public function saveUserInfo()
{
if (!isset($_SESSION)) {
session_start();
}
$code = \Input::get('code');
$lti = \Input::get('lti');
$instanceFromDB = LtiConfigurations::find($lti);
$clientId = $instanceFromDB['DeveloperId'];
$developerSecret = $instanceFromDB['DeveloperSecret'];
$opts = array('http' => array('method' => 'POST'));
$context = stream_context_create($opts);
$url = "https://{$_SESSION['domain']}/login/oauth2/token?client_id={$clientId}&client_secret={$developerSecret}&code={$code}";
$userTokenJSON = file_get_contents($url, false, $context, -1, 40000);
$userToken = json_decode($userTokenJSON);
$actualToken = $userToken->access_token;
$encryptedToken = \Crypt::encrypt($actualToken);
$_SESSION['userToken'] = $encryptedToken;
//store encrypted token in the database
$courseId = $_SESSION['courseID'];
$userId = $_SESSION['userID'];
//make sure we have the user stored in the user table and in the userCourse table.
$roots = new Roots();
//when we get the user from the LMS it gets stored in the DB.
$roots->getUser($userId);
$dbHelper = new DbHelper();
$role = $dbHelper->getRole('Approver');
$userCourse = UserCourse::firstOrNew(array('user_id' => $userId, 'course_id' => $courseId));
$userCourse->user_id = $userId;
$userCourse->course_id = $courseId;
$userCourse->role = $role->id;
$userCourse->encrypted_token = $encryptedToken;
$userCourse->save();
echo "App has been approved. Please reload this page";
}
public function saveUserInfo()
{
if (!isset($_SESSION)) {
session_start();
}
$code = \Input::get('code');
$lti = \Input::get('lti');
$instanceFromDB = LtiConfigurations::find($lti);
$clientId = $instanceFromDB['DeveloperId'];
$developerSecret = $instanceFromDB['DeveloperSecret'];
$opts = array('http' => array('method' => 'POST'));
$context = stream_context_create($opts);
$url = "https://{$_SESSION['domain']}/login/oauth2/token?client_id={$clientId}&client_secret={$developerSecret}&code={$code}";
$userTokenJSON = file_get_contents($url, false, $context, -1, 40000);
$userToken = json_decode($userTokenJSON);
$actualToken = $userToken->access_token;
$encryptedToken = \Crypt::encrypt($actualToken);
$_SESSION['userToken'] = $encryptedToken;
//store encrypted token in the database
$courseId = $_SESSION['courseID'];
$userId = $_SESSION['userID'];
$user = new User();
$user->user_id = $userId;
$user->course_id = $courseId;
$user->encrypted_token = $encryptedToken;
$user->save();
echo "App has been approved. Please reload this page";
}
public function doBltiHandshake()
{
//first obtain the details of the LTI configuration they chose
$instanceFromDB = LtiConfigurations::find($this->property('ltiInstance'));
$approver = $this->property('approver');
$arr = $this->getApproverOptions();
$approverRole = $arr[$approver];
if (!isset($_SESSION)) {
session_start();
}
$_SESSION['baseUrl'] = Config::get('app.url', 'backend');
$_SESSION['courseID'] = \Input::get('custom_canvas_course_id');
$_SESSION['userID'] = \Input::get('custom_canvas_user_id');
$_SESSION['domain'] = \Input::get('custom_canvas_api_domain');
//TODO: make sure this parameter below works with all other LMSs
$_SESSION['lms'] = \Input::get('tool_consumer_info_product_family_code');
//check to see if user is an Instructor
$rolesStr = \Input::get('roles');
$consumerKey = $instanceFromDB['ConsumerKey'];
$clientId = $instanceFromDB['DeveloperId'];
//Check to see if the lti handshake passes
$context = new Blti($consumerKey, false, false);
if ($context->valid) {
// query DB to see if user has token, if yes, go to LTI.
$userCheck = User::where('course_id', $_SESSION['courseID'])->first();
if (!$userCheck) {
//if no user is found, redirect to canvas permission page
if (stristr($rolesStr, $approverRole)) {
//As per my discussion with Jared, we will use the instructor's token only. This is the token that will be stored in the DB
//and the one that will be used to make all requests. We will NOT store student's tokens.
//TODO: take this redirectUri out into some parameter somewhere...
$redirectUri = "{$_SESSION['baseUrl']}saveUserInfo?lti={$this->property('ltiInstance')}";
$url = "https://{$_SESSION['domain']}/login/oauth2/auth?client_id={$clientId}&response_type=code&redirect_uri={$redirectUri}";
$this->redirect($url);
} else {
echo "A(n) {$approverRole} must authorize this course. Please contact your instructor.";
return;
}
} else {
//set the professor's token
$_SESSION['userToken'] = $userCheck->encrypted_token;
//get the timezone
$roots = new Roots();
$course = $roots->getCourse();
$account_id = $course->account_id;
$account = $roots->getAccount($account_id);
$_SESSION['timezone'] = new \DateTimeZone($account->default_time_zone);
}
} else {
echo 'There is a problem. Please notify your instructor';
}
}
/**
* Deleted checked configuration instances.
