def initialize_lti_tool_provider(req): """ Starts the provider given the consumer_key and secret. """ consumer_key = settings.CONSUMER_KEY secret = settings.LTI_SECRET_DICT[req.POST.get('context_id')] # use the function from ims_lti_py app to verify and initialize tool provider = DjangoToolProvider(consumer_key, secret, req.POST) # NOTE: before validating the request, temporarily remove the # QUERY_STRING to work around an issue with how Canvas signs requests # that contain GET parameters. Before Canvas launches the tool, it duplicates the GET # parameters as POST parameters, and signs the POST parameters (*not* the GET parameters). # However, the oauth2 library that validates the request generates # the oauth signature based on the combination of POST+GET parameters together, # resulting in a signature mismatch. By removing the QUERY_STRING before # validating the request, the library will generate the signature based only on # the POST parameters like Canvas. qs = req.META.pop('QUERY_STRING', '') # now validate the tool via the valid_request function # this means that request was well formed but invalid if provider.valid_request(req) == False: debug_printer("DEBUG - LTI Exception: Not a valid request.") raise PermissionDenied() else: debug_printer('DEBUG - LTI Tool Provider was valid.') req.META['QUERY_STRING'] = qs # restore the query string return provider
def lti(request, gid): graph = get_object_or_404(Graphs, pk=gid) if request.method != 'POST' or 'oauth_consumer_key' not in request.POST: return HttpResponse("Improper LTI request method", status=405) # confirm oauth credentials with ims_lti tool tool_provider = DjangoToolProvider(graph.lti_key, graph.lti_secret, request.POST) try: if tool_provider.valid_request(request) is False: raise PermissionDenied() except: raise PermissionDenied() # build username from userid userid = getattr(tool_provider, "user_id", None) if userid is None: raise PermissionDenied() username = "******" % (userid) # try to get the user user = authenticate(username=username) if user is None: u = User.objects.create_user(username=username) u.set_unusable_password() u.save() user = authenticate(username=username) # have the user ready to go, login login(request, user) # LTI user logged in, forward to map return HttpResponseRedirect(reverse("maps:display", kwargs={"gid":gid}))
def launch_lti(request): """ Receives a request from consumer and authenticates user (or create it) """ # print out log if LTI_DEBUG=True in settings if settings.LTI_DEBUG: for item in request.POST: print >> sys.stderr, ('%s: %s \r' % (item, request.POST[item])) if 'oauth_consumer_key' not in request.POST: raise PermissionDenied() consumer_key = settings.CONSUMER_KEY secret = settings.LTI_SECRET tool_provider = DjangoToolProvider(consumer_key, secret, request.POST) try: # attempt to validate request, if fails raises 403 Forbidden if tool_provider.valid_request(request) == False: raise PermissionDenied() except: print "LTI Exception: Not a valid request." raise PermissionDenied() return HttpResponseRedirect(settings.LOGIN_REDIRECT_URL)
def launch_lti(request): """ Receives a request from consumer and authenticates user (or create it) """ # print out log if LTI_DEBUG=True in settings if settings.LTI_DEBUG: for item in request.POST: print >> sys.stderr, ('%s: %s \r' % (item, request.POST[item])) if 'oauth_consumer_key' not in request.POST: raise PermissionDenied() consumer_key = settings.CONSUMER_KEY secret = settings.LTI_SECRET tool_provider = DjangoToolProvider(consumer_key, secret, request.POST) try: # attempt to validate request, if fails raises 403 Forbidden if tool_provider.valid_request(request) == False: raise PermissionDenied() except: print "LTI Exception: Not a valid request." raise PermissionDenied() return HttpResponseRedirect(settings.LOGIN_REDIRECT_URL)
def lti(request, gid): graph = get_object_or_404(Graphs, pk=gid) if request.method != 'POST' or 'oauth_consumer_key' not in request.POST: return HttpResponse("Improper LTI request method", status=405) # confirm oauth credentials with ims_lti tool tool_provider = DjangoToolProvider(graph.lti_key, graph.lti_secret, request.POST) try: if tool_provider.valid_request(request) is False: raise PermissionDenied() except: raise PermissionDenied() # build username from userid userid = getattr(tool_provider, "user_id", None) if userid is None: raise PermissionDenied() username = "******" % (userid) # try to get the user user = authenticate(username=username) if user is None: u = User.objects.create_user(username=username) u.set_unusable_password() u.save() user = authenticate(username=username) # have the user ready to go, login login(request, user) # LTI user logged in, forward to map return HttpResponseRedirect(reverse("maps:display", kwargs={"gid": gid}))
