[LON-CAPA-cvs] cvs: loncom / Lond.pm /lonnet/perl lonnet.pm /lti ltiauth.pm
raeburn
raeburn at source.lon-capa.org
Thu Feb 17 17:35:52 EST 2022
raeburn Thu Feb 17 22:35:52 2022 EDT
Modified files:
/loncom Lond.pm
/loncom/lti ltiauth.pm
/loncom/lonnet/perl lonnet.pm
Log:
- Bug 6907
- Link Protectors for deep-linking from launch from LTI Consumer can be
configured at both a domain level and a course level.
- Support encryption of link protection secrets set in a domain.
- Requires perl-Crypt-CBC
-------------- next part --------------
Index: loncom/Lond.pm
diff -u loncom/Lond.pm:1.20 loncom/Lond.pm:1.21
--- loncom/Lond.pm:1.20 Wed Feb 16 00:06:08 2022
+++ loncom/Lond.pm Thu Feb 17 22:35:50 2022
@@ -1,6 +1,6 @@
# The LearningOnline Network
#
-# $Id: Lond.pm,v 1.20 2022/02/16 00:06:08 raeburn Exp $
+# $Id: Lond.pm,v 1.21 2022/02/17 22:35:50 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -1189,65 +1189,58 @@
my $consumer_key = $params->{'oauth_consumer_key'};
return if ($consumer_key eq '');
+ my ($name,$cachename);
+ if ($context eq 'linkprot') {
+ $name = $context;
+ } else {
+ $name = 'lti';
+ }
+ $cachename = $name.'enc';
my %ltienc;
- my ($encresult,$enccached)=&Apache::lonnet::is_cached_new('ltienc',$dom);
+ my ($encresult,$enccached)=&Apache::lonnet::is_cached_new($cachename,$dom);
if (defined($enccached)) {
if (ref($encresult) eq 'HASH') {
%ltienc = %{$encresult};
}
} else {
- my $reply = &get_dom("getdom:$dom:encconfig:lti");
+ my $reply = &get_dom("getdom:$dom:encconfig:$name");
my $ltiencref = &Apache::lonnet::thaw_unescape($reply);
if (ref($ltiencref) eq 'HASH') {
%ltienc = %{$ltiencref};
}
my $cachetime = 24*60*60;
- &Apache::lonnet::do_cache_new('ltienc',$dom,\%ltienc,$cachetime);
+ &Apache::lonnet::do_cache_new($cachename,$dom,\%ltienc,$cachetime);
}
return if (!keys(%ltienc));
- my %lti;
- if ($context eq 'deeplink') {
- my ($result,$cached)=&Apache::lonnet::is_cached_new('lti',$dom);
- if (defined($cached)) {
- if (ref($result) eq 'HASH') {
- %lti = %{$result};
- }
- } else {
- my $reply = &get_dom("getdom:$dom:configuration:lti");
- my $ltiref = &Apache::lonnet::thaw_unescape($reply);
- if (ref($ltiref) eq 'HASH') {
- %lti = %{$ltiref};
- }
- my $cachetime = 24*60*60;
- &Apache::lonnet::do_cache_new('lti',$dom,\%lti,$cachetime);
- }
- }
- return if (!keys(%lti));
-
my %lti_by_key;
foreach my $id (keys(%ltienc)) {
if (ref($ltienc{$id}) eq 'HASH') {
my $key = $ltienc{$id}{'key'};
if (($key ne '') && ($ltienc{$id}{'secret'} ne '')) {
- if ($context eq 'deeplink') {
- if (ref($lti{$id}) eq 'HASH') {
- if (!$lti{$id}{'requser'}) {
- push(@{$lti_by_key{$key}},$id);
- }
- }
- } else {
- push(@{$lti_by_key{$key}},$id);
- }
+ push(@{$lti_by_key{$key}},$id);
}
}
}
return if (!keys(%lti_by_key));
+ my %lti = &Apache::lonnet::get_domain_lti($dom,$context);
+
if (ref($lti_by_key{$consumer_key}) eq 'ARRAY') {
foreach my $id (@{$lti_by_key{$consumer_key}}) {
my $secret = $ltienc{$id}{'secret'};
+ if (ref($lti{$id}) eq 'HASH') {
+ if ((exists($lti{$id}{'cipher'})) &&
+ ($lti{$id}{'cipher'} =~ /^\d+$/)) {
+ my $keynum = $lti{$id}{'cipher'};
+ my $privkey = &get_dom("getdom:$dom:private:$keynum:lti:key");
+ if ($privkey ne '') {
+ my $cipher = new Crypt::CBC($privkey);
+ $secret = $cipher->decrypt_hex($secret);
+ }
+ }
+ }
my $request = Net::OAuth->request('request token')->from_hash($params,
request_url => $url,
request_method => $method,
Index: loncom/lti/ltiauth.pm
diff -u loncom/lti/ltiauth.pm:1.33 loncom/lti/ltiauth.pm:1.34
--- loncom/lti/ltiauth.pm:1.33 Tue Feb 8 15:08:53 2022
+++ loncom/lti/ltiauth.pm Thu Feb 17 22:35:51 2022
@@ -1,7 +1,7 @@
# The LearningOnline Network
# Basic LTI Authentication Module
#
-# $Id: ltiauth.pm,v 1.33 2022/02/08 15:08:53 raeburn Exp $
+# $Id: ltiauth.pm,v 1.34 2022/02/17 22:35:51 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -143,9 +143,9 @@
#
my ($itemid,$ltitype,%crslti,%lti_in_use);
- $itemid = &get_lti_itemid($requri,$hostname,$params,$cdom,$cnum,'deeplink');
