chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

LTI replace OAuthSimple with OAuth1 - refs BT#13469

Browse Source
pull/2789/head
Angel Fernando Quiroz Campos 7 years ago
parent 3f80791ac8
commit be5a32191a
4 changed files with 7 additions and 642 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 621
      plugin/ims_lti/OAuthSimple.php
  2. 1
      plugin/ims_lti/form.php
  3. 26
      plugin/ims_lti/item_return.php
  4. 1
      plugin/ims_lti/outcome_service.php

621
plugin/ims_lti/OAuthSimple.php
Unescape View File

@ -1,621 +0,0 @@
<?php
/**
* OAuthSimple - A simpler version of OAuth
*
* https://github.com/jrconlin/oauthsimple
*
* @author jr conlin <src@jrconlin.com>
* @copyright unitedHeroes.net 2011
* @version 1.3
* @license BSD licence.
*/
class OAuthSimple
{
private $_secrets;
private $_default_signature_method;
private $_action;
private $_nonce_chars;
/**
* OAuthSimple constructor.
*
* @param string $APIKey The API Key (sometimes referred to as the consumer key). This value is usually
* supplied by the site you wish to use.
* @param string $sharedSecret The shared secret. This value is also usually provided by the site you wish to use.
*
* @return OAuthSimple
*/
function __construct($APIKey = "", $sharedSecret = "")
{
if (!empty($APIKey)) {
$this->_secrets['consumer_key'] = $APIKey;
}
if (!empty($sharedSecret)) {
$this->_secrets['shared_secret'] = $sharedSecret;
}
$this->_default_signature_method = "HMAC-SHA1";
$this->_action = "GET";
$this->_nonce_chars = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
return $this;
}
/**
* Reset the parameters and URL.
*
* @return OAuthSimple
*/
public function reset()
{
$this->_parameters = Array();
$this->path = null;
$this->sbs = null;
return $this;
}
/**
* Set the parameters either from a hash or a string.
*
* @param array $parameters List of parameters for the call,
* this can either be a URI string (e.g."foo=bar&gorp=banana" or an object/hash)
*
* @throws OAuthSimpleException
*
* @return OAuthSimple
*/
public function setParameters($parameters = [])
{
if (is_string($parameters)) {
$parameters = $this->_parseParameterString($parameters);
}
if (empty($this->_parameters)) {
$this->_parameters = $parameters;
} elseif (!empty($parameters)) {
$this->_parameters = array_merge($this->_parameters, $parameters);
}
if (empty($this->_parameters['oauth_nonce'])) {
$this->_getNonce();
}
if (empty($this->_parameters['oauth_timestamp'])) {
$this->_getTimeStamp();
}
if (empty($this->_parameters['oauth_consumer_key'])) {
$this->_getApiKey();
}
if (empty($this->_parameters['oauth_token'])) {
$this->_getAccessToken();
}
if (empty($this->_parameters['oauth_signature_method'])) {
$this->setSignatureMethod();
}
if (empty($this->_parameters['oauth_version'])) {
$this->_parameters['oauth_version'] = "1.0";
}
return $this;
}
/**
* Convenience method for setParameters.
*
* @param array $parameters
*
* @throws OAuthSimpleException
*
* @return OAuthSimple
*/
public function setQueryString($parameters)
{
return $this->setParameters($parameters);
}
/**
* Set the target URL (does not include the parameters).
*
* @param string $path The fully qualified URI (excluding query arguments) (e.g "http://example.org/foo")
*
* @throws OAuthSimpleException
*
* @return OAuthSimple
*/
public function setURL($path)
{
if (empty($path)) {
throw new OAuthSimpleException('No path specified for OAuthSimple.setURL');
}
$this->_path = $path;
return $this;
}
/**
* Convenience method for setURL.
*
* @param string $path
*
* @return mixed
*/
public function setPath($path)
{
return $this->_path = $path;
}
/**
* Set the "action" for the url, (e.g. GET,POST, DELETE, etc.).
*
* @param string $action HTTP Action word.
*
* @throws OAuthSimpleException
*
* @return $this
*/
public function setAction($action)
{
if (empty($action)) {
$action = 'GET';
}
$action = strtoupper($action);
if (preg_match('/[^A-Z]/', $action)) {
throw new OAuthSimpleException('Invalid action specified for OAuthSimple.setAction');
}
$this->_action = $action;
return $this;
}
/**
* Set the signatures (as well as validate the ones you have).
*
* @param array $signatures object/hash of the token/signature pairs {api_key:, shared_secret:, oauth_token:
* oauth_secret:}
*
* @throws OAuthSimpleException
*
* @return $this
*/
public function signatures($signatures)
{
if (!empty($signatures) && !is_array($signatures)) {
throw new OAuthSimpleException('Must pass dictionary array to OAuthSimple.signatures');
}
if (!empty($signatures)) {
if (empty($this->_secrets)) {
$this->_secrets = Array();
}
