forked from Panopto/Moodle-2.0-plugin-for-Panopto
-
Notifications
You must be signed in to change notification settings - Fork 0
/
SSO.php
83 lines (67 loc) · 3.23 KB
/
SSO.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
/**
* @package block_panopto
* @copyright Panopto 2009 - 2015 /With contributions from Spenser Jones (sjones@ambrose.edu)
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
global $CFG, $USER;
if (empty($CFG)) {
require_once("../../config.php");
}
require_once($CFG->libdir . '/weblib.php');
require_once("lib/block_panopto_lib.php");
$servername = required_param("serverName", PARAM_HOST);
$callbackurl = required_param("callbackURL", PARAM_URL);
$expiration = preg_replace('/[^0-9\.]/', '', required_param("expiration", PARAM_RAW)); // A float doesn't have the required precision.
$requestauthcode = required_param("authCode", PARAM_ALPHANUM);
$action = optional_param("action", "", PARAM_ALPHA);
$relogin = ($action == "relogin");
if ($relogin || (isset($USER->username) && ($USER->username == "guest"))) {
require_logout();
// Return to this page, minus the "action=relogin" parameter.
redirect($CFG->wwwroot . "/blocks/panopto/SSO.php" .
"?authCode=$requestauthcode" .
"&serverName=$servername" .
"&expiration=$expiration" .
"&callbackURL=" . urlencode($callbackurl));
return;
}
// No course ID (0). Don't autologin guests (false).
require_login(0, false);
// Reproduce canonically-ordered incoming auth payload.
$requestauthpayload = "serverName=" . $servername . "&expiration=" . $expiration;
// Verify passed in parameters are properly signed.
if (panopto_validate_auth_code($requestauthpayload, $requestauthcode)) {
$userkey = panopto_decorate_username($USER->username);
// Generate canonically-ordered auth payload string.
$responseparams ="serverName=" . $servername . "&externalUserKey=" . $userkey . "&expiration=" . $expiration;
// Sign payload with shared key and hash.
$responseauthcode = panopto_generate_auth_code($responseparams);
// Encode user key in case the backslash causes a sequence to be interpreted as an escape sequence
// (e.g. in the case of usernames that begin with digits).
// Maintain the original canonical string to avoid signature mismatch.
$responseparamsencoded = "serverName=" . $servername . "&externalUserKey=" . urlencode($userkey) . "&expiration=" . $expiration;
$separator = (strpos($callbackurl, "?") ? "&" : "?");
$redirecturl = $callbackurl . $separator . $responseparamsencoded . "&authCode=" . $responseauthcode;
// Redirect to Panopto Focus login page.
redirect($redirecturl);
} else {
echo $OUTPUT->header();
echo "Invalid auth code.";
echo $OUTPUT->footer();
}
/* End of file SSO.php */