def initialize_lti_tool_provider(req):
"""
Starts the provider given the consumer_key and secret.
"""
consumer_key = settings.CONSUMER_KEY
secret = settings.LTI_SECRET_DICT[req.POST.get('context_id')]
# use the function from ims_lti_py app to verify and initialize tool
provider = DjangoToolProvider(consumer_key, secret, req.POST)
# NOTE: before validating the request, temporarily remove the
# QUERY_STRING to work around an issue with how Canvas signs requests
# that contain GET parameters. Before Canvas launches the tool, it duplicates the GET
# parameters as POST parameters, and signs the POST parameters (*not* the GET parameters).
# However, the oauth2 library that validates the request generates
# the oauth signature based on the combination of POST+GET parameters together,
# resulting in a signature mismatch. By removing the QUERY_STRING before
# validating the request, the library will generate the signature based only on
# the POST parameters like Canvas.
qs = req.META.pop('QUERY_STRING', '')
# now validate the tool via the valid_request function
# this means that request was well formed but invalid
if provider.valid_request(req) == False:
debug_printer("DEBUG - LTI Exception: Not a valid request.")
raise PermissionDenied()
else:
debug_printer('DEBUG - LTI Tool Provider was valid.')
req.META['QUERY_STRING'] = qs # restore the query string
return provider
def lti(request, gid):
graph = get_object_or_404(Graphs, pk=gid)
if request.method != 'POST' or 'oauth_consumer_key' not in request.POST:
return HttpResponse("Improper LTI request method", status=405)
# confirm oauth credentials with ims_lti tool
tool_provider = DjangoToolProvider(graph.lti_key, graph.lti_secret, request.POST)
try:
if tool_provider.valid_request(request) is False:
raise PermissionDenied()
except:
raise PermissionDenied()
# build username from userid
userid = getattr(tool_provider, "user_id", None)
if userid is None: raise PermissionDenied()
username = "******" % (userid)
# try to get the user
user = authenticate(username=username)
if user is None:
u = User.objects.create_user(username=username)
u.set_unusable_password()
u.save()
user = authenticate(username=username)
# have the user ready to go, login
login(request, user)
# LTI user logged in, forward to map
return HttpResponseRedirect(reverse("maps:display", kwargs={"gid":gid}))
def launch_lti(request):
"""
Receives a request from consumer and authenticates user (or create it)
"""
# print out log if LTI_DEBUG=True in settings
if settings.LTI_DEBUG:
for item in request.POST:
print >> sys.stderr, ('%s: %s \r' % (item, request.POST[item]))
if 'oauth_consumer_key' not in request.POST:
raise PermissionDenied()
consumer_key = settings.CONSUMER_KEY
secret = settings.LTI_SECRET
tool_provider = DjangoToolProvider(consumer_key, secret, request.POST)
try: # attempt to validate request, if fails raises 403 Forbidden
if tool_provider.valid_request(request) == False:
raise PermissionDenied()
except:
print "LTI Exception: Not a valid request."
raise PermissionDenied()
return HttpResponseRedirect(settings.LOGIN_REDIRECT_URL)
def launch_lti(request):
"""
Receives a request from consumer and authenticates user (or create it)
"""
# print out log if LTI_DEBUG=True in settings
if settings.LTI_DEBUG:
for item in request.POST:
print >> sys.stderr, ('%s: %s \r' % (item, request.POST[item]))
if 'oauth_consumer_key' not in request.POST:
raise PermissionDenied()
consumer_key = settings.CONSUMER_KEY
secret = settings.LTI_SECRET
tool_provider = DjangoToolProvider(consumer_key, secret, request.POST)
try: # attempt to validate request, if fails raises 403 Forbidden
if tool_provider.valid_request(request) == False:
raise PermissionDenied()
except:
print "LTI Exception: Not a valid request."
