search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
MDL-69240 tool_moodlenet: Clean MoodleNet profile field
[moodle.git] / mod / lti / auth.php
blob68c5ccdeb69a27c78d171374927aea9498a9f858
1 <?php
2 // This file is part of Moodle - http://moodle.org/
3 //
4 // Moodle is free software: you can redistribute it and/or modify
5 // it under the terms of the GNU General Public License as published by
6 // the Free Software Foundation, either version 3 of the License, or
7 // (at your option) any later version.
8 //
9 // Moodle is distributed in the hope that it will be useful,
10 // but WITHOUT ANY WARRANTY; without even the implied warranty of
11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 // GNU General Public License for more details.
13 //
14 // You should have received a copy of the GNU General Public License
15 // along with Moodle. If not, see <http://www.gnu.org/licenses/>.
16
17 /**
18 * This file responds to a login authentication request
19 *
20 * @package mod_lti
21 * @copyright 2019 Stephen Vickers
22 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
23 */
24
25 require_once(__DIR__ . '/../../config.php');
26 require_once($CFG->dirroot . '/mod/lti/locallib.php');
27
28 $scope = optional_param('scope', '', PARAM_TEXT);
29 $responsetype = optional_param('response_type', '', PARAM_TEXT);
30 $clientid = optional_param('client_id', '', PARAM_TEXT);
31 $redirecturi = optional_param('redirect_uri', '', PARAM_TEXT);
32 $loginhint = optional_param('login_hint', '', PARAM_TEXT);
33 $ltimessagehint = optional_param('lti_message_hint', 0, PARAM_INT);
34 $state = optional_param('state', '', PARAM_TEXT);
35 $responsemode = optional_param('response_mode', '', PARAM_TEXT);
36 $nonce = optional_param('nonce', '', PARAM_TEXT);
37 $prompt = optional_param('prompt', '', PARAM_TEXT);
38
39 $ok = !empty($scope) && !empty($responsetype) && !empty($clientid) &&
40 !empty($redirecturi) && !empty($loginhint) &&
41 !empty($nonce) && !empty($SESSION->lti_message_hint);
42
43 if (!$ok) {
44 $error = 'invalid_request';
45 }
46 if ($ok && ($scope !== 'openid')) {
47 $ok = false;
48 $error = 'invalid_scope';
49 }
50 if ($ok && ($responsetype !== 'id_token')) {
51 $ok = false;
52 $error = 'unsupported_response_type';
53 }
54 if ($ok) {
55 list($courseid, $typeid, $id, $titleb64, $textb64) = explode(',', $SESSION->lti_message_hint, 5);
56 $ok = ($id !== $ltimessagehint);
57 if (!$ok) {
58 $error = 'invalid_request';
59 } else {
60 $config = lti_get_type_type_config($typeid);
61 $ok = ($clientid === $config->lti_clientid);
62 if (!$ok) {
63 $error = 'unauthorized_client';
64 }
65 }
66 }
67 if ($ok && ($loginhint !== $USER->id)) {
68 $ok = false;
69 $error = 'access_denied';
70 }
71 if ($ok) {
72 $uris = array_map("trim", explode("\n", $config->lti_redirectionuris));
73 $ok = in_array($redirecturi, $uris);
74 if (!$ok) {
75 $error = 'invalid_request';
76 $desc = 'Unregistered redirect_uri ' . $redirecturi;
77 }
78 }
79 if ($ok) {
80 if (isset($responsemode)) {
81 $ok = ($responsemode === 'form_post');
82 if (!$ok) {
83 $error = 'invalid_request';
84 $desc = 'Invalid response_mode';
85 }
86 } else {
87 $ok = false;
88 $error = 'invalid_request';
89 $desc = 'Missing response_mode';
90 }
91 }
92 if ($ok && !empty($prompt) && ($prompt !== 'none')) {
93 $ok = false;
94 $error = 'invalid_request';
95 $desc = 'Invalid prompt';
96 }
97
98 if ($ok) {
99 $course = $DB->get_record('course', array('id' => $courseid), '*', MUST_EXIST);
100 if ($id) {
101 $cm = get_coursemodule_from_id('lti', $id, 0, false, MUST_EXIST);
102 $context = context_module::instance($cm->id);
103 require_login($course, true, $cm);
104 require_capability('mod/lti:view', $context);
105 $lti = $DB->get_record('lti', array('id' => $cm->instance), '*', MUST_EXIST);
106 list($endpoint, $params) = lti_get_launch_data($lti, $nonce);
107 } else {
108 require_login($course);
109 $context = context_course::instance($courseid);
110 require_capability('moodle/course:manageactivities', $context);
111 require_capability('mod/lti:addcoursetool', $context);
112 // Set the return URL. We send the launch container along to help us avoid frames-within-frames when the user returns.
113 $returnurlparams = [
114 'course' => $courseid,
115 'id' => $typeid,
116 'sesskey' => sesskey()
117 ];
118 $returnurl = new \moodle_url('/mod/lti/contentitem_return.php', $returnurlparams);
119 // Prepare the request.
120 $title = base64_decode($titleb64);
121 $text = base64_decode($textb64);
122 $request = lti_build_content_item_selection_request($typeid, $course, $returnurl, $title, $text,
123 [], [], false, false, false, false, false, $nonce);
124 $endpoint = $request->url;
125 $params = $request->params;
126 }
127 } else {
128 $params['error'] = $error;
129 if (!empty($desc)) {
130 $params['error_description'] = $desc;
131 }
132 }
133 if (isset($state)) {
134 $params['state'] = $state;
135 }
136 unset($SESSION->lti_message_hint);
137 $r = '<form action="' . $redirecturi . "\" name=\"ltiAuthForm\" id=\"ltiAuthForm\" " .
138 "method=\"post\" enctype=\"application/x-www-form-urlencoded\">\n";
139 if (!empty($params)) {
140 foreach ($params as $key => $value) {
141 $key = htmlspecialchars($key);
142 $value = htmlspecialchars($value);
143 $r .= " <input type=\"hidden\" name=\"{$key}\" value=\"{$value}\"/>\n";
144 }
145 }
146 $r .= "</form>\n";
147 $r .= "<script type=\"text/javascript\">\n" .
148 "//<![CDATA[\n" .
149 "document.ltiAuthForm.submit();\n" .
150 "//]]>\n" .
151 "</script>\n";
152 echo $r;
Read-only mirror of the Moodle CVS