| 1 |
efrain |
1 |
<?php
|
|
|
2 |
// This file is part of Moodle - http://moodle.org/
|
|
|
3 |
//
|
|
|
4 |
// Moodle is free software: you can redistribute it and/or modify
|
|
|
5 |
// it under the terms of the GNU General Public License as published by
|
|
|
6 |
// the Free Software Foundation, either version 3 of the License, or
|
|
|
7 |
// (at your option) any later version.
|
|
|
8 |
//
|
|
|
9 |
// Moodle is distributed in the hope that it will be useful,
|
|
|
10 |
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
11 |
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
12 |
// GNU General Public License for more details.
|
|
|
13 |
//
|
|
|
14 |
// You should have received a copy of the GNU General Public License
|
|
|
15 |
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
|
|
|
16 |
|
|
|
17 |
/**
|
|
|
18 |
* Handles LTI 1.3 resource link launches.
|
|
|
19 |
*
|
|
|
20 |
* See enrol/lti/launch_deeplink.php for deep linking launches.
|
|
|
21 |
*
|
|
|
22 |
* There are 2 pathways through this page:
|
|
|
23 |
* 1. When first making a resource linking launch from the platform. The launch data is cached at this point, pending user
|
|
|
24 |
* authentication, and the page is set such that the post-authentication redirect will return here.
|
|
|
25 |
* 2. The post-authentication redirect. The launch data is fetched from the session launch cache, and the resource is displayed.
|
|
|
26 |
*
|
|
|
27 |
* @package enrol_lti
|
|
|
28 |
* @copyright 2021 Jake Dallimore <jrhdallimore@gmail.com>
|
|
|
29 |
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
|
|
|
30 |
*/
|
|
|
31 |
|
|
|
32 |
use core\http_client;
|
|
|
33 |
use enrol_lti\local\ltiadvantage\lib\lti_cookie;
|
|
|
34 |
use enrol_lti\local\ltiadvantage\lib\issuer_database;
|
|
|
35 |
use enrol_lti\local\ltiadvantage\lib\launch_cache_session;
|
|
|
36 |
use enrol_lti\local\ltiadvantage\repository\application_registration_repository;
|
|
|
37 |
use enrol_lti\local\ltiadvantage\repository\context_repository;
|
|
|
38 |
use enrol_lti\local\ltiadvantage\repository\deployment_repository;
|
|
|
39 |
use enrol_lti\local\ltiadvantage\repository\legacy_consumer_repository;
|
|
|
40 |
use enrol_lti\local\ltiadvantage\repository\resource_link_repository;
|
|
|
41 |
use enrol_lti\local\ltiadvantage\repository\user_repository;
|
|
|
42 |
use enrol_lti\local\ltiadvantage\service\tool_launch_service;
|
|
|
43 |
use enrol_lti\local\ltiadvantage\utility\message_helper;
|
|
|
44 |
use Packback\Lti1p3\LtiMessageLaunch;
|
|
|
45 |
use Packback\Lti1p3\LtiServiceConnector;
|
|
|
46 |
|
|
|
47 |
require_once(__DIR__ . '/../../config.php');
|
|
|
48 |
global $CFG;
|
|
|
49 |
require_once($CFG->libdir . '/filelib.php');
|
|
|
50 |
|
|
|
51 |
$idtoken = optional_param('id_token', null, PARAM_RAW);
|
|
|
52 |
$launchid = optional_param('launchid', null, PARAM_RAW);
|
|
|
53 |
|
|
|
54 |
if (!is_enabled_auth('lti')) {
|
|
|
55 |
throw new moodle_exception('pluginnotenabled', 'auth', '', get_string('pluginname', 'auth_lti'));
|
|
|
56 |
}
|
|
|
57 |
if (!enrol_is_enabled('lti')) {
|
|
|
58 |
throw new moodle_exception('enrolisdisabled', 'enrol_lti');
|
|
|
59 |
}
|
|
|
60 |
if (empty($idtoken) && empty($launchid)) {
|
|
|
61 |
throw new coding_exception('Error: launch requires id_token');
|
|
|
62 |
}
|
|
|
63 |
|
|
|
64 |
// Support caching the launch and retrieving it after the account binding process described in auth::complete_login().
|
|
|
65 |
$sesscache = new launch_cache_session();
|
|
|
66 |
$issdb = new issuer_database(new application_registration_repository(), new deployment_repository());
|
|
|
67 |
$cookie = new lti_cookie();
|
|
|
68 |
$serviceconnector = new LtiServiceConnector($sesscache, new http_client());
|
|
|
69 |
if ($idtoken) {
|
|
|
70 |
$messagelaunch = LtiMessageLaunch::new($issdb, $sesscache, $cookie, $serviceconnector)
|
|
|
71 |
->initialize($_POST);
|
|
|
72 |
}
|
|
|
73 |
if ($launchid) {
|
|
|
74 |
$messagelaunch = LtiMessageLaunch::fromCache($launchid, $issdb, $sesscache, $cookie, $serviceconnector);
|
|
|
75 |
}
|
|
|
76 |
if (empty($messagelaunch)) {
|
|
|
77 |
throw new moodle_exception('Bad launch. Message launch data could not be found');
|
|
|
78 |
}
|
|
|
79 |
|
|
|
80 |
// Authenticate the platform user, which could be an instructor, an admin or a learner.
