version 1.1, 2017/12/06 01:53:56
|
version 1.2, 2017/12/07 15:36:25
|
Line 36 use Apache::lonlocal;
|
Line 36 use Apache::lonlocal;
|
use Apache::lonnet; |
use Apache::lonnet; |
use Apache::loncommon; |
use Apache::loncommon; |
use Apache::lonacc; |
use Apache::lonacc; |
|
use LONCAPA::ltiutils; |
|
|
sub handler { |
sub handler { |
my $r = shift; |
my $r = shift; |
Line 240 sub handler {
|
Line 241 sub handler {
|
$protocol = 'https'; |
$protocol = 'https'; |
} |
} |
|
|
my $itemid; |
my ($itemid,$key,$secret,@ltiroles); |
my $key = $params->{'oauth_consumer_key'}; |
$key = $params->{'oauth_consumer_key'}; |
my @ltiroles; |
|
if (ref($lti_by_key{$key}) eq 'ARRAY') { |
if (ref($lti_by_key{$key}) eq 'ARRAY') { |
foreach my $id (@{$lti_by_key{$key}}) { |
foreach my $id (@{$lti_by_key{$key}}) { |
if (ref($lti{$id}) eq 'HASH') { |
if (ref($lti{$id}) eq 'HASH') { |
my $secret = $lti{$id}{'secret'}; |
$secret = $lti{$id}{'secret'}; |
my $request = Net::OAuth->request('request token')->from_hash($params, |
my $request = Net::OAuth->request('request token')->from_hash($params, |
request_url => $protocol.'://'.$hostname.$requri, |
request_url => $protocol.'://'.$hostname.$requri, |
request_method => $env{'request.method'}, |
request_method => $env{'request.method'}, |
Line 273 sub handler {
|
Line 273 sub handler {
|
# Determine if nonce in POSTed data has expired. |
# Determine if nonce in POSTed data has expired. |
# If unexpired, confirm it has not already been used. |
# If unexpired, confirm it has not already been used. |
# |
# |
unless (&check_nonce($r,$params->{'oauth_nonce'},$params->{'oauth_timestamp'},$lti{$itemid}{'lifetime'},$cdom)) { |
unless (&LONCAPA::ltiutils::check_nonce($params->{'oauth_nonce'},$params->{'oauth_timestamp'}, |
|
$lti{$itemid}{'lifetime'},$cdom,$r->dir_config('lonLTIDir'))) { |
&invalid_request($r,7); |
&invalid_request($r,7); |
return OK; |
return OK; |
} |
} |
Line 609 sub handler {
|
Line 610 sub handler {
|
return OK; |
return OK; |
} |
} |
|
|
sub check_nonce { |
|
my ($r,$nonce,$timestamp,$lifetime,$domain) = @_; |
|
if (($timestamp eq '') || ($timestamp =~ /^\D/) || ($lifetime eq '') || ($lifetime =~ /\D/) || ($domain eq '')) { |
|
return 0; |
|
} |
|
my $now = time; |
|
if (($timestamp) && ($timestamp < ($now - $lifetime))) { |
|
return 0; |
|
} |
|
if ($nonce eq '') { |
|
return 0; |
|
} |
|
my $lonltidir = $r->dir_config('lonLTIDir'); |
|
if (-e "$lonltidir/$domain/$nonce") { |
|
return 0; |
|
} else { |
|
unless (-e "$lonltidir/$domain") { |
|
mkdir("$lonltidir/$domain",0755); |
|
} |
|
if (open(my $fh,'>',"$lonltidir/$domain/$nonce")) { |
|
print $fh $now; |
|
close($fh); |
|
} else { |
|
return 0; |
|
} |
|
} |
|
return 1; |
|
} |
|
|
|
sub invalid_request { |
sub invalid_request { |
my ($r,$num) = @_; |
my ($r,$num) = @_; |
&Apache::loncommon::content_type($r,'text/html'); |
&Apache::loncommon::content_type($r,'text/html'); |