WebSVN – Moodle – Diff – /mod/lti/locallib.php

     try {
         if (empty($keyset)) {
             throw new moodle_exception('errornocachedkeysetfound', 'mod_lti');
+        }
         $keysetarr = json_decode($keyset, true);
-        // JWK::parseKeySet uses RS256 algorithm by default.
         $keys = JWK::parseKeySet($keysetarr);
         $jwt = JWT::decode($jwtparam, $keys);
     } catch (Exception $e) {
         // Something went wrong, so attempt to update cached keyset and then try again.
         $keyset = download_file_content($keyseturl);
         $keysetarr = json_decode($keyset, true);
+        // Fix for firebase/php-jwt's dependency on the optional 'alg' property in the JWK.
+        // The fix_jwks_alg() call only fixes a single, matched key and will leave others present (which may be missing alg too),
-        // Fix for firebase/php-jwt's dependency on the optional 'alg' property in the JWK.
+        // Remaining keys missing alg are excluded since they cannot be used for decoding anyway (no match to JWT kid).
+        $keysetarr = jwks_helper::fix_jwks_alg($keysetarr, $jwtparam);
-        $keysetarr = jwks_helper::fix_jwks_alg($keysetarr, $jwtparam);
+        $keysetarr['keys'] = array_filter($keysetarr['keys'], fn($key) => isset($key['alg']));
         // JWK::parseKeySet uses RS256 algorithm by default.
         $keys = JWK::parseKeySet($keysetarr);
+    }
     // If it has xml at the end of the url, it's a cartridge.
     if (preg_match('/\.xml$/', $url)) {
         return true;
+    }
+    // Skip slow cartridge checks during tests.
+    // During tests, working .xml cartridge URLs are used when testing cartridge support. These will match the '.xml' check
+    // above (which is fast). Don't try to check whether other tool URLs are cartridges because most URLs used in tests will be
+    // example URLs and won't be resolvable, resulting in network hangs within load_cartridge() - which is called every time a
+    // tool is edited and will result in slow tests or seemingly random test failures.
+    if (!defined('BEHAT_SITE_RUNNING') && !defined('PHPUNIT_TEST')) {
-    // Even if it doesn't have .xml, load the url to check if it's a cartridge..
+        // Even if it doesn't have .xml, load the url to check if it's a cartridge..
-    try {
+        try {
-        $toolinfo = lti_load_cartridge($url,
+            $toolinfo = lti_load_cartridge($url,
-            array(
+                array(
-                "launch_url" => "launchurl"
+                    "launch_url" => "launchurl"
-            )
+                )
-        );
+            );
-        if (!empty($toolinfo['launchurl'])) {
+            if (!empty($toolinfo['launchurl'])) {
-            return true;
+                return true;
+            }
+        } catch (moodle_exception $e) {
+            return false; // Error loading the xml, so it's not a cartridge.
+        }
-    } catch (moodle_exception $e) {
-        return false; // Error loading the xml, so it's not a cartridge.
+    }
     return false;
+}
     $newtoken->lastaccess = null;
     $DB->insert_record('lti_access_tokens', $newtoken);
-    return $newtoken;
-}
-/**
- * Wrapper for function libxml_disable_entity_loader() deprecated in PHP 8
- *
- * Method was deprecated in PHP 8 and it shows deprecation message. However it is still
- * required in the previous versions on PHP. While Moodle supports both PHP 7 and 8 we need to keep it.
- * @see https://php.watch/versions/8.0/libxml_disable_entity_loader-deprecation
- *
- * @param bool $value
- * @return bool
- *
- * @deprecated since Moodle 4.3
- */
-function lti_libxml_disable_entity_loader(bool $value): bool {
     debugging(__FUNCTION__ . '() is deprecated, please do not use it any more', DEBUG_DEVELOPER);

Proyectos de Subversion Moodle

(root)/mod/lti/locallib.php – Rev 11 → 1441