first commit

This commit is contained in:
CHIEFSOFT\ameye
2024-09-30 18:11:26 -04:00
commit e592ca6823
27270 changed files with 5002257 additions and 0 deletions
@@ -0,0 +1,389 @@
<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
/**
* This file contains an abstract definition of an LTI resource
*
* @package mod_lti
* @copyright 2014 Vital Source Technologies http://vitalsource.com
* @author Stephen Vickers
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
namespace mod_lti\local\ltiservice;
defined('MOODLE_INTERNAL') || die();
global $CFG;
require_once($CFG->dirroot . '/mod/lti/locallib.php');
/**
* The mod_lti\local\ltiservice\resource_base class.
*
* @package mod_lti
* @since Moodle 2.8
* @copyright 2014 Vital Source Technologies http://vitalsource.com
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
abstract class resource_base {
/** HTTP Post method */
const HTTP_POST = 'POST';
/** HTTP Get method */
const HTTP_GET = 'GET';
/** HTTP Put method */
const HTTP_PUT = 'PUT';
/** HTTP Delete method */
const HTTP_DELETE = 'DELETE';
/** @var service_base Service associated with this resource. */
private $service;
/** @var string Type for this resource. */
protected $type;
/** @var string ID for this resource. */
protected $id;
/** @var string Template for this resource. */
protected $template;
/** @var array Custom parameter substitution variables associated with this resource. */
protected $variables;
/** @var array Media types supported by this resource. */
protected $formats;
/** @var array HTTP actions supported by this resource. */
protected $methods;
/** @var array Template variables parsed from the resource template. */
protected $params;
/**
* Class constructor.
*
* @param service_base $service Service instance
*/
public function __construct($service) {
$this->service = $service;
$this->type = 'RestService';
$this->id = null;
$this->template = null;
$this->methods = array();
$this->variables = array();
$this->formats = array();
$this->methods = array();
$this->params = null;
}
/**
* Get the resource ID.
*
* @return string
*/
public function get_id() {
return $this->id;
}
/**
* Get the resource template.
*
* @return string
*/
public function get_template() {
return $this->template;
}
/**
* Get the resource path.
*
* @return string
*/
public function get_path() {
return $this->get_template();
}
/**
* Get the resource type.
*
* @return string
*/
public function get_type() {
return $this->type;
}
/**
* Get the resource's service.
*
* @return service_base
*/
public function get_service() {
return $this->service;
}
/**
* Get the resource methods.
*
* @return array
*/
public function get_methods() {
return $this->methods;
}
/**
* Get the resource media types.
*
* @return array
*/
public function get_formats() {
return $this->formats;
}
/**
* Get the resource template variables.
*
* @return array
*/
public function get_variables() {
return $this->variables;
}
/**
* Get the resource fully qualified endpoint.
*
* @return string
*/
public function get_endpoint() {
$this->parse_template();
$template = preg_replace('/[\(\)]/', '', $this->get_template());
$url = $this->get_service()->get_service_path() . $template;
foreach ($this->params as $key => $value) {
$url = str_replace('{' . $key . '}', $value, $url);
}
$toolproxy = $this->get_service()->get_tool_proxy();
if (!empty($toolproxy)) {
$url = str_replace('{config_type}', 'toolproxy', $url);
$url = str_replace('{tool_proxy_id}', $toolproxy->guid, $url);
} else {
$url = str_replace('{config_type}', 'tool', $url);
$url = str_replace('{tool_proxy_id}', $this->get_service()->get_type()->id, $url);
}
return $url;
}
/**
* Execute the request for this resource.
*
* @param response $response Response object for this request.
*/
abstract public function execute($response);
/**
* Check to make sure the request is valid.
*
* @param int $typeid The typeid we want to use
* @param string $body Body of HTTP request message
* @param string[] $scopes Array of scope(s) required for incoming request
*
* @return boolean
*/
public function check_tool($typeid, $body = null, $scopes = null) {
$ok = $this->get_service()->check_tool($typeid, $body, $scopes);
if ($ok) {
if ($this->get_service()->get_tool_proxy()) {
$toolproxyjson = $this->get_service()->get_tool_proxy()->toolproxy;
}
if (!empty($toolproxyjson)) {
// Check tool proxy to ensure service being requested is included.