$this->_secrets = array_merge($this->_secrets, $signatures);
}
if (isset($this->_secrets['api_key'])) {
$this->_secrets['consumer_key'] = $this->_secrets['api_key'];
}
if (isset($this->_secrets['access_token'])) {
$this->_secrets['oauth_token'] = $this->_secrets['access_token'];
}
if (isset($this->_secrets['access_secret'])) {
$this->_secrets['shared_secret'] = $this->_secrets['access_secret'];
}
if (isset($this->_secrets['oauth_token_secret'])) {
$this->_secrets['oauth_secret'] = $this->_secrets['oauth_token_secret'];
}
if (empty($this->_secrets['consumer_key'])) {
throw new OAuthSimpleException('Missing required consumer_key in OAuthSimple.signatures');
}
if (empty($this->_secrets['shared_secret'])) {
throw new OAuthSimpleException('Missing requires shared_secret in OAuthSimple.signatures');
}
if (!empty($this->_secrets['oauth_token']) && empty($this->_secrets['oauth_secret'])) {
throw new OAuthSimpleException('Missing oauth_secret for supplied oauth_token in OAuthSimple.signatures');
}
return $this;
}
/**
* @param array $signatures
*
* @throws OAuthSimpleException
*
* @return OAuthSimple
*/
public function setTokensAndSecrets($signatures)
{
return $this->signatures($signatures);
}
/**
* Set the signature method (currently only Plaintext or SHA-MAC1).
*
* @param string $method Method of signing the transaction (only PLAINTEXT and SHA-MAC1 allowed for now).
*
* @throws OAuthSimpleException
*
* @return $this
*/
public function setSignatureMethod($method = "")
{
if (empty($method)) {
$method = $this->_default_signature_method;
}
$method = strtoupper($method);
switch ($method) {
case 'PLAINTEXT':
case 'HMAC-SHA1':
$this->_parameters['oauth_signature_method'] = $method;
break;
default:
throw new OAuthSimpleException (
"Unknown signing method $method specified for OAuthSimple.setSignatureMethod"
);
break;
}
return $this;
}
/**
* Sign the request.
*
* note: all arguments are optional, provided you've set them using the
* other helper functions.
*
* @param array $args Optional.
* Hash of arguments for the call {action, path, parameters (array), method, signatures, (array)}
*
* @throws OAuthSimpleException
*
* @return array
*/
public function sign($args = array())
{
if (!empty($args['action'])) {
$this->setAction($args['action']);
}
if (!empty($args['path'])) {
$this->setPath($args['path']);
}
if (!empty($args['method'])) {
$this->setSignatureMethod($args['method']);
}
if (!empty($args['signatures'])) {
$this->signatures($args['signatures']);
}
if (empty($args['parameters'])) {
$args['parameters'] = array();
}
$this->setParameters($args['parameters']);
$normParams = $this->_normalizedParameters();
return Array(
'parameters' => $this->_parameters,
'signature' => self::_oauthEscape($this->_parameters['oauth_signature']),
'signed_url' => $this->_path.'?'.$normParams,
'header' => $this->getHeaderString(),
'sbs' => $this->sbs,
);
}
/**
* Return a formatted "header" string.
*
* NOTE: This doesn't set the "Authorization: " prefix, which is required.
* It's not set because various set header functions prefer different
* ways to do that.
*
* @param array $args
*
* @throws OAuthSimpleException
*
* @return null|string|string[]
*/
public function getHeaderString($args = array())
{
if (empty($this->_parameters['oauth_signature'])) {
$this->sign($args);
}
$result = 'OAuth ';
foreach ($this->_parameters as $pName => $pValue) {
if (strpos($pName, 'oauth_') !== 0) {
continue;
}
if (is_array($pValue)) {
foreach ($pValue as $val) {
$result .= $pName.'="'.self::_oauthEscape($val).'", ';
}
} else {
$result .= $pName.'="'.self::_oauthEscape($pValue).'", ';
}
}
return preg_replace('/, $/', '', $result);
}
/**
* @param string $paramString
*
* @return array
*/
private function _parseParameterString($paramString)
{
$elements = explode('&', $paramString);
$result = array();
foreach ($elements as $element) {
list ($key, $token) = explode('=', $element);
if ($token) {
$token = urldecode($token);
}
if (!empty($result[$key])) {
if (!is_array($result[$key])) {
$result[$key] = array($result[$key], $token);
} else {
array_push($result[$key], $token);
}
} else {
$result[$key] = $token;
}
}
return $result;
}
/**
* @param string $string
*
* @throws OAuthSimpleException
*
* @return int|mixed|string
*/
private static function _oauthEscape($string)
{
if ($string === 0) {
return 0;
}
if ($string == '0') {
return '0';
}
if (strlen($string) == 0) {
return '';
}
if (is_array($string)) {
throw new OAuthSimpleException('Array passed to _oauthEscape');
}
$string = urlencode($string);
//FIX: urlencode of ~ and '+'
$string = str_replace(