raise PermissionDenied()
return HttpResponseRedirect(settings.LOGIN_REDIRECT_URL)
def lti(request, gid):
graph = get_object_or_404(Graphs, pk=gid)
if request.method != 'POST' or 'oauth_consumer_key' not in request.POST:
return HttpResponse("Improper LTI request method", status=405)
# confirm oauth credentials with ims_lti tool
tool_provider = DjangoToolProvider(graph.lti_key, graph.lti_secret,
request.POST)
try:
if tool_provider.valid_request(request) is False:
raise PermissionDenied()
except:
raise PermissionDenied()
# build username from userid
userid = getattr(tool_provider, "user_id", None)
if userid is None: raise PermissionDenied()
username = "******" % (userid)
# try to get the user
user = authenticate(username=username)
if user is None:
u = User.objects.create_user(username=username)
u.set_unusable_password()
u.save()
user = authenticate(username=username)
# have the user ready to go, login
login(request, user)
# LTI user logged in, forward to map
return HttpResponseRedirect(reverse("maps:display", kwargs={"gid": gid}))
def initialize_lti_tool_provider(req):
"""
Starts the provider given the consumer_key and secret.
"""
# get the consumer key and secret from settings (__init__.py file)
# will be used to compare against request to validate the tool init
consumer_key = settings.CONSUMER_KEY
secret = settings.LTI_SECRET
# use the function from ims_lti_py app to verify and initialize tool
provider = DjangoToolProvider(consumer_key, secret, req.POST)
# now validate the tool via the valid_request function
# this means that request was well formed but invalid
if provider.valid_request(req) == False:
debug_printer("DEBUG - LTI Exception: Not a valid request.")
raise PermissionDenied()
else:
debug_printer("DEBUG - LTI Tool Provider was valid.")
return provider
def initialize_lti_tool_provider(req):
"""
"""
# get the consumer key and secret from settings (__init__.py file)
# will be used to compare against request to validate the tool init
consumer_key = settings.CONSUMER_KEY
secret = settings.LTI_SECRET
# use the function from ims_lti_py app to verify and initialize tool
provider = DjangoToolProvider(consumer_key, secret, req.POST)
# now validate the tool via the valid_request function
try:
# this means that request was well formed but invalid
if provider.valid_request(req) == False:
debug_printer("DEBUG - LTI Exception: Not a valid request.")
raise PermissionDenied()
else:
debug_printer('DEBUG - LTI Tool Provider was valid.')
except:
raise PermissionDenied()
return provider
def _get_lti_parameters_from_request(cls, request):
provider = DjangoToolProvider(settings.LTI_CLIENT_KEY,
settings.LTI_CLIENT_SECRET, request.POST)
provider.valid_request(request)
return provider.to_params()
def launch_lti(request):
""" Receives a request from the lti consumer and creates/authenticates user in django """
""" See post items in log by setting LTI_DEBUG=True in settings """
if settings.LTI_DEBUG:
for item in request.POST:
print ('%s: %s \r' % (item, request.POST[item]))
if 'oauth_consumer_key' not in request.POST:
logging.error('oauth_consumer_key missing from request')
raise PermissionDenied()
""" key/secret from settings """
consumer_key = settings.CONSUMER_KEY
secret = settings.LTI_SECRET
tool_provider = DjangoToolProvider(consumer_key, secret, request.POST)
""" Decode parameters - UOC LTI uses a custom param to indicate the encoding: utf-8, iso-latin, base64 """
encoding = None
utf8 = get_lti_value('custom_lti_message_encoded_utf8', tool_provider)
iso = get_lti_value('custom_lti_message_encoded_iso', tool_provider)
b64 = get_lti_value('custom_lti_message_encoded_base64', tool_provider)
if iso and int(iso) == 1: encoding = 'iso'
if utf8 and int(utf8) == 1: encoding = 'utf8'
if b64 and int(b64) == 1: encoding = 'base64'
try: # attempt to validate request, if fails raises 403 Forbidden
tool_provider.valid_request(request)
except:
logging.error('Invalid LTI request')
print "LTI Exception: Not a valid request."