$toolproxy = json_decode($toolproxyjson);
if (!empty($toolproxy) && isset($toolproxy->security_contract->tool_service)) {
$contexts = lti_get_contexts($toolproxy);
$tpservices = $toolproxy->security_contract->tool_service;
foreach ($tpservices as $service) {
$fqid = lti_get_fqid($contexts, $service->service);
$id = explode('#', $fqid, 2);
if ($this->get_id() === $id[1]) {
$ok = true;
break;
}
}
}
if (!$ok) {
debugging('Requested service not permitted: ' . $this->get_id(), DEBUG_DEVELOPER);
}
} else {
// Check that the scope required for the service request is included in those granted for the
// access token being used.
$permittedscopes = $this->get_service()->get_permitted_scopes();
$ok = is_null($permittedscopes) || empty($scopes) || !empty(array_intersect($permittedscopes, $scopes));
}
}
return $ok;
}
/**
* Check to make sure the request is valid.
*
* @param string $toolproxyguid Consumer key
* @param string $body Body of HTTP request message
*
* @return boolean
* @deprecated since Moodle 3.7 MDL-62599 - please do not use this function any more.
* @see resource_base::check_tool()
*/
public function check_tool_proxy($toolproxyguid, $body = null) {
debugging('check_tool_proxy() is deprecated to allow LTI 1 connections to support services. ' .
'Please use resource_base::check_tool() instead.', DEBUG_DEVELOPER);
$ok = false;
if ($this->get_service()->check_tool_proxy($toolproxyguid, $body)) {
$toolproxyjson = $this->get_service()->get_tool_proxy()->toolproxy;
if (empty($toolproxyjson)) {
$ok = true;
} else {
$toolproxy = json_decode($toolproxyjson);
if (!empty($toolproxy) && isset($toolproxy->security_contract->tool_service)) {
$contexts = lti_get_contexts($toolproxy);
$tpservices = $toolproxy->security_contract->tool_service;
foreach ($tpservices as $service) {
$fqid = lti_get_fqid($contexts, $service->service);
$id = explode('#', $fqid, 2);
if ($this->get_id() === $id[1]) {
$ok = true;
break;
}
}
}
if (!$ok) {
debugging('Requested service not included in tool proxy: ' . $this->get_id());
}
}
}
return $ok;
}
/**
* Check to make sure the request is valid.
*
* @param int $typeid The typeid we want to use
* @param int $contextid The course we are at
* @param string $permissionrequested The permission to be checked
* @param string $body Body of HTTP request message
*
* @return boolean
* @deprecated since Moodle 3.7 MDL-62599 - please do not use this function any more.
* @see resource_base::check_tool()
*/
public function check_type($typeid, $contextid, $permissionrequested, $body = null) {
debugging('check_type() is deprecated to allow LTI 1 connections to support services. ' .
'Please use resource_base::check_tool() instead.', DEBUG_DEVELOPER);
$ok = false;
if ($this->get_service()->check_type($typeid, $contextid, $body)) {
$neededpermissions = $this->get_permissions($typeid);
foreach ($neededpermissions as $permission) {
if ($permission == $permissionrequested) {
$ok = true;
break;
}
}
if (!$ok) {
debugging('Requested service ' . $permissionrequested . ' not included in tool type: ' . $typeid,
DEBUG_DEVELOPER);
}
}
return $ok;
}
/**
* get permissions from the config of the tool for that resource
*
* @param int $ltitype Type of LTI
* @return array with the permissions related to this resource by the $ltitype or empty if none.
* @deprecated since Moodle 3.7 MDL-62599 - please do not use this function any more.
* @see resource_base::check_tool()
*/
public function get_permissions($ltitype) {
debugging('get_permissions() is deprecated to allow LTI 1 connections to support services. ' .
'Please use resource_base::check_tool() instead.', DEBUG_DEVELOPER);
return array();
}
/**
* Parse a value for custom parameter substitution variables.
*
* @param string $value String to be parsed
*
* @return string
*/
public function parse_value($value) {
return $value;
}
/**
* Parse the template for variables.
