1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
|
<?php
/*
* StudipAuthLTI.php - Stud.IP authentication against LTI 1.1 consumer
* Copyright (c) 2018 Elmar Ludwig
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License as
* published by the Free Software Foundation; either version 2 of
* the License, or (at your option) any later version.
*/
use Studip\OAuth2\NegotiatesWithPsr7;
class StudipAuthLTI extends StudipAuthSSO
{
use NegotiatesWithPsr7;
public $consumer_keys;
public $username;
public $domain;
/**
* Validate the username passed to the auth plugin. Note: This implementation
* ignores the username parameter and always uses the data passed via the LTI
* parameters "lis_person_sourcedid" or "user_id".
*
* @param string $username (ignored)
*
* @return string username derived from LTI parameters
*
* @throws InvalidArgumentException if no username can be determined
*/
public function verifyUsername($username)
{
$consumer_key = Request::get('oauth_consumer_key');
$username = Request::get('lis_person_sourcedid', Request::get('user_id'));
$override = $this->consumer_keys[$consumer_key]['allow_domain_override'];
$domain = $this->consumer_keys[$consumer_key]['domain'];
if (!$username) {
throw new InvalidArgumentException('user_id must not be empty');
}
if ($domain === null) {
$domain = $consumer_key;
}
if ($override && strpos($username, '@') !== false) {
list($username, $domain) = explode('@', $username);
}
if ($domain !== '') {
$username .= '@' . $domain;
$this->domain = $domain;
}
return $this->username = parent::verifyUsername($username);
}
/**
* Check whether this user can be authenticated. Since we trust the user
* information sent by the LTI consumer, only the OAuth signature is checked.
*
* @param string $username account name
* @param string $password (ignored)
*
* @return bool true if authentication succeeds
*
*/
public function isAuthenticated($username, $password)
{
$consumer_key = Request::get('oauth_consumer_key');
$consumer_secret = $this->consumer_keys[$consumer_key]['consumer_secret'];
if (!Studip\OAuth1::verifyRequest($this->getPsrRequest(), $consumer_secret, '')) {
return false;
}
return parent::isAuthenticated($username, $password);
}
/**
* Authenticate this user and handle auto enrollment. If the URL parameter
* "sem_id" is set, the user is automatically redircted to the enrollment
* action for this course.
*
* @param string $username the username to check
* @param string $password the password (ignored)
*
* @return mixed if authentication succeeds: the Stud.IP user, else false
*/
public function authenticateUser($username, $password)
{
$user = parent::authenticateUser($username, $password);
$course_id = Request::option('sem_id');
if ($user && $course_id) {
header('Location: ' . URLHelper::getURL('dispatch.php/lti/index/' . $course_id));
}
return $user;
}
/**
* Return the current username of the pending authentication request.
*/
public function getUser()
{
return $this->username;
}
/**
* Get the user domains to assign to the current user (if any).
*
* @return array array of user domain names
*/
public function getUserDomains()
{
return $this->domain ? [$this->domain] : null;
}
/**
* Callback that can be used in user_data_mapping array. For LTI, this is
* equivalent to Request::get(), since all launch data is POST parameters.
* @see http://www.imsglobal.org/specs/ltiv1p1/implementation-guide
*
* @param string key (e.g. "lis_person_contact_email_primary")
*
* @return string parameter value (null if not set)
*/
public function getUserData($key)
{
return Request::get($key);
}
}
|
