--- loncom/lti/ltiroster.pm 2017/12/07 15:36:25 1.1 +++ loncom/lti/ltiroster.pm 2018/08/14 21:42:36 1.4 @@ -1,7 +1,7 @@ # The LearningOnline Network with CAPA # LTI Consumer Module to respond to a course roster request. # -# $Id: ltiroster.pm,v 1.1 2017/12/07 15:36:25 raeburn Exp $ +# $Id: ltiroster.pm,v 1.4 2018/08/14 21:42:36 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -32,6 +32,7 @@ use strict; use Apache::Constants qw(:common :http); use Encode; use Digest::SHA; +use URI::Escape; use Apache::lonnet; use Apache::loncommon; use Apache::lonacc; @@ -41,14 +42,36 @@ use LONCAPA::ltiutils; sub handler { my $r = shift; my %errors; + my $params = {}; + my ($oauthtype,$authheader); +# +# Retrieve content type from headers +# + my $content_type = $r->headers_in->get('Content-Type'); + if ($content_type eq 'application/xml') { + $oauthtype = 'consumer'; +# +# Retrieve OAuth data sent by LTI Provider from Authorization header +# + $authheader = $r->headers_in->get('Authorization'); + my ($authtype,$valuestr) = ($authheader =~ /^(OAuth)\s+(.+)$/i); + if (lc($authtype) eq 'oauth') { + foreach my $pair (split(/\s*,\s*/,$valuestr)) { + my ($key,$value) = split(/=/,$pair); + $value =~ s /(^"|"$)//g; + $params->{$key} = URI::Escape::uri_unescape($value); + } + } + } else { + $oauthtype = 'request token'; # # Retrieve data POSTed by LTI Provider # - &Apache::lonacc::get_posted_cgi($r); - my $params = {}; - foreach my $key (sort(keys(%env))) { - if ($key =~ /^form\.(.+)$/) { - $params->{$1} = $env{$key}; + &Apache::lonacc::get_posted_cgi($r); + foreach my $key (sort(keys(%env))) { + if ($key =~ /^form\.(.+)$/) { + $params->{$1} = $env{$key}; + } } } @@ -85,7 +108,6 @@ sub handler { ($cdom,$cnum) = &LONCAPA::ltiutils::get_loncapa_course($r->dir_config('lonHostID'), $cid,\%errors); unless ($cdom && $cnum) { - $errors{4} = 1; &invalid_request($r,\%errors); return OK; } @@ -98,7 +120,7 @@ sub handler { &LONCAPA::ltiutils::get_tool_instance($cdom,$cnum,$digsymb,undef,\%errors); unless ($marker) { - $errors{5} = 1; + $errors{4} = 1; &invalid_request($r,\%errors); return OK; } @@ -125,8 +147,7 @@ sub handler { } unless (LONCAPA::ltiutils::verify_request($params,$protocol,$r->hostname,$r->uri, $env{'request.method'},$consumer_secret, - \%errors)) { - $errors{6} = 1; + $params,$authheader,\%errors)) { &invalid_request($r,\%errors); return OK; } @@ -137,7 +158,7 @@ sub handler { unless (&LONCAPA::ltiutils::check_nonce($params->{'oauth_nonce'},$params->{'oauth_timestamp'}, $nonce_lifetime,$cdom,$r->dir_config('lonLTIDir'))) { - $errors{7} = 1; + $errors{16} = 1; &invalid_request($r,\%errors); return OK; } @@ -149,7 +170,6 @@ sub handler { unless (&LONCAPA::ltiutils::verify_lis_item($rostersig,'roster',$digsymb,undef,$cdom,$cnum, \%toolsettings,\%ltitools,\%errors)) { - $errors{8} = 1; &invalid_request($r,\%errors); return OK; } @@ -165,7 +185,7 @@ sub handler { } unless (keys(%maproles)) { - $errors{9} = 1; + $errors{21} = 1; &invalid_request($r,\%errors); return OK; } @@ -183,7 +203,7 @@ sub handler { \%toolsettings,\%ltitools) eq 'ok') { if ($toolsettings{'gradesecret'} ne '') { $needsresult = 1; - $gradesecret = $ltitools{'gradesecret'}; + $gradesecret = $toolsettings{'gradesecret'}; } } } @@ -392,7 +412,7 @@ sub invalid_request { my ($r,$errors) = @_; my $errormsg; if (ref($errors) eq 'HASH') { - $errormsg = join('&&',keys(%{$errors})); + $errormsg = join(',',keys(%{$errors})); } &Apache::loncommon::content_type($r,'text/xml'); $r->send_http_header;