/mod/lti/service.php

https://github.com/totara/moodle · PHP · 218 lines · 139 code · 47 blank · 32 comment · 11 complexity · 4c50a6f7125da50e207add50c545945e MD5 · raw file 

    

  1. <?php
    2. 

  2. // This file is part of Moodle - http://moodle.org/
    3. 

  3. //
    4. 

  4. // Moodle is free software: you can redistribute it and/or modify
    5. 

  5. // it under the terms of the GNU General Public License as published by
    6. 

  6. // the Free Software Foundation, either version 3 of the License, or
    7. 

  7. // (at your option) any later version.
    8. 

  8. //
    9. 

  9. // Moodle is distributed in the hope that it will be useful,
    10. 

  10. // but WITHOUT ANY WARRANTY; without even the implied warranty of
    11. 

  11. // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    12. 

  12. // GNU General Public License for more details.
    13. 

  13. //
    14. 

  14. // You should have received a copy of the GNU General Public License
    15. 

  15. // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
    16. 

  16. 

  17. /**
    18. 

  18.  * LTI web service endpoints
    19. 

  19.  *
    20. 

  20.  * @package mod_lti
    21. 

  21.  * @copyright  Copyright (c) 2011 Moodlerooms Inc. (http://www.moodlerooms.com)
    22. 

  22.  * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
    23. 

  23.  * @author     Chris Scribner
    24. 

  24.  */
    25. 

  25. 

  26. define('NO_DEBUG_DISPLAY', true);
    27. 

  27. define('NO_MOODLE_COOKIES', true);
    28. 

  28. 

  29. require_once(dirname(__FILE__) . "/../../config.php");
    30. 

  30. require_once($CFG->dirroot.'/mod/lti/locallib.php');
    31. 

  31. require_once($CFG->dirroot.'/mod/lti/servicelib.php');
    32. 

  32. 

  33. // TODO: Switch to core oauthlib once implemented - MDL-30149.
    34. 

  34. use moodle\mod\lti as lti;
    35. 

  35. 

  36. $rawbody = file_get_contents("php://input");
    37. 

  37. 

  38. if (lti_should_log_request($rawbody)) {
    39. 

  39.     lti_log_request($rawbody);
    40. 

  40. }
    41. 

  41. 

  42. foreach (lti\OAuthUtil::get_headers() as $name => $value) {
    43. 

  43.     if ($name === 'Authorization') {
    44. 

  44.         // TODO: Switch to core oauthlib once implemented - MDL-30149.
    45. 

  45.         $oauthparams = lti\OAuthUtil::split_header($value);
    46. 

  46. 

  47.         $consumerkey = $oauthparams['oauth_consumer_key'];
    48. 

  48.         break;
    49. 

  49.     }
    50. 

  50. }
    51. 

  51. 

  52. if (empty($consumerkey)) {
    53. 

  53.     throw new Exception('Consumer key is missing.');
    54. 

  54. }
    55. 

  55. 

  56. $sharedsecret = lti_verify_message($consumerkey, lti_get_shared_secrets_by_key($consumerkey), $rawbody);
    57. 

  57. 

  58. if ($sharedsecret === false) {
    59. 

  59.     throw new Exception('Message signature not valid');
    60. 

  60. }
    61. 

  61. 

  62. // TODO MDL-46023 Replace this code with a call to the new library.
    63. 

  63. $origentity = libxml_disable_entity_loader(true);
    64. 

  64. $xml = simplexml_load_string($rawbody);
    65. 

  65. if (!$xml) {
    66. 

  66.     libxml_disable_entity_loader($origentity);
    67. 

  67.     throw new Exception('Invalid XML content');
    68. 

  68. }
    69. 

  69. libxml_disable_entity_loader($origentity);
    70. 

  70. 

  71. $body = $xml->imsx_POXBody;
    72. 

  72. foreach ($body->children() as $child) {
    73. 

  73.     $messagetype = $child->getName();
    74. 

  74. }
    75. 

  75. 

  76. switch ($messagetype) {
    77. 

  77.     case 'replaceResultRequest':
    78. 

  78.         try {
    79. 

  79.             $parsed = lti_parse_grade_replace_message($xml);
    80. 

  80.         } catch (Exception $e) {
    81. 

  81.             $responsexml = lti_get_response_xml(
    82. 

  82.                 'failure',
    83. 

  83.                 $e->getMessage(),
    84. 

  84.                 uniqid(),
    85. 

  85.                 'replaceResultResponse');
    86. 

  86. 

  87.             echo $responsexml->asXML();
    88. 

  88.             break;
    89. 

  89.         }
    90. 

  90. 

  91.         $ltiinstance = $DB->get_record('lti', array('id' => $parsed->instanceid));
    92. 

  92. 

  93.         if (!lti_accepts_grades($ltiinstance)) {
    94. 

  94.             throw new Exception('Tool does not accept grades');
    95. 

  95.         }
    96. 

  96. 

  97.         lti_verify_sourcedid($ltiinstance, $parsed);
    98. 

  98.         lti_set_session_user($parsed->userid);
    99. 

  99. 

  100.         $gradestatus = lti_update_grade($ltiinstance, $parsed->userid, $parsed->launchid, $parsed->gradeval);
    101. 

  101. 

  102.         $responsexml = lti_get_response_xml(
    103. 

  103.                 $gradestatus ? 'success' : 'failure',
    104. 

  104.                 'Grade replace response',
    105. 