def initialize_lti_tool_provider(req): """ Starts the provider given the consumer_key and secret. """ # get the consumer key and secret from settings (__init__.py file) # will be used to compare against request to validate the tool init consumer_key = settings.CONSUMER_KEY secret = settings.LTI_SECRET # use the function from ims_lti_py app to verify and initialize tool provider = DjangoToolProvider(consumer_key, secret, req.POST) # now validate the tool via the valid_request function # this means that request was well formed but invalid if provider.valid_request(req) == False: debug_printer("DEBUG - LTI Exception: Not a valid request.") raise PermissionDenied() else: debug_printer("DEBUG - LTI Tool Provider was valid.") return provider
def initialize_lti_tool_provider(req): """ """ # get the consumer key and secret from settings (__init__.py file) # will be used to compare against request to validate the tool init consumer_key = settings.CONSUMER_KEY secret = settings.LTI_SECRET # use the function from ims_lti_py app to verify and initialize tool provider = DjangoToolProvider(consumer_key, secret, req.POST) # now validate the tool via the valid_request function try: # this means that request was well formed but invalid if provider.valid_request(req) == False: debug_printer("DEBUG - LTI Exception: Not a valid request.") raise PermissionDenied() else: debug_printer('DEBUG - LTI Tool Provider was valid.') except: raise PermissionDenied() return provider
def _get_lti_parameters_from_request(cls, request): provider = DjangoToolProvider(settings.LTI_CLIENT_KEY, settings.LTI_CLIENT_SECRET, request.POST) provider.valid_request(request) return provider.to_params()
def launch_lti(request): """ Receives a request from the lti consumer and creates/authenticates user in django """ """ See post items in log by setting LTI_DEBUG=True in settings """ if settings.LTI_DEBUG: for item in request.POST: print ('%s: %s \r' % (item, request.POST[item])) if 'oauth_consumer_key' not in request.POST: logging.error('oauth_consumer_key missing from request') raise PermissionDenied() """ key/secret from settings """ consumer_key = settings.CONSUMER_KEY secret = settings.LTI_SECRET tool_provider = DjangoToolProvider(consumer_key, secret, request.POST) """ Decode parameters - UOC LTI uses a custom param to indicate the encoding: utf-8, iso-latin, base64 """ encoding = None utf8 = get_lti_value('custom_lti_message_encoded_utf8', tool_provider) iso = get_lti_value('custom_lti_message_encoded_iso', tool_provider) b64 = get_lti_value('custom_lti_message_encoded_base64', tool_provider) if iso and int(iso) == 1: encoding = 'iso' if utf8 and int(utf8) == 1: encoding = 'utf8' if b64 and int(b64) == 1: encoding = 'base64' try: # attempt to validate request, if fails raises 403 Forbidden tool_provider.valid_request(request) except: logging.error('Invalid LTI request') print "LTI Exception: Not a valid request." raise PermissionDenied() email = get_lti_value(settings.LTI_EMAIL, tool_provider, encoding=encoding) roles = get_lti_value(settings.LTI_ROLES, tool_provider, encoding=encoding) #user_id = get_lti_value('user_id', tool_provider, encoding=encoding) lms_context= get_lti_value('context_id', tool_provider, encoding=encoding) course_name = get_lti_value('context_title', tool_provider, encoding=encoding) assignment = get_lti_value('resource_link_title', tool_provider, encoding=encoding) outcome_url = get_lti_value(settings.LTI_OUTCOME, tool_provider, encoding=encoding) if not email: if settings.LTI_DEBUG: print "Email wasn't found in post" raise PermissionDenied() """ GET OR CREATE NEW USER """ lti_username = email #create username with email and user_id try: """ Check if user already exists using email, if not create new """ user = User.objects.get(username=lti_username) except User.DoesNotExist: """ first time entry, create new user """ user = User.objects.create_user(lti_username, email) user.set_unusable_password() user.save() except User.MultipleObjectsReturned: logging.error("Multiple