public function handleResponse(array $nodes, ResourceLink $link)
{
$link->setSetting('ext_ims_lti_tool_setting', $this->getSetting());
$link->saveSettings();
return true;
}
/**
* Check the authenticity of the LTI launch request.
*
* The consumer, resource link and user objects will be initialised if the request is valid.
*
* @param ServerRequestInterface $request
* @return bool True if the request has been successfully validated.
* @throws Exception
* @internal param array $requestBody
*/
private function authenticate(ServerRequestInterface $request)
{
$requestBody = (array) $request->getParsedBody();
// Get the consumer
$doSaveConsumer = false;
// Check all required launch parameters
$version = isset($requestBody['lti_version']) ? $requestBody['lti_version'] : '';
$messageType = isset($requestBody['lti_message_type']) ? $requestBody['lti_message_type'] : '';
if (!in_array($version, $this->LTI_VERSIONS)) {
throw new Exception('Invalid or missing lti_version parameter');
}
switch ($messageType) {
case 'basic-lti-launch-request':
case 'DashboardRequest':
if (!isset($requestBody['resource_link_id']) || strlen(trim($requestBody['resource_link_id'])) == 0) {
throw new Exception('Missing resource link ID');
}
break;
case 'ContentItemSelectionRequest':
$acceptMediaTypes = isset($requestBody['accept_media_types']) ? trim($requestBody['accept_media_types']) : '';
if (strlen($acceptMediaTypes) == 0) {
throw new Exception('No accept_media_types found');
}
$mediaTypes = array_filter(explode(',', str_replace(' ', '', $acceptMediaTypes)), 'strlen');
$mediaTypes = array_unique($mediaTypes);
if (count($mediaTypes) == 0) {
throw new Exception('No valid accept_media_types found');
}
$this->mediaTypes = $mediaTypes;
$acceptDocumentTargets = isset($requestBody['accept_presentation_document_targets']) ? trim($requestBody['accept_presentation_document_targets']) : '';
if (strlen($acceptDocumentTargets) == 0) {
throw new Exception('No accept_presentation_document_targets found');
}
$documentTargets = array_filter(explode(',', str_replace(' ', '', $acceptDocumentTargets), 'strlen'));
$documentTargets = array_unique($documentTargets);
if (count($documentTargets) == 0) {
throw new Exception('No valid accept_presentation_document_targets found');
}
foreach ($documentTargets as $documentTarget) {
$this->checkValue($documentTarget, ['embed', 'frame', 'iframe', 'window', 'popup', 'overlay', 'none'], 'Invalid value in accept_presentation_document_targets parameter: %s.');
}
$this->documentTargets = $documentTargets;
$returnUrl = isset($requestBody['content_item_return_url']) ? trim($requestBody['content_item_return_url']) : '';
if (strlen($returnUrl) == 0) {
throw new Exception('Missing content_item_return_url parameter');
}
break;
default:
throw new Exception('Invalid or missing lti_message_type parameter');
}
// Check consumer key
if (!isset($requestBody['oauth_consumer_key'])) {
throw new Exception('Missing consumer key');
}
$this->consumer = new ToolConsumer($requestBody['oauth_consumer_key'], $this->storage);
if (is_null($this->consumer->created)) {
throw new Exception('Invalid consumer key');
}
$now = time();
$today = date('Y-m-d', $now);
if (is_null($this->consumer->lastAccess)) {
$doSaveConsumer = true;
} else {
$last = date('Y-m-d', $this->consumer->lastAccess);
$doSaveConsumer = $doSaveConsumer || $last != $today;
}
$this->consumer->lastAccess = $now;
$store = new DataStore($this);
$server = new Server($store);
$method = new SignatureMethodHmacSha1();
$server->addSignatureMethod($method);
$request = Request::fromPsrRequest($request);
$server->verifyRequest($request);
if ($this->consumer->protected) {
$consumerGuid = isset($requestBody['tool_consumer_instance_guid']) ? $requestBody['tool_consumer_instance_guid'] : '';
if (empty($consumerGuid)) {
throw new Exception('A tool consumer GUID must be included in the launch request');
}
if ($this->consumer->consumerGuid !== $consumerGuid) {
throw new Exception('Request is from an invalid tool consumer');
}
}
if (!$this->consumer->enabled) {