  105.                 $parsed->messageid,
    106. 

  106.                 'replaceResultResponse'
    107. 

  107.         );
    108. 

  108. 

  109.         echo $responsexml->asXML();
    110. 

  110. 

  111.         break;
    112. 

  112. 

  113.     case 'readResultRequest':
    114. 

  114.         $parsed = lti_parse_grade_read_message($xml);
    115. 

  115. 

  116.         $ltiinstance = $DB->get_record('lti', array('id' => $parsed->instanceid));
    117. 

  117. 

  118.         if (!lti_accepts_grades($ltiinstance)) {
    119. 

  119.             throw new Exception('Tool does not accept grades');
    120. 

  120.         }
    121. 

  121. 

  122.         // Getting the grade requires the context is set.
    123. 

  123.         $context = context_course::instance($ltiinstance->course);
    124. 

  124.         $PAGE->set_context($context);
    125. 

  125. 

  126.         lti_verify_sourcedid($ltiinstance, $parsed);
    127. 

  127. 

  128.         $grade = lti_read_grade($ltiinstance, $parsed->userid);
    129. 

  129. 

  130.         $responsexml = lti_get_response_xml(
    131. 

  131.                 'success',  // Empty grade is also 'success'.
    132. 

  132.                 'Result read',
    133. 

  133.                 $parsed->messageid,
    134. 

  134.                 'readResultResponse'
    135. 

  135.         );
    136. 

  136. 

  137.         $node = $responsexml->imsx_POXBody->readResultResponse;
    138. 

  138.         $node = $node->addChild('result')->addChild('resultScore');
    139. 

  139.         $node->addChild('language', 'en');
    140. 

  140.         $node->addChild('textString', isset($grade) ? $grade : '');
    141. 

  141. 

  142.         echo $responsexml->asXML();
    143. 

  143. 

  144.         break;
    145. 

  145. 

  146.     case 'deleteResultRequest':
    147. 

  147.         $parsed = lti_parse_grade_delete_message($xml);
    148. 

  148. 

  149.         $ltiinstance = $DB->get_record('lti', array('id' => $parsed->instanceid));
    150. 

  150. 

  151.         if (!lti_accepts_grades($ltiinstance)) {
    152. 

  152.             throw new Exception('Tool does not accept grades');
    153. 

  153.         }
    154. 

  154. 

  155.         lti_verify_sourcedid($ltiinstance, $parsed);
    156. 

  156.         lti_set_session_user($parsed->userid);
    157. 

  157. 

  158.         $gradestatus = lti_delete_grade($ltiinstance, $parsed->userid);
    159. 

  159. 

  160.         $responsexml = lti_get_response_xml(
    161. 

  161.                 $gradestatus ? 'success' : 'failure',
    162. 

  162.                 'Grade delete request',
    163. 

  163.                 $parsed->messageid,
    164. 

  164.                 'deleteResultResponse'
    165. 

  165.         );
    166. 

  166. 

  167.         echo $responsexml->asXML();
    168. 

  168. 

  169.         break;
    170. 

  170. 

  171.     default:
    172. 

  172.         // Fire an event if we get a web service request which we don't support directly.
    173. 

  173.         // This will allow others to extend the LTI services, which I expect to be a common
    174. 

  174.         // use case, at least until the spec matures.
    175. 

  175.         $data = new stdClass();
    176. 

  176.         $data->body = $rawbody;
    177. 

  177.         $data->xml = $xml;
    178. 

  178.         $data->messageid = lti_parse_message_id($xml);
    179. 

  179.         $data->messagetype = $messagetype;
    180. 

  180.         $data->consumerkey = $consumerkey;
    181. 

  181.         $data->sharedsecret = $sharedsecret;
    182. 

  182.         $eventdata = array();
    183. 

  183.         $eventdata['other'] = array();
    184. 

  184.         $eventdata['other']['messageid'] = $data->messageid;
    185. 

  185.         $eventdata['other']['messagetype'] = $messagetype;
    186. 

  186.         $eventdata['other']['consumerkey'] = $consumerkey;
    187. 

  187. 

  188.         // Before firing the event, allow subplugins a chance to handle.
    189. 

  189.         if (lti_extend_lti_services($data)) {
    190. 

  190.             break;
    191. 

  191.         }
    192. 

  192. 

  193.         // If an event handler handles the web service, it should set this global to true
    194. 

  194.         // So this code knows whether to send an "operation not supported" or not.
    195. 

  195.         global $ltiwebservicehandled;
    196. 

  196.         $ltiwebservicehandled = false;
    197. 

  197. 

  198.         try {
    199. 

  199.             $event = \mod_lti\event\unknown_service_api_called::create($eventdata);
    200. 

  200.             $event->set_message_data($data);
    201. 

  201.             $event->trigger();
    202. 

  202.         } catch (Exception $e) {
    203. 

  203.             $ltiwebservicehandled = false;
    204. 

  204.         }
    205. 

  205. 

  206.         if (!$ltiwebservicehandled) {
    207. 

  207.             $responsexml = lti_get_response_xml(
    208. 

  208.                 'unsupported',
    209. 

  209.                 'unsupported',
    210. 

  210.                  lti_parse_message_id($xml),
    211. 

  211.                  $messagetype
    212. 

  212.             );
    213. 

  213. 

  214.             echo $responsexml->asXML();
    215. 

  215.         }
    216. 

  216. 

  217.         break;
    218. 

  218. }
    219.