/** * Ensures auth code is valid */ function panopto_validate_auth_code($payload, $authcode) { return panopto_generate_auth_code($payload) == $authcode; }
if ($relogin || isset($USER->username) && $USER->username == "guest") { require_logout(); // Return to this page, minus the "action=relogin" parameter. redirect($CFG->wwwroot . "/blocks/panopto/SSO.php" . "?authCode={$requestauthcode}" . "&serverName={$servername}" . "&expiration={$expiration}" . "&callbackURL=" . urlencode($callbackurl)); return; } // No course ID (0). Don't autologin guests (false). require_login(0, false); // Reproduce canonically-ordered incoming auth payload. $requestauthpayload = "serverName=" . $servername . "&expiration=" . $expiration; // Verify passed in parameters are properly signed. if (panopto_validate_auth_code($requestauthpayload, $requestauthcode)) { $userkey = panopto_decorate_username($USER->username); // Generate canonically-ordered auth payload string. $responseparams = "serverName=" . $servername . "&externalUserKey=" . $userkey . "&expiration=" . $expiration; // Sign payload with shared key and hash. $responseauthcode = panopto_generate_auth_code($responseparams); // Encode user key in case the backslash causes a sequence to be interpreted as an escape sequence // (e.g. in the case of usernames that begin with digits). // Maintain the original canonical string to avoid signature mismatch. $responseparamsencoded = "serverName=" . $servername . "&externalUserKey=" . urlencode($userkey) . "&expiration=" . $expiration; $separator = strpos($callbackurl, "?") ? "&" : "?"; $redirecturl = $callbackurl . $separator . $responseparamsencoded . "&authCode=" . $responseauthcode; // Redirect to Panopto Focus login page. redirect($redirecturl); } else { echo $OUTPUT->header(); echo "Invalid auth code."; echo $OUTPUT->footer(); } /* End of file SSO.php */
/** * Used to instantiate a soap client for a given instance of panopto_data. * Should be called only the first time a soap client is needed for an instance. */ public function instantiate_soap_client($username, $servername, $applicationkey) { global $USER; if (!empty($this->servername)) { if (isset($USER->username)) { $username = $USER->username; } else { $username = "******"; } $this->uname = $username; } // Compute web service credentials for current user. $apiuseruserkey = panopto_decorate_username($username); $apiuserauthcode = panopto_generate_auth_code($apiuseruserkey . "@" . $this->servername, $this->applicationkey); // Instantiate our SOAP client. return new panopto_soap_client($this->servername, $apiuseruserkey, $apiuserauthcode); }