search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge branch 'wip-mdl-38431-m23' of git://github.com/rajeshtaneja/moodle into MOODLE_...
[moodle.git] / mod / lti / locallib.php
blob645ec15814d4de32d3ce77ecda2a5812d1dcc4ba
1 <?php
2 // This file is part of Moodle - http://moodle.org/
3 //
4 // Moodle is free software: you can redistribute it and/or modify
5 // it under the terms of the GNU General Public License as published by
6 // the Free Software Foundation, either version 3 of the License, or
7 // (at your option) any later version.
8 //
9 // Moodle is distributed in the hope that it will be useful,
10 // but WITHOUT ANY WARRANTY; without even the implied warranty of
11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 // GNU General Public License for more details.
13 //
14 // You should have received a copy of the GNU General Public License
15 // along with Moodle. If not, see <http://www.gnu.org/licenses/>.
16 //
17 // This file is part of BasicLTI4Moodle
18 //
19 // BasicLTI4Moodle is an IMS BasicLTI (Basic Learning Tools for Interoperability)
20 // consumer for Moodle 1.9 and Moodle 2.0. BasicLTI is a IMS Standard that allows web
21 // based learning tools to be easily integrated in LMS as native ones. The IMS BasicLTI
22 // specification is part of the IMS standard Common Cartridge 1.1 Sakai and other main LMS
23 // are already supporting or going to support BasicLTI. This project Implements the consumer
24 // for Moodle. Moodle is a Free Open source Learning Management System by Martin Dougiamas.
25 // BasicLTI4Moodle is a project iniciated and leaded by Ludo(Marc Alier) and Jordi Piguillem
26 // at the GESSI research group at UPC.
27 // SimpleLTI consumer for Moodle is an implementation of the early specification of LTI
28 // by Charles Severance (Dr Chuck) htp://dr-chuck.com , developed by Jordi Piguillem in a
29 // Google Summer of Code 2008 project co-mentored by Charles Severance and Marc Alier.
30 //
31 // BasicLTI4Moodle is copyright 2009 by Marc Alier Forment, Jordi Piguillem and Nikolas Galanis
32 // of the Universitat Politecnica de Catalunya http://www.upc.edu
33 // Contact info: Marc Alier Forment granludo @ gmail.com or marc.alier @ upc.edu
34
35 /**
36 * This file contains the library of functions and constants for the lti module
37 *
38 * @package mod
39 * @subpackage lti
40 * @copyright 2009 Marc Alier, Jordi Piguillem, Nikolas Galanis
41 * marc.alier@upc.edu
42 * @copyright 2009 Universitat Politecnica de Catalunya http://www.upc.edu
43 * @author Marc Alier
44 * @author Jordi Piguillem
45 * @author Nikolas Galanis
46 * @author Chris Scribner
47 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
48 */
49
50 defined('MOODLE_INTERNAL') || die;
51
52 // TODO: Switch to core oauthlib once implemented - MDL-30149
53 use moodle\mod\lti as lti;
54
55 require_once($CFG->dirroot.'/mod/lti/OAuth.php');
56
57 define('LTI_URL_DOMAIN_REGEX', '/(?:https?:\/\/)?(?:www\.)?([^\/]+)(?:\/|$)/i');
58
59 define('LTI_LAUNCH_CONTAINER_DEFAULT', 1);
60 define('LTI_LAUNCH_CONTAINER_EMBED', 2);
61 define('LTI_LAUNCH_CONTAINER_EMBED_NO_BLOCKS', 3);
62 define('LTI_LAUNCH_CONTAINER_WINDOW', 4);
63 define('LTI_LAUNCH_CONTAINER_REPLACE_MOODLE_WINDOW', 5);
64
65 define('LTI_TOOL_STATE_ANY', 0);
66 define('LTI_TOOL_STATE_CONFIGURED', 1);
67 define('LTI_TOOL_STATE_PENDING', 2);
68 define('LTI_TOOL_STATE_REJECTED', 3);
69
70 define('LTI_SETTING_NEVER', 0);
71 define('LTI_SETTING_ALWAYS', 1);
72 define('LTI_SETTING_DELEGATE', 2);
73
74 /**
75 * Prints a Basic LTI activity
76 *
77 * $param int $basicltiid Basic LTI activity id
78 */
79 function lti_view($instance) {
80 global $PAGE, $CFG;
81
82 if (empty($instance->typeid)) {
83 $tool = lti_get_tool_by_url_match($instance->toolurl, $instance->course);
84 if ($tool) {
85 $typeid = $tool->id;
86 } else {
87 $typeid = null;
88 }
89 } else {
90 $typeid = $instance->typeid;
91 }
92
93 if ($typeid) {
94 $typeconfig = lti_get_type_config($typeid);
95 } else {
96 //There is no admin configuration for this tool. Use configuration in the lti instance record plus some defaults.
