search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
MDL-71669 editor_atto: Fire custom event when toggling button highlight
[moodle.git] / mod / lti / auth.php
blob831b6315a3a5ebaf1b33f7cb6d2d583542613b9c
1 <?php
2 // This file is part of Moodle - http://moodle.org/
3 //
4 // Moodle is free software: you can redistribute it and/or modify
5 // it under the terms of the GNU General Public License as published by
6 // the Free Software Foundation, either version 3 of the License, or
7 // (at your option) any later version.
8 //
9 // Moodle is distributed in the hope that it will be useful,
10 // but WITHOUT ANY WARRANTY; without even the implied warranty of
11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 // GNU General Public License for more details.
13 //
14 // You should have received a copy of the GNU General Public License
15 // along with Moodle. If not, see <http://www.gnu.org/licenses/>.
16
17 /**
18 * This file responds to a login authentication request
19 *
20 * @package mod_lti
21 * @copyright 2019 Stephen Vickers
22 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
23 */
24
25 require_once(__DIR__ . '/../../config.php');
26 require_once($CFG->dirroot . '/mod/lti/locallib.php');
27
28 $scope = optional_param('scope', '', PARAM_TEXT);
29 $responsetype = optional_param('response_type', '', PARAM_TEXT);
30 $clientid = optional_param('client_id', '', PARAM_TEXT);
31 $redirecturi = optional_param('redirect_uri', '', PARAM_URL);
32 $loginhint = optional_param('login_hint', '', PARAM_TEXT);
33 $ltimessagehint = optional_param('lti_message_hint', 0, PARAM_INT);
34 $state = optional_param('state', '', PARAM_TEXT);
35 $responsemode = optional_param('response_mode', '', PARAM_TEXT);
36 $nonce = optional_param('nonce', '', PARAM_TEXT);
37 $prompt = optional_param('prompt', '', PARAM_TEXT);
38
39 $ok = !empty($scope) && !empty($responsetype) && !empty($clientid) &&
40 !empty($redirecturi) && !empty($loginhint) &&
41 !empty($nonce) && !empty($SESSION->lti_message_hint);
42
43 if (!$ok) {
44 $error = 'invalid_request';
45 }
46 if ($ok && ($scope !== 'openid')) {
47 $ok = false;
48 $error = 'invalid_scope';
49 }
50 if ($ok && ($responsetype !== 'id_token')) {
51 $ok = false;
52 $error = 'unsupported_response_type';
53 }
54 if ($ok) {
55 list($courseid, $typeid, $id, $titleb64, $textb64) = explode(',', $SESSION->lti_message_hint, 5);
56 $ok = ($id !== $ltimessagehint);
57 if (!$ok) {
58 $error = 'invalid_request';
59 } else {
60 $config = lti_get_type_type_config($typeid);
61 $ok = ($clientid === $config->lti_clientid);
62 if (!$ok) {
63 $error = 'unauthorized_client';
64 }
65 }
66 }
67 if ($ok && ($loginhint !== $USER->id)) {
68 $ok = false;
69 $error = 'access_denied';
70 }
71
72 // If we're unable to load up config; we cannot trust the redirect uri for POSTing to.
73 if (empty($config)) {
74 throw new moodle_exception('invalidrequest', 'error');
75 } else {
76 $uris = array_map("trim", explode("\n", $config->lti_redirectionuris));
77 if (!in_array($redirecturi, $uris)) {
78 throw new moodle_exception('invalidrequest', 'error');
79 }
80 }
81 if ($ok) {
82 if (isset($responsemode)) {
83 $ok = ($responsemode === 'form_post');
84 if (!$ok) {
85 $error = 'invalid_request';
86 $desc = 'Invalid response_mode';
87 }
88 } else {
89 $ok = false;
90 $error = 'invalid_request';
91 $desc = 'Missing response_mode';
92 }
93 }
94 if ($ok && !empty($prompt) && ($prompt !== 'none')) {
95 $ok = false;
96 $error = 'invalid_request';
97 $desc = 'Invalid prompt';
98 }
99
100 if ($ok) {
101 $course = $DB->get_record('course', array('id' => $courseid), '*', MUST_EXIST);
102 if ($id) {
103 $cm = get_coursemodule_from_id('lti', $id, 0, false, MUST_EXIST);
104 $context = context_module::instance($cm->id);
105 require_login($course, true, $cm);
106 require_capability('mod/lti:view', $context);
107 $lti = $DB->get_record('lti', array('id' => $cm->instance), '*', MUST_EXIST);
108 list($endpoint, $params) = lti_get_launch_data($lti, $nonce);
109 } else {
110 require_login($course);
111 $context = context_course::instance($courseid);
112 require_capability('moodle/course:manageactivities', $context);
113 require_capability('mod/lti:addcoursetool', $context);
114 // Set the return URL. We send the launch container along to help us avoid frames-within-frames when the user returns.
115 $returnurlparams = [
116 'course' => $courseid,
117 'id' => $typeid,
118 'sesskey' => sesskey()
119 ];
120 $returnurl = new \moodle_url('/mod/lti/contentitem_return.php', $returnurlparams);
121 // Prepare the request.
122 $title = base64_decode($titleb64);
123 $text = base64_decode($textb64);
124 $request = lti_build_content_item_selection_request($typeid, $course, $returnurl, $title, $text,
125 [], [], false, true, false, false, false, $nonce);
126 $endpoint = $request->url;
127 $params = $request->params;
128 }
129 } else {
130 $params['error'] = $error;
131 if (!empty($desc)) {
132 $params['error_description'] = $desc;
133 }
134 }
135 if (isset($state)) {
136 $params['state'] = $state;
137 }
138 unset($SESSION->lti_message_hint);
139 $r = '<form action="' . $redirecturi . "\" name=\"ltiAuthForm\" id=\"ltiAuthForm\" " .
140 "method=\"post\" enctype=\"application/x-www-form-urlencoded\">\n";
141 if (!empty($params)) {
142 foreach ($params as $key => $value) {
143 $key = htmlspecialchars($key);
144 $value = htmlspecialchars($value);
145 $r .= " <input type=\"hidden\" name=\"{$key}\" value=\"{$value}\"/>\n";
146 }
147 }
148 $r .= "</form>\n";
149 $r .= "<script type=\"text/javascript\">\n" .
150 "//<![CDATA[\n" .
151 "document.ltiAuthForm.submit();\n" .
152 "//]]>\n" .
153 "</script>\n";
154 echo $r;
Read-only mirror of the Moodle CVS