Proyectos de Subversion Moodle

Rev

| Ultima modificación | Ver Log |

Rev Autor Línea Nro. Línea
1 efrain 1 
<?php
2 
// This file is part of Moodle - http://moodle.org/
3 
//
4 
// Moodle is free software: you can redistribute it and/or modify
5 
// it under the terms of the GNU General Public License as published by
6 
// the Free Software Foundation, either version 3 of the License, or
7 
// (at your option) any later version.
8 
//
9 
// Moodle is distributed in the hope that it will be useful,
10 
// but WITHOUT ANY WARRANTY; without even the implied warranty of
11 
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
12 
// GNU General Public License for more details.
13 
//
14 
// You should have received a copy of the GNU General Public License
15 
// along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
16 
 
17 
/**
18 
 * LTI 1.3 login endpoint.
19 
 *
20 
 * See: http://www.imsglobal.org/spec/security/v1p0/#step-1-third-party-initiated-login
21 
 *
22 
 * This must support both POST and GET methods, as per the spec.
23 
 *
24 
 * @package    enrol_lti
25 
 * @copyright  2021 Jake Dallimore <jrhdallimore@gmail.com
26 
 * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
27 
 */
28 
 
29 
use auth_lti\local\ltiadvantage\utility\cookie_helper;
30 
use enrol_lti\local\ltiadvantage\lib\lti_cookie;
31 
use enrol_lti\local\ltiadvantage\lib\issuer_database;
32 
use enrol_lti\local\ltiadvantage\lib\launch_cache_session;
33 
use enrol_lti\local\ltiadvantage\repository\application_registration_repository;
34 
use enrol_lti\local\ltiadvantage\repository\deployment_repository;
35 
use Packback\Lti1p3\LtiOidcLogin;
36 
 
37 
require_once(__DIR__."/../../config.php");
38 
 
39 
// Required fields for OIDC 3rd party initiated login.
40 
// See http://www.imsglobal.org/spec/security/v1p0/#step-1-third-party-initiated-login.
41 
// Validate these here, despite further validation in the LTI 1.3 library.
42 
$iss = required_param('iss', PARAM_URL); // Issuer URI of the calling platform.
43 
$loginhint = required_param('login_hint', PARAM_RAW); // Platform ID for the person to login.
44 
$targetlinkuri = required_param('target_link_uri', PARAM_URL); // The took launch URL.
45 
 
46 
// Optional lti_message_hint. See https://www.imsglobal.org/spec/lti/v1p3#additional-login-parameters-0.
47 
// If found, this must be returned unmodified to the platform.
48 
$ltimessagehint = optional_param('lti_message_hint', null, PARAM_RAW);
49 
 
50 
// The target_link_uri param should contain the endpoint that will be executed at the end of the OIDC login process.
51 
// In Moodle, this will either be:
52 
// - enrol/lti/launch.php endpoint (for regular resource link launches) or
53 
// - enrol/lti/launch_deeplink.php endpoint (for deep linking launches)
54 
// Thus, the target_link_uri signifies intent to perform a certain launch type. It can be used to generate the
55 
// redirect_uri param for the auth request but must first be verified, as it is unsigned data at this stage.
56 
// See here: https://www.imsglobal.org/spec/lti/v1p3/impl#verify-the-target_link_uri.
57 
//
58 
// Also note that final redirection to the resource (after the login process is complete) should rely on the
59 
// https://purl.imsglobal.org/spec/lti/claim/target_link_uri claim instead of the target_link_uri value provided here.
60 
// See here: http://www.imsglobal.org/spec/lti/v1p3/#target-link-uri.
61 
$validuris = [
62 
    (new moodle_url('/enrol/lti/launch.php'))->out(false), // Resource link launches.
63 
    (new moodle_url('/enrol/lti/launch_deeplink.php'))->out(false) // Deep linking launches.
64 
];
65 
 
66 
// This code verifies the target_link_uri. Only two values are permitted (see endpoints listed above).
67 
if (!in_array($targetlinkuri, $validuris)) {
68 
    $msg = 'The target_link_uri param must match one of the redirect URIs set during tool registration.';
69 
    throw new coding_exception($msg);
70 
}
71 
 
72 
// Because client_id is optional, this endpoint receives a param 'id', a unique id generated when creating the registration.
73 
// A registration can thus be located by either the tuple {iss, client_id} (if client_id is provided), or by the tuple {iss, id},
74 
// (if client_id is not provided). See https://www.imsglobal.org/spec/lti/v1p3/#client_id-login-parameter.
75 
global $_REQUEST;
76 
if (empty($_REQUEST['client_id']) && !empty($_REQUEST['id'])) {
77 
    $_REQUEST['client_id'] = $_REQUEST['id'];
78 
}
79 
 
80 
// Before beginning the OIDC authentication, ensure the MoodleSession cookie can be used. Browser-specific steps may need to be
81 
// taken to set cookies in 3rd party contexts. Skip the check if the user is already auth'd. This means that either cookies aren't
82 
// an issue in the current browser/launch context.
83 
if (!isloggedin()) {
84 
    cookie_helper::do_cookie_check(new moodle_url('/enrol/lti/login.php', [
85 
        'iss' => $iss,
86 
        'login_hint' => $loginhint,
87 
        'target_link_uri' => $targetlinkuri,
88 
        'lti_message_hint' => $ltimessagehint,
89 
        'client_id' => $_REQUEST['client_id'],
90 
    ]));
91 
    if (!cookie_helper::cookies_supported()) {
92 
        global $OUTPUT, $PAGE;
93 
        $PAGE->set_context(context_system::instance());
94 
        $PAGE->set_url(new moodle_url('/enrol/lti/login.php'));
95 
        $PAGE->set_pagelayout('popup');
96 
        echo $OUTPUT->header();
97 
        $renderer = $PAGE->get_renderer('enrol_lti');
98 
        echo $renderer->render_cookies_required_notice();
99 
        echo $OUTPUT->footer();
100 
        die();
101 
    }
102 
}
103 
 
104 
// Now, do the OIDC login.
105 
$redirecturl = LtiOidcLogin::new(
106 
    new issuer_database(new application_registration_repository(), new deployment_repository()),
107 
    new launch_cache_session(),
108 
    new lti_cookie()
109 
)->getRedirectUrl($targetlinkuri, $_REQUEST);
110 
 
111 
redirect($redirecturl);