|
|
|
81 |
// Auth code needs to be told about consumer secrets for the purposes of migration, since these reside in enrol_lti.
|
|
|
82 |
$launchdata = $messagelaunch->getLaunchData();
|
|
|
83 |
if (!empty($launchdata['https://purl.imsglobal.org/spec/lti/claim/lti1p1']['oauth_consumer_key'])) {
|
|
|
84 |
$legacyconsumerrepo = new legacy_consumer_repository();
|
|
|
85 |
$legacyconsumersecrets = $legacyconsumerrepo->get_consumer_secrets(
|
|
|
86 |
$launchdata['https://purl.imsglobal.org/spec/lti/claim/lti1p1']['oauth_consumer_key']
|
|
|
87 |
);
|
|
|
88 |
}
|
|
|
89 |
|
|
|
90 |
// To authenticate, we need the resource's account provisioning mode for the given LTI role.
|
|
|
91 |
if (empty($launchdata['https://purl.imsglobal.org/spec/lti/claim/custom']['id'])) {
|
|
|
92 |
throw new \moodle_exception('ltiadvlauncherror:missingid', 'enrol_lti');
|
|
|
93 |
}
|
|
|
94 |
$resourceuuid = $launchdata['https://purl.imsglobal.org/spec/lti/claim/custom']['id'];
|
|
|
95 |
$resource = array_values(\enrol_lti\helper::get_lti_tools(['uuid' => $resourceuuid]));
|
|
|
96 |
$resource = $resource[0] ?? null;
|
|
|
97 |
if (empty($resource) || $resource->status != ENROL_INSTANCE_ENABLED) {
|
|
|
98 |
throw new \moodle_exception('ltiadvlauncherror:invalidid', 'enrol_lti', '', $resourceuuid);
|
|
|
99 |
}
|
|
|
100 |
|
|
|
101 |
$provisioningmode = message_helper::is_instructor_launch($launchdata) ? $resource->provisioningmodeinstructor
|
|
|
102 |
: $resource->provisioningmodelearner;
|
|
|
103 |
$auth = get_auth_plugin('lti');
|
|
|
104 |
$auth->complete_login(
|
|
|
105 |
$messagelaunch->getLaunchData(),
|
|
|
106 |
new moodle_url('/enrol/lti/launch.php', ['launchid' => $messagelaunch->getLaunchId()]),
|
|
|
107 |
$provisioningmode,
|
|
|
108 |
$legacyconsumersecrets ?? []
|
|
|
109 |
);
|
|
|
110 |
|
|
|
111 |
global $USER, $CFG, $PAGE;
|
|
|
112 |
// Page URL must be set before the require_login check, so that things like policies can redirect back with the launchid.
|
|
|
113 |
$PAGE->set_url(new moodle_url('/enrol/lti/launch.php'), ['launchid' => $messagelaunch->getLaunchId()]);
|
|
|
114 |
|
|
|
115 |
require_login(null, false);
|
|
|
116 |
$PAGE->set_context(context_system::instance());
|
|
|
117 |
$PAGE->set_pagelayout('popup'); // Same layout as the tool.php page in Legacy 1.1/2.0 launches.
|
|
|
118 |
$PAGE->set_title(get_string('opentool', 'enrol_lti'));
|
|
|
119 |
|
|
|
120 |
$toollaunchservice = new tool_launch_service(
|
|
|
121 |
new deployment_repository(),
|
|
|
122 |
new application_registration_repository(),
|
|
|
123 |
new resource_link_repository(),
|
|
|
124 |
new user_repository(),
|
|
|
125 |
new context_repository()
|
|
|
126 |
);
|
|
|
127 |
[$userid, $resource] = $toollaunchservice->user_launches_tool($USER, $messagelaunch);
|
|
|
128 |
|
|
|
129 |
$context = context::instance_by_id($resource->contextid);
|
|
|
130 |
if ($context->contextlevel == CONTEXT_COURSE) {
|
|
|
131 |
$courseid = $context->instanceid;
|
|
|
132 |
$redirecturl = new moodle_url('/course/view.php', ['id' => $courseid]);
|
|
|
133 |
} else if ($context->contextlevel == CONTEXT_MODULE) {
|
|
|
134 |
$cm = get_coursemodule_from_id(false, $context->instanceid, 0, false, MUST_EXIST);
|
|
|
135 |
$redirecturl = new moodle_url('/mod/' . $cm->modname . '/view.php', ['id' => $cm->id]);
|
|
|
136 |
} else {
|
|
|
137 |
throw new moodle_exception('invalidcontext');
|
|
|
138 |
}
|
|
|
139 |
|
|
|
140 |
if (empty($CFG->allowframembedding)) {
|
|
|
141 |
$stropentool = get_string('opentool', 'enrol_lti');
|
|
|
142 |
echo html_writer::tag('p', get_string('frameembeddingnotenabled', 'enrol_lti'));
|
|
|
143 |
echo html_writer::link($redirecturl, $stropentool, ['target' => '_blank']);
|
|
|
144 |
} else {
|
|
|
145 |
redirect($redirecturl);
|
|
|
146 |
}
|