97 $typeconfig = (array)$instance;
98
99 $typeconfig['sendname'] = $instance->instructorchoicesendname;
100 $typeconfig['sendemailaddr'] = $instance->instructorchoicesendemailaddr;
101 $typeconfig['customparameters'] = $instance->instructorcustomparameters;
102 $typeconfig['acceptgrades'] = $instance->instructorchoiceacceptgrades;
103 $typeconfig['allowroster'] = $instance->instructorchoiceallowroster;
104 $typeconfig['forcessl'] = '0';
105 }
106
107 //Default the organizationid if not specified
108 if (empty($typeconfig['organizationid'])) {
109 $urlparts = parse_url($CFG->wwwroot);
110
111 $typeconfig['organizationid'] = $urlparts['host'];
112 }
113
114 if (!empty($instance->resourcekey)) {
115 $key = $instance->resourcekey;
116 } else if (!empty($typeconfig['resourcekey'])) {
117 $key = $typeconfig['resourcekey'];
118 } else {
119 $key = '';
120 }
121
122 if (!empty($instance->password)) {
123 $secret = $instance->password;
124 } else if (!empty($typeconfig['password'])) {
125 $secret = $typeconfig['password'];
126 } else {
127 $secret = '';
128 }
129
130 $endpoint = !empty($instance->toolurl) ? $instance->toolurl : $typeconfig['toolurl'];
131 $endpoint = trim($endpoint);
132
133 //If the current request is using SSL and a secure tool URL is specified, use it
134 if (lti_request_is_using_ssl() && !empty($instance->securetoolurl)) {
135 $endpoint = trim($instance->securetoolurl);
136 }
137
138 //If SSL is forced, use the secure tool url if specified. Otherwise, make sure https is on the normal launch URL.
139 if ($typeconfig['forcessl'] == '1') {
140 if (!empty($instance->securetoolurl)) {
141 $endpoint = trim($instance->securetoolurl);
142 }
143
144 $endpoint = lti_ensure_url_is_https($endpoint);
145 } else {
146 if (!strstr($endpoint, '://')) {
147 $endpoint = 'http://' . $endpoint;
148 }
149 }
150
151 $orgid = $typeconfig['organizationid'];
152
153 $course = $PAGE->course;
154 $requestparams = lti_build_request($instance, $typeconfig, $course);
155
156 $launchcontainer = lti_get_launch_container($instance, $typeconfig);
157 $returnurlparams = array('course' => $course->id, 'launch_container' => $launchcontainer, 'instanceid' => $instance->id);
158
159 if ( $orgid ) {
160 $requestparams["tool_consumer_instance_guid"] = $orgid;
161 }
162
163 if (empty($key) || empty($secret)) {
164 $returnurlparams['unsigned'] = '1';
165 }
166
167 // Add the return URL. We send the launch container along to help us avoid frames-within-frames when the user returns.
168 $url = new moodle_url('/mod/lti/return.php', $returnurlparams);
169 $returnurl = $url->out(false);
170
171 if ($typeconfig['forcessl'] == '1') {
172 $returnurl = lti_ensure_url_is_https($returnurl);
173 }
174
175 $requestparams['launch_presentation_return_url'] = $returnurl;
176
177 if (!empty($key) && !empty($secret)) {
178 $parms = lti_sign_parameters($requestparams, $endpoint, "POST", $key, $secret);
179 } else {
180 //If no key and secret, do the launch unsigned.
181 $parms = $requestparams;
182 }
183
184 $debuglaunch = ( $instance->debuglaunch == 1 );
185
186 $content = lti_post_launch_html($parms, $endpoint, $debuglaunch);
187
188 echo $content;
189 }
190
191 function lti_build_sourcedid($instanceid, $userid, $launchid = null, $servicesalt) {
192 $data = new stdClass();
193
194 $data->instanceid = $instanceid;
195 $data->userid = $userid;
196 if (!empty($launchid)) {
197 $data->launchid = $launchid;
198 } else {
199 $data->launchid = mt_rand();
200 }
201
202 $json = json_encode($data);
203
204 $hash = hash('sha256', $json . $servicesalt, false);
205
206 $container = new stdClass();
207 $container->data = $data;
208 $container->hash = $hash;
209
210 return $container;
211 }
212
213 /**
214 * This function builds the request that must be sent to the tool producer
215 *
216 * @param object $instance Basic LTI instance object
217 * @param object $typeconfig Basic LTI tool configuration
218 * @param object $course Course object
219 *
220 * @return array $request Request details
221 */
222 function lti_build_request($instance, $typeconfig, $course) {
223 global $USER, $CFG;
224
225 if (empty($instance->cmid)) {
226 $instance->cmid = 0;
227 }
228
229 $role = lti_get_ims_role($USER, $instance->cmid, $instance->course);
230
231 $requestparams = array(
232 'resource_link_id' => $instance->id,
233 'resource_link_title' => $instance->name,
234 'resource_link_description' => $instance->intro,
235 'user_id' => $USER->id,
236 'roles' => $role,
237 'context_id' => $course->id,
238 'context_label' => $course->shortname,
239 'context_title' => $course->fullname,