user objects returned on LTI login") return HttpResponse("Error with database") #If person has an instructor role, let's make he/she an admin if 'Instructor' in roles and user.is_superuser == False: user.is_superuser = True user.is_staff = True user.save() """ Log in user and redirect to LOGIN_REDIRECT_URL defined in settings (default: accounts/profile) """ user.backend = 'django.contrib.auth.backends.ModelBackend' login(request, user) request.session['course_name'] = course_name request.session['assignment_name'] = assignment request.session['lms_context'] = lms_context request.session['outcome_url'] = outcome_url request.session['return_url'] = request.META['HTTP_REFERER'] return HttpResponseRedirect('/grader/code/')
def _get_lti_parameters_from_request(cls, request): provider = DjangoToolProvider(settings.LTI_CLIENT_KEY, settings.LTI_CLIENT_SECRET, request.POST) provider.valid_request(request) return provider.to_params()
def launch_lti(request): """ Receives a request from the lti consumer and creates/authenticates user in django """ """ See post items in log by setting LTI_DEBUG=True in settings """ if settings.LTI_DEBUG: for item in request.POST: print ('%s: %s \r' % (item, request.POST[item])) if 'oauth_consumer_key' not in request.POST: raise PermissionDenied() """ key/secret from settings """ consumer_key = settings.CONSUMER_KEY secret = settings.LTI_SECRET tool_provider = DjangoToolProvider(consumer_key, secret, request.POST) print "ROLES: %s " % tool_provider.roles try: # attempt to validate request, if fails raises 403 Forbidden if tool_provider.valid_request(request) == False: raise PermissionDenied() except: raise PermissionDenied() """ RETRIEVE username, names, email and roles. These may be specific to the consumer, in order to change them from the default values: see README.txt """ first_name = get_lti_value(settings.LTI_FIRST_NAME, tool_provider) last_name = get_lti_value(settings.LTI_LAST_NAME, tool_provider) email = get_lti_value(settings.LTI_EMAIL, tool_provider) # avatar = tool_provider.custom_params['custom_photo'] roles = get_lti_value(settings.LTI_ROLES, tool_provider) user_id = get_lti_value('user_id', tool_provider) if not email or not user_id: print "Email and/or user_id wasn't found in post, return Permission Denied" raise PermissionDenied() """ CHECK IF USER'S ROLES ALLOW ENTRY, IF RESTRICTION SET BY VELVET_ROLES SETTING """ if settings.VELVET_ROLES: """ Roles allowed for entry into the application. If these are not set in settings then we allow all roles to enter """ if not roles: """ if roles is None, then setting for LTI_ROLES may be wrong, return 403 for user and print error to log """ print "VELVET_ROLES is set but the roles for the user were not found. Check that the setting for LTI_ROLES is correct." raise PermissionDenied() if not isinstance(roles, list): roles = (roles,) # In the case we are using a custom field for roles, may be a string and needs to be converted to a list is_role_allowed = [m for velvet_role in settings.VELVET_ROLES for m in roles if velvet_role.lower()==m.lower()] if not is_role_allowed: print "User does not have accepted role for entry, roles: %s" % roles raise PermissionDenied() """ GET OR CREATE NEW USER AND LTI_PROFILE """ lti_username = '******' % (request.POST['oauth_consumer_key'], user_id) #create username with consumer_key and user_id try: """ Check if user already exists using email, if not create new """ user = User.objects.get(email=email) if user.username != lti_username: """ If the username is not in the format user_id, change it and save. This could happen if there was a previously populated User table. """ user.username = lti_username user.save() except User.DoesNotExist: """ first time entry, create new user """ user = User.objects.create_user(lti_username, email) user.set_unusable_password() if first_name: user.first_name = first_name if last_name: user.last_name = last_name user.save() except User.MultipleObjectsReturned: """ If the application is not requiring unique emails, multiple users may be returned if there was an existing User table before implementing this app with multiple users for the same email address. Could add code to merge them, but for now we return 404 if the user with the lti_username does not exist """ user = get_object_or_404(User, username=lti_username) """ CHECK IF ANY OF USER'S ROLES ARE IN THE VELVET_ADMIN_ROLES SETTING, IF