2 // This file is part of Moodle - http://moodle.org/
4 // Moodle is free software: you can redistribute it and/or modify
5 // it under the terms of the GNU General Public License as published by
6 // the Free Software Foundation, either version 3 of the License, or
7 // (at your option) any later version.
9 // Moodle is distributed in the hope that it will be useful,
10 // but WITHOUT ANY WARRANTY; without even the implied warranty of
11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 // GNU General Public License for more details.
14 // You should have received a copy of the GNU General Public License
15 // along with Moodle. If not, see <http://www.gnu.org/licenses/>.
18 * LTI web service endpoints
21 * @copyright Copyright (c) 2011 Moodlerooms Inc. (http://www.moodlerooms.com)
22 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
23 * @author Chris Scribner
26 define('NO_DEBUG_DISPLAY', true);
28 require_once(dirname(__FILE__
) . "/../../config.php");
29 require_once($CFG->dirroot
.'/mod/lti/locallib.php');
30 require_once($CFG->dirroot
.'/mod/lti/servicelib.php');
32 // TODO: Switch to core oauthlib once implemented - MDL-30149
33 use moodle\mod\lti
as lti
;
35 $rawbody = file_get_contents("php://input");
37 foreach (lti\OAuthUtil
::get_headers() as $name => $value) {
38 if ($name === 'Authorization') {
39 // TODO: Switch to core oauthlib once implemented - MDL-30149
40 $oauthparams = lti\OAuthUtil
::split_header($value);
42 $consumerkey = $oauthparams['oauth_consumer_key'];
47 if (empty($consumerkey)) {
48 throw new Exception('Consumer key is missing.');
51 $sharedsecret = lti_verify_message($consumerkey, lti_get_shared_secrets_by_key($consumerkey), $rawbody);
53 if ($sharedsecret === false) {
54 throw new Exception('Message signature not valid');
57 // TODO MDL-46023 Replace this code with a call to the new library.
58 $origentity = libxml_disable_entity_loader(true);
59 $xml = simplexml_load_string($rawbody);
61 libxml_disable_entity_loader($origentity);
62 throw new Exception('Invalid XML content');
64 libxml_disable_entity_loader($origentity);
66 $body = $xml->imsx_POXBody
;
67 foreach ($body->children() as $child) {
68 $messagetype = $child->getName();
71 switch ($messagetype) {
72 case 'replaceResultRequest':
74 $parsed = lti_parse_grade_replace_message($xml);
75 } catch (Exception
$e) {
76 $responsexml = lti_get_response_xml(
80 'replaceResultResponse');
82 echo $responsexml->asXML();
86 $ltiinstance = $DB->get_record('lti', array('id' => $parsed->instanceid
));
88 lti_verify_sourcedid($ltiinstance, $parsed);
90 $gradestatus = lti_update_grade($ltiinstance, $parsed->userid
, $parsed->launchid
, $parsed->gradeval
);
92 $responsexml = lti_get_response_xml(
93 $gradestatus ?
'success' : 'failure',
94 'Grade replace response',
96 'replaceResultResponse'
99 echo $responsexml->asXML();
103 case 'readResultRequest':
104 $parsed = lti_parse_grade_read_message($xml);
106 $ltiinstance = $DB->get_record('lti', array('id' => $parsed->instanceid
));
108 //Getting the grade requires the context is set
109 $context = context_course
::instance($ltiinstance->course
);
110 $PAGE->set_context($context);
112 lti_verify_sourcedid($ltiinstance, $parsed);
114 $grade = lti_read_grade($ltiinstance, $parsed->userid
);
116 $responsexml = lti_get_response_xml(
117 'success', // Empty grade is also 'success'
123 $node = $responsexml->imsx_POXBody
->readResultResponse
;
124 $node = $node->addChild('result')->addChild('resultScore');
125 $node->addChild('language', 'en');
126 $node->addChild('textString', isset($grade) ?
$grade : '');
128 echo $responsexml->asXML();
132 case 'deleteResultRequest':
133 $parsed = lti_parse_grade_delete_message($xml);
135 $ltiinstance = $DB->get_record('lti', array('id' => $parsed->instanceid
));
137 lti_verify_sourcedid($ltiinstance, $parsed);
139 $gradestatus = lti_delete_grade($ltiinstance, $parsed->userid
);
141 $responsexml = lti_get_response_xml(
142 $gradestatus ?
'success' : 'failure',
143 'Grade delete request',
145 'deleteResultResponse'
148 echo $responsexml->asXML();
153 //Fire an event if we get a web service request which we don't support directly.
154 //This will allow others to extend the LTI services, which I expect to be a common
155 //use case, at least until the spec matures.
156 $data = new stdClass();
157 $data->body
= $rawbody;
159 $data->messageid
= lti_parse_message_id($xml);
160 $data->messagetype
= $messagetype;
161 $data->consumerkey
= $consumerkey;
162 $data->sharedsecret
= $sharedsecret;
163 $eventdata = array();
164 $eventdata['other'] = array();
165 $eventdata['other']['messageid'] = $data->messageid
;
166 $eventdata['other']['messagetype'] = $messagetype;
167 $eventdata['other']['consumerkey'] = $consumerkey;
169 // Before firing the event, allow subplugins a chance to handle.
170 if (lti_extend_lti_services($data)) {
174 //If an event handler handles the web service, it should set this global to true
175 //So this code knows whether to send an "operation not supported" or not.
176 global $lti_web_service_handled;
177 $lti_web_service_handled = false;
180 $event = \mod_lti\event\unknown_service_api_called
::create($eventdata);
181 $event->set_message_data($data);
183 } catch (Exception
$e) {
184 $lti_web_service_handled = false;
187 if (!$lti_web_service_handled) {
188 $responsexml = lti_get_response_xml(
191 lti_parse_message_id($xml),
195 echo $responsexml->asXML();
202 //echo print_r(apache_request_headers(), true);
206 //echo file_get_contents("php://input");