--- loncom/lti/ltiauth.pm 2022/02/06 21:37:00 1.32 +++ loncom/lti/ltiauth.pm 2022/07/12 22:55:46 1.40 @@ -1,7 +1,7 @@ # The LearningOnline Network # Basic LTI Authentication Module # -# $Id: ltiauth.pm,v 1.32 2022/02/06 21:37:00 raeburn Exp $ +# $Id: ltiauth.pm,v 1.40 2022/07/12 22:55:46 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -30,7 +30,8 @@ package Apache::ltiauth; use strict; use LONCAPA qw(:DEFAULT :match); -use Apache::Constants qw(:common :http); +use Encode; +use Apache::Constants qw(:common :http :remotehost); use Apache::lonlocal; use Apache::lonnet; use Apache::loncommon; @@ -63,7 +64,7 @@ sub handler { my $params = {}; foreach my $key (sort(keys(%env))) { if ($key =~ /^form\.(.+)$/) { - $params->{$1} = $env{$key}; + $params->{$1} = &Encode::decode('UTF-8',$env{$key}); } } # @@ -116,7 +117,7 @@ sub handler { # if ($requri =~ m{^/adm/launch(|/.*)$}) { my $tail = $1; - if ($tail =~ m{^/tiny/($match_domain)/(\w+)$}) { + if ($tail =~ m{^/tiny/$match_domain/\w+$}) { my ($urlcdom,$urlcnum) = &course_from_tinyurl($tail); if (($urlcdom ne '') && ($urlcnum ne '')) { $cdom = $urlcdom; @@ -142,10 +143,10 @@ sub handler { # where url was /adm/launch/tiny/$cdom/$uniqueid # - my ($itemid,$ltitype,%crslti,%lti_in_use); - $itemid = &get_lti_itemid($requri,$hostname,$params,$cdom,$cnum,'deeplink'); + my ($itemid,$ltitype,%crslti,%lti_in_use,$ltiuser); + $itemid = &get_lti_itemid($requri,$hostname,$params,$cdom,$cnum,'linkprot'); if ($itemid) { - %crslti = &Apache::lonnet::get_course_lti($cnum,$cdom,'provider'); + %crslti = &Apache::lonnet::get_course_lti($cnum,$cdom); } if (($itemid) && (ref($crslti{$itemid}) eq 'HASH')) { $ltitype = 'c'; @@ -157,10 +158,10 @@ sub handler { return OK; } } else { - $itemid = &get_lti_itemid($requri,$hostname,$params,$cdom,'','deeplink'); + $itemid = &get_lti_itemid($requri,$hostname,$params,$cdom,'','linkprot'); my %lti; if ($itemid) { - %lti = &Apache::lonnet::get_domain_lti($cdom,'provider'); + %lti = &Apache::lonnet::get_domain_lti($cdom,'linkprot'); } if (($itemid) && (ref($lti{$itemid}) eq 'HASH')) { $ltitype = 'd'; @@ -174,6 +175,14 @@ sub handler { } } } + my $exiturl; + if (($itemid) && ($lti_in_use{'returnurl'} ne '')) { + if (exists($params->{$lti_in_use{'returnurl'}})) { + $exiturl = $params->{$lti_in_use{'returnurl'}}; + } elsif (exists($params->{'custom_'.$lti_in_use{'returnurl'}})) { + $exiturl = $params->{'custom_'.$lti_in_use{'returnurl'}}; + } + } if (($itemid) && ($lti_in_use{'requser'})) { my %courseinfo = &Apache::lonnet::coursedescription($cdom.'_'.$cnum); my $ltiauth; @@ -185,7 +194,7 @@ sub handler { } if ($ltiauth) { my $possuname; - my $mapuser = $crslti{$itemid}{'mapuser'}; + my $mapuser = $lti_in_use{'mapuser'}; if ($mapuser eq 'sourcedid') { if ($params->{'lis_person_sourcedid'} =~ /^$match_username$/) { $possuname = $params->{'lis_person_sourcedid'}; @@ -224,14 +233,16 @@ sub handler { foreach my $key (%{$params}) { delete($env{'form.'.$key}); } - &linkprot_session($r,$uname,$cnum,$cdom,$uhome,$itemid,$ltitype,$tail,$lonhost); + &linkprot_session($r,$uname,$cnum,$cdom,$uhome,$itemid,$ltitype,$tail,$lonhost,$exiturl); return OK; } } + $ltiuser = $uname.':'.$cdom; } } if ($lti_in_use{'notstudent'} eq 'reject') { &invalid_request($r,'Information for valid user missing from launch request'); + return OK; } } } @@ -239,13 +250,23 @@ sub handler { foreach my $key (%{$params}) { delete($env{'form.'.$key}); } - my $ltoken = &Apache::lonnet::tmpput({'linkprot' => $itemid.$ltitype.':'.$tail}, - $lonhost,'link'); - if ($ltoken) { + my %info = ( + 'linkprot' => $itemid.$ltitype.':'.