/** * Test lti_build_request's resource_link_description and ensure * that the newlines in the description are correct. */ public function test_lti_build_request_description() { $this->resetAfterTest(); self::setUser($this->getDataGenerator()->create_user()); $course = $this->getDataGenerator()->create_course(); $instance = $this->getDataGenerator()->create_module('lti', array('intro' => "<p>This</p>\nhas\r\n<p>some</p>\nnew\n\rlines", 'introformat' => FORMAT_HTML, 'course' => $course->id)); $typeconfig = array('acceptgrades' => 1, 'forcessl' => 0, 'sendname' => 2, 'sendemailaddr' => 2, 'customparameters' => ''); $params = lti_build_request($instance, $typeconfig, $course, null); $ncount = substr_count($params['resource_link_description'], "\n"); $this->assertGreaterThan(0, $ncount); $rcount = substr_count($params['resource_link_description'], "\r"); $this->assertGreaterThan(0, $rcount); $this->assertEquals($ncount, $rcount, 'The number of \\n characters should be the same as the number of \\r characters'); $rncount = substr_count($params['resource_link_description'], "\r\n"); $this->assertGreaterThan(0, $rncount); $this->assertEquals($ncount, $rncount, 'All newline characters should be a combination of \\r\\n'); }
/** * Return the launch data required for opening the external tool. * * @param stdClass $instance the external tool activity settings * @return array the endpoint URL and parameters (including the signature) * @since Moodle 3.0 */ function lti_get_launch_data($instance) { global $PAGE, $CFG; if (empty($instance->typeid)) { $tool = lti_get_tool_by_url_match($instance->toolurl, $instance->course); if ($tool) { $typeid = $tool->id; } else { $typeid = null; } } else { $typeid = $instance->typeid; $tool = lti_get_type($typeid); } if ($typeid) { $typeconfig = lti_get_type_config($typeid); } else { // There is no admin configuration for this tool. Use configuration in the lti instance record plus some defaults. $typeconfig = (array) $instance; $typeconfig['sendname'] = $instance->instructorchoicesendname; $typeconfig['sendemailaddr'] = $instance->instructorchoicesendemailaddr; $typeconfig['customparameters'] = $instance->instructorcustomparameters; $typeconfig['acceptgrades'] = $instance->instructorchoiceacceptgrades; $typeconfig['allowroster'] = $instance->instructorchoiceallowroster; $typeconfig['forcessl'] = '0'; } // Default the organizationid if not specified. if (empty($typeconfig['organizationid'])) { $urlparts = parse_url($CFG->wwwroot); $typeconfig['organizationid'] = $urlparts['host']; } if (isset($tool->toolproxyid)) { $toolproxy = lti_get_tool_proxy($tool->toolproxyid); $key = $toolproxy->guid; $secret = $toolproxy->secret; } else { $toolproxy = null; if (!empty($instance->resourcekey)) { $key = $instance->resourcekey; } else { if (!empty($typeconfig['resourcekey'])) { $key = $typeconfig['resourcekey']; } else { $key = ''; } } if (!empty($instance->password)) { $secret = $instance->password; } else { if (!empty($typeconfig['password'])) { $secret = $typeconfig['password']; } else { $secret = ''; } } } $endpoint = !empty($instance->toolurl) ? $instance->toolurl : $typeconfig['toolurl']; $endpoint = trim($endpoint); // If the current request is using SSL and a secure tool URL is specified, use it. if (lti_request_is_using_ssl() && !empty($instance->securetoolurl)) { $endpoint = trim($instance->securetoolurl); } // If SSL is forced, use the secure tool url if specified. Otherwise, make sure https is on the normal launch URL. if (isset($typeconfig['forcessl']) && $typeconfig['forcessl'] == '1') { if (!empty($instance->securetoolurl)) { $endpoint = trim($instance->securetoolurl); } $endpoint = lti_ensure_url_is_https($endpoint); } else { if (!strstr($endpoint, '://')) { $endpoint = 'http://' . $endpoint; } } $orgid = $typeconfig['organizationid']; $course = $PAGE->course; $islti2 = isset($tool->toolproxyid); $allparams = lti_build_request($instance, $typeconfig, $course, $typeid, $islti2); if ($islti2) { $requestparams = lti_build_request_lti2($tool, $allparams); } else { $requestparams = $allparams; } $requestparams = array_merge($requestparams, lti_build_standard_request($instance, $orgid, $islti2)); $customstr = ''; if (isset($typeconfig['customparameters'])) { $customstr = $typeconfig['customparameters']; } $requestparams = array_merge($requestparams, lti_build_custom_parameters($toolproxy, $tool, $instance, $allparams, $customstr, $instance->instructorcustomparameters, $islti2)); $launchcontainer = lti_get_launch_container($instance, $typeconfig); $returnurlparams = array('course' => $course->id, 'launch_container' => $launchcontainer, 'instanceid' => $instance->id, 'sesskey' => sesskey()); // Add the return URL. We send the launch container along to help us avoid frames-within-frames when the user returns. $url = new \moodle_url('/mod/lti/return.php', $returnurlparams); $returnurl = $url->out(false); if (isset($typeconfig['forcessl']) && $typeconfig['forcessl'] == '1') { $returnurl = lti_ensure_url_is_https($returnurl); } $target = ''; switch ($launchcontainer) { case LTI_LAUNCH_CONTAINER_EMBED: case LTI_LAUNCH_CONTAINER_EMBED_NO_BLOCKS: $target = 'iframe'; break; case LTI_LAUNCH_CONTAINER_REPLACE_MOODLE_WINDOW: $target = 'frame'; break; case LTI_LAUNCH_CONTAINER_WINDOW: $target = 'window'; break; } if (!empty($target)) { $requestparams['launch_presentation_document_target'] = $target; } $requestparams['launch_presentation_return_url'] = $returnurl; // Allow request params to be updated by sub-plugins. $plugins = core_component::get_plugin_list('ltisource'); foreach (array_keys($plugins) as $plugin) { $pluginparams = component_callback('ltisource_' . $plugin, 'before_launch', array($instance, $endpoint, $requestparams), array()); if (!empty($pluginparams) && is_array($pluginparams)) { $requestparams = array_merge($requestparams, $pluginparams); } } if (!empty($key) && !empty($secret)) { $parms = lti_sign_parameters($requestparams, $endpoint, "POST", $key, $secret); $endpointurl = new \moodle_url($endpoint); $endpointparams = $endpointurl->params(); // Strip querystring params in endpoint url from $parms to avoid duplication. if (!empty($endpointparams) && !empty($parms)) { foreach (array_keys($endpointparams) as $paramname) { if (isset($parms[$paramname])) { unset($parms[$paramname]); } } } } else { // If no key and secret, do the launch unsigned. $returnurlparams['unsigned'] = '1'; $parms = $requestparams; } return array($endpoint, $parms); }
/** * Prints a Basic LTI activity * * $param int $basicltiid Basic LTI activity id */ function lti_view($instance) { global $PAGE, $CFG; if (empty($instance->typeid)) { $tool = lti_get_tool_by_url_match($instance->toolurl, $instance->course); if ($tool) { $typeid = $tool->id; } else { $typeid = null; } } else { $typeid = $instance->typeid; } if ($typeid) { $typeconfig = lti_get_type_config($typeid); } else { //There is no admin configuration for this tool. Use configuration in the lti instance record plus some defaults. $typeconfig = (array)$instance; $typeconfig['sendname'] = $instance->instructorchoicesendname; $typeconfig['sendemailaddr'] = $instance->instructorchoicesendemailaddr; $typeconfig['customparameters'] = $instance->instructorcustomparameters; $typeconfig['acceptgrades'] = $instance->instructorchoiceacceptgrades; $typeconfig['allowroster'] = $instance->instructorchoiceallowroster; $typeconfig['forcessl'] = '0'; } //Default the organizationid if not specified if (empty($typeconfig['organizationid'])) { $urlparts = parse_url($CFG->wwwroot); $typeconfig['organizationid'] = $urlparts['host']; } if (!empty($instance->resourcekey)) { $key = $instance->resourcekey; } else if (!empty($typeconfig['resourcekey'])) { $key = $typeconfig['resourcekey']; } else { $key = ''; } if (!empty($instance->password)) { $secret = $instance->password; } else if (!empty($typeconfig['password'])) { $secret = $typeconfig['password']; } else { $secret = ''; } $endpoint = !empty($instance->toolurl) ? $instance->toolurl : $typeconfig['toolurl']; $endpoint = trim($endpoint); //If the current request is using SSL and a secure tool URL is specified, use it if (lti_request_is_using_ssl() && !empty($instance->securetoolurl)) { $endpoint = trim($instance->securetoolurl); } //If SSL is forced, use the secure tool url if specified. Otherwise, make sure https is on the normal launch URL. if ($typeconfig['forcessl'] == '1') { if (!empty($instance->securetoolurl)) { $endpoint = trim($instance->securetoolurl); } $endpoint = lti_ensure_url_is_https($endpoint); } else { if (!strstr($endpoint, '://')) { $endpoint = 