*
* @return array
*/
protected function parse_template() {
if (empty($this->params)) {
$this->params = array();
if (!empty($_SERVER['PATH_INFO'])) {
$path = explode('/', $_SERVER['PATH_INFO']);
$template = preg_replace('/\([0-9a-zA-Z_\-,\/]+\)/', '', $this->get_template());
$parts = explode('/', $template);
for ($i = 0; $i < count($parts); $i++) {
if ((substr($parts[$i], 0, 1) == '{') && (substr($parts[$i], -1) == '}')) {
$value = '';
if ($i < count($path)) {
$value = $path[$i];
}
$this->params[substr($parts[$i], 1, -1)] = $value;
}
}
}
}
return $this->params;
}
}
@@ -0,0 +1,263 @@
<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
/**
* This file contains an abstract definition of an LTI service
*
* @package mod_lti
* @copyright 2014 Vital Source Technologies http://vitalsource.com
* @author Stephen Vickers
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
namespace mod_lti\local\ltiservice;
defined('MOODLE_INTERNAL') || die;
/**
* The mod_lti\local\ltiservice\response class.
*
* @package mod_lti
* @since Moodle 2.8
* @copyright 2014 Vital Source Technologies http://vitalsource.com
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
class response {
/** @var int HTTP response code. */
private $code;
/** @var string HTTP response reason. */
private $reason;
/** @var string HTTP request method. */
private $requestmethod;
/** @var string HTTP request accept header. */
private $accept;
/** @var string HTTP response content type. */
private $contenttype;
/** @var string HTTP request body. */
private $data;
/** @var string HTTP response body. */
private $body;
/** @var array HTTP response codes. */
private $responsecodes;
/** @var array HTTP additional headers. */
private $additionalheaders;
/**
* Class constructor.
*/
public function __construct() {
$this->code = 200;
$this->reason = '';
$this->requestmethod = $_SERVER['REQUEST_METHOD'];
$this->accept = '';
$this->contenttype = '';
$this->data = '';
$this->body = '';
$this->responsecodes = array(
200 => 'OK',
201 => 'Created',
202 => 'Accepted',
300 => 'Multiple Choices',
400 => 'Bad Request',
401 => 'Unauthorized',
402 => 'Payment Required',
403 => 'Forbidden',
404 => 'Not Found',
405 => 'Method Not Allowed',
406 => 'Not Acceptable',
415 => 'Unsupported Media Type',
500 => 'Internal Server Error',
501 => 'Not Implemented'
);
$this->additionalheaders = array();
}
/**
* Get the response code.
*
* @return int
*/
public function get_code() {
return $this->code;
}
/**
* Set the response code.
*
* @param int $code Response code
*/
public function set_code($code) {
$this->code = $code;
$this->reason = '';
}
/**
* Get the response reason.
*
* @return string
*/
public function get_reason() {
$code = $this->code;
if (($code < 200) || ($code >= 600)) {
$code = 500; // Status code must be between 200 and 599.
}
if (empty($this->reason) && array_key_exists($code, $this->responsecodes)) {
$this->reason = $this->responsecodes[$code];
}
// Use generic reason for this category (based on first digit) if a specific reason is not defined.
if (empty($this->reason)) {
$this->reason = $this->responsecodes[intval($code / 100) * 100];
}
return $this->reason;
}
/**
* Set the response reason.
*
* @param string $reason Reason
*/
public function set_reason($reason) {
$this->reason = $reason;
}
/**
* Get the request method.
*
* @return string
*/
public function get_request_method() {
return $this->requestmethod;
}
/**
* Get the request accept header.
*
* @return string
*/
public function get_accept() {
return $this->accept;
}
/**
* Set the request accept header.
*
* @param string $accept Accept header value
*/
public function set_accept($accept) {
$this->accept = $accept;
}
/**
* Get the response content type.
*
* @return string
*/
public function get_content_type() {
return $this->contenttype;
}
/**
* Set the response content type.
*
* @param string $contenttype Content type
*/
public function set_content_type($contenttype) {
$this->contenttype = $contenttype;
}
/**
* Get the request body.
*
* @return string
*/
public function get_request_data() {
return $this->data;
}
/**
* Set the response body.
*
* @param string $data Body data
*/
public function set_request_data($data) {
$this->data = $data;
}
/**
* Get the response body.
*
* @return string
*/
public function get_body() {
return $this->body;
}
/**
* Set the response body.
*
* @param string $body Body data
*/
public function set_body($body) {
$this->body = $body;
}
/**
* Add an additional header.
*
* @param string $header The new header
*/
public function add_additional_header($header) {
array_push($this->additionalheaders, $header);
}
/**
* Send the response.