$tail, + ); + if ($ltiuser ne '') { + $info{'linkprotuser'} = $ltiuser; + } + if ($exiturl ne '') { + $info{'linkprotexit'} = $exiturl; + } + my $ltoken = &Apache::lonnet::tmpput(\%info,$lonhost,'link'); + if (($ltoken eq 'con_lost') || ($ltoken eq 'refused') || ($ltoken =~ /^error:/) || + ($ltoken eq 'unknown_cmd') || ($ltoken eq 'no_such_host') || + ($ltoken eq '')) { + &invalid_request($r,'Failed to store information from launch request'); + } else { $r->internal_redirect($tail.'?ltoken='.$ltoken); $r->set_handlers('PerlHandler'=> undef); - } else { - &invalid_request($r,'Failed to store information from launch request'); } } else { &invalid_request($r,'Launch request could not be validated'); @@ -984,7 +1005,7 @@ sub lti_session { $r->dir_config('ltiIDsDir'), $protocol,$r->hostname); } - my $ip = $r->get_remote_host(); + my $ip = &Apache::lonnet::get_requestor_ip($r,REMOTE_NOLOOKUP); my %info=('ip' => $ip, 'domain' => $udom, 'username' => $uname, @@ -1051,7 +1072,7 @@ sub lti_session { } sub linkprot_session { - my ($r,$uname,$cnum,$cdom,$uhome,$itemid,$ltitype,$dest,$lonhost) = @_; + my ($r,$uname,$cnum,$cdom,$uhome,$itemid,$ltitype,$dest,$lonhost,$exiturl) = @_; $r->user($uname); if ($ltitype eq 'c') { &Apache::lonnet::logthis("Course Link Protector ($itemid) authorized student: $uname:$cdom, course: $cdom\_$cnum"); @@ -1061,9 +1082,14 @@ sub linkprot_session { my ($is_balancer,$otherserver,$hosthere) = &check_balancer($r,$uname,$cdom); if (($is_balancer) && (!$hosthere)) { # login but immediately go to switch server + &Apache::lonauth::success($r,$uname,$cdom,$uhome,'noredirect'); $env{'form.origurl'} = $dest; $env{'request.linkprot'} = $itemid.$ltitype.':'.$dest; + $env{'request.linkprotuser'} = $uname.':'.$cdom; $env{'request.deeplink.login'} = $dest; + if ($exiturl ne '') { + $env{'request.linkprotexit'} = $exiturl; + } my $redirecturl = '/adm/switchserver'; if ($otherserver ne '') { $redirecturl .= '?otherserver='.$otherserver; @@ -1072,16 +1098,20 @@ sub linkprot_session { $r->set_handlers('PerlHandler'=> undef); } else { # need to login them in, so generate the data migrate expects to do login - my $ip = $r->get_remote_host(); + my $ip = &Apache::lonnet::get_requestor_ip($r,REMOTE_NOLOOKUP); my %info=('ip' => $ip, 'domain' => $cdom, 'username' => $uname, 'server' => $lonhost, 'linkprot' => $itemid.$ltitype.':'.$dest, + 'linkprotuser' => $uname.':'.$cdom, 'home' => $uhome, 'origurl' => $dest, 'deeplink.login' => $dest, ); + if ($exiturl ne '') { + $info{'linkprotexit'} = $exiturl; + } my $token = &Apache::lonnet::tmpput(\%info,$lonhost); $env{'form.token'} = $token; $r->internal_redirect('/adm/migrateuser'); @@ -1096,6 +1126,11 @@ sub check_balancer { ($is_balancer,$otherserver) = &Apache::lonnet::check_loadbalancing($uname,$udom,'login'); if ($is_balancer) { + # Check if browser sent a LON-CAPA load balancer cookie (and this is a balancer) + my ($found_server,$balancer_cookie) = &Apache::lonnet::check_for_balancer_cookie($r); + if (($found_server) && ($balancer_cookie =~ /^\Q$udom\E_\Q$uname\E_/)) { + $otherserver = $found_server; + } if ($otherserver eq '') { my $lowest_load; ($otherserver,undef,undef,undef,$lowest_load) = &Apache::lonnet::choose_server($udom); @@ -1126,9 +1161,9 @@ sub invalid_request { '

'.&mt('Invalid LTI launch request').'

'. '

'. &mt('Launch of LON-CAPA is unavailable from the "external tool" link you had followed in another web application.'). - &mt('Launch failed for the following reason:'). + ' '.&mt('Launch failed for the following reason:'). '

'. - '

'.$msga'.

'. + '

'.$msg.'

'. &Apache::loncommon::end_page()); return; }