'http://' . $endpoint; } } $orgid = $typeconfig['organizationid']; $course = $PAGE->course; $requestparams = lti_build_request($instance, $typeconfig, $course); $launchcontainer = lti_get_launch_container($instance, $typeconfig); $returnurlparams = array('course' => $course->id, 'launch_container' => $launchcontainer, 'instanceid' => $instance->id); if ( $orgid ) { $requestparams["tool_consumer_instance_guid"] = $orgid; } if (empty($key) || empty($secret)) { $returnurlparams['unsigned'] = '1'; //Add the return URL. We send the launch container along to help us avoid frames-within-frames when the user returns $url = new moodle_url('/mod/lti/return.php', $returnurlparams); $returnurl = $url->out(false); if ($typeconfig['forcessl'] == '1') { $returnurl = lti_ensure_url_is_https($returnurl); } $requestparams['launch_presentation_return_url'] = $returnurl; } if (!empty($key) && !empty($secret)) { $parms = lti_sign_parameters($requestparams, $endpoint, "POST", $key, $secret); } else { //If no key and secret, do the launch unsigned. $parms = $requestparams; } $debuglaunch = ( $instance->debuglaunch == 1 ); $content = lti_post_launch_html($parms, $endpoint, $debuglaunch); echo $content; }
/** * Builds a standard LTI Content-Item selection request. * * @param int $id The tool type ID. * @param stdClass $course The course object. * @param moodle_url $returnurl The return URL in the tool consumer (TC) that the tool provider (TP) * will use to return the Content-Item message. * @param string $title The tool's title, if available. * @param string $text The text to display to represent the content item. This value may be a long description of the content item. * @param array $mediatypes Array of MIME types types supported by the TC. If empty, the TC will support ltilink by default. * @param array $presentationtargets Array of ways in which the selected content item(s) can be requested to be opened * (via the presentationDocumentTarget element for a returned content item). * If empty, "frame", "iframe", and "window" will be supported by default. * @param bool $autocreate Indicates whether any content items returned by the TP would be automatically persisted without * @param bool $multiple Indicates whether the user should be permitted to select more than one item. False by default. * any option for the user to cancel the operation. False by default. * @param bool $unsigned Indicates whether the TC is willing to accept an unsigned return message, or not. * A signed message should always be required when the content item is being created automatically in the * TC without further interaction from the user. False by default. * @param bool $canconfirm Flag for can_confirm parameter. False by default. * @param bool $copyadvice Indicates whether the TC is able and willing to make a local copy of a content item. False by default. * @return stdClass The object containing the signed request parameters and the URL to the TP's Content-Item selection interface. * @throws moodle_exception When the LTI tool type does not exist.` * @throws coding_exception For invalid media type and presentation target parameters. */ function lti_build_content_item_selection_request($id, $course, moodle_url $returnurl, $title = '', $text = '', $mediatypes = [], $presentationtargets = [], $autocreate = false, $multiple = false, $unsigned = false, $canconfirm = false, $copyadvice = false) { $tool = lti_get_type($id); // Validate parameters. if (!$tool) { throw new moodle_exception('errortooltypenotfound', 'mod_lti'); } if (!is_array($mediatypes)) { throw new coding_exception('The list of accepted media types should be in an array'); } if (!is_array($presentationtargets)) { throw new coding_exception('The list of accepted presentation targets should be in an array'); } // Check title. If empty, use the tool's name. if (empty($title)) { $title = $tool->name; } $typeconfig = lti_get_type_config($id); $key = ''; $secret = ''; $islti2 = false; if (isset($tool->toolproxyid)) { $islti2 = true; $toolproxy = lti_get_tool_proxy($tool->toolproxyid); $key = $toolproxy->guid; $secret = $toolproxy->secret; } else { $toolproxy = null; if (!empty($typeconfig['resourcekey'])) { $key = $typeconfig['resourcekey']; } if (!empty($typeconfig['password'])) { $secret = $typeconfig['password']; } } $tool->enabledcapability = ''; if (!empty($typeconfig['enabledcapability_ContentItemSelectionRequest'])) { $tool->enabledcapability = $typeconfig['enabledcapability_ContentItemSelectionRequest']; } $tool->parameter = ''; if (!empty($typeconfig['parameter_ContentItemSelectionRequest'])) { $tool->parameter = $typeconfig['parameter_ContentItemSelectionRequest']; } // Set the tool URL. if (!empty($typeconfig['toolurl_ContentItemSelectionRequest'])) { $toolurl = new moodle_url($typeconfig['toolurl_ContentItemSelectionRequest']); } else { $toolurl = new moodle_url($typeconfig['toolurl']); } // Check if SSL is forced. if (!empty($typeconfig['forcessl'])) { // Make sure the tool URL is set to https. if (strtolower($toolurl->get_scheme()) === 'http') { $toolurl->set_scheme('https'); } // Make sure the return URL is set to https. if (strtolower($returnurl->get_scheme()) === 'http') { $returnurl->set_scheme('https'); } } $toolurlout = $toolurl->out(false); // Get base request parameters. $instance = new stdClass(); $instance->course = $course->id; $requestparams = lti_build_request($instance, $typeconfig, $course, $id, $islti2); // Get LTI2-specific request parameters and merge to the request parameters if applicable. if ($islti2) { $lti2params = lti_build_request_lti2($tool, $requestparams); $requestparams = array_merge($requestparams, $lti2params); } // Get standard request parameters and merge to the request parameters. $orgid = !empty($typeconfig['organizationid']) ? $typeconfig['organizationid'] : ''; $standardparams = lti_build_standard_request(null, $orgid, $islti2, 'ContentItemSelectionRequest'); $requestparams = array_merge($requestparams, $standardparams); // Get custom request parameters and merge to the request parameters. $customstr = ''; if (!empty($typeconfig['customparameters'])) { $customstr = $typeconfig['customparameters']; } $customparams = lti_build_custom_parameters($toolproxy, $tool, $instance, $requestparams, $customstr, '', $islti2); $requestparams = array_merge($requestparams, $customparams); // Allow request params to be updated by sub-plugins. $plugins = core_component::get_plugin_list('ltisource'); foreach (array_keys($plugins) as $plugin) { $pluginparams = component_callback('ltisource_' . $plugin, 'before_launch', [$instance, $toolurlout, $requestparams], []); if (!empty($pluginparams) && is_array($pluginparams)) { $requestparams = array_merge($requestparams, $pluginparams); } } // Media types. Set to ltilink by default if empty. if (empty($mediatypes)) { $mediatypes = ['application/vnd.ims.lti.v1.ltilink']; } $requestparams['accept_media_types'] = implode(',', $mediatypes); // Presentation targets. Supports frame, iframe, window by default if empty. if (empty($presentationtargets)) { $presentationtargets = ['frame', 'iframe', 'window']; } $requestparams['accept_presentation_document_targets'] = implode(',', $presentationtargets); // Other request parameters. $requestparams['accept_copy_advice'] = $copyadvice === true ? 'true' : 'false'; $requestparams['accept_multiple'] = $multiple === true ? 'true' : 'false'; $requestparams['accept_unsigned'] = $unsigned === true ? 'true' : 'false'; $requestparams['auto_create'] = $autocreate === true ? 'true' : 'false'; $requestparams['can_confirm'] = $canconfirm === true ? 'true' : 'false'; $requestparams['content_item_return_url'] = $returnurl->out(false); $requestparams['title'] = $title; $requestparams['text'] = $text; $signedparams = lti_sign_parameters($requestparams, $toolurlout, 'POST', $key, $secret); $toolurlparams = $toolurl->params(); // Strip querystring params in endpoint url from $signedparams to avoid duplication. if (!empty($toolurlparams) && !empty($signedparams)) { foreach (array_keys($toolurlparams) as $paramname) { if (isset($signedparams[$paramname])) { unset($signedparams[$paramname]); } } } // Check for params that should not be passed. Unset if they are set. $unwantedparams = ['resource_link_id', 'resource_link_title', 'resource_link_description', 'launch_presentation_return_url', 'lis_result_sourcedid']; foreach ($unwantedparams as $param) { if (isset($signedparams[$param])) { unset($signedparams[$param]); } } // Prepare result object. $result = new stdClass(); $result->params = $signedparams; $result->url = $toolurlout; return $result; }