/**
* Ensures auth code is valid
*/
function panopto_validate_auth_code($payload, $authcode)
{
return panopto_generate_auth_code($payload) == $authcode;
}
if ($relogin || isset($USER->username) && $USER->username == "guest") {
require_logout();
// Return to this page, minus the "action=relogin" parameter.
redirect($CFG->wwwroot . "/blocks/panopto/SSO.php" . "?authCode={$requestauthcode}" . "&serverName={$servername}" . "&expiration={$expiration}" . "&callbackURL=" . urlencode($callbackurl));
return;
}
// No course ID (0). Don't autologin guests (false).
require_login(0, false);
// Reproduce canonically-ordered incoming auth payload.
$requestauthpayload = "serverName=" . $servername . "&expiration=" . $expiration;
// Verify passed in parameters are properly signed.
if (panopto_validate_auth_code($requestauthpayload, $requestauthcode)) {
$userkey = panopto_decorate_username($USER->username);
// Generate canonically-ordered auth payload string.
$responseparams = "serverName=" . $servername . "&externalUserKey=" . $userkey . "&expiration=" . $expiration;
// Sign payload with shared key and hash.
$responseauthcode = panopto_generate_auth_code($responseparams);
// Encode user key in case the backslash causes a sequence to be interpreted as an escape sequence
// (e.g. in the case of usernames that begin with digits).
// Maintain the original canonical string to avoid signature mismatch.
$responseparamsencoded = "serverName=" . $servername . "&externalUserKey=" . urlencode($userkey) . "&expiration=" . $expiration;
$separator = strpos($callbackurl, "?") ? "&" : "?";
$redirecturl = $callbackurl . $separator . $responseparamsencoded . "&authCode=" . $responseauthcode;
// Redirect to Panopto Focus login page.
redirect($redirecturl);
} else {
echo $OUTPUT->header();
echo "Invalid auth code.";
echo $OUTPUT->footer();
}
/* End of file SSO.php */
/**
* Used to instantiate a soap client for a given instance of panopto_data.
* Should be called only the first time a soap client is needed for an instance.
*/
public function instantiate_soap_client($username, $servername, $applicationkey)
{
global $USER;
if (!empty($this->servername)) {
if (isset($USER->username)) {
$username = $USER->username;
} else {
$username = "******";
}
$this->uname = $username;
}
// Compute web service credentials for current user.
$apiuseruserkey = panopto_decorate_username($username);
$apiuserauthcode = panopto_generate_auth_code($apiuseruserkey . "@" . $this->servername, $this->applicationkey);
// Instantiate our SOAP client.
return new panopto_soap_client($this->servername, $apiuseruserkey, $apiuserauthcode);
}