240 'launch_presentation_locale' => current_language()
241 );
242
243 $placementsecret = $instance->servicesalt;
244
245 if ( isset($placementsecret) ) {
246 $sourcedid = json_encode(lti_build_sourcedid($instance->id, $USER->id, null, $placementsecret));
247 }
248
249 if ( isset($placementsecret) &&
250 ( $typeconfig['acceptgrades'] == LTI_SETTING_ALWAYS ||
251 ( $typeconfig['acceptgrades'] == LTI_SETTING_DELEGATE && $instance->instructorchoiceacceptgrades == LTI_SETTING_ALWAYS ) ) ) {
252 $requestparams['lis_result_sourcedid'] = $sourcedid;
253
254 //Add outcome service URL
255 $serviceurl = new moodle_url('/mod/lti/service.php');
256 $serviceurl = $serviceurl->out();
257
258 if ($typeconfig['forcessl'] == '1') {
259 $serviceurl = lti_ensure_url_is_https($serviceurl);
260 }
261
262 $requestparams['lis_outcome_service_url'] = $serviceurl;
263 }
264
265 // Send user's name and email data if appropriate
266 if ( $typeconfig['sendname'] == LTI_SETTING_ALWAYS ||
267 ( $typeconfig['sendname'] == LTI_SETTING_DELEGATE && $instance->instructorchoicesendname == LTI_SETTING_ALWAYS ) ) {
268 $requestparams['lis_person_name_given'] = $USER->firstname;
269 $requestparams['lis_person_name_family'] = $USER->lastname;
270 $requestparams['lis_person_name_full'] = $USER->firstname." ".$USER->lastname;
271 }
272
273 if ( $typeconfig['sendemailaddr'] == LTI_SETTING_ALWAYS ||
274 ( $typeconfig['sendemailaddr'] == LTI_SETTING_DELEGATE && $instance->instructorchoicesendemailaddr == LTI_SETTING_ALWAYS ) ) {
275 $requestparams['lis_person_contact_email_primary'] = $USER->email;
276 }
277
278 // Concatenate the custom parameters from the administrator and the instructor
279 // Instructor parameters are only taken into consideration if the administrator
280 // has giver permission
281 $customstr = $typeconfig['customparameters'];
282 $instructorcustomstr = $instance->instructorcustomparameters;
283 $custom = array();
284 $instructorcustom = array();
285 if ($customstr) {
286 $custom = lti_split_custom_parameters($customstr);
287 }
288 if (!isset($typeconfig['allowinstructorcustom']) || $typeconfig['allowinstructorcustom'] == LTI_SETTING_NEVER) {
289 $requestparams = array_merge($custom, $requestparams);
290 } else {
291 if ($instructorcustomstr) {
292 $instructorcustom = lti_split_custom_parameters($instructorcustomstr);
293 }
294 foreach ($instructorcustom as $key => $val) {
295 // Ignore the instructor's parameter
296 if (!array_key_exists($key, $custom)) {
297 $custom[$key] = $val;
298 }
299 }
300 $requestparams = array_merge($custom, $requestparams);
301 }
302
303 // Make sure we let the tool know what LMS they are being called from
304 $requestparams["ext_lms"] = "moodle-2";
305 $requestparams['tool_consumer_info_product_family_code'] = 'moodle';
306 $requestparams['tool_consumer_info_version'] = strval($CFG->version);
307
308 // Add oauth_callback to be compliant with the 1.0A spec
309 $requestparams['oauth_callback'] = 'about:blank';
310
311 //The submit button needs to be part of the signature as it gets posted with the form.
312 //This needs to be here to support launching without javascript.
313 $submittext = get_string('press_to_submit', 'lti');
314 $requestparams['ext_submit'] = $submittext;
315
316 $requestparams['lti_version'] = 'LTI-1p0';
317 $requestparams['lti_message_type'] = 'basic-lti-launch-request';
318
319 return $requestparams;
320 }
321
322 function lti_get_tool_table($tools, $id) {
323 global $CFG, $USER;
324 $html = '';
325
326 $typename = get_string('typename', 'lti');
327 $baseurl = get_string('baseurl', 'lti');
328 $action = get_string('action', 'lti');
329 $createdon = get_string('createdon', 'lti');
330
331 if ($id == 'lti_configured') {
332 $html .= '<div><a style="margin-top:.25em" href="'.$CFG->wwwroot.'/mod/lti/typessettings.php?action=add&amp;sesskey='.$USER->sesskey.'">'.get_string('addtype', 'lti').'</a></div>';
333 }
334
335 if (!empty($tools)) {
336 $html .= "
337 <div id=\"{$id}_container\" style=\"margin-top:.5em;margin-bottom:.5em\">
338 <table id=\"{$id}_tools\">
339 <thead>
340 <tr>
341 <th>$typename</th>
342 <th>$baseurl</th>
343 <th>$createdon</th>
344 <th>$action</th>
345 </tr>
346 </thead>
347 ";
348
349 foreach ($tools as $type) {
350 $date = userdate($type->timecreated);
351 $accept = get_string('accept', 'lti');
352 $update = get_string('update', 'lti');
353 $delete = get_string('delete', 'lti');
354
355 $accepthtml = "
356 <a class=\"editing_accept\" href=\"{$CFG->wwwroot}/mod/lti/typessettings.php?action=accept&amp;id={$type->id}&amp;sesskey={$USER->sesskey}&amp;tab={$id}\" title=\"{$accept}\">
