-
Notifications
You must be signed in to change notification settings - Fork 3
/
tool.php
210 lines (186 loc) · 8.79 KB
/
tool.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
<?php
error_reporting(E_ALL & ~E_NOTICE);
ini_set("display_errors", 1);
// Load up the LTI Support code
require_once 'util/lti_util.php';
require_once 'util/mimeparse.php';
session_start();
header('Content-Type: text/html; charset=utf-8');
$cur_url = curPageURL();
// Initialize, all secrets are 'secret', do not set session, and do not redirect
$key = isset($_POST['oauth_consumer_key']) ? $_POST['oauth_consumer_key'] : false;
$secret = "secret";
$_SESSION['oauth_consumer_key'] = $_POST['oauth_consumer_key'] ?? '';
$_SESSION['secret'] = "secret";
$context = new BLTI($secret, false, false);
?>
<html>
<head>
<title>External Tool API Test Harness</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
</head>
<body style="font-family:sans-serif; background-color:#add8e6">
<?php
echo("<p><b>External Tool API Test Harness</b></p>\n");
$sourcedid = $_REQUEST['lis_result_sourcedid'] ?? '';
if ( $context->valid ) {
print "<p style=\"color:green\">Launch Validated.<p>\n";
if ( $_POST['launch_presentation_return_url'] ?? null ) {
$msg = 'A%20message%20from%20the%20tool%20provider.';
$error_msg = 'An%20error%20message%20from%20the%20tool%20provider.';
$sep = (strpos($_POST['launch_presentation_return_url'], '?') === FALSE) ? '?' : '&';
print "<p><a href=\"{$_POST['launch_presentation_return_url']}\">Return to tool consumer</a> (";
print "<a href=\"{$_POST['launch_presentation_return_url']}{$sep}lti_msg={$msg}&lti_log=LTI%20log%20entry:%20{$msg}\">with a message</a> or ";
print "<a href=\"{$_POST['launch_presentation_return_url']}{$sep}lti_errormsg={$error_msg}&lti_errorlog=LTI%20error%20log%20entry:%20{$error_msg}\">with an error</a>";
print ")</p>\n";
}
$found = false;
if ( ($_POST['lis_result_sourcedid'] ?? null) &&
($_POST['lis_outcome_service_url'] ?? null) ) {
print "<p>\n";
print '<a href="common/tool_provider_outcome.php?sourcedid='.urlencode($sourcedid);
print '&key='.urlencode($_POST['oauth_consumer_key']);
print '&secret=secret';
print '&url='.urlencode($_POST['lis_outcome_service_url']);
if ( isset($_POST['oauth_signature_method']) && $_POST['oauth_signature_method'] != 'HMAC-SHA1' ) {
print '&oauth_signature_method='.urlencode($_POST['oauth_signature_method']).'">';
}
print '&accepted='.urlencode($_POST['ext_outcome_data_values_accepted'] ?? '').'">';
print 'Test LTI 1.1 Outcome Service</a>.</p>'."\n";
$found = true;
}
if ( isset($_POST['custom_result_url']) ) {
print "<p>\n";
print '<a href="json/result_json.php?url='.urlencode($_POST['custom_result_url']).'">';
print 'Test LTI 2.0 Outcome Service</a>.</p>'."\n";
$found = true;
}
if ( isset($_POST['custom_ltilink_custom_url']) || isset($_POST['custom_toolproxy_custom_url']) ||
isset($_POST['custom_toolproxybinding_custom_url']) ) {
print "<p>\n";
print '<a href="json/settings_json.php?';
if ( isset($_POST['custom_ltilink_custom_url']) ) {
print 'link='.urlencode($_POST['custom_ltilink_custom_url'])."&";
}
if ( isset($_POST['custom_toolproxy_custom_url']) ) {
print 'proxy='.urlencode($_POST['custom_toolproxy_custom_url'])."&";
}
if ( isset($_POST['custom_toolproxybinding_custom_url']) ) {
print 'tool='.urlencode($_POST['custom_toolproxybinding_custom_url'])."&";
}
print 'x=24">';
print 'Test LTI 2.0 Settings Service</a>.</p>'."\n";
$found = true;
}
if ( isset($_POST['ext_sakai_encrypted_session']) && isset($_POST['ext_sakai_serverid']) &&
isset($_POST['ext_sakai_server']) ) {
// In the future support key lengths beyond 128 bits
$keylength = isset($_POST['ext_sakai_blowfish_length']) ? $_POST['ext_sakai_blowfish_length'] / 8 : 16;
if ( $keylength < 1 ) $keylength = 16;
// hash is returning binary - not hex encoded so we get the full 160 bits
$sha1Secret = hash('sha1',$secret, true);
if ( strlen($sha1Secret) > $keylength ) $sha1Secret = substr($sha1Secret,0,$keylength);
$encrypted_session=hex2bin($_POST['ext_sakai_encrypted_session']);
$session = mcrypt_decrypt(MCRYPT_BLOWFISH, $sha1Secret, $encrypted_session, MCRYPT_MODE_ECB);
// The encryption pads out the input string to a full block with non-printing characters
// so we must remove them here. Since the pre-encrypted sesison only includes non-printing
// characters it is fafe to rtrim the non-printing characters up to \32 - initial testing
// of Sakai indicates that the padding used by this versio of Java is 0x04 - but that could change
// so we are playing it safe and right-trimming all non-printing characters.
