--- loncom/interface/lonexttool.pm 2017/11/30 01:52:14 1.5 +++ loncom/interface/lonexttool.pm 2017/11/30 02:17:50 1.6 @@ -1,7 +1,7 @@ # The LearningOnline Network with CAPA # Launch External Tool Provider (LTI) # -# $Id: lonexttool.pm,v 1.5 2017/11/30 01:52:14 raeburn Exp $ +# $Id: lonexttool.pm,v 1.6 2017/11/30 02:17:50 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -46,6 +46,7 @@ use Apache::Constants qw(:common :http); use Net::OAuth; use Encode; use Digest::SHA; +use UUID::Tiny ':std'; use HTML::Entities; use Apache::lonlocal; use Apache::lonnet; @@ -94,9 +95,10 @@ sub handler { if ($r->uri eq "/adm/$cdom/$cnum/$marker/$exttool") { my %toolsettings=&Apache::lonnet::dump('exttool_'.$marker,$cdom,$cnum); if ($toolsettings{'id'}) { + my $idx = $toolsettings{'id'}; my %ltitools = &Apache::lonnet::get_domain_ltitools($cdom); - if (ref($ltitools{$toolsettings{'id'}}) eq 'HASH') { - my %toolhash = %{$ltitools{$toolsettings{'id'}}}; + if (ref($ltitools{$idx}) eq 'HASH') { + my %toolhash = %{$ltitools{$idx}}; $toolhash{'display'} = { target => $toolsettings{'target'}, width => $toolsettings{'width'}, @@ -106,12 +108,25 @@ sub handler { $toolhash{'crstitle'} = $toolsettings{'crstitle'}; $toolhash{'crsappend'} = $toolsettings{'crsappend'}; $is_tool = 1; + my $launchok = 1; if ($target eq 'tex') { $r->print(&mt('External Tool')); } else { + my $now = time; + if ($toolhash{'passback'}) { + unless (&set_callback_secret($cdom,$cnum,$marker,'grade',$now, + \%toolsettings,\%toolhash) eq 'ok') { + undef($launchok); + } + } + if ($toolhash{'roster'}) { + &set_callback_secret($cdom,$cnum,$marker,'roster',$now, + \%toolsettings,\%toolhash); + } my $submittext = &mt('Launch [_1]',$toolhash{'title'}); - if (($toolhash{'key'} ne '') && ($toolhash{'secret'} ne '') && ($toolhash{'url'} ne '')) { - my %lti = <i_params($r,$cnum,$cdom,$submittext,\%toolhash); + if (($toolhash{'key'} ne '') && ($toolhash{'secret'} ne '') && + ($toolhash{'url'} ne '') && ($launchok)) { + my %lti = <i_params($r,$cnum,$cdom,$idx,$submittext,\%toolhash); my $url = $toolhash{'url'}; if ($toolhash{'crsappend'} ne '') { $url .= $toolhash{'crsappend'}; @@ -135,15 +150,66 @@ sub handler { return OK; } +sub set_callback_secret { + my ($cdom,$cnum,$marker,$name,$now,$toolsettings,$toolhash) = @_; + return unless ((ref($toolsettings) eq 'HASH') && (ref($toolhash) eq 'HASH')); + my $warning; + my ($needsnew,$oldsecret,$lifetime); + if ($name eq 'grade') { + $lifetime = $toolhash->{'passbackvalid'} + } elsif ($name eq 'roster') { + $lifetime = $toolhash->{'rostervalid'}; + } + if ($toolsettings->{$name} eq '') { + $needsnew = 1; + } elsif (($toolsettings->{$name.'date'} + $lifetime) < $now) { + $oldsecret = $toolsettings->{$name.'secret'}; + $needsnew = 1; + } + if ($needsnew) { + if (&get_tool_lock($cdom,$cnum,$marker,$now) eq 'ok') { + my $secret = UUID::Tiny::create_uuid_as_string(UUID_V4); + $toolhash->{$name.'secret'} = $secret; + my %secrethash = ( + $name.'secret' => $secret, + $name.'secretdate' => $now, + ); + if ($oldsecret ne '') { + $secrethash{'old'.$name.'secret'} = $oldsecret; + } + my $putres = &Apache::lonnet::put('exttool_'.$marker, + \%secrethash,$cdom,$cnum); + my $delresult = &release_tool_lock($cdom,$cnum,$marker); + if ($delresult ne 'ok') { + $warning = $delresult ; + } + if ($putres eq 'ok') { + return 'ok'; + } + } else { + $warning = ''. + &mt('Could not obtain exclusive lock'). + ''; + } + } else { + $toolhash->{$name.'secret'} = $toolsettings->{$name.'secret'}; + return 'ok'; + } + return; +} + sub lti_params { - my ($r,$cnum,$cdom,$submittext,$toolsref) = @_; + my ($r,$cnum,$cdom,$idx,$submittext,$toolsref) = @_; my ($version,$context_type,$msgtype,$toolname,$passback,$roster,$locale, - $crslabel,$crstitle,%fields,%rolesmap,%display,%custom,@userlangs); + $crslabel,$crstitle,$gradesecret,$rostersecret,%fields,%rolesmap, + %display,%custom,@userlangs); if (ref($toolsref) eq 'HASH') { $version = $toolsref->{'version'}; $toolname = $toolsref->{'title'}; $passback = $toolsref->{'passback'}; + $gradesecret = $toolsref->{'gradesecret'}; $roster = $toolsref->{'roster'}; + $rostersecret = $toolsref->{'rostersecret'}; $msgtype = $toolsref->{'messagetype'}; if (ref($toolsref->{'fields'}) eq 'HASH') { %fields = %{$toolsref->{'fields'}}; @@ -247,18 +313,42 @@ sub lti_params { my $crsprotocol = $Apache::lonnet::protocol{$crshome}; unless ($crsprotocol eq 'https') { $crsprotocol = 'http'; - } - if ($passback) { - if ($ltirole eq 'Learner') { + } + if (($passback) || ($roster)) { + if ($passback) { $ltiparams{'lis_outcome_service_url'} = $crsprotocol.'//'.$crshostname.'/adm/service/passback'; $ltiparams{'ext_ims_lis_basic_outcome_url'} = $ltiparams{'lis_outcome_service_url'}; - $ltiparams{'lis_result_sourcedid'} = ''; #FIXME + if ($gradesecret) { + my $result_sig = + Digest::SHA::sha1_hex($gradesecret.':::'.$digest_symb.':::'.$digest_user.':::'.$env{'request.course.id'}); + $ltiparams{'lis_result_sourcedid'} = + $result_sig.':::'.$digest_symb.':::'.$digest_user.':::'.$env{'request.course.id'}; + } } - } - if ($roster) { - if (&Apache::lonnet::allowed('opa',$env{'request.course.id'})) { - $ltiparams{'ext_ims_lis_memberships_url'} = $crsprotocol.'//'.$crshostname.'/adm/service/roster'; - $ltiparams{'ext_ims_lis_memberships_id'} = ''; #FIXME + if ($roster) { + if (&Apache::lonnet::allowed('opa',$env{'request.course.id'})) { + $ltiparams{'ext_ims_lis_memberships_url'} = $crsprotocol.'//'.$crshostname.'/adm/service/roster'; + if ($rostersecret) { + my $roster_sig = Digest::SHA::sha1_hex($gradesecret.':::'.$digest_symb.':::'.$env{'request.course.id'}); + $ltiparams{'ext_ims_lis_memberships_id'} = $roster_sig.':::'.$digest_symb.':::'.$env{'request.course.id'}; + } + } + } + my %digesthash; + if ($ltiparams{'lis_result_sourcedid'}) { + $digesthash{$ltiparams{'lis_result_sourcedid'}} = "$idx\0".time; + } + if ($ltiparams{'ext_ims_lis_memberships_id'}) { + $digesthash{$ltiparams{'ext_ims_lis_memberships_id'}} = "$idx\0".time; + } + if (($digest_symb) && ($gradesecret || $rostersecret)) { + $digesthash{$digest_symb} = $symb; + } + if (($passback) && ($gradesecret)) { + $digesthash{$digest_user} = $uname.':'.$udom; + } + if (keys(%digesthash)) { + &Apache::lonnet::put('exttools',\%digesthash,$cdom,$cnum); } } } @@ -292,7 +382,7 @@ sub lti_params { $ltiparams{'lis_person_contact_email_primary'} = $contact_email; } if ($fields{'user'}) { - $ltiparams{'lis_person_sourcedid'} = $uname.':'.$udom; + $ltiparams{'lis_person_sourcedid'} = $uname.':'.$udom; } if (keys(%custom)) { foreach my $key (keys(%custom)) { @@ -352,6 +442,7 @@ ENDJS sub sign_params { my ($url,$key,$secret,$paramsref) = @_; my $nonce = Digest::SHA::sha1_hex(sprintf("%06x%06x",rand(0xfffff0),rand(0xfffff0))); + my $request = Net::OAuth->request("request token")->new( consumer_key => $key, consumer_secret => $secret, @@ -368,4 +459,37 @@ sub sign_params { return $request->to_hash(); } +sub get_tool_lock { + my ($cdom,$cnum,$marker,$now) = @_; + # get lock for tool for which gradesecret is being set + my $lockhash = { + $marker."\0".'lock' => $now.':'.$env{'user.name'}. + ':'.$env{'user.domain'}, + }; + my $tries = 0; + my $gotlock = &Apache::lonnet::newput('exttools',$lockhash,$cdom,$cnum); + + while (($gotlock ne 'ok') && $tries <3) { + $tries ++; + sleep(1); + $gotlock = &Apache::lonnet::newput('exttools',$lockhash,$cdom,$cnum); + } + return $gotlock; +} + +sub release_tool_lock { + my ($cdom,$cnum,$marker) = @_; + # remove lock + my @del_lock = ($marker."\0".'lock'); + my $dellockoutcome=&Apache::lonnet::del('exttools',\@del_lock,$cdom,$cnum); + if ($dellockoutcome ne 'ok') { + return ('