Issues in item_return2.php - All Issues - Inspection of "WebServices: set visibility to student work" - chamilo/chamilo-lms - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — 1.11.x ( bce6cd...c146d9 )

by Angel Fernando Quiroz

created 2021-08-24 22:43 UTC

plugin/ims_lti/item_return2.php (1 issue)

Labels

Severity

Informational 1

Angel Fernando Quiroz Campos 1

<?php
/* For licensing terms, see /license.txt */

use Chamilo\PluginBundle\Entity\ImsLti\ImsLtiTool;
use Firebase\JWT\JWT;

require_once __DIR__.'/../../main/inc/global.inc.php';

api_protect_course_script(false);
api_block_anonymous_users(false);

$jwt = empty($_REQUEST['JWT']) ? '' : $_REQUEST['JWT'];

$em = Database::getManager();
$course = api_get_course_entity(api_get_course_int_id());

try {
    if (empty($jwt)) {
        throw new Exception('Token is missing');
    }

    $jwtParts = explode('.', $jwt, 3);
    $payloadStr = JWT::urlsafeB64Decode($jwtParts[1]);
    $payload = json_decode($payloadStr, true);

    if (empty($payload)) {
        throw new Exception('Token payload is empty');
    }

    if (empty($payload['https://purl.imsglobal.org/spec/lti-dl/claim/data'])) {
        throw new Exception('Data claim is missing');
    }

    if ($payload['aud'] !== ImsLtiPlugin::getIssuerUrl()) {
        throw new Exception('Audience not valid');
    }

    $toolId = str_replace('tool:', '', $payload['https://purl.imsglobal.org/spec/lti-dl/claim/data']);
    /** @var ImsLtiTool $ltiTool */
    $ltiTool = $em->find('ChamiloPluginBundle:ImsLti\ImsLtiTool', $toolId);

    if (empty($ltiTool)) {
        throw new Exception('LTI tool not found');
    }

    if ($payload['iss'] !== $ltiTool->getClientId()) {
        throw new Exception('Consumer not valid');
    }

    $decodedJwt = JWT::decode($jwt, $ltiTool->publicKey, ['RS256']);

    if (empty($decodedJwt->{'https://purl.imsglobal.org/spec/lti-dl/claim/content_items'})) {
        throw new Exception('Content items are missing');
    }

    foreach ($decodedJwt->{'https://purl.imsglobal.org/spec/lti-dl/claim/content_items'} as $contentItemClaim) {
        /** @var LtiContentItemType|null $contentItem */
        $contentItem = null;

        switch ($contentItemClaim->type) {
            case 'ltiResourceLink':
                $contentItem = new LtiResourceLink($contentItemClaim);

            default:
                continue;
        }

        $contentItem->save($ltiTool, $course);
    }
} catch (Exception $exception) {
    $message = Display::return_message($exception->getMessage(), 'error');

    api_not_allowed(true, $message);
}

$plugin = ImsLtiPlugin::create();

Display::addFlash(
    Display::return_message($plugin->get_lang('ToolAdded'), 'success')
);
?>
<!DOCTYPE html>
<body>
<script>window.parent.location.href = '<?php echo api_get_course_url(); ?>';</script>
</body>


1			<?php
2			/* For licensing terms, see /license.txt */
3
4			use Chamilo\PluginBundle\Entity\ImsLti\ImsLtiTool;
5			use Firebase\JWT\JWT;
6
7			require_once __DIR__.'/../../main/inc/global.inc.php';
8
9			api_protect_course_script(false);
10			api_block_anonymous_users(false);
11
12			$jwt = empty($_REQUEST['JWT']) ? '' : $_REQUEST['JWT'];
13
14			$em = Database::getManager();
15			$course = api_get_course_entity(api_get_course_int_id());
16
17			try {
18			if (empty($jwt)) {
19			throw new Exception('Token is missing');
20			}
21
22			$jwtParts = explode('.', $jwt, 3);
23			$payloadStr = JWT::urlsafeB64Decode($jwtParts[1]);
24			$payload = json_decode($payloadStr, true);
25
26			if (empty($payload)) {
27			throw new Exception('Token payload is empty');
28			}
29
30			if (empty($payload['https://purl.imsglobal.org/spec/lti-dl/claim/data'])) {
31			throw new Exception('Data claim is missing');
32			}
33
34			if ($payload['aud'] !== ImsLtiPlugin::getIssuerUrl()) {
35			throw new Exception('Audience not valid');
36			}
37
38			$toolId = str_replace('tool:', '', $payload['https://purl.imsglobal.org/spec/lti-dl/claim/data']);
39			/** @var ImsLtiTool $ltiTool */
40			$ltiTool = $em->find('ChamiloPluginBundle:ImsLti\ImsLtiTool', $toolId);
41
42			if (empty($ltiTool)) {
43			throw new Exception('LTI tool not found');
44			}
45
46			if ($payload['iss'] !== $ltiTool->getClientId()) {
47			throw new Exception('Consumer not valid');
48			}
49
50			$decodedJwt = JWT::decode($jwt, $ltiTool->publicKey, ['RS256']);
51
52			if (empty($decodedJwt->{'https://purl.imsglobal.org/spec/lti-dl/claim/content_items'})) {
53			throw new Exception('Content items are missing');
54			}
55
56			foreach ($decodedJwt->{'https://purl.imsglobal.org/spec/lti-dl/claim/content_items'} as $contentItemClaim) {
57			/** @var LtiContentItemType\|null $contentItem */
58			$contentItem = null;
59
60			switch ($contentItemClaim->type) {
61			case 'ltiResourceLink':
62			$contentItem = new LtiResourceLink($contentItemClaim);
			0 ignored issues – show Coding Style Comprehensibility introduced 2020-03-26 17:45 UTC by Report Bug Copy Issue Report Show Similar Issues like this Consider adding a comment if this fall-through is intended. Loading history...
63			default:
64			continue;
65			}
66
67			$contentItem->save($ltiTool, $course);
68			}
69			} catch (Exception $exception) {
70			$message = Display::return_message($exception->getMessage(), 'error');
71
72			api_not_allowed(true, $message);
73			}
74
75			$plugin = ImsLtiPlugin::create();
76
77			Display::addFlash(
78			Display::return_message($plugin->get_lang('ToolAdded'), 'success')
79			);
80			?>
81			<!DOCTYPE html>
82			<body>
83			<script>window.parent.location.href = '<?php echo api_get_course_url(); ?>';</script>
84			</body>
85

chamilo / chamilo-lms

Push — 1.11.x ( bce6cd...c146d9 )

plugin/ims_lti/item_return2.php (1 issue)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like