raise PermissionDenied()
email = get_lti_value(settings.LTI_EMAIL, tool_provider, encoding=encoding)
roles = get_lti_value(settings.LTI_ROLES, tool_provider, encoding=encoding)
#user_id = get_lti_value('user_id', tool_provider, encoding=encoding)
lms_context= get_lti_value('context_id', tool_provider, encoding=encoding)
course_name = get_lti_value('context_title', tool_provider, encoding=encoding)
assignment = get_lti_value('resource_link_title', tool_provider, encoding=encoding)
outcome_url = get_lti_value(settings.LTI_OUTCOME, tool_provider, encoding=encoding)
if not email:
if settings.LTI_DEBUG: print "Email wasn't found in post"
raise PermissionDenied()
""" GET OR CREATE NEW USER """
lti_username = email #create username with email and user_id
try:
""" Check if user already exists using email, if not create new """
user = User.objects.get(username=lti_username)
except User.DoesNotExist:
""" first time entry, create new user """
user = User.objects.create_user(lti_username, email)
user.set_unusable_password()
user.save()
except User.MultipleObjectsReturned:
logging.error("Multiple user objects returned on LTI login")
return HttpResponse("Error with database")
#If person has an instructor role, let's make he/she an admin
if 'Instructor' in roles and user.is_superuser == False:
user.is_superuser = True
user.is_staff = True
user.save()
""" Log in user and redirect to LOGIN_REDIRECT_URL defined in settings (default: accounts/profile) """
user.backend = 'django.contrib.auth.backends.ModelBackend'
login(request, user)
request.session['course_name'] = course_name
request.session['assignment_name'] = assignment
request.session['lms_context'] = lms_context
request.session['outcome_url'] = outcome_url
request.session['return_url'] = request.META['HTTP_REFERER']
return HttpResponseRedirect('/grader/code/')
def _get_lti_parameters_from_request(cls, request):
provider = DjangoToolProvider(settings.LTI_CLIENT_KEY, settings.LTI_CLIENT_SECRET, request.POST)
provider.valid_request(request)
return provider.to_params()
def launch_lti(request):
""" Receives a request from the lti consumer and creates/authenticates user in django """
""" See post items in log by setting LTI_DEBUG=True in settings """
if settings.LTI_DEBUG:
for item in request.POST:
print ('%s: %s \r' % (item, request.POST[item]))
if 'oauth_consumer_key' not in request.POST:
raise PermissionDenied()
""" key/secret from settings """
consumer_key = settings.CONSUMER_KEY
secret = settings.LTI_SECRET
tool_provider = DjangoToolProvider(consumer_key, secret, request.POST)
print "ROLES: %s " % tool_provider.roles
try: # attempt to validate request, if fails raises 403 Forbidden
if tool_provider.valid_request(request) == False:
raise PermissionDenied()
except:
raise PermissionDenied()
""" RETRIEVE username, names, email and roles. These may be specific to the consumer,
in order to change them from the default values: see README.txt """
first_name = get_lti_value(settings.LTI_FIRST_NAME, tool_provider)
last_name = get_lti_value(settings.LTI_LAST_NAME, tool_provider)
email = get_lti_value(settings.LTI_EMAIL, tool_provider)
# avatar = tool_provider.custom_params['custom_photo']
roles = get_lti_value(settings.LTI_ROLES, tool_provider)
user_id = get_lti_value('user_id', tool_provider)
if not email or not user_id:
print "Email and/or user_id wasn't found in post, return Permission Denied"
raise PermissionDenied()
""" CHECK IF USER'S ROLES ALLOW ENTRY, IF RESTRICTION SET BY VELVET_ROLES SETTING """
if settings.VELVET_ROLES:
""" Roles allowed for entry into the application. If these are not set in settings then we allow all roles to enter """
if not roles:
""" if roles is None, then setting for LTI_ROLES may be wrong, return 403 for user and print error to log """
print "VELVET_ROLES is set but the roles for the user were not found. Check that the setting for LTI_ROLES is correct."