Array('%7E', '+'), // Replace these
Array('~', '%20'), // with these
$string
);
return $string;
}
/**
* @param int $length
*
* @return string
*/
private function _getNonce($length = 5)
{
$result = '';
$cLength = strlen($this->_nonce_chars);
for ($i = 0; $i < $length; $i++) {
$rnum = rand(0, $cLength - 1);
$result .= substr($this->_nonce_chars, $rnum, 1);
}
$this->_parameters['oauth_nonce'] = $result;
return $result;
}
/**
* @throws OAuthSimpleException
*
* @return mixed
*/
private function _getApiKey()
{
if (empty($this->_secrets['consumer_key'])) {
throw new OAuthSimpleException('No consumer_key set for OAuthSimple');
}
$this->_parameters['oauth_consumer_key'] = $this->_secrets['consumer_key'];
return $this->_parameters['oauth_consumer_key'];
}
/**
* @throws OAuthSimpleException
*
* @return string
*/
private function _getAccessToken()
{
if (!isset($this->_secrets['oauth_secret'])) {
return '';
}
if (!isset($this->_secrets['oauth_token'])) {
throw new OAuthSimpleException('No access token (oauth_token) set for OAuthSimple.');
}
$this->_parameters['oauth_token'] = $this->_secrets['oauth_token'];
return $this->_parameters['oauth_token'];
}
/**
* @return int
*/
private function _getTimeStamp()
{
return $this->_parameters['oauth_timestamp'] = time();
}
/**
* @throws OAuthSimpleException
*
* @return string
*/
private function _normalizedParameters()
{
$normalized_keys = array();
$return_array = array();
foreach ($this->_parameters as $paramName => $paramValue) {
if (preg_match('/w+_secret/', $paramName) OR
$paramName == "oauth_signature") {
continue;
}
// Read parameters from a file. Hope you're practicing safe PHP.
//if (strpos($paramValue, '@') !== 0 && !file_exists(substr($paramValue, 1)))
//{
if (is_array($paramValue)) {
$normalized_keys[self::_oauthEscape($paramName)] = array();
foreach ($paramValue as $item) {
array_push($normalized_keys[self::_oauthEscape($paramName)], self::_oauthEscape($item));
}
} else {
$normalized_keys[self::_oauthEscape($paramName)] = self::_oauthEscape($paramValue);
}
//}
}
ksort($normalized_keys);
foreach ($normalized_keys as $key => $val) {
if (is_array($val)) {
sort($val);
foreach ($val as $element) {
array_push($return_array, $key."=".$element);
}
} else {
array_push($return_array, $key.'='.$val);
}
}
$presig = join("&", $return_array);
$sig = $this->_generateSignature($presig);
$this->_parameters['oauth_signature'] = $sig;
array_push($return_array, "oauth_signature=$sig");
return join("&", $return_array);
}
/**
* @param string $parameters
*
* @throws OAuthSimpleException
*
* @return string
*/
private function _generateSignature($parameters = "")
{
$secretKey = '';
if (isset($this->_secrets['shared_secret'])) {
$secretKey = self::_oauthEscape($this->_secrets['shared_secret']);
}
$secretKey .= '&';
if (isset($this->_secrets['oauth_secret'])) {
$secretKey .= self::_oauthEscape($this->_secrets['oauth_secret']);
}
if (!empty($parameters)) {
$parameters = urlencode($parameters);
}
switch ($this->_parameters['oauth_signature_method']) {
case 'PLAINTEXT':
return urlencode($secretKey);;
case 'HMAC-SHA1':
$this->sbs = self::_oauthEscape($this->_action).'&'.self::_oauthEscape($this->_path).'&'.$parameters;
return base64_encode(hash_hmac('sha1', $this->sbs, $secretKey, true));
default:
throw new OAuthSimpleException('Unknown signature method for OAuthSimple');
break;
}
}
/**
* @param $string
*
* @return string
*/
public static function generateBodyHash($string)
{
$hash = sha1($string, true);
return base64_encode($hash);
}
/**
* @param string $authorizationHeader
*
* @return array
*/
public static function getAuthorizationParams($authorizationHeader)
{
if ('OAuth ' !== substr($authorizationHeader, 0, 6)) {
return [];
}
$params = [];
$authString = str_replace('OAuth ', '', $authorizationHeader);
$authParts = explode(',', $authString);
foreach ($authParts as $authPart) {
list($key, $value) = explode('=', $authPart, 2);
$key = trim($key);
$value = trim($value, " \"");
$params[$key] = urldecode($value);
}
return $params;
}
}
/**
* Class OAuthSimpleException.
*/
class OAuthSimpleException extends Exception
{
/**
* OAuthSimpleException constructor.
*
* @param string $err
* @param bool $isDebug
*/
public function __construct($err, $isDebug = false)
{
self::log_error($err);
if ($isDebug) {
self::display_error($err, true);
}
}
/**
* @param string $err
*/
public static function log_error($err)
{
error_log($err, 0);
}
/**
* @param string $err
* @param bool $kill
*/
public static function display_error($err, $kill = false)
{
print_r($err);
if ($kill === false) {
die();
}
}
}

