Return to ltipassback.pm CVS log

Up to [LON-CAPA] / loncom / lti

Diff for /loncom/lti/ltipassback.pm between versions 1.5 and 1.6

version 1.5, 2017/12/15 17:07:09	version 1.6, 2018/08/14 21:42:36
Line 29	Line 29
package Apache::ltipassback;	package Apache::ltipassback;

use strict;	use strict;
	use URI::Escape;
use Apache::Constants qw(:common :http);	use Apache::Constants qw(:common :http);
use Apache::lonnet;	use Apache::lonnet;
use Apache::loncommon;	use Apache::loncommon;
Line 38 use LONCAPA::ltiutils;	Line 39 use LONCAPA::ltiutils;
sub handler {	sub handler {
my $r = shift;	my $r = shift;
my %errors;	my %errors;
	my $params = {};
	my ($oauthtype,$authheader,$xmlbody);
	#
	# Retrieve content type from headers
	#
	my $content_type = $r->headers_in->get('Content-Type');
	if ($content_type eq 'application/xml') {
	$oauthtype = 'consumer';
	#
	# Retrieve OAuth data from Authorization header sent by LTI Provider
	#
	$authheader = $r->headers_in->get('Authorization');
	my ($authtype,$valuestr) = ($authheader =~ /^(OAuth)\s+(.+)$/i);
	if (lc($authtype) eq 'oauth') {
	foreach my $pair (split(/\s,\s/,$valuestr)) {
	my ($key,$value) = split(/=/,$pair);
	$value =~ s /(^"\|"$)//g;
	$params->{$key} = URI::Escape::uri_unescape($value);
	}
	}
	#
	# Retrieve message body
	#
	my $length = $r->headers_in->get('Content-length');
	if ($length) {
	$r->read($xmlbody,$length,0);
	if ($xmlbody ne '') {
	my %grades = &LONCAPA::ltiutils::parse_grade_xml($xmlbody);
	foreach my $num (sort { $a <=> $b } (keys(%grades))) {
	if (ref($grades{$num}) eq 'HASH') {
	if (($grades{$num}{'sourcedid'} ne '') && ($grades{$num}{'score'} ne '')) {
	$params->{'sourcedid'} = $grades{$num}{'sourcedid'};
	$params->{'result_resultscore_textstring'} = $grades{$num}{'score'};
	$params->{'result_resultscore_language'} = $grades{$num}{'language'};
	$params->{'result_resultvaluesourcedid'} = 'decimal';
	}
	}
	}
	}
	}
	} else {
	$oauthtype = 'request token';
#	#
# Retrieve data POSTed by LTI Provider	# Retrieve data POSTed by LTI Provider
#	#
&Apache::lonacc::get_posted_cgi($r);	&Apache::lonacc::get_posted_cgi($r);
my $params = {};	foreach my $key (sort(keys(%env))) {
foreach my $key (sort(keys(%env))) {	if ($key =~ /^form\.(.+)$/) {
if ($key =~ /^form\.(.+)$/) {	$params->{$1} = $env{$key};
$params->{$1} = $env{$key};	}
}	}
}	}

Line 119 sub handler {	Line 162 sub handler {
$marker,$symb,$cdom,$cnum,	$marker,$symb,$cdom,$cnum,
\%toolsettings,\%ltitools,\%errors);	\%toolsettings,\%ltitools,\%errors);

	if (keys(%errors) > 0) {
	&invalid_request($r,$params,\%errors);
	return OK;
	}

#	#
# Verify the signed request using the consumer_key and	# Verify the signed request using the consumer_key and
# secret for the specific LTI Provider.	# secret for the specific LTI Provider.
Line 128 sub handler {	Line 176 sub handler {
if ($ENV{'SERVER_PORT'} == 443) {	if ($ENV{'SERVER_PORT'} == 443) {
$protocol = 'https';	$protocol = 'https';
}	}
unless (LONCAPA::ltiutils::verify_request($params,$protocol,$r->hostname,$r->uri,
$env{'request.method'},$consumer_secret,	unless (LONCAPA::ltiutils::verify_request($oauthtype,$protocol,$r->hostname,$r->uri,
\%errors)) {	$r->method,$consumer_secret,$params,
	$authheader,\%errors)) {
	&invalid_request($r,$params,\%errors);
	return OK;
	}

	#
	# Verify XML in request body has not been tampered with
	#

	my $bodyhash = Digest::SHA::sha1_base64($xmlbody);
	while (length($bodyhash) % 4) {
	$bodyhash .= '=';
	}
	unless ($bodyhash eq $params->{oauth_body_hash}) {
	$errors{16} = 1;
&invalid_request($r,$params,\%errors);	&invalid_request($r,$params,\%errors);
return OK;	return OK;
}	}
Line 138 sub handler {	Line 201 sub handler {
#	#
# Determine if nonce in POSTed data has expired.	# Determine if nonce in POSTed data has expired.
# If unexpired, confirm it has not already been used.	# If unexpired, confirm it has not already been used.
	#

unless (&LONCAPA::ltiutils::check_nonce($params->{'oauth_nonce'},$params->{'oauth_timestamp'},	unless (&LONCAPA::ltiutils::check_nonce($params->{'oauth_nonce'},$params->{'oauth_timestamp'},
$ltitools{'lifetime'},$cdom,$r->dir_config('lonLTIDir'))) {	$ltitools{'lifetime'},$cdom,$r->dir_config('lonLTIDir'))) {
$errors{16} = 1;	$errors{17} = 1;
&invalid_request($r,$params,\%errors);	&invalid_request($r,$params,\%errors);
return OK;	return OK;
}	}
Line 168 sub handler {	Line 232 sub handler {
%maproles = %{$ltitools{'roles'}};	%maproles = %{$ltitools{'roles'}};
}	}
unless (keys(%maproles)) {	unless (keys(%maproles)) {
$errors{21} = 1;	$errors{22} = 1;
&invalid_request($r,$params,\%errors);	&invalid_request($r,$params,\%errors);
return OK;	return OK;
}	}
Line 205 sub handler {	Line 269 sub handler {
}	}
}	}
unless ($hasrole) {	unless ($hasrole) {
$errors{22} = 1;	$errors{23} = 1;
&invalid_request($r,$params,\%errors);	&invalid_request($r,$params,\%errors);
return OK;	return OK;
}	}
} else {	} else {
$errors{23} = 1;	$errors{24} = 1;
&invalid_request($r,$params,\%errors);	&invalid_request($r,$params,\%errors);
return OK;	return OK;
}	}
Line 219 sub handler {	Line 283 sub handler {
# Store result if one was sent in a valid format.	# Store result if one was sent in a valid format.
#	#


my ($result,$resulttype,$lang,$pcf);	my ($result,$resulttype,$lang,$pcf);
if (exists($params->{'result_resultvaluesourcedid'})) {	if (exists($params->{'result_resultvaluesourcedid'})) {
$resulttype = $params->{'result_resultvaluesourcedid'};	$resulttype = $params->{'result_resultvaluesourcedid'};

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>

500 Internal Server Error

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator at root@localhost to inform them of the time this error occurred, and the actions you performed just before this error.

More information about this error may be available in the server error log.

Removed from v.1.5
changed lines
	Added in v.1.6