Merge branch 'main' into issue-3911issue-3911

10 files changed, 16 insertions, 23 deletions

diff --git a/lib/classes/auth_plugins/StudipAuthAbstract.class.php b/lib/classes/auth_plugins/StudipAuthAbstract.php
index 36c75df..19d5afa 100644
--- a/lib/classes/auth_plugins/StudipAuthAbstract.class.php
+++ b/lib/classes/auth_plugins/StudipAuthAbstract.php
@@ -1,7 +1,7 @@
 <?php
 // +---------------------------------------------------------------------------+
 // This file is part of Stud.IP
-// StudipAuthAbstract.class.php
+// StudipAuthAbstract.php
 // Abstract class, used as a template for authentication plugins
 //
 // Copyright (c) 2003 André Noack <noack@data-quest.de>
diff --git a/lib/classes/auth_plugins/StudipAuthCAS.class.php b/lib/classes/auth_plugins/StudipAuthCAS.php
index 29deb75..29deb75 100644
--- a/lib/classes/auth_plugins/StudipAuthCAS.class.php
+++ b/lib/classes/auth_plugins/StudipAuthCAS.php
diff --git a/lib/classes/auth_plugins/StudipAuthIP.class.php b/lib/classes/auth_plugins/StudipAuthIP.php
index e0d6afa..dd42a28 100644
--- a/lib/classes/auth_plugins/StudipAuthIP.class.php
+++ b/lib/classes/auth_plugins/StudipAuthIP.php
@@ -1,6 +1,6 @@
 <?php
 /*
- * StudipAuthIP.class.php - Stud.IP authentication with user ip
+ * StudipAuthIP.php - Stud.IP authentication with user ip
  * Copyright (c) 2014  Florian Bieringer, Uni Passau
  *
  * This program is free software; you can redistribute it and/or
diff --git a/lib/classes/auth_plugins/StudipAuthLTI.class.php b/lib/classes/auth_plugins/StudipAuthLTI.php
index e8c316f..d5a2863 100644
--- a/lib/classes/auth_plugins/StudipAuthLTI.class.php
+++ b/lib/classes/auth_plugins/StudipAuthLTI.php
@@ -1,6 +1,6 @@
 <?php
 /*
- * StudipAuthLTI.class.php - Stud.IP authentication against LTI 1.1 consumer
+ * StudipAuthLTI.php - Stud.IP authentication against LTI 1.1 consumer
  * Copyright (c) 2018  Elmar Ludwig
  *
  * This program is free software; you can redistribute it and/or
@@ -9,8 +9,12 @@
  * the License, or (at your option) any later version.
  */
 
+use Studip\OAuth2\NegotiatesWithPsr7;
+
 class StudipAuthLTI extends StudipAuthSSO
 {
+    use NegotiatesWithPsr7;
+
     public $consumer_keys;
     public $username;
     public $domain;
@@ -62,24 +66,15 @@ class StudipAuthLTI extends StudipAuthSSO
      *
      * @return  bool    true if authentication succeeds
      *
-     * @throws OAuthException2  if the signature verification failed
-     *
      */
     public function isAuthenticated($username, $password)
     {
-        require_once 'vendor/oauth-php/library/OAuthRequestVerifier.php';
-
-        OAuthStore::instance('PDO', [
-            'dsn' => 'mysql:host=' . $GLOBALS['DB_STUDIP_HOST'] . ';dbname=' . $GLOBALS['DB_STUDIP_DATABASE'],
-            'username' => $GLOBALS['DB_STUDIP_USER'],
-            'password' => $GLOBALS['DB_STUDIP_PASSWORD']
-        ]);
-
         $consumer_key = Request::get('oauth_consumer_key');
         $consumer_secret = $this->consumer_keys[$consumer_key]['consumer_secret'];
 
