require_once dirname(__FILE__) . '/../../config.php';
require_once $CFG->dirroot . '/lib/weblib.php';
$toolid = null;
$token = null;
$filearguments = get_file_argument();
$arguments = explode('/', trim($filearguments, '/'));
if (count($arguments) >= 2) {
// Can put cartridge.xml at the end, or anything really.
list($toolid, $token) = $arguments;
}
$toolid = optional_param('id', $toolid, PARAM_INT);
$token = optional_param('token', $token, PARAM_ALPHANUM);
// Only show the cartridge if the token parameter is correct.
// If we do not compare with a shared secret, someone could very easily
// guess an id for the enrolment.
if (!\enrol_lti\helper::verify_cartridge_token($toolid, $token)) {
throw new \moodle_exception('incorrecttoken', 'enrol_lti');
}
$tool = \enrol_lti\helper::get_lti_tool($toolid);
if (!is_enabled_auth('lti')) {
print_error('pluginnotenabled', 'auth', '', get_string('pluginname', 'auth_lti'));
} else {
if (!enrol_is_enabled('lti')) {
print_error('enrolisdisabled', 'enrol_lti');
} else {
if ($tool->status != ENROL_INSTANCE_ENABLED) {
print_error('enrolisdisabled', 'enrol_lti');
} else {
header('Content-Type: text/xml; charset=utf-8');
echo \enrol_lti\helper::create_cartridge($toolid);
}
/**
* Test verifying a cartridge token.
*/
public function test_verify_cartridge_token()
{
$course1 = $this->getDataGenerator()->create_course();
$data = new stdClass();
$data->courseid = $course1->id;
$tool1 = $this->getDataGenerator()->create_lti_tool($data);
$token = \enrol_lti\helper::generate_cartridge_token($tool1->id);
$this->assertTrue(\enrol_lti\helper::verify_cartridge_token($tool1->id, $token));
$this->assertFalse(\enrol_lti\helper::verify_cartridge_token($tool1->id, 'incorrect token!'));
}
