1 | <?php |
||
2 | /* For licensing terms, see /license.txt */ |
||
3 | |||
4 | use Chamilo\PluginBundle\Entity\ImsLti\ImsLtiTool; |
||
5 | use Firebase\JWT\JWT; |
||
6 | |||
7 | require_once __DIR__.'/../../main/inc/global.inc.php'; |
||
8 | |||
9 | api_protect_course_script(false); |
||
10 | api_block_anonymous_users(false); |
||
11 | |||
12 | $jwt = empty($_REQUEST['JWT']) ? '' : $_REQUEST['JWT']; |
||
13 | |||
14 | $em = Database::getManager(); |
||
15 | $course = api_get_course_entity(api_get_course_int_id()); |
||
16 | |||
17 | try { |
||
18 | if (empty($jwt)) { |
||
19 | throw new Exception('Token is missing'); |
||
20 | } |
||
21 | |||
22 | $jwtParts = explode('.', $jwt, 3); |
||
23 | $payloadStr = JWT::urlsafeB64Decode($jwtParts[1]); |
||
24 | $payload = json_decode($payloadStr, true); |
||
25 | |||
26 | if (empty($payload)) { |
||
27 | throw new Exception('Token payload is empty'); |
||
28 | } |
||
29 | |||
30 | if (empty($payload['https://purl.imsglobal.org/spec/lti-dl/claim/data'])) { |
||
31 | throw new Exception('Data claim is missing'); |
||
32 | } |
||
33 | |||
34 | if ($payload['aud'] !== ImsLtiPlugin::getIssuerUrl()) { |
||
35 | throw new Exception('Audience not valid'); |
||
36 | } |
||
37 | |||
38 | $toolId = str_replace('tool:', '', $payload['https://purl.imsglobal.org/spec/lti-dl/claim/data']); |
||
39 | /** @var ImsLtiTool $ltiTool */ |
||
40 | $ltiTool = $em->find('ChamiloPluginBundle:ImsLti\ImsLtiTool', $toolId); |
||
41 | |||
42 | if (empty($ltiTool)) { |
||
43 | throw new Exception('LTI tool not found'); |
||
44 | } |
||
45 | |||
46 | if ($payload['iss'] !== $ltiTool->getClientId()) { |
||
47 | throw new Exception('Consumer not valid'); |
||
48 | } |
||
49 | |||
50 | $decodedJwt = JWT::decode($jwt, $ltiTool->publicKey, ['RS256']); |
||
51 | |||
52 | if (empty($decodedJwt->{'https://purl.imsglobal.org/spec/lti-dl/claim/content_items'})) { |
||
53 | throw new Exception('Content items are missing'); |
||
54 | } |
||
55 | |||
56 | foreach ($decodedJwt->{'https://purl.imsglobal.org/spec/lti-dl/claim/content_items'} as $contentItemClaim) { |
||
57 | /** @var LtiContentItemType|null $contentItem */ |
||
58 | $contentItem = null; |
||
59 | |||
60 | switch ($contentItemClaim->type) { |
||
61 | case 'ltiResourceLink': |
||
62 | $contentItem = new LtiResourceLink($contentItemClaim); |
||
0 ignored issues
–
show
Coding Style
Comprehensibility
introduced
by
Loading history...
|
|||
63 | default: |
||
64 | continue; |
||
65 | } |
||
66 | |||
67 | $contentItem->save($ltiTool, $course); |
||
68 | } |
||
69 | } catch (Exception $exception) { |
||
70 | $message = Display::return_message($exception->getMessage(), 'error'); |
||
71 | |||
72 | api_not_allowed(true, $message); |
||
73 | } |
||
74 | |||
75 | $plugin = ImsLtiPlugin::create(); |
||
76 | |||
77 | Display::addFlash( |
||
78 | Display::return_message($plugin->get_lang('ToolAdded'), 'success') |
||
79 | ); |
||
80 | ?> |
||
81 | <!DOCTYPE html> |
||
82 | <body> |
||
83 | <script>window.parent.location.href = '<?php echo api_get_course_url(); ?>';</script> |
||
84 | </body> |
||
85 |