-        $oarv = new OAuthRequestVerifier();
-        $oarv->verifySignature($consumer_secret, false, false);
+        if (!Studip\OAuth1::verifyRequest($this->getPsrRequest(), $consumer_secret, '')) {
+            return false;
+        }
 
         return parent::isAuthenticated($username, $password);
     }
@@ -93,8 +88,6 @@ class StudipAuthLTI extends StudipAuthSSO
      * @param   string $password the password (ignored)
      *
      * @return  mixed   if authentication succeeds: the Stud.IP user, else false
-     *
-     * @throws OAuthException2  if the signature verification failed
      */
     public function authenticateUser($username, $password)
     {
diff --git a/lib/classes/auth_plugins/StudipAuthLdap.class.php b/lib/classes/auth_plugins/StudipAuthLdap.php
index 7cb8686..6bbd3fd 100644
--- a/lib/classes/auth_plugins/StudipAuthLdap.class.php
+++ b/lib/classes/auth_plugins/StudipAuthLdap.php
@@ -1,7 +1,7 @@
 <?php
 // +---------------------------------------------------------------------------+
 // This file is part of Stud.IP
-// StudipAuthLdap.class.php
+// StudipAuthLdap.php
 // Stud.IP authentication against LDAP Server
 //
 // Copyright (c) 2003 André Noack <noack@data-quest.de>
diff --git a/lib/classes/auth_plugins/StudipAuthLdapReadAndBind.class.php b/lib/classes/auth_plugins/StudipAuthLdapReadAndBind.php
index 742f0cb..3acb1d8 100644
--- a/lib/classes/auth_plugins/StudipAuthLdapReadAndBind.class.php
+++ b/lib/classes/auth_plugins/StudipAuthLdapReadAndBind.php
@@ -4,7 +4,7 @@
 # Lifter010: TODO
 // +---------------------------------------------------------------------------+
 // This file is part of Stud.IP
-// StudipAuthLdapReadAndBind.class.php
+// StudipAuthLdapReadAndBind.php
 // Stud.IP authentication against LDAP Server using read-only account and
 // user bind
 //
diff --git a/lib/classes/auth_plugins/StudipAuthOIDC.class.php b/lib/classes/auth_plugins/StudipAuthOIDC.php
index adfe9c9..b26c17b 100644
--- a/lib/classes/auth_plugins/StudipAuthOIDC.class.php
+++ b/lib/classes/auth_plugins/StudipAuthOIDC.php
@@ -1,6 +1,6 @@
 <?php
 /*
- * StudipAuthOpenID.class.php - Stud.IP authentication using OpenID Connect
+ * StudipAuthOpenID.php - Stud.IP authentication using OpenID Connect
  * Copyright (c) 2021  André Noack <noack@data-quest.de>
  *
  * This program is free software; you can redistribute it and/or
diff --git a/lib/classes/auth_plugins/StudipAuthSSO.class.php b/lib/classes/auth_plugins/StudipAuthSSO.php
index 752fa59..dd6af11 100644
--- a/lib/classes/auth_plugins/StudipAuthSSO.class.php
+++ b/lib/classes/auth_plugins/StudipAuthSSO.php
@@ -3,7 +3,7 @@
 # Lifter003: TODO
 # Lifter010: TODO
 /*
- * StudipAuthSSO.class.php - abstract base class for SSO auth plugins
+ * StudipAuthSSO.php - abstract base class for SSO auth plugins
  * Copyright (c) 2007  Elmar Ludwig, Universitaet Osnabrueck
  *
  * This program is free software; you can redistribute it and/or
diff --git a/lib/classes/auth_plugins/StudipAuthShib.class.php b/lib/classes/auth_plugins/StudipAuthShib.php
index 3eedc65..135b3f6 100644
--- a/lib/classes/auth_plugins/StudipAuthShib.class.php
+++ b/lib/classes/auth_plugins/StudipAuthShib.php
@@ -3,7 +3,7 @@
 # Lifter003: TODO
 # Lifter010: TODO
 /*
- * StudipAuthShib.class.php - Stud.IP authentication against Shibboleth server
+ * StudipAuthShib.php - Stud.IP authentication against Shibboleth server
  * Copyright (c) 2007  Elmar Ludwig, Universitaet Osnabrueck
  *
  * This program is free software; you can redistribute it and/or
diff --git a/lib/classes/auth_plugins/StudipAuthStandard.class.php b/lib/classes/auth_plugins/StudipAuthStandard.php
index 5bb3e65..927a13c 100644
--- a/lib/classes/auth_plugins/StudipAuthStandard.class.php
+++ b/lib/classes/auth_plugins/StudipAuthStandard.php
@@ -4,7 +4,7 @@
 # Lifter010: TODO
 // +---------------------------------------------------------------------------+
 // This file is part of Stud.IP
-// StudipAuthStandard.class.php
+// StudipAuthStandard.php
 // Basic Stud.IP authentication, using the Stud.IP database
 //
 // Copyright (c) 2003 André Noack <noack@data-quest.de>