throw new Exception('Tool consumer has not been enabled by the tool provider');
}
if (!is_null($this->consumer->enableFrom) && $this->consumer->enableFrom > $now) {
throw new Exception('Tool consumer access is not yet available');
}
if (!is_null($this->consumer->enableUntil) && $this->consumer->enableUntil <= $now) {
throw new Exception('Tool consumer access has expired');
}
// Validate other message parameter values
if ($requestBody['lti_message_type'] != 'ContentItemSelectionRequest') {
if (isset($requestBody['launch_presentation_document_target'])) {
$this->checkValue($requestBody['launch_presentation_document_target'], ['embed', 'frame', 'iframe', 'window', 'popup', 'overlay'], 'Invalid value for launch_presentation_document_target parameter: %s.');
}
} else {
if (isset($requestBody['accept_unsigned'])) {
$this->checkValue($requestBody['accept_unsigned'], ['true', 'false'], 'Invalid value for accept_unsigned parameter: %s.');
}
if (isset($requestBody['accept_multiple'])) {
$this->checkValue($requestBody['accept_multiple'], ['true', 'false'], 'Invalid value for accept_multiple parameter: %s.');
}
if (isset($requestBody['accept_copy_advice'])) {
$this->checkValue($requestBody['accept_copy_advice'], ['true', 'false'], 'Invalid value for accept_copy_advice parameter: %s.');
}
if (isset($requestBody['auto_create'])) {
$this->checkValue($requestBody['auto_create'], ['true', 'false'], 'Invalid value for auto_create parameter: %s.');
}
if (isset($requestBody['can_confirm'])) {
$this->checkValue($requestBody['can_confirm'], ['true', 'false'], 'Invalid value for can_confirm parameter: %s.');
}
}
// Validate message parameter constraints
$invalid_parameters = [];
foreach ($this->constraints as $name => $constraint) {
if (empty($constraint['messages']) || in_array($messageType, $constraint['messages'])) {
$ok = true;
if ($constraint['required']) {
if (!isset($requestBody[$name]) || strlen(trim($requestBody[$name])) <= 0) {
$invalid_parameters[] = "{$name} (missing)";
$ok = false;
}
}
if ($ok && !is_null($constraint['max_length']) && isset($requestBody[$name])) {
if (strlen(trim($requestBody[$name])) > $constraint['max_length']) {
$invalid_parameters[] = "{$name} (too long)";
}
}
}
}
if (count($invalid_parameters) > 0) {
throw new Exception('Invalid parameter(s): ' . implode(', ', $invalid_parameters));
}
// Set the request context/resource link
if (isset($requestBody['resource_link_id'])) {
$content_item_id = '';
if (isset($requestBody['custom_content_item_id'])) {
$content_item_id = $requestBody['custom_content_item_id'];
}
$this->resourceLink = new ResourceLink($this->consumer, trim($requestBody['resource_link_id']), $content_item_id);
if (isset($requestBody['context_id'])) {
$this->resourceLink->lti_context_id = trim($requestBody['context_id']);
}
$this->resourceLink->lti_resource_id = trim($requestBody['resource_link_id']);
$title = '';
if (isset($requestBody['context_title'])) {
$title = trim($requestBody['context_title']);
}
if (isset($requestBody['resource_link_title']) && strlen(trim($requestBody['resource_link_title'])) > 0) {
if (!empty($title)) {
$title .= ': ';
}
$title .= trim($requestBody['resource_link_title']);
}
if (empty($title)) {
$title = "Course {$this->resourceLink->getId()}";
}
$this->resourceLink->title = $title;
// Save LTI parameters
foreach ($this->ltiSettingsNames as $name) {
if (isset($requestBody[$name])) {
$this->resourceLink->setSetting($name, $requestBody[$name]);
} else {
$this->resourceLink->setSetting($name, null);
}
}
// Delete any existing custom parameters
foreach ($this->resourceLink->getSettings() as $name => $value) {
if (strpos($name, 'custom_') === 0) {
$this->resourceLink->setSetting($name);
}
}
// Save custom parameters
foreach ($requestBody as $name => $value) {
if (strpos($name, 'custom_') === 0) {
$this->resourceLink->setSetting($name, $value);
}
}
}
// Set the user instance
$user_id = '';
if (isset($requestBody['user_id'])) {
$user_id = trim($requestBody['user_id']);
}
$this->user = new User($this->resourceLink, $user_id);
// Set the user name
if (isset($requestBody['lis_person_name_given'])) {
