def lti_tool(): key = request.form.get('oauth_consumer_key') if key: secret = oauth_creds.get(key) if secret: tool_provider = ToolProvider(key, secret, request.form) else: tool_provider = ToolProvider(None, None, request.form) tool_provider.lti_msg = 'Your consumer didn\'t use a recognized key' tool_provider.lti_errorlog = 'You did it wrong!' return render_template('error.html', message = 'Consumer key wasn\'t recognized', params = request.form) else: return render_template('error.html', message='No consumer key') if not tool_provider.is_launch_request(): print 'invalid request' return render_template('error.html', message='OAuth signature was invalid', params=request.form) if time() - int(tool_provider.oauth_timestamp) > 60*60: print 'timed out' return render_template('error.html', message='Your request is too old.') if was_nonce_used_in_last_x_minutes(tool_provider.oauth_nonce, 60): print 'nonce error' return render_template('error.html', message='Why are you reusing the nonce?') session['launch_params'] = tool_provider.to_params() username = tool_provider.username('Dude') if tool_provider.is_outcome_service(): return render_template('assessment.html', username=username) else: tool_provider.lti_msg = 'This tool does not return a score.' return render_template('boring_tool', username=username, student=tool_provider.is_student(), instructor=tool_provider.is_teacher(), roles=tool_provider.roles, launch_presentation_return_url=tool_provider.launch_presentation_return_url)
def lti_tool(): """ Bootstrapper for lti. """ course_id = request.values.get('custom_canvas_course_id') canvas_user_id = request.values.get('custom_canvas_user_id') canvas_domain = request.values.get('custom_canvas_api_domain') if canvas_domain not in config.ALLOWED_CANVAS_DOMAINS: msg = ( '<p>This tool is only available from the following domain(s):<br/>{}</p>' '<p>You attempted to access from this domain:<br/>{}</p>' ) return render_template( 'error.html', message=msg.format(', '.join(config.ALLOWED_CANVAS_DOMAINS), canvas_domain), ) roles = request.form.get('ext_roles', []) if "Administrator" not in roles and "Instructor" not in roles: return render_template( 'error.html', message='Must be an Administrator or Instructor', params=request.form ) session["is_admin"] = "Administrator" in roles key = request.form.get('oauth_consumer_key') if key: secret = oauth_creds.get(key) if secret: tool_provider = ToolProvider(key, secret, request.form) else: tool_provider = ToolProvider(None, None, request.form) tool_provider.lti_msg = 'Your consumer didn\'t use a recognized key' tool_provider.lti_errorlog = 'You did it wrong!' return render_template( 'error.html', message='Consumer key wasn\'t recognized', params=request.form ) else: return render_template('error.html', message='No consumer key') if not tool_provider.is_valid_request(request): return render_template( 'error.html', message='The OAuth signature was invalid', params=request.form ) if time() - int(tool_provider.oauth_timestamp) > 60 * 60: return render_template('error.html', message='Your request is too old.') # This does truly check anything, it's just here to remind you that real # tools should be checking the OAuth nonce if was_nonce_used_in_last_x_minutes(tool_provider.oauth_nonce, 60): return render_template('error.html', message='Why are you reusing the nonce?') session['canvas_user_id'] = canvas_user_id session['lti_logged_in'] = True session['launch_params'] = tool_provider.to_params() return redirect(url_for('quiz', course_id=course_id))