357 <img class=\"iconsmall\" alt=\"{$accept}\" src=\"{$CFG->wwwroot}/pix/t/clear.gif\"/>
358 </a>
359 ";
360
361 $deleteaction = 'delete';
362
363 if ($type->state == LTI_TOOL_STATE_CONFIGURED) {
364 $accepthtml = '';
365 }
366
367 if ($type->state != LTI_TOOL_STATE_REJECTED) {
368 $deleteaction = 'reject';
369 $delete = get_string('reject', 'lti');
370 }
371
372 $html .= "
373 <tr>
374 <td>
375 {$type->name}
376 </td>
377 <td>
378 {$type->baseurl}
379 </td>
380 <td>
381 {$date}
382 </td>
383 <td align=\"center\">
384 {$accepthtml}
385 <a class=\"editing_update\" href=\"{$CFG->wwwroot}/mod/lti/typessettings.php?action=update&amp;id={$type->id}&amp;sesskey={$USER->sesskey}&amp;tab={$id}\" title=\"{$update}\">
386 <img class=\"iconsmall\" alt=\"{$update}\" src=\"{$CFG->wwwroot}/pix/t/edit.gif\"/>
387 </a>
388 <a class=\"editing_delete\" href=\"{$CFG->wwwroot}/mod/lti/typessettings.php?action={$deleteaction}&amp;id={$type->id}&amp;sesskey={$USER->sesskey}&amp;tab={$id}\" title=\"{$delete}\">
389 <img class=\"iconsmall\" alt=\"{$delete}\" src=\"{$CFG->wwwroot}/pix/t/delete.gif\"/>
390 </a>
391 </td>
392 </tr>
393 ";
394 }
395 $html .= '</table></div>';
396 } else {
397 $html .= get_string('no_' . $id, 'lti');
398 }
399
400 return $html;
401 }
402
403 /**
404 * Splits the custom parameters field to the various parameters
405 *
406 * @param string $customstr String containing the parameters
407 *
408 * @return Array of custom parameters
409 */
410 function lti_split_custom_parameters($customstr) {
411 $lines = preg_split("/[\n;]/", $customstr);
412 $retval = array();
413 foreach ($lines as $line) {
414 $pos = strpos($line, "=");
415 if ( $pos === false || $pos < 1 ) {
416 continue;
417 }
418 $key = trim(textlib::substr($line, 0, $pos));
419 $val = trim(textlib::substr($line, $pos+1, strlen($line)));
420 $key = lti_map_keyname($key);
421 $retval['custom_'.$key] = $val;
422 }
423 return $retval;
424 }
425
426 /**
427 * Used for building the names of the different custom parameters
428 *
429 * @param string $key Parameter name
430 *
431 * @return string Processed name
432 */
433 function lti_map_keyname($key) {
434 $newkey = "";
435 $key = textlib::strtolower(trim($key));
436 foreach (str_split($key) as $ch) {
437 if ( ($ch >= 'a' && $ch <= 'z') || ($ch >= '0' && $ch <= '9') ) {
438 $newkey .= $ch;
439 } else {
440 $newkey .= '_';
441 }
442 }
443 return $newkey;
444 }
445
446 /**
447 * Gets the IMS role string for the specified user and LTI course module.
448 *
449 * @param mixed $user User object or user id
450 * @param int $cmid The course module id of the LTI activity
451 * @return string A role string suitable for passing with an LTI launch
452 */
453 function lti_get_ims_role($user, $cmid, $courseid) {
454 $roles = array();
455
456 if (empty($cmid)) {
457 //If no cmid is passed, check if the user is a teacher in the course
458 //This allows other modules to programmatically "fake" a launch without
459 //a real LTI instance
460 $coursecontext = get_context_instance(CONTEXT_COURSE, $courseid);
461
462 if (has_capability('moodle/course:manageactivities', $coursecontext)) {
463 array_push($roles, 'Instructor');
464 } else {
465 array_push($roles, 'Learner');
466 }
467 } else {
468 $context = get_context_instance(CONTEXT_MODULE, $cmid);
469
470 if (has_capability('mod/lti:manage', $context)) {
471 array_push($roles, 'Instructor');
472 } else {
473 array_push($roles, 'Learner');
474 }
475 }
476
477 if (is_siteadmin($user)) {
478 array_push($roles, 'urn:lti:sysrole:ims/lis/Administrator');
479 }
480
481 return join(',', $roles);
482 }
483
484 /**
485 * Returns configuration details for the tool
486 *
487 * @param int $typeid Basic LTI tool typeid
488 *
489 * @return array Tool Configuration
490 */
491 function lti_get_type_config($typeid) {
492 global $DB;
493
494 $query = "SELECT name, value
495 FROM {lti_types_config}
496 WHERE typeid = :typeid1
497 UNION ALL
498 SELECT 'toolurl' AS name, baseurl AS value
499 FROM {lti_types}
500 WHERE id = :typeid2";
501
502 $typeconfig = array();
503 $configs = $DB->get_records_sql($query, array('typeid1' => $typeid, 'typeid2' => $typeid));
504
505 if (!empty($configs)) {
506 foreach ($configs as $config) {
507 $typeconfig[$config->name] = $config->value;
508 }
509 }
510
511 return $typeconfig;
512 }
513
514 function lti_get_tools_by_url($url, $state, $courseid = null) {
515 $domain = lti_get_domain_from_url($url);
516
517 return lti_get_tools_by_domain($domain, $state, $courseid);
518 }
519
520 function lti_get_tools_by_domain($domain, $state = null, $courseid = null) {
521 global $DB, $SITE;
522
523 $filters = array('tooldomain' => $domain);