$firstname = $requestBody['lis_person_name_given'];
} elseif (isset($requestBody['custom_lis_person_given_name'])) {
$firstname = $requestBody['custom_lis_person_given_name'];
} else {
$firstname = '';
}
if (isset($requestBody['lis_person_name_family'])) {
$lastname = $requestBody['lis_person_name_family'];
} elseif (isset($requestBody['custom_lis_person_name_family'])) {
$lastname = $requestBody['custom_lis_person_name_family'];
} else {
$lastname = '';
}
if (isset($requestBody['lis_person_name_full'])) {
$fullname = $requestBody['lis_person_name_full'];
} elseif (isset($requestBody['custom_lis_person_name_full'])) {
$fullname = $requestBody['custom_lis_person_name_full'];
} else {
$fullname = '';
}
$this->user->setNames($firstname, $lastname, $fullname);
// Set the user email
if (isset($requestBody['lis_person_contact_email_primary'])) {
$email = $requestBody['lis_person_contact_email_primary'];
} elseif (isset($requestBody['custom_lis_person_contact_email_primary'])) {
$email = $requestBody['custom_lis_person_contact_email_primary'];
} else {
$email = '';
}
$this->user->setEmail($email, $this->defaultEmail);
// Set the user roles
if (isset($requestBody['roles'])) {
$this->user->roles = ToolProvider::parseRoles($requestBody['roles']);
}
// Save the user instance
if (isset($requestBody['lis_result_sourcedid'])) {
if ($this->user->ltiResultSourcedId != $requestBody['lis_result_sourcedid']) {
$this->user->ltiResultSourcedId = $requestBody['lis_result_sourcedid'];
$this->user->save();
}
} else {
if (!empty($this->user->ltiResultSourcedId)) {
$this->user->delete();
}
}
// Initialise the consumer and check for changes
$this->consumer->defaultEmail = $this->defaultEmail;
if ($this->consumer->ltiVersion != $requestBody['lti_version']) {
$this->consumer->ltiVersion = $requestBody['lti_version'];
$doSaveConsumer = true;
}
if (isset($requestBody['tool_consumer_instance_name'])) {
if ($this->consumer->consumerName != $requestBody['tool_consumer_instance_name']) {
$this->consumer->consumerName = $requestBody['tool_consumer_instance_name'];
$doSaveConsumer = true;
}
}
if (isset($requestBody['tool_consumer_info_product_family_code'])) {
$version = $requestBody['tool_consumer_info_product_family_code'];
if (isset($requestBody['tool_consumer_info_version'])) {
$version .= "-{$requestBody['tool_consumer_info_version']}";
}
// do not delete any existing consumer version if none is passed
if ($this->consumer->consumerVersion != $version) {
$this->consumer->consumerVersion = $version;
$doSaveConsumer = true;
}
} else {
if (isset($requestBody['ext_lms']) && $this->consumer->consumerName != $requestBody['ext_lms']) {
$this->consumer->consumerVersion = $requestBody['ext_lms'];
$doSaveConsumer = true;
}
}
if (isset($requestBody['tool_consumer_instance_guid'])) {
if (is_null($this->consumer->consumerGuid)) {
$this->consumer->consumerGuid = $requestBody['tool_consumer_instance_guid'];
$doSaveConsumer = true;
} else {
if (!$this->consumer->protected) {
$doSaveConsumer = $this->consumer->consumerGuid != $requestBody['tool_consumer_instance_guid'];
if ($doSaveConsumer) {
$this->consumer->consumerGuid = $requestBody['tool_consumer_instance_guid'];
}
}
}
}
if (isset($requestBody['launch_presentation_css_url'])) {
if ($this->consumer->cssPath != $requestBody['launch_presentation_css_url']) {
$this->consumer->cssPath = $requestBody['launch_presentation_css_url'];
$doSaveConsumer = true;
}
} else {
if (isset($requestBody['ext_launch_presentation_css_url']) && $this->consumer->cssPath != $requestBody['ext_launch_presentation_css_url']) {
$this->consumer->cssPath = $requestBody['ext_launch_presentation_css_url'];
$doSaveConsumer = true;
} else {
if (!empty($this->consumer->cssPath)) {
$this->consumer->cssPath = null;
$doSaveConsumer = true;
}
}
}
// Persist changes to consumer
if ($doSaveConsumer) {
$this->consumer->save();
}
if (isset($this->resourceLink)) {
// Check if a share arrangement is in place for this resource link
$this->checkForShare($requestBody);
// Persist changes to resource link
$this->resourceLink->save();
}
return true;
}