--- loncom/lti/ltiauth.pm	2017/12/06 01:53:56	1.1
+++ loncom/lti/ltiauth.pm	2017/12/07 15:36:25	1.2
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Basic LTI Authentication Module
 #
-# $Id: ltiauth.pm,v 1.1 2017/12/06 01:53:56 raeburn Exp $
+# $Id: ltiauth.pm,v 1.2 2017/12/07 15:36:25 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -36,6 +36,7 @@ use Apache::lonlocal;
 use Apache::lonnet;
 use Apache::loncommon;
 use Apache::lonacc;
+use LONCAPA::ltiutils;
 
 sub handler {
     my $r = shift;
@@ -240,13 +241,12 @@ sub handler {
         $protocol = 'https';
     }
 
-    my $itemid;
-    my $key = $params->{'oauth_consumer_key'};
-    my @ltiroles;
+    my ($itemid,$key,$secret,@ltiroles);
+    $key = $params->{'oauth_consumer_key'};
     if (ref($lti_by_key{$key}) eq 'ARRAY') {
         foreach my $id (@{$lti_by_key{$key}}) {
             if (ref($lti{$id}) eq 'HASH') {
-                my $secret = $lti{$id}{'secret'};
+                $secret = $lti{$id}{'secret'};
                 my $request = Net::OAuth->request('request token')->from_hash($params,
                                                    request_url => $protocol.'://'.$hostname.$requri,
                                                    request_method => $env{'request.method'},
@@ -273,7 +273,8 @@ sub handler {
 # Determine if nonce in POSTed data has expired.
 # If unexpired, confirm it has not already been used.
 #
-    unless (&check_nonce($r,$params->{'oauth_nonce'},$params->{'oauth_timestamp'},$lti{$itemid}{'lifetime'},$cdom)) {
+    unless (&LONCAPA::ltiutils::check_nonce($params->{'oauth_nonce'},$params->{'oauth_timestamp'},
+                                            $lti{$itemid}{'lifetime'},$cdom,$r->dir_config('lonLTIDir'))) {
         &invalid_request($r,7);
         return OK;
     }
@@ -609,35 +610,6 @@ sub handler {
     return OK;
 }
 
-sub check_nonce {
-    my ($r,$nonce,$timestamp,$lifetime,$domain) = @_;
-    if (($timestamp eq '') || ($timestamp =~ /^\D/) || ($lifetime eq '') || ($lifetime =~ /\D/) || ($domain eq '')) {
-        return 0;
-    }
-    my $now = time;
-    if (($timestamp) && ($timestamp < ($now - $lifetime))) {
-        return 0;
-    }
-    if ($nonce eq '') {
-        return 0;
-    }
-    my $lonltidir = $r->dir_config('lonLTIDir');
-    if (-e "$lonltidir/$domain/$nonce") {
-        return 0;
-    } else {
-        unless (-e "$lonltidir/$domain") {
-            mkdir("$lonltidir/$domain",0755);
-        }  
-        if (open(my $fh,'>',"$lonltidir/$domain/$nonce")) {
-            print $fh $now;
-            close($fh);
-        } else {
-            return 0;
-        }
-    }
-    return 1;
-}
-
 sub invalid_request {
     my ($r,$num) = @_;
     &Apache::loncommon::content_type($r,'text/html');