raise PermissionDenied()
if not isinstance(roles, list): roles = (roles,) # In the case we are using a custom field for roles, may be a string and needs to be converted to a list
is_role_allowed = [m for velvet_role in settings.VELVET_ROLES for m in roles if velvet_role.lower()==m.lower()]
if not is_role_allowed:
print "User does not have accepted role for entry, roles: %s" % roles
raise PermissionDenied()
""" GET OR CREATE NEW USER AND LTI_PROFILE """
lti_username = '******' % (request.POST['oauth_consumer_key'], user_id) #create username with consumer_key and user_id
try:
""" Check if user already exists using email, if not create new """
user = User.objects.get(email=email)
if user.username != lti_username:
""" If the username is not in the format user_id, change it and save. This could happen
if there was a previously populated User table. """
user.username = lti_username
user.save()
except User.DoesNotExist:
""" first time entry, create new user """
user = User.objects.create_user(lti_username, email)
user.set_unusable_password()
if first_name: user.first_name = first_name
if last_name: user.last_name = last_name
user.save()
except User.MultipleObjectsReturned:
""" If the application is not requiring unique emails, multiple users may be returned if there was an existing
User table before implementing this app with multiple users for the same email address. Could add code to merge them, but for now we return 404 if
the user with the lti_username does not exist """
user = get_object_or_404(User, username=lti_username)
""" CHECK IF ANY OF USER'S ROLES ARE IN THE VELVET_ADMIN_ROLES SETTING, IF SO MAKE SUPERUSER IF IS NOT ALREADY """
if not user.is_superuser and settings.VELVET_ADMIN_ROLES:
if [m for l in settings.VELVET_ADMIN_ROLES for m in roles if l.lower() in m.lower()]:
user.is_superuser = True
user.is_staff = True
user.save()
""" Save extra info to custom profile model (add/remove fields in models.py)"""
lti_userprofile = user.get_profile()
lti_userprofile.roles = roles
# lti_userprofile.avatar = avatar #TO BE ADDED: function to grab user profile image if exists
lti_userprofile.save()
""" Log in user and redirect to LOGIN_REDIRECT_URL defined in settings (default: accounts/profile) """
user.backend = 'django.contrib.auth.backends.ModelBackend'
login(request, user)
return HttpResponseRedirect(settings.LOGIN_REDIRECT_URL)
def launch_lti(request):
""" Receives a request from the lti consumer and creates/authenticates user in django """
""" See post items in log by setting LTI_DEBUG=True in settings """
if settings.LTI_DEBUG:
for item in request.POST:
print('%s: %s \r' % (item, request.POST[item]))
if 'oauth_consumer_key' not in request.POST:
raise PermissionDenied()
""" key/secret from settings """
consumer_key = settings.CONSUMER_KEY
secret = settings.LTI_SECRET
tool_provider = DjangoToolProvider(consumer_key, secret, request.POST)
""" Decode parameters - UOC LTI uses a custom param to indicate the encoding: utf-8, iso-latin, base64 """
encoding = None
utf8 = get_lti_value('custom_lti_message_encoded_utf8', tool_provider)
iso = get_lti_value('custom_lti_message_encoded_iso', tool_provider)
b64 = get_lti_value('custom_lti_message_encoded_base64', tool_provider)
if iso and int(iso) == 1: encoding = 'iso'
if utf8 and int(utf8) == 1: encoding = 'utf8'
if b64 and int(b64) == 1: encoding = 'base64'
try: # attempt to validate request, if fails raises 403 Forbidden
if tool_provider.valid_request(request) == False:
raise PermissionDenied()
except:
print "LTI Exception: Not a valid request."