*/
public function index_onDelete()
{
if (($checkedIds = post('checked')) && is_array($checkedIds) && count($checkedIds)) {
foreach ($checkedIds as $ltiId) {
if (!($config = Developer::find($ltiId))) {
continue;
}
$config->delete();
}
Flash::success("Successfully deleted");
} else {
Flash::error("An error occurred when trying to delete this item");
}
return $this->listRefresh();
}
public function doBltiHandshake()
{
//first obtain the details of the LTI configuration they chose
$dbHelper = new DbHelper();
$instanceFromDB = LtiConfigurations::find($this->property('ltiInstance'));
$approver = $this->property('approver');
$arr = $this->getApproverOptions();
$approverRole = $arr[$approver];
if (!isset($_SESSION)) {
session_start();
}
$_SESSION['baseUrl'] = Config::get('app.url', 'backend');
$_SESSION['courseID'] = \Input::get('custom_canvas_course_id');
$_SESSION['userID'] = \Input::get('custom_canvas_user_id');
$_SESSION['domain'] = \Input::get('custom_canvas_api_domain');
//TODO: make sure this parameter below works with all other LMSs
$_SESSION['lms'] = \Input::get('tool_consumer_info_product_family_code');
//check to see if user is an Instructor
$rolesStr = \Input::get('roles');
$consumerKey = $instanceFromDB['ConsumerKey'];
$clientId = $instanceFromDB['DeveloperId'];
//Check to see if the lti handshake passes
$context = new Blti($consumerKey, false, false);
if ($context->valid) {
// query DB to see if user has token, if yes, go to LTI.
$userCheck = $dbHelper->getCourseApprover($_SESSION['courseID']);
if (!$userCheck) {
//if no user is found, redirect to canvas permission page
if (stristr($rolesStr, $approverRole)) {
//As per my discussion with Jared, we will use the instructor's token only. This is the token that will be stored in the DB
//and the one that will be used to make all requests. We will NOT store student's tokens.
//TODO: take this redirectUri out into some parameter somewhere...
$redirectUri = "{$_SESSION['baseUrl']}saveUserInfo?lti={$this->property('ltiInstance')}";
$url = "https://{$_SESSION['domain']}/login/oauth2/auth?client_id={$clientId}&response_type=code&redirect_uri={$redirectUri}";
$this->redirect($url);
} else {
echo "A(n) {$approverRole} must authorize this course. Please contact your instructor.";
return;
}
} else {
//set the professor's token
$_SESSION['userToken'] = $userCheck->encrypted_token;
//get the timezone
$roots = new Roots();
$course = $roots->getCourse();
$account_id = $course->account_id;
$account = $roots->getAccount($account_id);
$courseId = $_SESSION['courseID'];
$_SESSION['timezone'] = new \DateTimeZone($account->default_time_zone);
//to maintain the users table synchronized with Canvas, everytime a student comes in we'll check to make sure they're in the DB.
//If they're not, we will pull all the students from Canvas and refresh our users table.
$dbHelper = new DbHelper();
$user = $dbHelper->getUserInCourse($courseId, $_SESSION['userID']);
if (is_null($user)) {
//get all students from Canvas
$roots = new Roots();
$roots->getStudentsInCourse();
}
//Also, every so often (every 12 hrs?) we will check to make sure that students who have dropped the class are deleted from the users_course table
//Failing to do so will make it so that when we request their submissions along with other students' submissions, the entire
// call returns with an Unauthorized error message
$approver = $dbHelper->getCourseApprover($courseId);
$now = Carbon::now();
$updatedDate = $approver->updated_at;
$diff = $updatedDate->diffInHours($now, false);
if ($diff > 24) {
$allStudentsDb = $dbHelper->getUsersInCourseWithRole($_SESSION['courseID'], 'Learner');
$allStudentsFromCanvas = $roots->getStudentsInCourse();
foreach ($allStudentsDb as $dbStudent) {
$filteredItems = array_values(array_filter($allStudentsFromCanvas, function ($elem) use($dbStudent) {
return intval($elem->user_id) === intval($dbStudent->user_id);
}));
if (count($filteredItems) < 1) {
$dbHelper->deleteUserFromRole($courseId, $dbStudent->user_id, 'Learner');
}
}
//update the approver
$approver->updated_at = $now;
$approver->save();
}
}
} else {
echo 'There is a problem. Please notify your instructor';
}
}