public/plugin/ims_lti/auth.php
<?php
/* For licensing terms, see /license.txt */
use Chamilo\PluginBundle\Entity\ImsLti\ImsLtiTool;
use Chamilo\PluginBundle\Entity\ImsLti\Platform;
use Firebase\JWT\JWT;
require_once __DIR__.'/../../main/inc/global.inc.php';
api_protect_course_script();
api_block_anonymous_users(false);
$scope = empty($_REQUEST['scope']) ? '' : trim($_REQUEST['scope']);
$responseType = empty($_REQUEST['response_type']) ? '' : trim($_REQUEST['response_type']);
$responseMode = empty($_REQUEST['response_mode']) ? '' : trim($_REQUEST['response_mode']);
$prompt = empty($_REQUEST['prompt']) ? '' : trim($_REQUEST['prompt']);
$clientId = empty($_REQUEST['client_id']) ? '' : trim($_REQUEST['client_id']);
$redirectUri = empty($_REQUEST['redirect_uri']) ? '' : trim($_REQUEST['redirect_uri']);
$state = empty($_REQUEST['state']) ? '' : trim($_REQUEST['state']);
$nonce = empty($_REQUEST['nonce']) ? '' : trim($_REQUEST['nonce']);
$loginHint = empty($_REQUEST['login_hint']) ? '' : trim($_REQUEST['login_hint']);
$ltiMessageHint = empty($_REQUEST['lti_message_hint']) ? '' : trim($_REQUEST['lti_message_hint']);
$em = Database::getManager();
$webPath = api_get_path(WEB_PATH);
$webPluginPath = api_get_path(WEB_PLUGIN_PATH);
$tool = null;
try {
if (
empty($scope) ||
empty($responseType) ||
empty($clientId) ||
empty($redirectUri) ||
empty($loginHint) ||
empty($nonce)
) {
throw LtiAuthException::invalidRequest();
}
if ($scope !== 'openid') {
throw LtiAuthException::invalidScope();
}
if ($responseType !== 'id_token') {
throw LtiAuthException::unsupportedResponseType();
}
if (empty($responseMode)) {
throw LtiAuthException::missingResponseMode();
}
if ($responseMode !== 'form_post') {
throw LtiAuthException::invalidRespondeMode();
}
if ($prompt !== 'none') {
throw LtiAuthException::invalidPrompt();
}
$ltiToolLogin = ChamiloSession::read('lti_tool_login');
if ($ltiToolLogin != $ltiMessageHint) {
throw LtiAuthException::invalidRequest();
}
try {
/** @var ImsLtiTool $tool */
$tool = $em
->find('ChamiloPluginBundle:ImsLti\ImsLtiTool', $ltiToolLogin);
} catch (\Exception $e) {
api_not_allowed(true);
}
if ($tool->getClientId() != $clientId) {
throw LtiAuthException::unauthorizedClient();
}
$user = api_get_user_entity(api_get_user_id());
if (ImsLtiPlugin::getLaunchUserIdClaim($tool, $user) != $loginHint) {
throw LtiAuthException::accessDenied();
}
if ($redirectUri !== $tool->getRedirectUrl()) {
throw LtiAuthException::unregisteredRedirectUri();
}
/** @var Platform|null $platform */
$platform = $em
->getRepository('ChamiloPluginBundle:ImsLti\Platform')
->findOneBy([]);
$session = api_get_session_entity(api_get_session_id());
$course = api_get_course_entity(api_get_course_int_id());
$platformDomain = str_replace(['https://', 'http://'], '', api_get_setting('InstitutionUrl'));
$jwtContent = [];
$jwtContent['iss'] = ImsLtiPlugin::getIssuerUrl();
$jwtContent['sub'] = ImsLtiPlugin::getLaunchUserIdClaim($tool, $user);
$jwtContent['aud'] = $tool->getClientId();
$jwtContent['iat'] = time();
$jwtContent['exp'] = time() + 60;
$jwtContent['nonce'] = $nonce;
if (empty($nonce)) {
$jwtContent['nonce'] = md5(microtime().mt_rand());
}
// User info
if ($tool->isSharingName()) {
$jwtContent['name'] = $user->getFullname();
$jwtContent['given_name'] = $user->getFirstname();
$jwtContent['family_name'] = $user->getLastname();
}
if (DRH === $user->getStatus()) {
$roleScopeMentor = ImsLtiPlugin::getRoleScopeMentor($user, $tool);
$jwtContent['https://purl.imsglobal.org/spec/lti/claim/role_scope_mentor'] = $roleScopeMentor;
}
if ($tool->isSharingPicture()) {
$jwtContent['picture'] = UserManager::getUserPicture($user->getId());
}
if ($tool->isSharingEmail()) {
$jwtContent['email'] = $user->getEmail();
}
// Course (context) info
$jwtContent['https://purl.imsglobal.org/spec/lti/claim/context'] = [
'id' => (string) $course->getId(),
'title' => $course->getTitle(),
'label' => $course->getCode(),
'type' => ['http://purl.imsglobal.org/vocab/lis/v2/course#CourseSection'],
];
// Deployment info
$jwtContent['https://purl.imsglobal.org/spec/lti/claim/deployment_id'] = $tool->getParent()
? (string) $tool->getParent()->getId()
: (string) $tool->getId();
// Platform info
$jwtContent['https://purl.imsglobal.org/spec/lti/claim/tool_platform'] = [
'guid' => $platformDomain,
'contact_email' => api_get_setting('emailAdministrator'),