raise PermissionDenied()
""" RETRIEVE username, names, email and roles. These may be specific to the consumer,
in order to change them from the default values: see README.txt """
first_name = get_lti_value(settings.LTI_FIRST_NAME,
tool_provider,
encoding=encoding)
last_name = get_lti_value(settings.LTI_LAST_NAME,
tool_provider,
encoding=encoding)
email = get_lti_value(settings.LTI_EMAIL, tool_provider, encoding=encoding)
# avatar = tool_provider.custom_params['custom_photo']
roles = get_lti_value(settings.LTI_ROLES, tool_provider, encoding=encoding)
# uoc_roles = get_lti_value(settings.LTI_CUSTOM_UOC_ROLES, tool_provider, encoding=encoding)
user_id = get_lti_value('user_id', tool_provider, encoding=encoding)
test = get_lti_value('context_title', tool_provider, encoding=encoding)
if not email or not user_id:
if settings.LTI_DEBUG:
print "Email and/or user_id wasn't found in post, return Permission Denied"
raise PermissionDenied()
""" CHECK IF USER'S ROLES ALLOW ENTRY, IF RESTRICTION SET BY VELVET_ROLES SETTING """
if settings.VELVET_ROLES:
""" Roles allowed for entry into the application. If these are not set in settings then we allow all roles to enter """
if not roles and not uoc_roles:
""" if roles is None, then setting for LTI_ROLES may be wrong, return 403 for user and print error to log """
if settings.LTI_DEBUG:
print "VELVET_ROLES is set but the roles for the user were not found. Check that the setting for LTI_ROLES is correct."
raise PermissionDenied()
all_user_roles = []
if roles:
if not isinstance(roles, list): roles = (roles, )
all_user_roles += roles
if uoc_roles:
if not isinstance(uoc_roles, list): uoc_roles = (uoc_roles, )
all_user_roles += uoc_roles
is_role_allowed = [
m for velvet_role in settings.VELVET_ROLES for m in all_user_roles
if velvet_role.lower() == m.lower()
]
if not is_role_allowed:
if settings.LTI_DEBUG:
print "User does not have accepted role for entry, roles: %s" % roles
ctx = {
'roles': roles,
'first_name': first_name,
'last_name': last_name,
'email': email,
'user_id': user_id
}
return render_to_response('lti_role_denied.html',
ctx,
context_instance=RequestContext(request))
else:
if settings.LTI_DEBUG:
print "User has accepted role for entry, roles: %s" % roles
""" GET OR CREATE NEW USER AND LTI_PROFILE """
lti_username = request.POST['lis_person_sourcedid']
try:
""" Check if user already exists using email, if not create new """
user = User.objects.get(email=email)
if user.username != lti_username:
""" If the username is not in the format user_id, change it and save. This could happen
if there was a previously populated User table. """
user.username = lti_username
user.save()
except User.DoesNotExist:
""" first time entry, create new user """
user = User.objects.create_user(lti_username, email)
user.set_unusable_password()
if first_name: user.first_name = first_name
if last_name: user.last_name = last_name
user.save()
except User.MultipleObjectsReturned:
""" If the application is not requiring unique emails, multiple users may be returned if there was an existing
User table before implementing this app with multiple users for the same email address. Could add code to merge them, but for now we return 404 if
the user with the lti_username does not exist """
user = get_object_or_404(User, username=lti_username)
""" CHECK IF ANY OF USER'S ROLES ARE IN THE VELVET_ADMIN_ROLES SETTING, IF SO MAKE SUPERUSER IF IS NOT ALREADY """
if not user.is_superuser and settings.VELVET_ADMIN_ROLES:
if [
m for l in settings.VELVET_ADMIN_ROLES for m in roles
if l.lower() in m.lower()
]:
user.is_superuser = True
user.is_staff = True
user.save()
all_user_roles = []
""" Save extra info to custom profile model (add/remove fields in models.py)"""
lti_userprofile = get_object_or_404(LTIProfile, user=user)
lti_userprofile.roles = (",").join(all_user_roles)
# lti_userprofile.avatar = avatar #TO BE ADDED: function to grab user profile image if exists
lti_userprofile.save()
""" Log in user and redirect to LOGIN_REDIRECT_URL defined in settings (default: accounts/profile) """