+ $itemid = &get_lti_itemid($requri,$hostname,$params,$cdom,$cnum,'linkprot');
if ($itemid) {
- %crslti = &Apache::lonnet::get_course_lti($cnum,$cdom,'provider');
+ %crslti = &Apache::lonnet::get_course_lti($cnum,$cdom);
}
if (($itemid) && (ref($crslti{$itemid}) eq 'HASH')) {
$ltitype = 'c';
@@ -157,10 +157,10 @@
return OK;
}
} else {
- $itemid = &get_lti_itemid($requri,$hostname,$params,$cdom,'','deeplink');
+ $itemid = &get_lti_itemid($requri,$hostname,$params,$cdom,'','linkprot');
my %lti;
if ($itemid) {
- %lti = &Apache::lonnet::get_domain_lti($cdom,'provider');
+ %lti = &Apache::lonnet::get_domain_lti($cdom,'linkprot');
}
if (($itemid) && (ref($lti{$itemid}) eq 'HASH')) {
$ltitype = 'd';
@@ -185,7 +185,7 @@
}
if ($ltiauth) {
my $possuname;
- my $mapuser = $crslti{$itemid}{'mapuser'};
+ my $mapuser = $lti_in_use{'mapuser'};
if ($mapuser eq 'sourcedid') {
if ($params->{'lis_person_sourcedid'} =~ /^$match_username$/) {
$possuname = $params->{'lis_person_sourcedid'};
@@ -1054,9 +1054,9 @@
my ($r,$uname,$cnum,$cdom,$uhome,$itemid,$ltitype,$dest,$lonhost) = @_;
$r->user($uname);
if ($ltitype eq 'c') {
- &Apache::lonnet::logthis("Link Protector: $itemid (c) authorized student: $uname:$cdom, course: $cdom\_$cnum");
+ &Apache::lonnet::logthis("Course Link Protector ($itemid) authorized student: $uname:$cdom, course: $cdom\_$cnum");
} elsif ($ltitype eq 'd') {
- &Apache::lonnet::logthis("Link Protector: $itemid (d) authorized student: $uname:$cdom, course: $cdom\_$cnum");
+ &Apache::lonnet::logthis("Domain LTI for link protection ($itemid) authorized student: $uname:$cdom, course: $cdom\_$cnum");
}
my ($is_balancer,$otherserver,$hosthere) = &check_balancer($r,$uname,$cdom);
if (($is_balancer) && (!$hosthere)) {
Index: loncom/lonnet/perl/lonnet.pm
diff -u loncom/lonnet/perl/lonnet.pm:1.1482 loncom/lonnet/perl/lonnet.pm:1.1483
--- loncom/lonnet/perl/lonnet.pm:1.1482 Wed Feb 16 00:06:12 2022
+++ loncom/lonnet/perl/lonnet.pm Thu Feb 17 22:35:52 2022
@@ -1,7 +1,7 @@
# The LearningOnline Network
# TCP networking package
#
-# $Id: lonnet.pm,v 1.1482 2022/02/16 00:06:12 raeburn Exp $
+# $Id: lonnet.pm,v 1.1483 2022/02/17 22:35:52 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -12281,15 +12281,24 @@
sub get_domain_lti {
my ($cdom,$context) = @_;
- my ($name,%lti);
+ my ($name,$cachename,%lti);
if ($context eq 'consumer') {
$name = 'ltitools';
} elsif ($context eq 'provider') {
$name = 'lti';
+ } elsif ($context eq 'linkprot') {
+ $name = 'ltisec';
} else {
return %lti;
}
- my ($result,$cached)=&is_cached_new($name,$cdom);
+
+ if ($context eq 'linkprot') {
+ $cachename = $context;
+ } else {
+ $cachename = $name;
+ }
+
+ my ($result,$cached)=&is_cached_new($cachename,$cdom);
if (defined($cached)) {
if (ref($result) eq 'HASH') {
%lti = %{$result};
@@ -12297,20 +12306,28 @@
} else {
my %domconfig = &get_dom('configuration',[$name],$cdom);
if (ref($domconfig{$name}) eq 'HASH') {
- %lti = %{$domconfig{$name}};
- my %encdomconfig = &get_dom('encconfig',[$name],$cdom,undef,1);
- if (ref($encdomconfig{$name}) eq 'HASH') {
- foreach my $id (keys(%lti)) {
- if (ref($encdomconfig{$name}{$id}) eq 'HASH') {
- foreach my $item ('key','secret') {
- $lti{$id}{$item} = $encdomconfig{$name}{$id}{$item};
+ if ($context eq 'linkprot') {
+ if (ref($domconfig{$name}{'linkprot'}) eq 'HASH') {
+ %lti = %{$domconfig{$name}{'linkprot'}};
+ }
+ } else {
+ %lti = %{$domconfig{$name}};
+ }
+ if (($context eq 'consumer') && (keys(%lti))) {
+ my %encdomconfig = &get_dom('encconfig',[$name],$cdom,undef,1);
+ if (ref($encdomconfig{$name}) eq 'HASH') {
+ foreach my $id (keys(%lti)) {
+ if (ref($encdomconfig{$name}{$id}) eq 'HASH') {
+ foreach my $item ('key','secret') {
+ $lti{$id}{$item} = $encdomconfig{$name}{$id}{$item};
+ }
}
}
}
}
}
my $cachetime = 24*60*60;
- &do_cache_new($name,$cdom,\%lti,$cachetime);
+ &do_cache_new($cachename,$cdom,\%lti,$cachetime);
}
return %lti;
}
More information about the LON-CAPA-cvs
mailing list