mod/lti/service.php

   1 <?php
   2 // This file is part of Moodle - http://moodle.org/
   3 //
   4 // Moodle is free software: you can redistribute it and/or modify
   5 // it under the terms of the GNU General Public License as published by
   6 // the Free Software Foundation, either version 3 of the License, or
   7 // (at your option) any later version.
   8 //
   9 // Moodle is distributed in the hope that it will be useful,
  10 // but WITHOUT ANY WARRANTY; without even the implied warranty of
  11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12 // GNU General Public License for more details.
  13 //
  14 // You should have received a copy of the GNU General Public License
  15 // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
  16
  17 /**
  18  * LTI web service endpoints
  19  *
  20  * @package mod_lti
  21  * @copyright  Copyright (c) 2011 Moodlerooms Inc. (http://www.moodlerooms.com)
  22  * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  23  * @author     Chris Scribner
  24  */
  25
  26 define('NO_DEBUG_DISPLAY', true);
  27
  28 require_once(dirname(__FILE__) . "/../../config.php");
  29 require_once($CFG->dirroot.'/mod/lti/locallib.php');
  30 require_once($CFG->dirroot.'/mod/lti/servicelib.php');
  31
  32 // TODO: Switch to core oauthlib once implemented - MDL-30149
  33 use moodle\mod\lti as lti;
  34
  35 $rawbody = file_get_contents("php://input");
  36
  37 foreach (lti\OAuthUtil::get_headers() as $name => $value) {
  38     if ($name === 'Authorization') {
  39         // TODO: Switch to core oauthlib once implemented - MDL-30149
  40         $oauthparams = lti\OAuthUtil::split_header($value);
  41
  42         $consumerkey = $oauthparams['oauth_consumer_key'];
  43         break;
  44     }
  45 }
  46
  47 if (empty($consumerkey)) {
  48     throw new Exception('Consumer key is missing.');
  49 }
  50
  51 $sharedsecret = lti_verify_message($consumerkey, lti_get_shared_secrets_by_key($consumerkey), $rawbody);
  52
  53 if ($sharedsecret === false) {
  54     throw new Exception('Message signature not valid');
  55 }
  56
  57 // TODO MDL-46023 Replace this code with a call to the new library.
  58 $origentity = libxml_disable_entity_loader(true);
  59 $xml = simplexml_load_string($rawbody);
  60 if (!$xml) {
  61     libxml_disable_entity_loader($origentity);
  62     throw new Exception('Invalid XML content');
  63 }
  64 libxml_disable_entity_loader($origentity);
  65
  66 $body = $xml->imsx_POXBody;
  67 foreach ($body->children() as $child) {
  68     $messagetype = $child->getName();
  69 }
  70
  71 switch ($messagetype) {
  72     case 'replaceResultRequest':
  73         try {
  74             $parsed = lti_parse_grade_replace_message($xml);
  75         } catch (Exception $e) {
  76             $responsexml = lti_get_response_xml(
  77                 'failure',
  78                 $e->getMessage(),
  79                 uniqid(),
  80                 'replaceResultResponse');
  81
  82             echo $responsexml->asXML();
  83             break;
  84         }
  85
  86         $ltiinstance = $DB->get_record('lti', array('id' => $parsed->instanceid));
  87
  88         lti_verify_sourcedid($ltiinstance, $parsed);
  89
  90         $gradestatus = lti_update_grade($ltiinstance, $parsed->userid, $parsed->launchid, $parsed->gradeval);
  91
  92         $responsexml = lti_get_response_xml(
  93                 $gradestatus ? 'success' : 'failure',
  94                 'Grade replace response',
  95                 $parsed->messageid,
  96                 'replaceResultResponse'
  97         );
  98
  99         echo $responsexml->asXML();
 100
 101         break;
 102
 103     case 'readResultRequest':
 104         $parsed = lti_parse_grade_read_message($xml);
 105
 106         $ltiinstance = $DB->get_record('lti', array('id' => $parsed->instanceid));
 107
 108         //Getting the grade requires the context is set
 109         $context = context_course::instance($ltiinstance->course);
 110         $PAGE->set_context($context);
 111
 112         lti_verify_sourcedid($ltiinstance, $parsed);
 113
 114         $grade = lti_read_grade($ltiinstance, $parsed->userid);
 115
 116         $responsexml = lti_get_response_xml(
 117                 'success',  // Empty grade is also 'success'
 118                 'Result read',
 119                 $parsed->messageid,
 120                 'readResultResponse'
 121         );
 122
 123         $node = $responsexml->imsx_POXBody->readResultResponse;
 124         $node = $node->addChild('result')->addChild('resultScore');
 125         $node->addChild('language', 'en');
 126         $node->addChild('textString', isset($grade) ? $grade : '');
 127
 128         echo $responsexml->asXML();
 129
 130         break;
 131
 132     case 'deleteResultRequest':
 133         $parsed = lti_parse_grade_delete_message($xml);
 134
 135         $ltiinstance = $DB->get_record('lti', array('id' => $parsed->instanceid));
 136
 137         lti_verify_sourcedid($ltiinstance, $parsed);
 138
 139         $gradestatus = lti_delete_grade($ltiinstance, $parsed->userid);
 140
 141         $responsexml = lti_get_response_xml(
 142                 $gradestatus ? 'success' : 'failure',
 143                 'Grade delete request',
 144                 $parsed->messageid,
 145                 'deleteResultResponse'
 146         );
 147
 148         echo $responsexml->asXML();
 149
 150         break;
 151
 152     default:
 153         //Fire an event if we get a web service request which we don't support directly.
 154         //This will allow others to extend the LTI services, which I expect to be a common
 155         //use case, at least until the spec matures.
 156         $data = new stdClass();
 157         $data->body = $rawbody;
 158         $data->xml = $xml;
 159         $data->messageid = lti_parse_message_id($xml);
 160         $data->messagetype = $messagetype;
 161         $data->consumerkey = $consumerkey;
 162         $data->sharedsecret = $sharedsecret;
 163         $eventdata = array();
 164         $eventdata['other'] = array();
 165         $eventdata['other']['messageid'] = $data->messageid;
 166         $eventdata['other']['messagetype'] = $messagetype;
 167         $eventdata['other']['consumerkey'] = $consumerkey;
 168
 169         // Before firing the event, allow subplugins a chance to handle.
 170         if (lti_extend_lti_services($data)) {
 171             break;
 172         }
 173
 174         //If an event handler handles the web service, it should set this global to true
 175         //So this code knows whether to send an "operation not supported" or not.
 176         global $lti_web_service_handled;
 177         $lti_web_service_handled = false;
 178
 179         try {
 180             $event = \mod_lti\event\unknown_service_api_called::create($eventdata);
 181             $event->set_message_data($data);
 182             $event->trigger();
 183         } catch (Exception $e) {
 184             $lti_web_service_handled = false;
 185         }
 186
 187         if (!$lti_web_service_handled) {
 188             $responsexml = lti_get_response_xml(
 189                 'unsupported',
 190                 'unsupported',
 191                  lti_parse_message_id($xml),
 192                  $messagetype
 193             );
 194
 195             echo $responsexml->asXML();
 196         }
 197
 198         break;
 199 }
 200
 201
 202 //echo print_r(apache_request_headers(), true);
 203
 204 //echo '<br />';
 205
 206 //echo file_get_contents("php://input");