user.backend = 'django.contrib.auth.backends.ModelBackend'
login(request, user)
return HttpResponseRedirect(settings.LOGIN_REDIRECT_URL)
def launch_lti(request):
""" Receives a request from the lti consumer and creates/authenticates user in django """
""" See post items in log by setting LTI_DEBUG=True in settings """
if settings.LTI_DEBUG:
for item in request.POST:
print('%s: %s \r' % (item, request.POST[item]))
if 'oauth_consumer_key' not in request.POST:
logging.error('oauth_consumer_key missing from request')
raise PermissionDenied()
""" key/secret from settings """
consumer_key = settings.CONSUMER_KEY
secret = settings.LTI_SECRET
tool_provider = DjangoToolProvider(consumer_key, secret, request.POST)
""" Decode parameters - UOC LTI uses a custom param to indicate the encoding: utf-8, iso-latin, base64 """
encoding = None
utf8 = get_lti_value('custom_lti_message_encoded_utf8', tool_provider)
iso = get_lti_value('custom_lti_message_encoded_iso', tool_provider)
b64 = get_lti_value('custom_lti_message_encoded_base64', tool_provider)
if iso and int(iso) == 1: encoding = 'iso'
if utf8 and int(utf8) == 1: encoding = 'utf8'
if b64 and int(b64) == 1: encoding = 'base64'
try: # attempt to validate request, if fails raises 403 Forbidden
tool_provider.valid_request(request)
except:
logging.error('Invalid LTI request')
print "LTI Exception: Not a valid request."
raise PermissionDenied()
email = get_lti_value(settings.LTI_EMAIL, tool_provider, encoding=encoding)
roles = get_lti_value(settings.LTI_ROLES, tool_provider, encoding=encoding)
#user_id = get_lti_value('user_id', tool_provider, encoding=encoding)
lms_context = get_lti_value('context_id', tool_provider, encoding=encoding)
course_name = get_lti_value('context_title',
tool_provider,
encoding=encoding)
assignment = get_lti_value('resource_link_title',
tool_provider,
encoding=encoding)
outcome_url = get_lti_value(settings.LTI_OUTCOME,
tool_provider,
encoding=encoding)
if not email:
if settings.LTI_DEBUG: print "Email wasn't found in post"
raise PermissionDenied()
""" GET OR CREATE NEW USER """
lti_username = email #create username with email and user_id
try:
""" Check if user already exists using email, if not create new """
user = User.objects.get(username=lti_username)
except User.DoesNotExist:
""" first time entry, create new user """
user = User.objects.create_user(lti_username, email)
user.set_unusable_password()
user.save()
except User.MultipleObjectsReturned:
logging.error("Multiple user objects returned on LTI login")
return HttpResponse("Error with database")
#If person has an instructor role, let's make he/she an admin
if 'Instructor' in roles and user.is_superuser == False:
user.is_superuser = True
user.is_staff = True
user.save()
""" Log in user and redirect to LOGIN_REDIRECT_URL defined in settings (default: accounts/profile) """
user.backend = 'django.contrib.auth.backends.ModelBackend'
login(request, user)
request.session['course_name'] = course_name
request.session['assignment_name'] = assignment
request.session['lms_context'] = lms_context
request.session['outcome_url'] = outcome_url
request.session['return_url'] = request.META['HTTP_REFERER']
return HttpResponseRedirect('/grader/code/')
def launch_lti(request):
"""Process launch (start cprs) request from a leaning management system.
This was modified from the original source.
The method extracts the user's details such as name, ID, email, course
and role (e.g., teacher, student) from the request and checks whether the
user has permission to enter the system (see Raises section for details).
If the user has permission, then the corresponding CPRS user is retrieved
or created. The user's enrolments in the CPRS are updated with the course
information in the request. The user is then redirected to his/her home page
in the CPRS.
Arguments:
request (HttpRequest) -- the Http request sent by the LMS.
Returns:
HttpResponseRedirect which redirects the user to their home page
in the CPRS if they have permission to access the system, or an error page
if their role is not allowed.