*/
public function send() {
header("HTTP/1.0 {$this->code} {$this->get_reason()}");
foreach ($this->additionalheaders as $header) {
header($header);
}
if ((($this->code >= 200) && ($this->code < 300)) || !empty($this->body)) {
if (!empty($this->contenttype)) {
header("Content-Type: {$this->contenttype}; charset=utf-8");
}
if (!empty($this->body)) {
echo $this->body;
}
} else if ($this->code >= 400) {
header("Content-Type: application/json; charset=utf-8");
$body = new \stdClass();
$body->status = $this->code;
$body->reason = $this->get_reason();
$body->request = new \stdClass();
$body->request->method = $_SERVER['REQUEST_METHOD'];
$body->request->url = $_SERVER['REQUEST_URI'];
if (isset($_SERVER['HTTP_ACCEPT'])) {
$body->request->accept = $_SERVER['HTTP_ACCEPT'];
}
if (isset($_SERVER['CONTENT_TYPE'])) {
$body->request->contentType = explode(';', $_SERVER['CONTENT_TYPE'], 2)[0];
}
echo json_encode($body, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES);
}
}
}
@@ -0,0 +1,548 @@
<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
/**
* This file contains an abstract definition of an LTI service
*
* @package mod_lti
* @copyright 2014 Vital Source Technologies http://vitalsource.com
* @author Stephen Vickers
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
namespace mod_lti\local\ltiservice;
defined('MOODLE_INTERNAL') || die();
global $CFG;
require_once($CFG->dirroot . '/mod/lti/locallib.php');
require_once($CFG->dirroot . '/mod/lti/OAuthBody.php');
// TODO: Switch to core oauthlib once implemented - MDL-30149.
use moodle\mod\lti as lti;
use stdClass;
/**
* The mod_lti\local\ltiservice\service_base class.
*
* @package mod_lti
* @since Moodle 2.8
* @copyright 2014 Vital Source Technologies http://vitalsource.com
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
abstract class service_base {
/** Label representing an LTI 2 message type */
const LTI_VERSION2P0 = 'LTI-2p0';
/** Service enabled */
const SERVICE_ENABLED = 1;
/** @var string ID for the service. */
protected $id;
/** @var string Human readable name for the service. */
protected $name;
/** @var boolean <code>true</code> if requests for this service do not need to be signed. */
protected $unsigned;
/** @var stdClass Tool proxy object for the current service request. */
private $toolproxy;
/** @var stdClass LTI type object for the current service request. */
private $type;
/** @var array LTI type config array for the current service request. */
private $typeconfig;
/** @var array Instances of the resources associated with this service. */
protected $resources;
/**
* Class constructor.
*/
public function __construct() {
$this->id = null;
$this->name = null;
$this->unsigned = false;
$this->toolproxy = null;
$this->type = null;
$this->typeconfig = null;
$this->resources = null;
}
/**
* Get the service ID.
*
* @return string
*/
public function get_id() {
return $this->id;
}
/**
* Get the service compoent ID.
*
* @return string
*/
public function get_component_id() {
return 'ltiservice_' . $this->id;
}
/**
* Get the service name.
*
* @return string
*/
public function get_name() {
return $this->name;
}
/**
* Get whether the service requests need to be signed.
*
* @return boolean
*/
public function is_unsigned() {
return $this->unsigned;
}
/**
* Get the tool proxy object.
*
* @return stdClass
*/
public function get_tool_proxy() {
return $this->toolproxy;
}
/**
* Set the tool proxy object.
*
* @param object $toolproxy The tool proxy for this service request
*
* @var stdClass
*/
public function set_tool_proxy($toolproxy) {
$this->toolproxy = $toolproxy;
}
/**
* Get the type object.
*
* @return stdClass
*/
public function get_type() {
return $this->type;
}
/**
* Set the LTI type object.
*
* @param object $type The LTI type for this service request
*
* @var stdClass
*/
public function set_type($type) {
$this->type = $type;
}
/**
* Get the type config array.
*
* @return array|null
*/
public function get_typeconfig() {
return $this->typeconfig;
}
/**
* Set the LTI type config object.
*
* @param array $typeconfig The LTI type config for this service request
*
* @var array
*/
public function set_typeconfig($typeconfig) {
$this->typeconfig = $typeconfig;
}
/**
* Get the resources for this service.
*
* @return resource_base[]
*/
abstract public function get_resources();
/**
* Get the scope(s) permitted for this service in the context of a particular tool type.
*
* A null value indicates that no scopes are required to access the service.
*
* @return array|null
*/
public function get_permitted_scopes() {
return null;
}
/**
* Get the scope(s) permitted for this service.