// http://stackoverflow.com/questions/1061765/should-i-trim-the-decrypted-string-after-mcrypt-decrypt
$session = rtrim($session,"\0..\32");
$session .= '.' . $_POST['ext_sakai_serverid'];
print "<p>\n";
print '<a href="retrieve.php?session='.urlencode($session);
print '&server='.urlencode($_POST['ext_sakai_server']).'">';
print 'Test Encrypted Session Extension</a>.</p>'."\n";
$found = true;
}
if ( ($_POST['ext_ims_lis_memberships_id'] ?? null) &&
($_POST['ext_ims_lis_memberships_url'] ?? null) ) {
print "<p>\n";
print '<a href="ext/memberships.php?id='.htmlent_utf8($_POST['ext_ims_lis_memberships_id']);
print '&key='.urlencode($_POST['oauth_consumer_key']);
print '&url='.urlencode($_POST['ext_ims_lis_memberships_url']).'">';
print 'Test Sakai Roster API</a>.</p>'."\n";
$found = true;
}
if ( ($_POST['lis_result_sourcedid'] ?? null) &&
($_POST['ext_ims_lis_basic_outcome_url'] ?? null ) ) {
print "<p>\n";
print '<a href="ext/setoutcome.php?sourcedid='.$sourcedid;
print '&key='.urlencode($_POST['oauth_consumer_key']);
print '&accepted='.urlencode($_POST['ext_outcome_data_values_accepted'] ?? '');
print '&url='.urlencode($_POST['ext_ims_lis_basic_outcome_url'] ?? '').'">';
print 'Test Sakai Outcome API</a>.</p>'."\n";
$found = true;
}
if ( ($_POST['ext_ims_lti_tool_setting_id'] ?? null) &&
($_POST['ext_ims_lti_tool_setting_url'] ?? null) ) {
print "<p>\n";
print '<a href="ext/setting.php?id='.htmlent_utf8($_POST['ext_ims_lti_tool_setting_id']);
print '&key='.urlencode($_POST['oauth_consumer_key']);
print '&url='.urlencode($_POST['ext_ims_lti_tool_setting_url']).'">';
print 'Test Sakai Settings API</a>.</p>'."\n";
$found = true;
}
$ltilink_allowed = false;
if ( isset($_POST['accept_media_types']) ) {
$ltilink_mimetype = 'application/vnd.ims.lti.v1.ltilink';
$m = new Mimeparse;
$ltilink_allowed = $m->best_match(array($ltilink_mimetype), $_POST['accept_media_types']);
}
if ( $ltilink_allowed && $_POST['content_item_return_url'] ) {
print '<p><form action="json/content_json.php" method="post">'."\n";
foreach ( $_POST as $k => $v ) {
print '<input type="hidden" name="'.$k.'" ';
print 'value="'.htmlentities($v).'"/>';
}
print '<input type="submit" value="Test LtiLinkItem Content Item"/>';
print "</form></p>\n";
$found = true;
}
$fileitem_allowed = false;
if ( isset($_POST['accept_media_types']) ) {
$fileitem_mimetype = 'application/vnd.ims.imsccv1p3';
$m = new Mimeparse;
$fileitem_allowed = $m->best_match(array($fileitem_mimetype), $_POST['accept_media_types']);
}
if ( $fileitem_allowed && $_POST['content_item_return_url'] ) {
print '<p><form action="json/fileitem_json.php" method="post">'."\n";
foreach ( $_POST as $k => $v ) {
print '<input type="hidden" name="'.$k.'" ';
print 'value="'.htmlentities($v).'"/>';
}
print '<input type="submit" value="Test FileItem Content Item"/>';
print "</form></p>\n";
$found = true;
}
if ( ! $found ) {
echo("<p>No Services are available for this launch.</p>\n");
}
print "<pre>\n";
print "Context Information:\n\n";
print htmlent_utf8($context->dump());
print "</pre>\n";
} else {
print "<p style=\"color:red\">Could not establish context: ".$context->message."<p>\n";
}
print "<p>Base String:<br/>\n";
print htmlent_utf8($context->basestring);
print "<br/></p>\n";
echo('<a href="basecheck.php?b='.urlencode($context->basestring).'" target="_blank">Compare This Base String</a><br/>');
print "<br/></p>\n";
print "<pre>\n";
print "Raw POST Parameters:\n\n";
ksort($_POST);
foreach($_POST as $key => $value ) {
print htmlent_utf8($key) . "=" . htmlent_utf8($value) . " (".mb_detect_encoding($value).")\n";
}
print "\nRaw GET Parameters:\n\n";
ksort($_GET);
foreach($_GET as $key => $value ) {
print htmlent_utf8($key) . "=" . htmlent_utf8($value) . " (".mb_detect_encoding($value).")\n";
}
print "</pre>";
?>