Raises:
PermissionDenied -- if the user does not have permission to access the system.
this happens if:
- the request does not contain an email or user id
- the role sent in the request is None
- the authentication key is missing
- the request is not valid.
"""
print "LAUNCH LTI HAS BEEN CALLED!!!"
""" Receives a request from the lti consumer and creates/authenticates user in django """
""" See post items in log by setting LTI_DEBUG=True in settings """
if settings.LTI_DEBUG:
for item in request.POST:
print ('%s: %s \r' % (item, request.POST[item]))
if 'oauth_consumer_key' not in request.POST:
raise PermissionDenied()
""" key/secret from settings """
consumer_key = settings.CONSUMER_KEY
secret = settings.LTI_SECRET
tool_provider = DjangoToolProvider(consumer_key, secret, request.POST)
""" Decode parameters - UOC LTI uses a custom param to indicate the encoding: utf-8, iso-latin, base64 """
encoding = None
utf8 = get_lti_value('custom_lti_message_encoded_utf8', tool_provider)
iso = get_lti_value('custom_lti_message_encoded_iso', tool_provider)
b64 = get_lti_value('custom_lti_message_encoded_base64', tool_provider)
if iso and int(iso) == 1: encoding = 'iso'
if utf8 and int(utf8) == 1: encoding = 'utf8'
if b64 and int(b64) == 1: encoding = 'base64'
try: # attempt to validate request, if fails raises 403 Forbidden
if tool_provider.valid_request(request) == False:
raise PermissionDenied()
except:
print "LTI Exception: Not a valid request."
raise PermissionDenied()
""" RETRIEVE username, names, email and roles. These may be specific to the consumer,
in order to change them from the default values: see README.txt """
# username = get_lti_value('username', tool_provider, encoding=encoding)
# username = username().lower()
first_name = get_lti_value(settings.LTI_FIRST_NAME, tool_provider, encoding=encoding)
last_name = get_lti_value(settings.LTI_LAST_NAME, tool_provider, encoding=encoding)
email = get_lti_value(settings.LTI_EMAIL, tool_provider, encoding=encoding)
course = request.POST['context_label']
print course
# for s in dir(settings):
# print s, ':', getattr(settings, s)
# avatar = tool_provider.custom_params['custom_photo']
roles = get_lti_value(settings.LTI_ROLES, tool_provider, encoding=encoding)
print roles[0]
# uoc_roles = get_lti_value(settings.LTI_CUSTOM_UOC_ROLES, tool_provider, encoding=encoding)
user_id = get_lti_value('user_id', tool_provider, encoding=encoding)
test = get_lti_value('context_title', tool_provider, encoding=encoding)
if not email or not user_id:
if settings.LTI_DEBUG: print "Email and/or user_id wasn't found in post, return Permission Denied"
raise PermissionDenied()
""" CHECK IF USER'S ROLES ALLOW ENTRY, IF RESTRICTION SET BY VELVET_ROLES SETTING """
if settings.VELVET_ROLES:
""" Roles allowed for entry into the application. If these are not set in settings then we allow all roles to enter """
if not roles and not uoc_roles:
""" if roles is None, then setting for LTI_ROLES may be wrong, return 403 for user and print error to log """
if settings.LTI_DEBUG: print "VELVET_ROLES is set but the roles for the user were not found. Check that the setting for LTI_ROLES is correct."
