {
$tool = lti_get_type_type_config($typeid);
if ($tool !== false) {
if (!$this->is_unsigned() && ($tool->lti_resourcekey == $consumerkey)) {
$ok = $this->check_signature($tool->lti_resourcekey, $tool->lti_password, $body);
} else {
$ok = $this->is_unsigned();
}
}
}
return $ok;
}
/**
* Check the request signature.
*
* @param string $consumerkey Consumer key
* @param string $secret Shared secret
* @param string $body Request body
*
* @return boolean
*/
private function check_signature($consumerkey, $secret, $body) {
$ok = true;
try {
// TODO: Switch to core oauthlib once implemented - MDL-30149.
lti\handle_oauth_body_post($consumerkey, $secret, $body);
} catch (\Exception $e) {
debugging($e->getMessage() . "\n");
$ok = false;
}
return $ok;
}
}
mod/lti/classes/local/types_helper.php
+142
View File
@@ -0,0 +1,142 @@
<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
namespace mod_lti\local;
use core\context\course;
/**
* Helper class specifically dealing with LTI types (preconfigured tools).
*
* @package mod_lti
* @copyright 2023 Jake Dallimore <jrhdallimore@gmail.com>
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
class types_helper {
/**
* Returns all LTI tool types (preconfigured tools) visible in the given course and for the given user.
*
* This list will contain both site level tools and course-level tools.
*
* @param int $courseid the id of the course.
* @param int $userid the id of the user.
* @param array $coursevisible options for 'coursevisible' field, which will default to
* [LTI_COURSEVISIBLE_PRECONFIGURED, LTI_COURSEVISIBLE_ACTIVITYCHOOSER] if omitted.
* @return \stdClass[] the array of tool type objects.
*/
public static function get_lti_types_by_course(int $courseid, int $userid, array $coursevisible = []): array {
global $DB, $SITE;
if (!has_capability('mod/lti:addpreconfiguredinstance', course::instance($courseid), $userid)) {
return [];
}
if (empty($coursevisible)) {
$coursevisible = [LTI_COURSEVISIBLE_PRECONFIGURED, LTI_COURSEVISIBLE_ACTIVITYCHOOSER];
}
[$coursevisiblesql, $coursevisparams] = $DB->get_in_or_equal($coursevisible, SQL_PARAMS_NAMED, 'coursevisible');
[$coursevisiblesql1, $coursevisparams1] = $DB->get_in_or_equal($coursevisible, SQL_PARAMS_NAMED, 'coursevisible');
[$coursevisibleoverriddensql, $coursevisoverriddenparams] = $DB->get_in_or_equal(
$coursevisible,
SQL_PARAMS_NAMED,
'coursevisibleoverridden');
$coursecond = implode(" OR ", ["t.course = :courseid", "t.course = :siteid"]);
$coursecategory = $DB->get_field('course', 'category', ['id' => $courseid]);
$query = "SELECT *
FROM (SELECT t.*, c.coursevisible as coursevisibleoverridden
FROM {lti_types} t
LEFT JOIN {lti_types_categories} tc ON t.id = tc.typeid
LEFT JOIN {lti_coursevisible} c ON c.typeid = t.id AND c.courseid = $courseid
WHERE (t.coursevisible $coursevisiblesql
OR (c.coursevisible $coursevisiblesql1 AND t.coursevisible NOT IN (:lticoursevisibleno)))
AND ($coursecond)
AND t.state = :active
AND (tc.id IS NULL OR tc.categoryid = :categoryid)) tt
WHERE tt.coursevisibleoverridden IS NULL
OR tt.coursevisibleoverridden $coursevisibleoverriddensql";
return $DB->get_records_sql(
$query,
[
'siteid' => $SITE->id,
'courseid' => $courseid,
'active' => LTI_TOOL_STATE_CONFIGURED,
'categoryid' => $coursecategory,
'coursevisible' => LTI_COURSEVISIBLE_ACTIVITYCHOOSER,
'lticoursevisibleno' => LTI_COURSEVISIBLE_NO,
] + $coursevisparams + $coursevisparams1 + $coursevisoverriddenparams
);
}
/**
* Override coursevisible for a given tool on course level.
*
* @param int $tooltypeid Type ID
* @param int $courseid Course ID
* @param \core\context\course $context Course context
* @param bool $showinactivitychooser Show or not show in activity chooser
* @return bool True if the coursevisible was changed, false otherwise.
*/
public static function override_type_showinactivitychooser(int $tooltypeid, int $courseid, \core\context\course $context, bool $showinactivitychooser): bool {
global $DB;
require_capability('mod/lti:addcoursetool', $context);
$ltitype = lti_get_type($tooltypeid);
if ($ltitype && ($ltitype->coursevisible != LTI_COURSEVISIBLE_NO)) {
$coursevisible = $showinactivitychooser ? LTI_COURSEVISIBLE_ACTIVITYCHOOSER : LTI_COURSEVISIBLE_PRECONFIGURED;
$ltitype->coursevisible = $coursevisible;
$config = new \stdClass();
$config->lti_coursevisible = $coursevisible;
if (intval($ltitype->course) != intval(get_site()->id)) {
// It is course tool - just update it.
lti_update_type($ltitype, $config);
} else {
$coursecategory = $DB->get_field('course', 'category', ['id' => $courseid]);
$sql = "SELECT COUNT(*) AS count
FROM {lti_types_categories} tc
WHERE tc.typeid = :typeid";
$restrictedtool = $DB->count_records_sql($sql, ['typeid' => $tooltypeid]);
if ($restrictedtool) {
$record = $DB->get_record('lti_types_categories', ['typeid' => $tooltypeid, 'categoryid' => $coursecategory]);
if (!$record) {
throw new \moodle_exception('You are not allowed to change this setting for this tool.');
}
}
// This is site tool, but we would like to have course level setting for it.
$lticoursevisible = $DB->get_record('lti_coursevisible', ['typeid' => $tooltypeid, 'courseid' => $courseid]);
if (!$lticoursevisible) {
$lticoursevisible = new \stdClass();
$lticoursevisible->typeid = $tooltypeid;
$lticoursevisible->courseid = $courseid;
$lticoursevisible->coursevisible = $coursevisible;
$DB->insert_record('lti_coursevisible', $lticoursevisible);
} else {
$lticoursevisible->coursevisible = $coursevisible;
$DB->update_record('lti_coursevisible', $lticoursevisible);
}
}
return true;
}
return false;
}
}