524
525 $statefilter = '';
526 $coursefilter = '';
527
528 if ($state) {
529 $statefilter = 'AND state = :state';
530 }
531
532 if ($courseid && $courseid != $SITE->id) {
533 $coursefilter = 'OR course = :courseid';
534 }
535
536 $query = "SELECT *
537 FROM {lti_types}
538 WHERE tooldomain = :tooldomain
539 AND (course = :siteid $coursefilter)
540 $statefilter";
541
542 return $DB->get_records_sql($query, array(
543 'courseid' => $courseid,
544 'siteid' => $SITE->id,
545 'tooldomain' => $domain,
546 'state' => $state
547 ));
548 }
549
550 /**
551 * Returns all basicLTI tools configured by the administrator
552 *
553 */
554 function lti_filter_get_types($course) {
555 global $DB;
556
557 if (!empty($course)) {
558 $filter = array('course' => $course);
559 } else {
560 $filter = array();
561 }
562
563 return $DB->get_records('lti_types', $filter);
564 }
565
566 function lti_get_types_for_add_instance() {
567 global $DB, $SITE, $COURSE;
568
569 $query = "SELECT *
570 FROM {lti_types}
571 WHERE coursevisible = 1
572 AND (course = :siteid OR course = :courseid)
573 AND state = :active";
574
575 $admintypes = $DB->get_records_sql($query, array('siteid' => $SITE->id, 'courseid' => $COURSE->id, 'active' => LTI_TOOL_STATE_CONFIGURED));
576
577 $types = array();
578 $types[0] = (object)array('name' => get_string('automatic', 'lti'), 'course' => $SITE->id);
579
580 foreach ($admintypes as $type) {
581 $types[$type->id] = $type;
582 }
583
584 return $types;
585 }
586
587 function lti_get_domain_from_url($url) {
588 $matches = array();
589
590 if (preg_match(LTI_URL_DOMAIN_REGEX, $url, $matches)) {
591 return $matches[1];
592 }
593 }
594
595 function lti_get_tool_by_url_match($url, $courseid = null, $state = LTI_TOOL_STATE_CONFIGURED) {
596 $possibletools = lti_get_tools_by_url($url, $state, $courseid);
597
598 return lti_get_best_tool_by_url($url, $possibletools, $courseid);
599 }
600
601 function lti_get_url_thumbprint($url) {
602 $urlparts = parse_url(strtolower($url));
603 if (!isset($urlparts['path'])) {
604 $urlparts['path'] = '';
605 }
606
607 if (!isset($urlparts['host'])) {
608 $urlparts['host'] = '';
609 }
610
611 if (substr($urlparts['host'], 0, 4) === 'www.') {
612 $urlparts['host'] = substr($urlparts['host'], 4);
613 }
614
615 return $urllower = $urlparts['host'] . '/' . $urlparts['path'];
616 }
617
618 function lti_get_best_tool_by_url($url, $tools, $courseid = null) {
619 if (count($tools) === 0) {
620 return null;
621 }
622
623 $urllower = lti_get_url_thumbprint($url);
624
625 foreach ($tools as $tool) {
626 $tool->_matchscore = 0;
627
628 $toolbaseurllower = lti_get_url_thumbprint($tool->baseurl);
629
630 if ($urllower === $toolbaseurllower) {
631 //100 points for exact thumbprint match
632 $tool->_matchscore += 100;
633 } else if (substr($urllower, 0, strlen($toolbaseurllower)) === $toolbaseurllower) {
634 //50 points if tool thumbprint starts with the base URL thumbprint
635 $tool->_matchscore += 50;
636 }
637
638 //Prefer course tools over site tools
639 if (!empty($courseid)) {
640 //Minus 10 points for not matching the course id (global tools)
641 if ($tool->course != $courseid) {
642 $tool->_matchscore -= 10;
643 }
644 }
645 }
646
647 $bestmatch = array_reduce($tools, function($value, $tool) {
648 if ($tool->_matchscore > $value->_matchscore) {
649 return $tool;
650 } else {
651 return $value;
652 }
653
654 }, (object)array('_matchscore' => -1));
655
656 //None of the tools are suitable for this URL
657 if ($bestmatch->_matchscore <= 0) {
658 return null;
659 }
660
661 return $bestmatch;
662 }
663
664 function lti_get_shared_secrets_by_key($key) {
665 global $DB;
666
667 //Look up the shared secret for the specified key in both the types_config table (for configured tools)
668 //And in the lti resource table for ad-hoc tools
669 $query = "SELECT t2.value
670 FROM {lti_types_config} t1
671 JOIN {lti_types_config} t2 ON t1.typeid = t2.typeid
672 JOIN {lti_types} type ON t2.typeid = type.id
673 WHERE t1.name = 'resourcekey'
674 AND t1.value = :key1
675 AND t2.name = 'password'
676 AND type.state = :configured
677 UNION
678 SELECT password AS value
679 FROM {lti}
680 WHERE resourcekey = :key2";
681
682 $sharedsecrets = $DB->get_records_sql($query, array('configured' => LTI_TOOL_STATE_CONFIGURED, 'key1' => $key, 'key2' => $key));
683
684 $values = array_map(function($item) {
685 return $item->value;
686 }, $sharedsecrets);
687
688 //There should really only be one shared secret per key. But, we can't prevent
689 //more than one getting entered. For instance, if the same key is used for two tool providers.