raise PermissionDenied()
all_user_roles = []
if roles:
if not isinstance(roles, list): roles = (roles,)
all_user_roles += roles
if uoc_roles:
if not isinstance(uoc_roles, list): uoc_roles = (uoc_roles,)
all_user_roles += uoc_roles
is_role_allowed = [m for velvet_role in settings.VELVET_ROLES for m in all_user_roles if velvet_role.lower()==m.lower()]
if not is_role_allowed:
if settings.LTI_DEBUG: print "User does not have accepted role for entry, roles: %s" % roles
ctx = {'roles':roles, 'first_name':first_name, 'last_name':last_name, 'email':email, 'user_id':user_id}
return render_to_response('lti_role_denied.html', ctx, context_instance=RequestContext(request))
else:
if settings.LTI_DEBUG: print "User has accepted role for entry, roles: %s" % roles
""" GET OR CREATE NEW USER AND LTI_PROFILE """
lti_username = '******' % (request.POST['oauth_consumer_key'], user_id) #create username with consumer_key and user_id
try:
""" Check if user already exists using email, if not create new """
user = User.objects.get(email=email)
if user.username != lti_username:
""" If the username is not in the format user_id, change it and save. This could happen
if there was a previously populated User table. """
user.username = lti_username
user.save()
try:
print "adding course"
print('course is ' + course)
print(type(course))
c = Course.objects.get(course_code=course)
if c not in user.reviewuser.courses.all():
user.reviewuser.courses.add(c)
user.save()
except Course.DoesNotExist:
# Make course and enrol user in it.
c = Course.objects.create(course_code=course)
user.reviewuser.courses.add(c)
user.save()
print("New course created in CPRS")
""" Detect if incoming user is a Instructor """
if roles[0].__eq__("Instructor"):
# user.isStaff = True
user.is_staff = True
c = Course.objects.get(course_code=course)
createTutor(user.reviewuser, c)
user.save()
print "User is Staff Member"
else:
# user.reviewuser.isStaff = False
user.is_staff = False
user.save()
print "User is Student"
except User.DoesNotExist:
""" first time entry, create new user """
print lti_username, email
# user = User.objects.create_user(newusername, email)
user = User.objects.create_user(lti_username, email)
p = first_name + last_name
print p
user.set_password(p)
# user.set_unusable_password()
if first_name: user.first_name = first_name
if last_name: user.last_name = last_name
user.save()
ru = ReviewUser.objects.create(djangoUser=user)
try:
print "adding course"
c = Course.objects.get(course_code=course)
ru.courses.add(c)
ru.save()
except Course.DoesNotExist:
# Make course and enrol user in it.
c = Course.objects.create(course_code=course)
ru.courses.add(c)
ru.save()
print "New course created in CPRS"
""" Detect if incoming user is a Instructor """
if roles[0].__eq__("Instructor"):
# user.reviewuser.isStaff = True
user.is_staff = True
c = Course.objects.get(course_code=course)
createTutor(user.reviewuser, c)
user.save()
print "User is Staff Member"
else:
# user.reviewuser.isStaff = False
user.is_staff = False
user.save()
print "User is Student"
except User.MultipleObjectsReturned:
""" If the application is not requiring unique emails, multiple users may be returned if there was an existing
User table before implementing this app with multiple users for the same email address. Could add code to merge them, but for now we return 404 if
the user with the lti_username does not exist """
user = get_object_or_404(User, username=lti_username)
""" CHECK IF ANY OF USER'S ROLES ARE IN THE VELVET_ADMIN_ROLES SETTING, IF SO MAKE SUPERUSER IF IS NOT ALREADY """
if not user.is_superuser and settings.VELVET_ADMIN_ROLES:
if [m for l in settings.VELVET_ADMIN_ROLES for m in roles if l.lower() in m.lower()]:
user.is_superuser = True
user.is_staff = True
user.save()
""" Save extra info to custom profile model (add/remove fields in models.py)"""
print "lti_userprofile"
# lti_userpro = LTIProfile.objects.create(user=user)
# lti_userpro.save()
# lti_userprofile = LTIProfile.objects.get_or_create(user=user)
# lti_userprofile.roles = (",").join(all_user_roles)
# lti_userprofile.avatar = avatar #TO BE ADDED: function to grab user profile image if exists
# lti_userprofile.save()
""" Log in user and redirect to LOGIN_REDIRECT_URL defined in settings (default: accounts/profile) """
user.backend = 'django.contrib.auth.backends.ModelBackend'
login(request, user)
# return HttpResponseRedirect(settings.LOGIN_REDIRECT_URL)
return HttpResponseRedirect('/review/')
