Moodle  2.2.1
http://www.collinsharper.com
C:/xampp/htdocs/moodle/mod/lti/OAuthBody.php
Go to the documentation of this file.
00001 <?php
00002 // This file is part of BasicLTI4Moodle
00003 //
00004 // BasicLTI4Moodle is an IMS BasicLTI (Basic Learning Tools for Interoperability)
00005 // consumer for Moodle 1.9 and Moodle 2.0. BasicLTI is a IMS Standard that allows web
00006 // based learning tools to be easily integrated in LMS as native ones. The IMS BasicLTI
00007 // specification is part of the IMS standard Common Cartridge 1.1 Sakai and other main LMS
00008 // are already supporting or going to support BasicLTI. This project Implements the consumer
00009 // for Moodle. Moodle is a Free Open source Learning Management System by Martin Dougiamas.
00010 // BasicLTI4Moodle is a project iniciated and leaded by Ludo(Marc Alier) and Jordi Piguillem
00011 // at the GESSI research group at UPC.
00012 // SimpleLTI consumer for Moodle is an implementation of the early specification of LTI
00013 // by Charles Severance (Dr Chuck) htp://dr-chuck.com , developed by Jordi Piguillem in a
00014 // Google Summer of Code 2008 project co-mentored by Charles Severance and Marc Alier.
00015 //
00016 // BasicLTI4Moodle is copyright 2009 by Marc Alier Forment, Jordi Piguillem and Nikolas Galanis
00017 // of the Universitat Politecnica de Catalunya http://www.upc.edu
00018 // Contact info: Marc Alier Forment granludo @ gmail.com or marc.alier @ upc.edu
00019 //
00020 // OAuthBody.php is distributed under the MIT License
00021 //
00022 // The MIT License
00023 //
00024 // Copyright (c) 2007 Andy Smith
00025 //
00026 // Permission is hereby granted, free of charge, to any person obtaining a copy
00027 // of this software and associated documentation files (the "Software"), to deal
00028 // in the Software without restriction, including without limitation the rights
00029 // to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
00030 // copies of the Software, and to permit persons to whom the Software is
00031 // furnished to do so, subject to the following conditions:
00032 //
00033 // The above copyright notice and this permission notice shall be included in
00034 // all copies or substantial portions of the Software.
00035 //
00036 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
00037 // IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
00038 // FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
00039 // AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
00040 // LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
00041 // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
00042 // THE SOFTWARE.
00043 //
00044 // Moodle is free software: you can redistribute it and/or modify
00045 // it under the terms of the GNU General Public License as published by
00046 // the Free Software Foundation, either version 3 of the License, or
00047 // (at your option) any later version.
00048 //
00049 // Moodle is distributed in the hope that it will be useful,
00050 // but WITHOUT ANY WARRANTY; without even the implied warranty of
00051 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
00052 // GNU General Public License for more details.
00053 //
00054 // You should have received a copy of the GNU General Public License
00055 // along with Moodle. If not, see <http://www.gnu.org/licenses/>.
00056 
00057 namespace moodle\mod\lti;//Using a namespace as the basicLTI module imports classes with the same names
00058 
00059 defined('MOODLE_INTERNAL') || die;
00060 
00061 require_once($CFG->dirroot . '/mod/lti/OAuth.php');
00062 require_once($CFG->dirroot . '/mod/lti/TrivialStore.php');
00063 
00064 function getOAuthKeyFromHeaders()
00065 {
00066     $request_headers = OAuthUtil::get_headers();
00067     // print_r($request_headers);
00068 
00069     if (@substr($request_headers['Authorization'], 0, 6) == "OAuth ") {
00070         $header_parameters = OAuthUtil::split_header($request_headers['Authorization']);
00071 
00072         // echo("HEADER PARMS=\n");
00073         // print_r($header_parameters);
00074         return $header_parameters['oauth_consumer_key'];
00075     }
00076     return false;
00077 }
00078 
00079 function handleOAuthBodyPOST($oauth_consumer_key, $oauth_consumer_secret, $body, $request_headers = null)
00080 {
00081     if($request_headers == null){
00082         $request_headers = OAuthUtil::get_headers();
00083     }
00084 
00085     // Must reject application/x-www-form-urlencoded
00086     if (isset($request_headers['Content-type'])) {
00087         if ($request_headers['Content-type'] == 'application/x-www-form-urlencoded' ) {
00088             throw new Exception("OAuth request body signing must not use application/x-www-form-urlencoded");
00089         }
00090     }
00091 
00092     if (@substr($request_headers['Authorization'], 0, 6) == "OAuth ") {
00093         $header_parameters = OAuthUtil::split_header($request_headers['Authorization']);
00094 
00095         // echo("HEADER PARMS=\n");
00096         // print_r($header_parameters);
00097         $oauth_body_hash = $header_parameters['oauth_body_hash'];
00098         // echo("OBH=".$oauth_body_hash."\n");
00099     }
00100 
00101     if ( ! isset($oauth_body_hash)  ) {
00102         throw new Exception("OAuth request body signing requires oauth_body_hash body");
00103     }
00104 
00105     // Verify the message signature
00106     $store = new TrivialOAuthDataStore();
00107     $store->add_consumer($oauth_consumer_key, $oauth_consumer_secret);
00108 
00109     $server = new OAuthServer($store);
00110 
00111     $method = new OAuthSignatureMethod_HMAC_SHA1();
00112     $server->add_signature_method($method);
00113     $request = OAuthRequest::from_request();
00114 
00115     try {
00116         $server->verify_request($request);
00117     } catch (Exception $e) {
00118         $message = $e->getMessage();
00119         throw new Exception("OAuth signature failed: " . $message);
00120     }
00121 
00122     $postdata = $body;
00123     // echo($postdata);
00124 
00125     $hash = base64_encode(sha1($postdata, TRUE));
00126 
00127     if ( $hash != $oauth_body_hash ) {
00128         throw new Exception("OAuth oauth_body_hash mismatch");
00129     }
00130 
00131     return $postdata;
00132 }
00133 
00134 function sendOAuthBodyPOST($method, $endpoint, $oauth_consumer_key, $oauth_consumer_secret, $content_type, $body)
00135 {
00136     $hash = base64_encode(sha1($body, TRUE));
00137 
00138     $parms = array('oauth_body_hash' => $hash);
00139 
00140     $test_token = '';
00141     $hmac_method = new OAuthSignatureMethod_HMAC_SHA1();
00142     $test_consumer = new OAuthConsumer($oauth_consumer_key, $oauth_consumer_secret, NULL);
00143 
00144     $acc_req = OAuthRequest::from_consumer_and_token($test_consumer, $test_token, $method, $endpoint, $parms);
00145     $acc_req->sign_request($hmac_method, $test_consumer, $test_token);
00146 
00147     $header = $acc_req->to_header();
00148     $header = $header . "\r\nContent-type: " . $content_type . "\r\n";
00149 
00150     $params = array('http' => array(
00151         'method' => 'POST',
00152         'content' => $body,
00153         'header' => $header
00154         ));
00155     $ctx = stream_context_create($params);
00156     $fp = @fopen($endpoint, 'rb', false, $ctx);
00157     if (!$fp) {
00158         throw new Exception("Problem with $endpoint, $php_errormsg");
00159     }
00160     $response = @stream_get_contents($fp);
00161     if ($response === false) {
00162         throw new Exception("Problem reading data from $endpoint, $php_errormsg");
00163     }
00164     return $response;
00165 }
 All Data Structures Namespaces Files Functions Variables Enumerations