690 return $values;
691 }
692
693 /**
694 * Delete a Basic LTI configuration
695 *
696 * @param int $id Configuration id
697 */
698 function lti_delete_type($id) {
699 global $DB;
700
701 //We should probably just copy the launch URL to the tool instances in this case... using a single query
702 /*
703 $instances = $DB->get_records('lti', array('typeid' => $id));
704 foreach ($instances as $instance) {
705 $instance->typeid = 0;
706 $DB->update_record('lti', $instance);
707 }*/
708
709 $DB->delete_records('lti_types', array('id' => $id));
710 $DB->delete_records('lti_types_config', array('typeid' => $id));
711 }
712
713 function lti_set_state_for_type($id, $state) {
714 global $DB;
715
716 $DB->update_record('lti_types', array('id' => $id, 'state' => $state));
717 }
718
719 /**
720 * Transforms a basic LTI object to an array
721 *
722 * @param object $ltiobject Basic LTI object
723 *
724 * @return array Basic LTI configuration details
725 */
726 function lti_get_config($ltiobject) {
727 $typeconfig = array();
728 $typeconfig = (array)$ltiobject;
729 $additionalconfig = lti_get_type_config($ltiobject->typeid);
730 $typeconfig = array_merge($typeconfig, $additionalconfig);
731 return $typeconfig;
732 }
733
734 /**
735 *
736 * Generates some of the tool configuration based on the instance details
737 *
738 * @param int $id
739 *
740 * @return Instance configuration
741 *
742 */
743 function lti_get_type_config_from_instance($id) {
744 global $DB;
745
746 $instance = $DB->get_record('lti', array('id' => $id));
747 $config = lti_get_config($instance);
748
749 $type = new stdClass();
750 $type->lti_fix = $id;
751 if (isset($config['toolurl'])) {
752 $type->lti_toolurl = $config['toolurl'];
753 }
754 if (isset($config['instructorchoicesendname'])) {
755 $type->lti_sendname = $config['instructorchoicesendname'];
756 }
757 if (isset($config['instructorchoicesendemailaddr'])) {
758 $type->lti_sendemailaddr = $config['instructorchoicesendemailaddr'];
759 }
760 if (isset($config['instructorchoiceacceptgrades'])) {
761 $type->lti_acceptgrades = $config['instructorchoiceacceptgrades'];
762 }
763 if (isset($config['instructorchoiceallowroster'])) {
764 $type->lti_allowroster = $config['instructorchoiceallowroster'];
765 }
766
767 if (isset($config['instructorcustomparameters'])) {
768 $type->lti_allowsetting = $config['instructorcustomparameters'];
769 }
770 return $type;
771 }
772
773 /**
774 * Generates some of the tool configuration based on the admin configuration details
775 *
776 * @param int $id
777 *
778 * @return Configuration details
779 */
780 function lti_get_type_type_config($id) {
781 global $DB;
782
783 $basicltitype = $DB->get_record('lti_types', array('id' => $id));
784 $config = lti_get_type_config($id);
785
786 $type = new stdClass();
787
788 $type->lti_typename = $basicltitype->name;
789
790 $type->typeid = $basicltitype->id;
791
792 $type->lti_toolurl = $basicltitype->baseurl;
793
794 if (isset($config['resourcekey'])) {
795 $type->lti_resourcekey = $config['resourcekey'];
796 }
797 if (isset($config['password'])) {
798 $type->lti_password = $config['password'];
799 }
800
801 if (isset($config['sendname'])) {
802 $type->lti_sendname = $config['sendname'];
803 }
804 if (isset($config['instructorchoicesendname'])) {
805 $type->lti_instructorchoicesendname = $config['instructorchoicesendname'];
806 }
807 if (isset($config['sendemailaddr'])) {
808 $type->lti_sendemailaddr = $config['sendemailaddr'];
809 }
810 if (isset($config['instructorchoicesendemailaddr'])) {
811 $type->lti_instructorchoicesendemailaddr = $config['instructorchoicesendemailaddr'];
812 }
813 if (isset($config['acceptgrades'])) {
814 $type->lti_acceptgrades = $config['acceptgrades'];
815 }
816 if (isset($config['instructorchoiceacceptgrades'])) {
817 $type->lti_instructorchoiceacceptgrades = $config['instructorchoiceacceptgrades'];
818 }
819 if (isset($config['allowroster'])) {
820 $type->lti_allowroster = $config['allowroster'];
821 }
822 if (isset($config['instructorchoiceallowroster'])) {
823 $type->lti_instructorchoiceallowroster = $config['instructorchoiceallowroster'];
824 }
825
826 if (isset($config['customparameters'])) {
827 $type->lti_customparameters = $config['customparameters'];
828 }
829
830 if (isset($config['forcessl'])) {
831 $type->lti_forcessl = $config['forcessl'];
832 }
833
834 if (isset($config['organizationid'])) {
835 $type->lti_organizationid = $config['organizationid'];
836 }
837 if (isset($config['organizationurl'])) {
838 $type->lti_organizationurl = $config['organizationurl'];
839 }
840 if (isset($config['organizationdescr'])) {