*
* A null value indicates that no scopes are required to access the service.
*
* @return array|null
*/
public function get_scopes() {
return null;
}
/**
* Returns the configuration options for this service.
*
* @param \MoodleQuickForm $mform Moodle quickform object definition
*/
public function get_configuration_options(&$mform) {
}
/**
* Called when a new LTI Instance is added.
*
* @param object $lti LTI Instance.
*/
public function instance_added(object $lti): void {
}
/**
* Called when a new LTI Instance is updated.
*
* @param object $lti LTI Instance.
*/
public function instance_updated(object $lti): void {
}
/**
* Called when the launch data is created, offering a possibility to alter the
* target link URI.
*
* @param string $messagetype message type for this launch
* @param string $targetlinkuri current target link uri
* @param null|string $customstr concatenated list of custom parameters
* @param int $courseid
* @param null|object $lti LTI Instance.
*
* @return array containing the target link URL and the custom params string to use.
*/
public function override_endpoint(string $messagetype, string $targetlinkuri,
?string $customstr, int $courseid, ?object $lti = null): array {
return [$targetlinkuri, $customstr];
}
/**
* Called when a new LTI Instance is deleted.
*
* @param int $id LTI Instance.
*/
public function instance_deleted(int $id): void {
}
/**
* Set the form data when displaying the LTI Instance form.
*
* @param object $defaultvalues Default form values.
*/
public function set_instance_form_values(object $defaultvalues): void {
}
/**
* Return an array with the names of the parameters that the service will be saving in the configuration
*
* @return array Names list of the parameters that the service will be saving in the configuration
* @deprecated since Moodle 3.7 - please do not use this function any more.
*/
public function get_configuration_parameter_names() {
debugging('get_configuration_parameter_names() has been deprecated.', DEBUG_DEVELOPER);
return array();
}
/**
* Default implementation will check for the existence of at least one mod_lti entry for that tool and context.
*
* It may be overridden if other inferences can be done.
*
* Ideally a Site Tool should be explicitly engaged with a course, the check on the presence of a link is a proxy
* to infer a Site Tool engagement until an explicit Site Tool - Course relationship exists.
*
* @param int $typeid The tool lti type id.
* @param int $courseid The course id.
* @return bool returns True if tool is used in context, false otherwise.
*/
public function is_used_in_context($typeid, $courseid) {
global $DB;
$ok = $DB->record_exists('lti', array('course' => $courseid, 'typeid' => $typeid));
return $ok || $DB->record_exists('lti_types', array('course' => $courseid, 'id' => $typeid));
}
/**
* Checks if there is a site tool or a course tool for this site.
*
* @param int $typeid The tool lti type id.
* @param int $courseid The course id.
* @return bool returns True if tool is allowed in context, false otherwise.
*/
public function is_allowed_in_context($typeid, $courseid) {
global $DB;
// Check if it is a Course tool for this course or a Site tool.
$type = $DB->get_record('lti_types', array('id' => $typeid));
return $type && ($type->course == $courseid || $type->course == SITEID);
}
/**
* Return an array of key/values to add to the launch parameters.
*
* @param string $messagetype 'basic-lti-launch-request' or 'ContentItemSelectionRequest'.
* @param string $courseid The course id.
* @param string $userid The user id.
* @param string $typeid The tool lti type id.
* @param string $modlti The id of the lti activity.
*
* The type is passed to check the configuration and not return parameters for services not used.
*
* @return array Key/value pairs to add as launch parameters.
*/
public function get_launch_parameters($messagetype, $courseid, $userid, $typeid, $modlti = null) {
return array();
}
/**
* Return an array of key/claim mapping allowing LTI 1.1 custom parameters
* to be transformed to LTI 1.3 claims.
*
* @return array Key/value pairs of params to claim mapping.
*/
public function get_jwt_claim_mappings(): array {
return [];
}
/**
* Get the path for service requests.
*
* @return string
*/
public static function get_service_path() {
$url = new \moodle_url('/mod/lti/services.php');
return $url->out(false);
}
/**
* Parse a string for custom substitution parameter variables supported by this service's resources.
*
* @param string $value Value to be parsed
*
* @return string
*/
public function parse_value($value) {
if (empty($this->resources)) {
$this->resources = $this->get_resources();
}
if (!empty($this->resources)) {
foreach ($this->resources as $resource) {
$value = $resource->parse_value($value);
}
}
return $value;
}
/**
* Check that the request has been properly signed and is permitted.
