MDL-20534 lti: A4, add some todos towards unified Oauth
[moodle.git] / mod / lti / service.php
CommitLineData
b9b2e7bb 1<?php
61eb12d4
CS
2// This file is part of Moodle - http://moodle.org/
3//
4// Moodle is free software: you can redistribute it and/or modify
5// it under the terms of the GNU General Public License as published by
6// the Free Software Foundation, either version 3 of the License, or
7// (at your option) any later version.
8//
9// Moodle is distributed in the hope that it will be useful,
10// but WITHOUT ANY WARRANTY; without even the implied warranty of
11// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12// GNU General Public License for more details.
13//
14// You should have received a copy of the GNU General Public License
15// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
16
17/**
18 * MRTODO: Brief description of this file
19 *
20 * @package mod
21 * @subpackage lti
22 * @copyright 2011 onwards MRTODO
23 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
24 */
25
996b0fd9 26require_once(dirname(__FILE__) . "/../../config.php");
b9b2e7bb 27require_once($CFG->dirroot.'/mod/lti/locallib.php');
996b0fd9 28require_once($CFG->dirroot.'/mod/lti/servicelib.php');
b9b2e7bb 29
fabd4fcf 30// TODO: Switch to core oauthlib once implemented - MDL-30149
020eea1b
CS
31use moodle\mod\lti as lti;
32
996b0fd9 33$rawbody = file_get_contents("php://input");
020eea1b 34
ea04a9f9
EL
35foreach (getallheaders() as $name => $value) {
36 if ($name === 'Authorization') {
fabd4fcf 37 // TODO: Switch to core oauthlib once implemented - MDL-30149
020eea1b 38 $oauthparams = lti\OAuthUtil::split_header($value);
e27cb316 39
020eea1b
CS
40 $consumerkey = $oauthparams['oauth_consumer_key'];
41 break;
42 }
43}
44
ea04a9f9 45if (empty($consumerkey)) {
020eea1b
CS
46 throw new Exception('Consumer key is missing.');
47}
48
49$sharedsecret = lti_verify_message($consumerkey, lti_get_shared_secrets_by_key($consumerkey), $rawbody);
50
ea04a9f9 51if ($sharedsecret === false) {
020eea1b
CS
52 throw new Exception('Message signature not valid');
53}
54
996b0fd9 55$xml = new SimpleXMLElement($rawbody);
b9b2e7bb
CS
56
57$body = $xml->imsx_POXBody;
ea04a9f9 58foreach ($body->children() as $child) {
b9b2e7bb
CS
59 $messagetype = $child->getName();
60}
61
ea04a9f9 62switch ($messagetype) {
b9b2e7bb
CS
63 case 'replaceResultRequest':
64 $parsed = lti_parse_grade_replace_message($xml);
e27cb316 65
b9b2e7bb 66 $ltiinstance = $DB->get_record('lti', array('id' => $parsed->instanceid));
e27cb316 67
996b0fd9 68 lti_verify_sourcedid($ltiinstance, $parsed);
e27cb316 69
f4f711d7 70 $gradestatus = lti_update_grade($ltiinstance, $parsed->userid, $parsed->launchid, $parsed->gradeval);
e27cb316 71
b9b2e7bb 72 $responsexml = lti_get_response_xml(
e27cb316 73 $gradestatus ? 'success' : 'error',
b9b2e7bb
CS
74 'Grade replace response',
75 $parsed->messageid,
76 'replaceResultResponse'
77 );
e27cb316 78
b9b2e7bb 79 echo $responsexml->asXML();
e27cb316 80
b9b2e7bb 81 break;
e27cb316 82
b9b2e7bb
CS
83 case 'readResultRequest':
84 $parsed = lti_parse_grade_read_message($xml);
e27cb316 85
b9b2e7bb 86 $ltiinstance = $DB->get_record('lti', array('id' => $parsed->instanceid));
e27cb316 87
60bd82f6
CS
88 //Getting the grade requires the context is set
89 $context = get_context_instance(CONTEXT_COURSE, $ltiinstance->course);
90 $PAGE->set_context($context);
e27cb316 91
996b0fd9 92 lti_verify_sourcedid($ltiinstance, $parsed);
e27cb316 93
b9b2e7bb 94 $grade = lti_read_grade($ltiinstance, $parsed->userid);
e27cb316 95
b9b2e7bb
CS
96 $responsexml = lti_get_response_xml(
97 isset($grade) ? 'success' : 'error',
98 'Result read',
99 $parsed->messageid,
100 'readResultResponse'
101 );
e27cb316 102
b9b2e7bb 103 $node = $responsexml->imsx_POXBody->readResultResponse;
ea04a9f9 104 $node->addChild('result')->addChild('resultScore')->addChild('textString', isset($grade) ? $grade : '');
e27cb316 105
b9b2e7bb 106 echo $responsexml->asXML();
e27cb316 107
b9b2e7bb 108 break;
e27cb316 109
b9b2e7bb
CS
110 case 'deleteResultRequest':
111 $parsed = lti_parse_grade_delete_message($xml);
e27cb316 112
b9b2e7bb 113 $ltiinstance = $DB->get_record('lti', array('id' => $parsed->instanceid));
e27cb316 114
996b0fd9 115 lti_verify_sourcedid($ltiinstance, $parsed);
e27cb316 116
b9b2e7bb 117 $gradestatus = lti_delete_grade($ltiinstance, $parsed->userid);
e27cb316 118
b9b2e7bb 119 $responsexml = lti_get_response_xml(
e27cb316
CS
120 $gradestatus ? 'success' : 'error',
121 'Grade delete request',
122 $parsed->messageid,
b9b2e7bb
CS
123 'deleteResultResponse'
124 );
e27cb316 125
b9b2e7bb 126 echo $responsexml->asXML();
e27cb316 127
020eea1b 128 break;
e27cb316 129
020eea1b
CS
130 default:
131 //Fire an event if we get a web service request which we don't support directly.
132 //This will allow others to extend the LTI services, which I expect to be a common
133 //use case, at least until the spec matures.
134 $data = new stdClass();
135 $data->body = $rawbody;
a0ba4ec6 136 $data->xml = $xml;
020eea1b
CS
137 $data->messagetype = $messagetype;
138 $data->consumerkey = $consumerkey;
139 $data->sharedsecret = $sharedsecret;
e27cb316 140
a0ba4ec6
CS
141 //If an event handler handles the web service, it should set this global to true
142 //So this code knows whether to send an "operation not supported" or not.
143 global $lti_web_service_handled;
144 $lti_web_service_handled = false;
e27cb316 145
020eea1b 146 events_trigger('lti_unknown_service_api_call', $data);
e27cb316 147
ea04a9f9 148 if (!$lti_web_service_handled) {
a0ba4ec6 149 $responsexml = lti_get_response_xml(
e27cb316
CS
150 'unsupported',
151 'unsupported',
a0ba4ec6
CS
152 lti_parse_message_id($xml),
153 $messagetype
154 );
155
156 echo $responsexml->asXML();
157 }
e27cb316 158
b9b2e7bb
CS
159 break;
160}
161
162
b69dc429 163//echo print_r(apache_request_headers(), true);
b9b2e7bb 164
b69dc429 165//echo '<br />';
b9b2e7bb 166
61eb12d4 167//echo file_get_contents("php://input");