SO MAKE SUPERUSER IF IS NOT ALREADY """ if not user.is_superuser and settings.VELVET_ADMIN_ROLES: if [m for l in settings.VELVET_ADMIN_ROLES for m in roles if l.lower() in m.lower()]: user.is_superuser = True user.is_staff = True user.save() """ Save extra info to custom profile model (add/remove fields in models.py)""" lti_userprofile = user.get_profile() lti_userprofile.roles = roles # lti_userprofile.avatar = avatar #TO BE ADDED: function to grab user profile image if exists lti_userprofile.save() """ Log in user and redirect to LOGIN_REDIRECT_URL defined in settings (default: accounts/profile) """ user.backend = 'django.contrib.auth.backends.ModelBackend' login(request, user) return HttpResponseRedirect(settings.LOGIN_REDIRECT_URL)
def launch_lti(request): """ Receives a request from the lti consumer and creates/authenticates user in django """ """ See post items in log by setting LTI_DEBUG=True in settings """ if settings.LTI_DEBUG: for item in request.POST: print('%s: %s \r' % (item, request.POST[item])) if 'oauth_consumer_key' not in request.POST: raise PermissionDenied() """ key/secret from settings """ consumer_key = settings.CONSUMER_KEY secret = settings.LTI_SECRET tool_provider = DjangoToolProvider(consumer_key, secret, request.POST) """ Decode parameters - UOC LTI uses a custom param to indicate the encoding: utf-8, iso-latin, base64 """ encoding = None utf8 = get_lti_value('custom_lti_message_encoded_utf8', tool_provider) iso = get_lti_value('custom_lti_message_encoded_iso', tool_provider) b64 = get_lti_value('custom_lti_message_encoded_base64', tool_provider) if iso and int(iso) == 1: encoding = 'iso' if utf8 and int(utf8) == 1: encoding = 'utf8' if b64 and int(b64) == 1: encoding = 'base64' try: # attempt to validate request, if fails raises 403 Forbidden if tool_provider.valid_request(request) == False: raise PermissionDenied() except: print "LTI Exception: Not a valid request." raise PermissionDenied() """ RETRIEVE username, names, email and roles. These may be specific to the consumer, in order to change them from the default values: see README.txt """ first_name = get_lti_value(settings.LTI_FIRST_NAME, tool_provider, encoding=encoding) last_name = get_lti_value(settings.LTI_LAST_NAME, tool_provider, encoding=encoding) email = get_lti_value(settings.LTI_EMAIL, tool_provider, encoding=encoding) # avatar = tool_provider.custom_params['custom_photo'] roles = get_lti_value(settings.LTI_ROLES, tool_provider, encoding=encoding) # uoc_roles = get_lti_value(settings.LTI_CUSTOM_UOC_ROLES, tool_provider, encoding=encoding) user_id = get_lti_value('user_id', tool_provider, encoding=encoding) test = get_lti_value('context_title', tool_provider, encoding=encoding) if not email or not user_id: if settings.LTI_DEBUG: print "Email and/or user_id wasn't found in post, return Permission Denied" raise PermissionDenied() """ CHECK IF USER'S ROLES ALLOW ENTRY, IF RESTRICTION SET BY VELVET_ROLES SETTING """ if settings.VELVET_ROLES: """ Roles allowed for entry into the application. If these are not set in settings then we allow all roles to enter """ if not roles and not uoc_roles: """ if roles is None, then setting for LTI_ROLES may be wrong, return 403 for user and print error to log """ if settings.LTI_DEBUG: print "VELVET_ROLES is set but the roles for the user were not found. Check that the setting for LTI_ROLES is correct." raise PermissionDenied() all_user_roles = [] if roles: if not isinstance(roles, list): roles = (roles, ) all_user_roles += roles if uoc_roles: if not isinstance(uoc_roles, list): uoc_roles = (uoc_roles, ) all_user_roles += uoc_roles is_role_allowed = [ m for velvet_role in settings.VELVET_ROLES for m in all_user_roles if velvet_role.lower() == m.lower() ] if not is_role_allowed: if settings.LTI_DEBUG: print "User does not have accepted role for entry, roles: %s" % roles ctx = { 'roles': roles, 'first_name': first_name, 'last_name': last_name, 'email': email, 'user_id': user_id } return render_to_response('lti_role_denied.html', ctx, context_instance=RequestContext(request)) else: if settings.LTI_DEBUG: print "User has accepted role for entry, roles: %s" % roles """ GET OR CREATE NEW USER AND LTI_PROFILE """ lti_username = request.POST['lis_person_sourcedid'] try: """ Check if user already exists using email, if not create new """ user = User.objects.get(email=email) if user.username != lti_username: """ If the username is not in the format user_id, change it and save. This could happen if there was a previously populated User table. """ user.username = lti_username user.save() except User.DoesNotExist: """ first time entry, create new user """ user = User.objects.create_user(lti_username, email) user.set_unusable_password() if first_name: user.first_name = first_name if last_name: user.last_name = last_name user.save() except User.MultipleObjectsReturned: """ If the application is not requiring unique emails, multiple users may be returned if there was an existing User table before implementing this app with multiple users for the same email address. Could add code to merge them, but for now we return 404 if the user with the lti_username does not exist """ user = get_object_or_404(User, username=lti_username) """ CHECK IF ANY OF USER'S ROLES ARE IN THE VELVET_ADMIN_ROLES SETTING, IF SO MAKE SUPERUSER IF IS NOT ALREADY """ if not user.is_superuser and settings.VELVET_ADMIN_ROLES: if [ m for l in settings.VELVET_ADMIN_ROLES for m in roles if l.lower() in m.lower() ]: user.is_superuser = True user.is_staff = True user.save() all_user_roles = [] """ Save extra info to custom profile model (add/remove fields in models.py)""" lti_userprofile = get_object_or_404(LTIProfile, user=user) lti_userprofile.roles = (",").join(all_user_roles) # lti_userprofile.avatar = avatar #TO BE ADDED: function to grab user profile image if exists lti_userprofile.save() """ Log in user and redirect to LOGIN_REDIRECT_URL defined in settings (default: accounts/profile) """ user.backend = 'django.contrib.auth.backends.ModelBackend' login(request, user) return HttpResponseRedirect(settings.LOGIN_REDIRECT_URL)
def launch_lti(request): """ Receives a request from the lti consumer and creates/authenticates user in django """ """ See post items in log by setting LTI_DEBUG=True in settings """ if settings.LTI_DEBUG: for item in request.POST: print('%s: %s \r' % (item, request.POST[item])) if 'oauth_consumer_key' not in request.POST: logging.error('oauth_consumer_key missing from request') raise PermissionDenied() """ key/secret from settings """ consumer_key = settings.CONSUMER_KEY secret = settings.LTI_SECRET tool_provider = DjangoToolProvider(consumer_key, secret, request.POST) """ Decode parameters - UOC LTI uses a custom param to indicate the encoding: utf-8, iso-latin, base64 """ encoding = None utf8 = get_lti_value('custom_lti_message_encoded_utf8', tool_provider) iso = get_lti_value('custom_lti_message_encoded_iso', tool_provider) b64 = get_lti_value('custom_lti_message_encoded_base64', tool_provider) if iso and int(iso) == 1: encoding = 'iso' if utf8 and int(utf8) == 1: encoding = 'utf8' if b64 and int(b64) == 1: encoding = 'base64' try: # attempt to validate request, if fails raises 403 Forbidden tool_provider.valid_request(request) except: logging.error('Invalid LTI request') print "LTI Exception: Not a valid request." raise PermissionDenied() email = get_lti_value(settings.LTI_EMAIL, tool_provider, encoding=encoding) roles = get_lti_value(settings.LTI_ROLES, tool_provider, encoding=encoding) #user_id = get_lti_value('user_id', tool_provider, encoding=encoding) lms_context = get_lti_value('context_id', tool_provider, encoding=encoding) course_name = get_lti_value('context_title', tool_provider, encoding=encoding) assignment = get_lti_value('resource_link_title', tool_provider, encoding=encoding) outcome_url = get_lti_value(settings.LTI_OUTCOME, tool_provider, encoding=encoding) if not email: if settings.LTI_DEBUG: print "Email wasn't found in post" raise PermissionDenied() """ GET OR CREATE NEW USER """ lti_username = email #create username with email and user_id try: """ Check if user already exists using email, if not create new """ user = User.objects.get(username=lti_username) except User.DoesNotExist: """ first time entry, create new user """ user = User.objects.create_user(lti_username, email) user.set_unusable_password() user.save() except User.MultipleObjectsReturned: logging.error("Multiple user objects returned on LTI login") return HttpResponse("Error with database") #If person has an instructor role, let's make he/she an admin if 'Instructor' in roles and user.is_superuser == False: user.is_superuser = True user.is_staff = True user.save() """ Log in user and redirect to LOGIN_REDIRECT_URL defined in settings (default: accounts/profile) """ user.backend = 'django.contrib.auth.backends.ModelBackend' login(request, user) request.session['course_name'] = course_name request.session['assignment_name'] = assignment request.session['lms_context'] = lms_context request.session['outcome_url'] = outcome_url request.session['return_url'] = request.META['HTTP_REFERER'] return HttpResponseRedirect('/grader/code/')