*
* @param string $typeid LTI type ID
* @param string $body Request body (null if none)
* @param string[] $scopes Array of required scope(s) for incoming request
*
* @return boolean
*/
public function check_tool($typeid, $body = null, $scopes = null) {
$ok = true;
$toolproxy = null;
$consumerkey = lti\get_oauth_key_from_headers($typeid, $scopes);
if ($consumerkey === false) {
$ok = $this->is_unsigned();
} else {
if (empty($typeid) && is_int($consumerkey)) {
$typeid = $consumerkey;
}
if (!empty($typeid)) {
$this->type = lti_get_type($typeid);
$this->typeconfig = lti_get_type_config($typeid);
$ok = !empty($this->type->id);
if ($ok && !empty($this->type->toolproxyid)) {
$this->toolproxy = lti_get_tool_proxy($this->type->toolproxyid);
}
} else {
$toolproxy = lti_get_tool_proxy_from_guid($consumerkey);
if ($toolproxy !== false) {
$this->toolproxy = $toolproxy;
}
}
}
if ($ok && is_string($consumerkey)) {
if (!empty($this->toolproxy)) {
$key = $this->toolproxy->guid;
$secret = $this->toolproxy->secret;
} else {
$key = $this->typeconfig['resourcekey'];
$secret = $this->typeconfig['password'];
}
if (!$this->is_unsigned() && ($key == $consumerkey)) {
$ok = $this->check_signature($key, $secret, $body);
} else {
$ok = $this->is_unsigned();
}
}
return $ok;
}
/**
* Check that the request has been properly signed.
*
* @param string $toolproxyguid Tool Proxy GUID
* @param string $body Request body (null if none)
*
* @return boolean
* @deprecated since Moodle 3.7 MDL-62599 - please do not use this function any more.
* @see service_base::check_tool()
*/
public function check_tool_proxy($toolproxyguid, $body = null) {
debugging('check_tool_proxy() is deprecated to allow LTI 1 connections to support services. ' .
'Please use service_base::check_tool() instead.', DEBUG_DEVELOPER);
$ok = false;
$toolproxy = null;
$consumerkey = lti\get_oauth_key_from_headers();
if (empty($toolproxyguid)) {
$toolproxyguid = $consumerkey;
}
if (!empty($toolproxyguid)) {
$toolproxy = lti_get_tool_proxy_from_guid($toolproxyguid);
if ($toolproxy !== false) {
if (!$this->is_unsigned() && ($toolproxy->guid == $consumerkey)) {
$ok = $this->check_signature($toolproxy->guid, $toolproxy->secret, $body);
} else {
$ok = $this->is_unsigned();
}
}
}
if ($ok) {
$this->toolproxy = $toolproxy;
}
return $ok;
}
/**
* Check that the request has been properly signed.
*
* @param int $typeid The tool id
* @param int $courseid The course we are at
* @param string $body Request body (null if none)
*
* @return bool
* @deprecated since Moodle 3.7 MDL-62599 - please do not use this function any more.
* @see service_base::check_tool()
*/
public function check_type($typeid, $courseid, $body = null) {
debugging('check_type() is deprecated to allow LTI 1 connections to support services. ' .
'Please use service_base::check_tool() instead.', DEBUG_DEVELOPER);
$ok = false;
$tool = null;
$consumerkey = lti\get_oauth_key_from_headers();
if (empty($typeid)) {
return $ok;
} else if ($this->is_allowed_in_context($typeid, $courseid)) {
$tool = lti_get_type_type_config($typeid);
if ($tool !== false) {
if (!$this->is_unsigned() && ($tool->lti_resourcekey == $consumerkey)) {
$ok = $this->check_signature($tool->lti_resourcekey, $tool->lti_password, $body);
} else {
$ok = $this->is_unsigned();
}
}
}
return $ok;
}
/**
* Check the request signature.
*
* @param string $consumerkey Consumer key
* @param string $secret Shared secret
* @param string $body Request body
*
* @return boolean
*/
private function check_signature($consumerkey, $secret, $body) {
$ok = true;
try {
// TODO: Switch to core oauthlib once implemented - MDL-30149.
lti\handle_oauth_body_post($consumerkey, $secret, $body);
} catch (\Exception $e) {
debugging($e->getMessage() . "\n");
$ok = false;
}
return $ok;
}
}