841 $type->lti_organizationdescr = $config['organizationdescr'];
842 }
843 if (isset($config['launchcontainer'])) {
844 $type->lti_launchcontainer = $config['launchcontainer'];
845 }
846
847 if (isset($config['coursevisible'])) {
848 $type->lti_coursevisible = $config['coursevisible'];
849 }
850
851 if (isset($config['debuglaunch'])) {
852 $type->lti_debuglaunch = $config['debuglaunch'];
853 }
854
855 if (isset($config['module_class_type'])) {
856 $type->lti_module_class_type = $config['module_class_type'];
857 }
858
859 return $type;
860 }
861
862 function lti_prepare_type_for_save($type, $config) {
863 $type->baseurl = $config->lti_toolurl;
864 $type->tooldomain = lti_get_domain_from_url($config->lti_toolurl);
865 $type->name = $config->lti_typename;
866
867 $type->coursevisible = !empty($config->lti_coursevisible) ? $config->lti_coursevisible : 0;
868 $config->lti_coursevisible = $type->coursevisible;
869
870 $type->forcessl = !empty($config->lti_forcessl) ? $config->lti_forcessl : 0;
871 $config->lti_forcessl = $type->forcessl;
872
873 $type->timemodified = time();
874
875 unset ($config->lti_typename);
876 unset ($config->lti_toolurl);
877 }
878
879 function lti_update_type($type, $config) {
880 global $DB;
881
882 lti_prepare_type_for_save($type, $config);
883
884 if ($DB->update_record('lti_types', $type)) {
885 foreach ($config as $key => $value) {
886 if (substr($key, 0, 4)=='lti_' && !is_null($value)) {
887 $record = new StdClass();
888 $record->typeid = $type->id;
889 $record->name = substr($key, 4);
890 $record->value = $value;
891
892 lti_update_config($record);
893 }
894 }
895 }
896 }
897
898 function lti_add_type($type, $config) {
899 global $USER, $SITE, $DB;
900
901 lti_prepare_type_for_save($type, $config);
902
903 if (!isset($type->state)) {
904 $type->state = LTI_TOOL_STATE_PENDING;
905 }
906
907 if (!isset($type->timecreated)) {
908 $type->timecreated = time();
909 }
910
911 if (!isset($type->createdby)) {
912 $type->createdby = $USER->id;
913 }
914
915 if (!isset($type->course)) {
916 $type->course = $SITE->id;
917 }
918
919 //Create a salt value to be used for signing passed data to extension services
920 //The outcome service uses the service salt on the instance. This can be used
921 //for communication with services not related to a specific LTI instance.
922 $config->lti_servicesalt = uniqid('', true);
923
924 $id = $DB->insert_record('lti_types', $type);
925
926 if ($id) {
927 foreach ($config as $key => $value) {
928 if (substr($key, 0, 4)=='lti_' && !is_null($value)) {
929 $record = new StdClass();
930 $record->typeid = $id;
931 $record->name = substr($key, 4);
932 $record->value = $value;
933
934 lti_add_config($record);
935 }
936 }
937 }
938
939 return $id;
940 }
941
942 /**
943 * Add a tool configuration in the database
944 *
945 * @param $config Tool configuration
946 *
947 * @return int Record id number
948 */
949 function lti_add_config($config) {
950 global $DB;
951
952 return $DB->insert_record('lti_types_config', $config);
953 }
954
955 /**
956 * Updates a tool configuration in the database
957 *
958 * @param $config Tool configuration
959 *
960 * @return Record id number
961 */
962 function lti_update_config($config) {
963 global $DB;
964
965 $return = true;
966 $old = $DB->get_record('lti_types_config', array('typeid' => $config->typeid, 'name' => $config->name));
967
968 if ($old) {
969 $config->id = $old->id;
970 $return = $DB->update_record('lti_types_config', $config);
971 } else {
972 $return = $DB->insert_record('lti_types_config', $config);
973 }
974 return $return;
975 }
976
977 /**
978 * Signs the petition to launch the external tool using OAuth
979 *
980 * @param $oldparms Parameters to be passed for signing
981 * @param $endpoint url of the external tool
982 * @param $method Method for sending the parameters (e.g. POST)
983 * @param $oauth_consumoer_key Key
984 * @param $oauth_consumoer_secret Secret
985 * @param $submittext The text for the submit button
986 * @param $orgid LMS name
987 * @param $orgdesc LMS key
988 */
989 function lti_sign_parameters($oldparms, $endpoint, $method, $oauthconsumerkey, $oauthconsumersecret) {
990 //global $lastbasestring;
991 $parms = $oldparms;
992
993 $testtoken = '';
994
995 // TODO: Switch to core oauthlib once implemented - MDL-30149
996 $hmacmethod = new lti\OAuthSignatureMethod_HMAC_SHA1();
997 $testconsumer = new lti\OAuthConsumer($oauthconsumerkey, $oauthconsumersecret, null);
998 $accreq = lti\OAuthRequest::from_consumer_and_token($testconsumer, $testtoken, $method, $endpoint, $parms);
999 $accreq->sign_request($hmacmethod, $testconsumer, $testtoken);
1000
1001 // Pass this back up "out of band" for debugging
