smtech / canvas-management

index.php

<?php

require_once 'common.inc.php';

use smtech\CanvasManagement\Toolbox;
use smtech\ReflexiveCanvasLTI\LTI\ToolProvider;
use smtech\ReflexiveCanvasLTI\Exception\ConfigurationException;

/* store any requested actions for future handling */
$action = (empty($_REQUEST['action']) ?
    ACTION_UNSPECIFIED :
    strtolower($_REQUEST['action'])
);

/* action requests only come from outside the LTI! */
if ($action) {
    unset($_SESSION[ToolProvider::class]);
}

/* authenticate LTI launch request, if present */
if ($toolbox->lti_isLaunching()) {
    /* http://stackoverflow.com/a/14329752 */
    // session_start(); // already called in common.inc.php

50% of this comment could be valid code. Did you maybe forget this after debugging?

    @session_destroy(); // TODO I don't feel good about suppressing errors

It seems like you do not handle an error condition here. This can introduce security issues, and is generally not recommended.

    @session_unset();

It seems like you do not handle an error condition here. This can introduce security issues, and is generally not recommended.

    @session_start();

It seems like you do not handle an error condition here. This can introduce security issues, and is generally not recommended.

    @session_regenerate_id(true);

It seems like you do not handle an error condition here. This can introduce security issues, and is generally not recommended.

    $_SESSION[Toolbox::class] =& $toolbox;
    session_write_close();
    $toolbox->lti_authenticate();
    exit;
}

/* if authenticated LTI launch, redirect to appropriate placement view */
if (!empty($_SESSION[ToolProvider::class]['canvas']['account_id'])) {
    $toolbox->smarty_display('home.tpl');
    exit;

/* if not authenticated, default to showing credentials */
} else {
    $action = (empty($action) ?
        ACTION_CONFIG :
        $action
    );
}

/* process any actions */
switch ($action) {
    /* reset cached install data from config file */
    case ACTION_INSTALL:
        $_SESSION['toolbox'] = Toolbox::fromConfiguration(CONFIG_FILE, true);
        $toolbox =& $_SESSION['toolbox'];

        /* test to see if we can connect to the API */
        try {
            $toolbox->getAPI();
        } catch (ConfigurationException $e) {
            /* if there isn't an API token in config.xml, are there OAuth credentials? */
            if ($e->getCode() === ConfigurationException::CANVAS_API_INCORRECT) {
                $toolbox->interactiveGetAccessToken('This tool requires access to the Canvas APIs by an administrative user. This API access is used to make (sometimes dramatic) updates to your course and user data via administrative scripts. Please enter the URL of your Canvas instance below (e.g. <code>https://canvas.instructure.com</code> -- the URL that you would enter to log in to Canvas). If you are not already logged in, you will be asked to log in. After logging in, you will be asked to authorize this tool.</p><p>If you are already logged, but <em>not</em> logged in as an administrative user, please log out now, so that you may log in as administrative user to authorize this tool.');

It seems like you code against a specific sub-type and not the parent class smtech\ReflexiveCanvasLTI\Toolbox as the method interactiveGetAccessToken() does only exist in the following sub-classes of smtech\ReflexiveCanvasLTI\Toolbox: smtech\CanvasManagement\Toolbox, smtech\StMarksReflexiveCanvasLTI\Toolbox. Maybe you want to instanceof check for one of these explicitly?

                exit;
            } else { /* no (understandable) API credentials available -- doh! */
                throw $e;
            }
        }

        /* finish by opening consumers control panel */
        header('Location: consumers.php');
        exit;

    /* show LTI configuration XML file */
    case ACTION_CONFIG:
        header('Content-type: application/xml');
        echo $toolbox->saveConfigurationXML();
        exit;
}