'name' => api_get_setting('siteName'),
'family_code' => 'Chamilo LMS',
'version' => api_get_version(),
'url' => $webPath,
];
// Launch info
$jwtContent['https://purl.imsglobal.org/spec/lti/claim/launch_presentation'] = [
'locale' => api_get_language_isocode($user->getLanguage()),
'document_target' => $tool->getDocumentTarget(),
//'height' => 320,
//'wdith' => 240,
//'return_url' => api_get_course_url(),
];
// LTI info
$jwtContent['https://purl.imsglobal.org/spec/lti/claim/version'] = '1.3.0';
// Roles info
$jwtContent['https://purl.imsglobal.org/spec/lti/claim/roles'] = ImsLtiPlugin::getRoles($user);
// Message type info
$jwtContent['https://purl.imsglobal.org/spec/lti/claim/target_link_uri'] = $tool->getLaunchUrl();
if ($tool->isActiveDeepLinking()) {
$jwtContent['https://purl.imsglobal.org/spec/lti/claim/message_type'] = 'LtiDeepLinkingRequest';
$jwtContent['https://purl.imsglobal.org/spec/lti-dl/claim/deep_linking_settings'] = [
'accept_types' => ['ltiResourceLink'],
'accept_media_types' => implode(
',',
['*/*', ':::asterisk:::/:::asterisk:::']
),
'accept_presentation_document_targets' => ['iframe', 'window'],
'accept_multiple' => true,
'auto_create' => true,
'title' => $tool->getName(),
'text' => $tool->getDescription(),
'data' => "tool:{$tool->getId()}",
'deep_link_return_url' => $webPluginPath.'ims_lti/item_return2.php',
];
} else {
$jwtContent['https://purl.imsglobal.org/spec/lti/claim/message_type'] = 'LtiResourceLinkRequest';
// Resource link
$jwtContent['https://purl.imsglobal.org/spec/lti/claim/resource_link'] = [
'id' => (string) $tool->getId(),
'title' => $tool->getName(),
'description' => $tool->getDescription(),
];
// LIS info
$jwtContent['https://purl.imsglobal.org/spec/lti/claim/lis'] = [
'person_sourcedid' => ImsLti::getPersonSourcedId($platformDomain, $user),
'course_section_sourcedid' => ImsLti::getCourseSectionSourcedId($platformDomain, $course, $session),
];
$advServices = $tool->getAdvantageServices();
if (!empty($advServices)) {
if (LtiAssignmentGradesService::AGS_NONE !== $advServices['ags']) {
$agsClaim = [
'scope' => [
LtiAssignmentGradesService::SCOPE_LINE_ITEM_READ,
LtiAssignmentGradesService::SCOPE_RESULT_READ,
LtiAssignmentGradesService::SCOPE_SCORE_WRITE,
],
];
if (LtiAssignmentGradesService::AGS_FULL === $advServices['ags']) {
$agsClaim['scope'][] = LtiAssignmentGradesService::SCOPE_LINE_ITEM;
}
$agsClaim['lineitems'] = LtiAssignmentGradesService::getLineItemsUrl(
$course->getId(),
$tool->getId()
);
if ($tool->getLineItems()->count() === 1) {
$agsClaim['lineitem'] = LtiAssignmentGradesService::getLineItemUrl(
$course->getId(),
$tool->getLineItems()->first()->getId(),
$tool->getId()
);
}
$jwtContent['https://purl.imsglobal.org/spec/lti-ags/claim/endpoint'] = $agsClaim;
}
if (LtiNamesRoleProvisioningService::NRPS_NONE !== $advServices['nrps'] &&
api_is_allowed_to_edit(false, false, true)
) {
$nrpsClaim = [
'context_memberships_url' => LtiNamesRoleProvisioningService::getUrl(
$tool->getId(),
$course->getId(),
$session ? $session->getId() : 0
),
'service_versions' => ['2.0'],
];
$jwtContent['https://purl.imsglobal.org/spec/lti-nrps/claim/namesroleservice'] = $nrpsClaim;
}
}
}
// Custom params info
$customParams = $tool->getCustomParamsAsArray();
if (!empty($customParams)) {
$jwtContent['https://purl.imsglobal.org/spec/lti/claim/custom'] = ImsLti::substituteVariablesInCustomParams(
$jwtContent,
$customParams,
$user,
$course,
$session,
$platformDomain,
ImsLti::V_1P3,
$tool
);
}
array_walk_recursive(
$jwtContent,
function (&$value) {
if (gettype($value) === 'string') {
$value = preg_replace('/\s+/', ' ', $value);
$value = trim($value);
}
}
);
// Sign
$jwt = JWT::encode(
$jwtContent,
$platform->getPrivateKey(),
'RS256',
$platform->getKid()
);
$params = [
'id_token' => $jwt,
'state' => $state,
];
} catch (LtiAuthException $authException) {
$params = [
'error' => $authException->getType(),
'error_description' => $authException->getMessage(),
];
}
if (!$tool) {
exit;
}
$formActionUrl = $tool->isActiveDeepLinking() ? $tool->getRedirectUrl() : $tool->getLaunchUrl();
?>
<!DOCTYPE html>
<html>
<form action="<?php echo $formActionUrl; ?>" name="ltiLaunchForm" method="post">
<?php foreach ($params as $name => $value) { ?>
<input type="hidden" name="<?php echo $name; ?>" value="<?php echo $value; ?>">
<?php } ?>
</form>
<script>document.ltiLaunchForm.submit();</script>
</html>