/** * Gets the test service context * @param bool [$check] Checks the context after create. Default to true. * @param bool [$checkToken] Checks the security token. * @return QtiRunnerServiceContext * @throws \common_Exception */ protected function getServiceContext($check = true, $checkToken = true) { if (!$this->serviceContext) { $testDefinition = $this->getRequestParameter('testDefinition'); $testCompilation = $this->getRequestParameter('testCompilation'); if ($checkToken) { $config = $this->runnerService->getTestConfig()->getConfigValue('security'); if (isset($config['csrfToken']) && $config['csrfToken'] == true) { $csrfToken = $this->getRequestParameter('X-Auth-Token'); if (!$this->getCsrf()->checkCsrfToken($csrfToken)) { \common_Logger::w("CSRF attempt! The token {$csrfToken} is no longer valid!"); throw new \common_exception_Unauthorized(); } } } $testExecution = $this->getSessionId(); $this->serviceContext = $this->runnerService->getServiceContext($testDefinition, $testCompilation, $testExecution, $check); } return $this->serviceContext; }