def launch_lti(request): """Process launch (start cprs) request from a leaning management system. This was modified from the original source. The method extracts the user's details such as name, ID, email, course and role (e.g., teacher, student) from the request and checks whether the user has permission to enter the system (see Raises section for details). If the user has permission, then the corresponding CPRS user is retrieved or created. The user's enrolments in the CPRS are updated with the course information in the request. The user is then redirected to his/her home page in the CPRS. Arguments: request (HttpRequest) -- the Http request sent by the LMS. Returns: HttpResponseRedirect which redirects the user to their home page in the CPRS if they have permission to access the system, or an error page if their role is not allowed. Raises: PermissionDenied -- if the user does not have permission to access the system. this happens if: - the request does not contain an email or user id - the role sent in the request is None - the authentication key is missing - the request is not valid. """ print "LAUNCH LTI HAS BEEN CALLED!!!" """ Receives a request from the lti consumer and creates/authenticates user in django """ """ See post items in log by setting LTI_DEBUG=True in settings """ if settings.LTI_DEBUG: for item in request.POST: print ('%s: %s \r' % (item, request.POST[item])) if 'oauth_consumer_key' not in request.POST: raise PermissionDenied() """ key/secret from settings """ consumer_key = settings.CONSUMER_KEY secret = settings.LTI_SECRET tool_provider = DjangoToolProvider(consumer_key, secret, request.POST) """ Decode parameters - UOC LTI uses a custom param to indicate the encoding: utf-8, iso-latin, base64 """ encoding = None utf8 = get_lti_value('custom_lti_message_encoded_utf8', tool_provider) iso = get_lti_value('custom_lti_message_encoded_iso', tool_provider) b64 = get_lti_value('custom_lti_message_encoded_base64', tool_provider) if iso and int(iso) == 1: encoding = 'iso' if utf8 and int(utf8) == 1: encoding = 'utf8' if b64 and int(b64) == 1: encoding = 'base64' try: # attempt to validate request, if fails raises 403 Forbidden if tool_provider.valid_request(request) == False: raise PermissionDenied() except: print "LTI Exception: Not a valid request." raise PermissionDenied() """ RETRIEVE username, names, email and roles. These may be specific to the consumer, in order to change them from the default values: see README.txt """ # username = get_lti_value('username', tool_provider, encoding=encoding) # username = username().lower() first_name = get_lti_value(settings.LTI_FIRST_NAME, tool_provider, encoding=encoding) last_name = get_lti_value(settings.LTI_LAST_NAME, tool_provider, encoding=encoding) email = get_lti_value(settings.LTI_EMAIL, tool_provider, encoding=encoding) course = request.POST['context_label'] print course # for s in dir(settings): # print s, ':', getattr(settings, s) # avatar = tool_provider.custom_params['custom_photo'] roles = get_lti_value(settings.LTI_ROLES, tool_provider, encoding=encoding) print roles[0] # uoc_roles = get_lti_value(settings.LTI_CUSTOM_UOC_ROLES, tool_provider, encoding=encoding) user_id = get_lti_value('user_id', tool_provider, encoding=encoding) test = get_lti_value('context_title', tool_provider, encoding=encoding) if not email or not user_id: if settings.LTI_DEBUG: print "Email and/or user_id wasn't found in post, return Permission Denied" raise PermissionDenied() """ CHECK IF USER'S ROLES ALLOW ENTRY, IF RESTRICTION SET BY VELVET_ROLES SETTING """ if settings.VELVET_ROLES: """ Roles allowed for entry into the application. If these are not set in settings then we allow all roles to enter """ if not roles and not uoc_roles: """ if roles is None, then setting for LTI_ROLES may be wrong, return 403 for user and print error to log """ if settings.LTI_DEBUG: print "VELVET_ROLES is set but the roles for the user were not found. Check that the setting for LTI_ROLES is correct." raise PermissionDenied() all_user_roles = [] if roles: if not isinstance(roles, list): roles = (roles,) all_user_roles += roles if uoc_roles: if not isinstance(uoc_roles, list): uoc_roles = (uoc_roles,) all_user_roles += uoc_roles is_role_allowed = [m for velvet_role in settings.VELVET_ROLES for m in all_user_roles if velvet_role.lower()==m.lower()] if not is_role_allowed: if settings.LTI_DEBUG: print "User does not have accepted role for entry, roles: %s" % roles ctx = {'roles':roles, 'first_name':first_name, 'last_name':last_name, 'email':email, 'user_id':user_id} return render_to_response('lti_role_denied.html', ctx, context_instance=RequestContext(request)) else: if settings.LTI_DEBUG: print "User has accepted role for entry, roles: %s" % roles """ GET OR CREATE NEW USER AND LTI_PROFILE """ lti_username = '******' % (request.POST['oauth_consumer_key'], user_id) #create username with consumer_key and user_id try: """ Check if user already exists using email, if not create new """ user = User.objects.get(email=email) if user.username != lti_username: """ If the username is not in the format user_id, change it and save. This could happen if there was a previously populated User table. """ user.username = lti_username user.save() try: print "adding course" print('course is ' + course) print(type(course)) c = Course.objects.get(course_code=course) if c not in user.reviewuser.courses.all(): user.reviewuser.courses.add(c) user.save() except Course.DoesNotExist: # Make course and enrol user in it. c = Course.objects.create(course_code=course) user.reviewuser.courses.add(c) user.save() print("New course created in CPRS") """ Detect if incoming user is a Instructor """ if roles[0].__eq__("Instructor"): # user.isStaff = True user.is_staff = True c = Course.objects.get(course_code=course) createTutor(user.reviewuser, c) user.save() print "User is Staff Member" else: # user.reviewuser.isStaff = False user.is_staff = False user.save() print "User is Student" except User.DoesNotExist: """ first time entry, create new user """ print lti_username, email # user = User.objects.create_user(newusername, email) user = User.objects.create_user(lti_username, email) p = first_name + last_name print p user.set_password(p) # user.set_unusable_password() if first_name: user.first_name = first_name if last_name: user.last_name = last_name user.save() ru = ReviewUser.objects.create(djangoUser=user) try: print "adding course" c = Course.objects.get(course_code=course) ru.courses.add(c) ru.save() except Course.DoesNotExist: # Make course and enrol user in it. c = Course.objects.create(course_code=course) ru.courses.add(c) ru.save() print "New course created in CPRS" """ Detect if incoming user is a Instructor """ if roles[0].__eq__("Instructor"): # user.reviewuser.isStaff = True user.is_staff = True c = Course.objects.get(course_code=course) createTutor(user.reviewuser, c) user.save() print "User is Staff Member" else: # user.reviewuser.isStaff = False user.is_staff = False user.save() print "User is Student" except User.MultipleObjectsReturned: """ If the application is not requiring unique emails, multiple users may be returned if there was an existing User table before implementing this app with multiple users for the same email address. Could add code to merge them, but for now we return 404 if the user with the lti_username does not exist """ user = get_object_or_404(User, username=lti_username) """ CHECK IF ANY OF USER'S ROLES ARE IN THE VELVET_ADMIN_ROLES SETTING, IF SO MAKE SUPERUSER IF IS NOT ALREADY """ if not user.is_superuser and settings.VELVET_ADMIN_ROLES: if [m for l in settings.VELVET_ADMIN_ROLES for m in roles if l.lower() in m.lower()]: user.is_superuser = True user.is_staff = True user.save() """ Save extra info to custom profile model (add/remove fields in models.py)""" print "lti_userprofile" # lti_userpro = LTIProfile.objects.create(user=user) # lti_userpro.save() # lti_userprofile = LTIProfile.objects.get_or_create(user=user) # lti_userprofile.roles = (",").join(all_user_roles) # lti_userprofile.avatar = avatar #TO BE ADDED: function to grab user profile image if exists # lti_userprofile.save() """ Log in user and redirect to LOGIN_REDIRECT_URL defined in settings (default: accounts/profile) """ user.backend = 'django.contrib.auth.backends.ModelBackend' login(request, user) # return HttpResponseRedirect(settings.LOGIN_REDIRECT_URL) return HttpResponseRedirect('/review/')