public/plugin/ims_lti/outcome_service.php
<?php
/* For license terms, see /license.txt */
use Chamilo\PluginBundle\Entity\ImsLti\ImsLtiTool;
require_once __DIR__.'/../../main/inc/global.inc.php';
header('Content-Type: application/xml');
$url = api_get_path(WEB_PATH).'lti/os';
$em = Database::getManager();
$toolRepo = $em->getRepository('ChamiloPluginBundle:ImsLti\ImsLtiTool');
$headers = OAuthUtil::get_headers();
if (empty($headers['Authorization'])) {
error_log('Authorization header missed');
exit;
}
$authParams = OAuthUtil::split_header($headers['Authorization']);
if (empty($authParams) || empty($authParams['oauth_consumer_key']) || empty($authParams['oauth_signature'])) {
error_log('Authorization params not found');
exit;
}
$tools = $toolRepo->findBy(['consumerKey' => $authParams['oauth_consumer_key']]);
$toolIsFound = false;
/** @var ImsLtiTool $tool */
foreach ($tools as $tool) {
$consumer = new OAuthConsumer($tool->getConsumerKey(), $tool->getSharedSecret());
$hmacMethod = new OAuthSignatureMethod_HMAC_SHA1();
$request = OAuthRequest::from_request('POST', $url);
$request->sign_request($hmacMethod, $consumer, '');
$signature = $request->get_parameter('oauth_signature');
if ($signature === $authParams['oauth_signature']) {
$toolIsFound = true;
break;
}
}
if (false === $toolIsFound) {
error_log('Tool not found. Signature is not valid');
exit;
}
$body = file_get_contents('php://input');
$bodyHash = base64_encode(sha1($body, true));
if ($bodyHash !== $authParams['oauth_body_hash']) {
error_log('Authorization request not valid');
exit;
}
$plugin = ImsLtiPlugin::create();
$process = $plugin->processServiceRequest();
echo $process;