[LON-CAPA-cvs] cvs: loncom / Lond.pm /lonnet/perl lonnet.pm /lti ltiauth.pm

raeburn raeburn at source.lon-capa.org
Thu Feb 17 17:35:52 EST 2022


raeburn		Thu Feb 17 22:35:52 2022 EDT

  Modified files:              
    /loncom	Lond.pm 
    /loncom/lti	ltiauth.pm 
    /loncom/lonnet/perl	lonnet.pm 
  Log:
  - Bug 6907
    - Link Protectors for deep-linking from launch from LTI Consumer can be
      configured at both a domain level and a course level.
    - Support encryption of link protection secrets set in a domain.
    - Requires perl-Crypt-CBC
  
  
-------------- next part --------------
Index: loncom/Lond.pm
diff -u loncom/Lond.pm:1.20 loncom/Lond.pm:1.21
--- loncom/Lond.pm:1.20	Wed Feb 16 00:06:08 2022
+++ loncom/Lond.pm	Thu Feb 17 22:35:50 2022
@@ -1,6 +1,6 @@
 # The LearningOnline Network
 #
-# $Id: Lond.pm,v 1.20 2022/02/16 00:06:08 raeburn Exp $
+# $Id: Lond.pm,v 1.21 2022/02/17 22:35:50 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -1189,65 +1189,58 @@
     my $consumer_key = $params->{'oauth_consumer_key'};
     return if ($consumer_key eq '');
 
+    my ($name,$cachename);
+    if ($context eq 'linkprot') {
+        $name = $context;
+    } else {
+        $name = 'lti';
+    }
+    $cachename = $name.'enc';
     my %ltienc;
-    my ($encresult,$enccached)=&Apache::lonnet::is_cached_new('ltienc',$dom);
+    my ($encresult,$enccached)=&Apache::lonnet::is_cached_new($cachename,$dom);
     if (defined($enccached)) {
         if (ref($encresult) eq 'HASH') {
             %ltienc = %{$encresult};
         }
     } else {
-        my $reply = &get_dom("getdom:$dom:encconfig:lti");
+        my $reply = &get_dom("getdom:$dom:encconfig:$name");
         my $ltiencref = &Apache::lonnet::thaw_unescape($reply);
         if (ref($ltiencref) eq 'HASH') {
             %ltienc = %{$ltiencref};
         }
         my $cachetime = 24*60*60;
-        &Apache::lonnet::do_cache_new('ltienc',$dom,\%ltienc,$cachetime);
+        &Apache::lonnet::do_cache_new($cachename,$dom,\%ltienc,$cachetime);
     }
 
     return if (!keys(%ltienc));
 
-    my %lti;
-    if ($context eq 'deeplink') {
-        my ($result,$cached)=&Apache::lonnet::is_cached_new('lti',$dom);
-        if (defined($cached)) {
-            if (ref($result) eq 'HASH') {
-                %lti = %{$result};
-            }
-        } else {
-            my $reply = &get_dom("getdom:$dom:configuration:lti");
-            my $ltiref = &Apache::lonnet::thaw_unescape($reply);
-            if (ref($ltiref) eq 'HASH') {
-                %lti = %{$ltiref};
-            }
-            my $cachetime = 24*60*60;
-            &Apache::lonnet::do_cache_new('lti',$dom,\%lti,$cachetime);
-        }
-    }
-    return if (!keys(%lti));
-
     my %lti_by_key;
     foreach my $id (keys(%ltienc)) {
         if (ref($ltienc{$id}) eq 'HASH') {
             my $key = $ltienc{$id}{'key'};
             if (($key ne '') && ($ltienc{$id}{'secret'} ne '')) {
-                if ($context eq 'deeplink') {
-                    if (ref($lti{$id}) eq 'HASH') {
-                        if (!$lti{$id}{'requser'}) {
-                            push(@{$lti_by_key{$key}},$id);
-                        }
-                    }
-                } else {
-                    push(@{$lti_by_key{$key}},$id);
-                }
+                push(@{$lti_by_key{$key}},$id);
             }
         }
     }
     return if (!keys(%lti_by_key));
 