1
plugin/ims_lti/form.php
Unescape View File

@ -7,7 +7,6 @@ use Chamilo\PluginBundle\Entity\ImsLti\ImsLtiTool;
use Chamilo\UserBundle\Entity\User;
require_once __DIR__.'/../../main/inc/global.inc.php';
require './OAuthSimple.php';
api_protect_course_script(false);
api_block_anonymous_users(false);

26
plugin/ims_lti/item_return.php
Unescape View File

@ -26,29 +26,17 @@ if (!$ltiTool) {
api_not_allowed();
}
$oauth = new OAuthSimple(
$consumer = new OAuthConsumer(
$_POST['oauth_consumer_key'],
$ltiTool->getSharedSecret()
);
$oauth->setAction('POST');
$oauth->setSignatureMethod($_POST['oauth_signature_method']);
$result = $oauth->sign(
[
'path' => api_get_path(WEB_PLUGIN_PATH).'ims_lti/item_return.php',
'parameters' => [
'content_items' => $_POST['content_items'],
'data' => $_POST['data'],
'lti_version' => $_POST['lti_version'],
'lti_message_type' => $_POST['lti_message_type'],
'oauth_nonce' => $_POST['oauth_nonce'],
'oauth_timestamp' => $_POST['oauth_timestamp'],
'oauth_signature_method' => $_POST['oauth_signature_method'],
'oauth_callback' => $_POST['oauth_callback'],
],
]
);
$hmacMethod = new OAuthSignatureMethod_HMAC_SHA1();
$request = OAuthRequest::from_request('POST', api_get_path(WEB_PLUGIN_PATH).'ims_lti/item_return.php');
$request->sign_request($hmacMethod, $consumer, '');
$signature = $request->get_parameter('oauth_signature');
if ($result['parameters']['oauth_signature'] !== $_POST['oauth_signature']) {
if ($signature !== $_POST['oauth_signature']) {
api_not_allowed();
}

1
plugin/ims_lti/outcome_service.php
Unescape View File

@ -4,7 +4,6 @@
use Chamilo\PluginBundle\Entity\ImsLti\ImsLtiTool;
require_once __DIR__.'/../../main/inc/global.inc.php';
require_once './OAuthSimple.php';
header('Content-Type: application/xml');

Write Preview
Loading…
Cancel
Save