1002 //$lastbasestring = $accreq->get_signature_base_string();
1003
1004 $newparms = $accreq->get_parameters();
1005
1006 return $newparms;
1007 }
1008
1009 /**
1010 * Posts the launch petition HTML
1011 *
1012 * @param $newparms Signed parameters
1013 * @param $endpoint URL of the external tool
1014 * @param $debug Debug (true/false)
1015 */
1016 function lti_post_launch_html($newparms, $endpoint, $debug=false) {
1017 $r = "<form action=\"".$endpoint."\" name=\"ltiLaunchForm\" id=\"ltiLaunchForm\" method=\"post\" encType=\"application/x-www-form-urlencoded\">\n";
1018
1019 $submittext = $newparms['ext_submit'];
1020
1021 // Contruct html for the launch parameters
1022 foreach ($newparms as $key => $value) {
1023 $key = htmlspecialchars($key);
1024 $value = htmlspecialchars($value);
1025 if ( $key == "ext_submit" ) {
1026 $r .= "<input type=\"submit\" name=\"";
1027 } else {
1028 $r .= "<input type=\"hidden\" name=\"";
1029 }
1030 $r .= $key;
1031 $r .= "\" value=\"";
1032 $r .= $value;
1033 $r .= "\"/>\n";
1034 }
1035
1036 if ( $debug ) {
1037 $r .= "<script language=\"javascript\"> \n";
1038 $r .= " //<![CDATA[ \n";
1039 $r .= "function basicltiDebugToggle() {\n";
1040 $r .= " var ele = document.getElementById(\"basicltiDebug\");\n";
1041 $r .= " if (ele.style.display == \"block\") {\n";
1042 $r .= " ele.style.display = \"none\";\n";
1043 $r .= " }\n";
1044 $r .= " else {\n";
1045 $r .= " ele.style.display = \"block\";\n";
1046 $r .= " }\n";
1047 $r .= "} \n";
1048 $r .= " //]]> \n";
1049 $r .= "</script>\n";
1050 $r .= "<a id=\"displayText\" href=\"javascript:basicltiDebugToggle();\">";
1051 $r .= get_string("toggle_debug_data", "lti")."</a>\n";
1052 $r .= "<div id=\"basicltiDebug\" style=\"display:none\">\n";
1053 $r .= "<b>".get_string("basiclti_endpoint", "lti")."</b><br/>\n";
1054 $r .= $endpoint . "<br/>\n&nbsp;<br/>\n";
1055 $r .= "<b>".get_string("basiclti_parameters", "lti")."</b><br/>\n";
1056 foreach ($newparms as $key => $value) {
1057 $key = htmlspecialchars($key);
1058 $value = htmlspecialchars($value);
1059 $r .= "$key = $value<br/>\n";
1060 }
1061 $r .= "&nbsp;<br/>\n";
1062 //$r .= "<p><b>".get_string("basiclti_base_string", "lti")."</b><br/>\n".$lastbasestring."</p>\n";
1063 $r .= "</div>\n";
1064 }
1065 $r .= "</form>\n";
1066
1067 if ( ! $debug ) {
1068 $ext_submit = "ext_submit";
1069 $ext_submit_text = $submittext;
1070 $r .= " <script type=\"text/javascript\"> \n" .
1071 " //<![CDATA[ \n" .
1072 " document.getElementById(\"ltiLaunchForm\").style.display = \"none\";\n" .
1073 " nei = document.createElement('input');\n" .
1074 " nei.setAttribute('type', 'hidden');\n" .
1075 " nei.setAttribute('name', '".$ext_submit."');\n" .
1076 " nei.setAttribute('value', '".$ext_submit_text."');\n" .
1077 " document.getElementById(\"ltiLaunchForm\").appendChild(nei);\n" .
1078 " document.ltiLaunchForm.submit(); \n" .
1079 " //]]> \n" .
1080 " </script> \n";
1081 }
1082 return $r;
1083 }
1084
1085 function lti_get_type($typeid) {
1086 global $DB;
1087
1088 return $DB->get_record('lti_types', array('id' => $typeid));
1089 }
1090
1091 function lti_get_launch_container($lti, $toolconfig) {
1092 if (empty($lti->launchcontainer)) {
1093 $lti->launchcontainer = LTI_LAUNCH_CONTAINER_DEFAULT;
1094 }
1095
1096 if ($lti->launchcontainer == LTI_LAUNCH_CONTAINER_DEFAULT) {
1097 if (isset($toolconfig['launchcontainer'])) {
1098 $launchcontainer = $toolconfig['launchcontainer'];
1099 }
1100 } else {
1101 $launchcontainer = $lti->launchcontainer;
1102 }
1103
1104 if (empty($launchcontainer) || $launchcontainer == LTI_LAUNCH_CONTAINER_DEFAULT) {
1105 $launchcontainer = LTI_LAUNCH_CONTAINER_EMBED_NO_BLOCKS;
1106 }
1107
1108 $devicetype = get_device_type();
1109
1110 //Scrolling within the object element doesn't work on iOS or Android
1111 //Opening the popup window also had some issues in testing
1112 //For mobile devices, always take up the entire screen to ensure the best experience
1113 if ($devicetype === 'mobile' || $devicetype === 'tablet' ) {
1114 $launchcontainer = LTI_LAUNCH_CONTAINER_REPLACE_MOODLE_WINDOW;
1115 }
1116
1117 return $launchcontainer;
1118 }
1119
1120 function lti_request_is_using_ssl() {
1121 global $CFG;
1122 return (stripos($CFG->httpswwwroot, 'https://') === 0);
1123 }
1124
1125 function lti_ensure_url_is_https($url) {
1126 if (!strstr($url, '://')) {
1127 $url = 'https://' . $url;
1128 } else {
1129 //If the URL starts with http, replace with https
1130 if (stripos($url, 'http://') === 0) {
1131 $url = 'https://' . substr($url, 8);
1132 }
1133 }
1134
1135 return $url;
1136 }
Read-only mirror of the Moodle CVS