+    my %lti = &Apache::lonnet::get_domain_lti($dom,$context);
+
     if (ref($lti_by_key{$consumer_key}) eq 'ARRAY') {
         foreach my $id (@{$lti_by_key{$consumer_key}}) {
             my $secret = $ltienc{$id}{'secret'};
+            if (ref($lti{$id}) eq 'HASH') {
+                if ((exists($lti{$id}{'cipher'})) &&
+                    ($lti{$id}{'cipher'} =~ /^\d+$/)) {
+                    my $keynum = $lti{$id}{'cipher'};
+                    my $privkey = &get_dom("getdom:$dom:private:$keynum:lti:key");
+                    if ($privkey ne '') {
+                        my $cipher = new Crypt::CBC($privkey);
+                        $secret = $cipher->decrypt_hex($secret);
+                    }
+                }
+            }
             my $request = Net::OAuth->request('request token')->from_hash($params,
                                               request_url => $url,
                                               request_method => $method,
Index: loncom/lti/ltiauth.pm
diff -u loncom/lti/ltiauth.pm:1.33 loncom/lti/ltiauth.pm:1.34
--- loncom/lti/ltiauth.pm:1.33	Tue Feb  8 15:08:53 2022
+++ loncom/lti/ltiauth.pm	Thu Feb 17 22:35:51 2022
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Basic LTI Authentication Module
 #
-# $Id: ltiauth.pm,v 1.33 2022/02/08 15:08:53 raeburn Exp $
+# $Id: ltiauth.pm,v 1.34 2022/02/17 22:35:51 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -143,9 +143,9 @@
 #
 
                         my ($itemid,$ltitype,%crslti,%lti_in_use);
-                        $itemid = &get_lti_itemid($requri,$hostname,$params,$cdom,$cnum,'deeplink');
+                        $itemid = &get_lti_itemid($requri,$hostname,$params,$cdom,$cnum,'linkprot');
                         if ($itemid) {
-                            %crslti = &Apache::lonnet::get_course_lti($cnum,$cdom,'provider');
+                            %crslti = &Apache::lonnet::get_course_lti($cnum,$cdom);
                         }
                         if (($itemid) && (ref($crslti{$itemid}) eq 'HASH')) {
                             $ltitype = 'c';
@@ -157,10 +157,10 @@
                                 return OK;
                             }
                         } else {
-                            $itemid = &get_lti_itemid($requri,$hostname,$params,$cdom,'','deeplink');
+                            $itemid = &get_lti_itemid($requri,$hostname,$params,$cdom,'','linkprot');
                             my %lti;
                             if ($itemid) {
-                                %lti = &Apache::lonnet::get_domain_lti($cdom,'provider');
+                                %lti = &Apache::lonnet::get_domain_lti($cdom,'linkprot');
                             }
                             if (($itemid) && (ref($lti{$itemid}) eq 'HASH')) {
                                 $ltitype = 'd';
@@ -185,7 +185,7 @@
                             }
                             if ($ltiauth) {
                                 my $possuname;
-                                my $mapuser = $crslti{$itemid}{'mapuser'};
+                                my $mapuser = $lti_in_use{'mapuser'};
                                 if ($mapuser eq 'sourcedid') {
                                     if ($params->{'lis_person_sourcedid'} =~ /^$match_username$/) {
                                         $possuname = $params->{'lis_person_sourcedid'};
@@ -1054,9 +1054,9 @@
     my ($r,$uname,$cnum,$cdom,$uhome,$itemid,$ltitype,$dest,$lonhost) = @_;
     $r->user($uname);
     if ($ltitype eq 'c') {
-        &Apache::lonnet::logthis("Link Protector: $itemid (c) authorized student: $uname:$cdom, course: $cdom\_$cnum");
+        &Apache::lonnet::logthis("Course Link Protector ($itemid) authorized student: $uname:$cdom, course: $cdom\_$cnum");
     } elsif ($ltitype eq 'd') {
-        &Apache::lonnet::logthis("Link Protector: $itemid (d) authorized student: $uname:$cdom, course: $cdom\_$cnum");
+        &Apache::lonnet::logthis("Domain LTI for link protection ($itemid) authorized student: $uname:$cdom, course: $cdom\_$cnum");
     }
     my ($is_balancer,$otherserver,$hosthere) = &check_balancer($r,$uname,$cdom);
     if (($is_balancer) && (!$hosthere)) {
Index: loncom/lonnet/perl/lonnet.pm
diff -u loncom/lonnet/perl/lonnet.pm:1.1482 loncom/lonnet/perl/lonnet.pm:1.1483
--- loncom/lonnet/perl/lonnet.pm:1.1482	Wed Feb 16 00:06:12 2022
+++ loncom/lonnet/perl/lonnet.pm	Thu Feb 17 22:35:52 2022
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # TCP networking package
 #
-# $Id: lonnet.pm,v 1.1482 2022/02/16 00:06:12 raeburn Exp $
+# $Id: lonnet.pm,v 1.1483 2022/02/17 22:35:52 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -12281,15 +12281,24 @@
 
