Skip to content

Commit

Permalink
Merge pull request #196 from Panopto/2023031400-release-code
Browse files Browse the repository at this point in the history
2023031400 release code.
  • Loading branch information
jmalmsten-panopto authored Mar 14, 2023
2 parents cfbb4a7 + 1e53f7c commit 857a85a
Show file tree
Hide file tree
Showing 5 changed files with 47 additions and 21 deletions.
2 changes: 1 addition & 1 deletion SSO.php
Original file line number Diff line number Diff line change
Expand Up @@ -136,7 +136,7 @@
$responseparamsencoded =
'serverName=' . $servername . '&externalUserKey=' . urlencode($userkey) . '&expiration=' . $expiration;

$fullreturnurl = !empty($returnurl) ? '&ReturnUrl=' . $returnurl . $fragment : "";
$fullreturnurl = !empty($returnurl) ? '&ReturnUrl=' . urlencode($returnurl) . $fragment : "";
$separator = (strpos($url, '?') ? '&' : '?');
$redirecturl = $url . $separator . $responseparamsencoded . '&authCode=' . $responseauthcode . $fullreturnurl;

Expand Down
2 changes: 1 addition & 1 deletion block_panopto.php
Original file line number Diff line number Diff line change
Expand Up @@ -162,7 +162,7 @@ public function get_content() {
null,
true);

$this->content->text = html_writer::tag('div', "<font id='loading_text'>" .
$this->content->text = html_writer::tag('div', "<font id='loading_text'>" .
get_string('fetching_content', 'block_panopto') . '</font>', $params);

$this->content->text .= '<script type="text/javascript">' .
Expand Down
53 changes: 39 additions & 14 deletions lib/lti/auth.php
Original file line number Diff line number Diff line change
Expand Up @@ -51,13 +51,29 @@
$clientid = optional_param('client_id', '', PARAM_TEXT);
$redirecturi = optional_param('redirect_uri', '', PARAM_URL);
$loginhint = optional_param('login_hint', '', PARAM_TEXT);
$ltimessagehint = optional_param('lti_message_hint', '', PARAM_TEXT);
$ltimessagehintenc = optional_param('lti_message_hint', '', PARAM_TEXT);
$state = optional_param('state', '', PARAM_TEXT);
$responsemode = optional_param('response_mode', '', PARAM_TEXT);
$nonce = optional_param('nonce', '', PARAM_TEXT);
$prompt = optional_param('prompt', '', PARAM_TEXT);

list($pluginname, $callback, $toolid, $resourcelinkid, $contenturl, $customdata) = explode(',', $ltimessagehint, 6);
// Specific logic for Moodle 4.1 needed, in order to handle auth.
$isthismoodle41 = empty($CFG->version) ? false : $CFG->version >= 2022112800.00;
$ltimessagehint = $isthismoodle41 ? json_decode($ltimessagehintenc) : $ltimessagehintenc;

list(
$pluginname,
$callback,
$toolid,
$resourcelinkid,
$contenturl,
$customdata
) = explode(
',',
$isthismoodle41 ? $ltimessagehint->cmid : $ltimessagehint,
6
);

$ispanoptoplugin = false;
$pluginpath = '';
switch($pluginname)
Expand Down Expand Up @@ -90,17 +106,25 @@
'&nonce=' . urlencode($nonce) .
"&login_hint=$loginhint" .
"&prompt=$prompt" .
"&lti_message_hint=$ltimessagehint"
"&lti_message_hint=$ltimessagehintenc"
);
}

$ok = !empty($scope) && !empty($responsetype) && !empty($clientid) &&
!empty($redirecturi) && !empty($loginhint) &&
!empty($nonce) && !empty($SESSION->lti_message_hint);
!empty($nonce) && ($isthismoodle41 ? true : !empty($SESSION->lti_message_hint));

if (!$ok) {
$error = 'invalid_request';
}
// This is only Moodle 4.1 check.
if ($isthismoodle41) {
$ok = $ok && isset($ltimessagehint->launchid);
if (!$ok) {
$error = 'invalid_request';
$desc = 'No launch id in LTI hint';
}
}
if ($ok && ($scope !== 'openid')) {
$ok = false;
$error = 'invalid_scope';
Expand All @@ -110,17 +134,18 @@
$error = 'unsupported_response_type';
}
if ($ok) {
list($courseid, $typeid, $id, $titleb64, $textb64) = explode(',', $SESSION->lti_message_hint, 5);
if ($isthismoodle41) {
$launchid = $ltimessagehint->launchid;
list($courseid, $typeid, $id, $messagetype, $foruserid, $titleb64, $textb64) = explode(',', $SESSION->$launchid, 7);
unset($SESSION->$launchid);
} else {
list($courseid, $typeid, $id, $titleb64, $textb64) = explode(',', $SESSION->lti_message_hint, 5);
}

$ok = true;
$config = lti_get_type_type_config($typeid);
$ok = ($clientid === $config->lti_clientid);
if (!$ok) {
$error = 'invalid_request';
} else {
$config = lti_get_type_type_config($typeid);
$ok = ($clientid === $config->lti_clientid);
if (!$ok) {
$error = 'unauthorized_client';
}
$error = 'unauthorized_client';
}
}
if ($ok && ($loginhint !== $USER->id)) {
Expand All @@ -146,7 +171,7 @@
throw new moodle_exception('invalidrequest', 'error');
} else {
$uris = array_map("trim", explode("\n", $config->lti_redirectionuris));
if (!in_array($redirecturi, $uris)) {
if (!in_array(strtolower($redirecturi), array_map("strtolower", $uris))) {
throw new moodle_exception('invalidrequest', 'error');
}
}
Expand Down
7 changes: 4 additions & 3 deletions lib/lti/panoptoblock_lti_utility.php
Original file line number Diff line number Diff line change
Expand Up @@ -497,9 +497,10 @@ public static function get_course_tool($courseid) {
* @throws moodle_exception When the LTI tool type does not exist.`
* @throws coding_exception For invalid media type and presentation target parameters.
*/
public static function build_content_item_selection_request($id, $course, moodle_url $returnurl, $title = '', $text = '', $mediatypes = [],
$presentationtargets = [], $autocreate = false, $multiple = true,
$unsigned = false, $canconfirm = false, $copyadvice = false, $nonce = '', $pluginname = '') {
public static function build_content_item_selection_request($id, $course, moodle_url $returnurl, $title = '', $text = '',
$mediatypes = [], $presentationtargets = [], $autocreate = false,
$multiple = true, $unsigned = false, $canconfirm = false,
$copyadvice = false, $nonce = '', $pluginname = '') {
global $USER, $CFG;
require_once($CFG->dirroot . '/mod/lti/locallib.php');

Expand Down
4 changes: 2 additions & 2 deletions version.php
Original file line number Diff line number Diff line change
Expand Up @@ -29,10 +29,10 @@

// Plugin version should normally be the same as the internal version.
// If an admin wants to install with an older version number, however, set that here.
$plugin->version = 2023012400;
$plugin->version = 2023031400;

// Requires this Moodle version - 2.7.
$plugin->requires = 2014051200;
$plugin->requires = 2014051200;
$plugin->cron = 0;
$plugin->component = 'block_panopto';
$plugin->maturity = MATURITY_STABLE;
Expand Down

0 comments on commit 857a85a

Please sign in to comment.