 sub get_domain_lti {
     my ($cdom,$context) = @_;
-    my ($name,%lti);
+    my ($name,$cachename,%lti);
     if ($context eq 'consumer') {
         $name = 'ltitools';
     } elsif ($context eq 'provider') {
         $name = 'lti';
+    } elsif ($context eq 'linkprot') {
+        $name = 'ltisec';
     } else {
         return %lti;
     }
-    my ($result,$cached)=&is_cached_new($name,$cdom);
+
+    if ($context eq 'linkprot') {
+        $cachename = $context;
+    } else {
+        $cachename = $name;
+    }
+    
+    my ($result,$cached)=&is_cached_new($cachename,$cdom);
     if (defined($cached)) {
         if (ref($result) eq 'HASH') {
             %lti = %{$result};
@@ -12297,20 +12306,28 @@
     } else {
         my %domconfig = &get_dom('configuration',[$name],$cdom);
         if (ref($domconfig{$name}) eq 'HASH') {
-            %lti = %{$domconfig{$name}};
-            my %encdomconfig = &get_dom('encconfig',[$name],$cdom,undef,1);
-            if (ref($encdomconfig{$name}) eq 'HASH') {
-                foreach my $id (keys(%lti)) {
-                    if (ref($encdomconfig{$name}{$id}) eq 'HASH') {
-                        foreach my $item ('key','secret') {
-                            $lti{$id}{$item} = $encdomconfig{$name}{$id}{$item};
+            if ($context eq 'linkprot') {
+                if (ref($domconfig{$name}{'linkprot'}) eq 'HASH') {
+                    %lti = %{$domconfig{$name}{'linkprot'}};
+                }
+            } else {
+                %lti = %{$domconfig{$name}};
+            }
+            if (($context eq 'consumer') && (keys(%lti))) {
+                my %encdomconfig = &get_dom('encconfig',[$name],$cdom,undef,1);
+                if (ref($encdomconfig{$name}) eq 'HASH') {
+                    foreach my $id (keys(%lti)) {
+                        if (ref($encdomconfig{$name}{$id}) eq 'HASH') {
+                            foreach my $item ('key','secret') {
+                                $lti{$id}{$item} = $encdomconfig{$name}{$id}{$item};
+                            }
                         }
                     }
                 }
             }
         }
         my $cachetime = 24*60*60;
-        &do_cache_new($name,$cdom,\%lti,$cachetime);
+        &do_cache_new($cachename,$cdom,\%lti,$cachetime);
     }
     return %lti;
 }


More information about the LON-CAPA-cvs mailing list