def lti_tool():
key = request.form.get('oauth_consumer_key')
if key:
secret = oauth_creds.get(key)
if secret:
tool_provider = ToolProvider(key, secret, request.form)
else:
tool_provider = ToolProvider(None, None, request.form)
tool_provider.lti_msg = 'Your consumer didn\'t use a recognized key'
tool_provider.lti_errorlog = 'You did it wrong!'
return render_template('error.html', message = 'Consumer key wasn\'t recognized', params = request.form)
else:
return render_template('error.html', message='No consumer key')
if not tool_provider.is_launch_request():
print 'invalid request'
return render_template('error.html', message='OAuth signature was invalid', params=request.form)
if time() - int(tool_provider.oauth_timestamp) > 60*60:
print 'timed out'
return render_template('error.html', message='Your request is too old.')
if was_nonce_used_in_last_x_minutes(tool_provider.oauth_nonce, 60):
print 'nonce error'
return render_template('error.html', message='Why are you reusing the nonce?')
session['launch_params'] = tool_provider.to_params()
username = tool_provider.username('Dude')
if tool_provider.is_outcome_service():
return render_template('assessment.html', username=username)
else:
tool_provider.lti_msg = 'This tool does not return a score.'
return render_template('boring_tool', username=username, student=tool_provider.is_student(), instructor=tool_provider.is_teacher(),
roles=tool_provider.roles, launch_presentation_return_url=tool_provider.launch_presentation_return_url)
def lti_tool():
"""
Bootstrapper for lti.
"""
course_id = request.values.get('custom_canvas_course_id')
canvas_user_id = request.values.get('custom_canvas_user_id')
canvas_domain = request.values.get('custom_canvas_api_domain')
if canvas_domain not in config.ALLOWED_CANVAS_DOMAINS:
msg = (
'<p>This tool is only available from the following domain(s):<br/>{}</p>'
'<p>You attempted to access from this domain:<br/>{}</p>'
)
return render_template(
'error.html',
message=msg.format(', '.join(config.ALLOWED_CANVAS_DOMAINS), canvas_domain),
)
roles = request.form.get('ext_roles', [])
if "Administrator" not in roles and "Instructor" not in roles:
return render_template(
'error.html',
message='Must be an Administrator or Instructor',
params=request.form
)
session["is_admin"] = "Administrator" in roles
key = request.form.get('oauth_consumer_key')
if key:
secret = oauth_creds.get(key)
if secret:
tool_provider = ToolProvider(key, secret, request.form)
else:
tool_provider = ToolProvider(None, None, request.form)
tool_provider.lti_msg = 'Your consumer didn\'t use a recognized key'
tool_provider.lti_errorlog = 'You did it wrong!'
return render_template(
'error.html',
message='Consumer key wasn\'t recognized',
params=request.form
)
else:
return render_template('error.html', message='No consumer key')
if not tool_provider.is_valid_request(request):
return render_template(
'error.html',
message='The OAuth signature was invalid',
params=request.form
)
if time() - int(tool_provider.oauth_timestamp) > 60 * 60:
return render_template('error.html', message='Your request is too old.')
# This does truly check anything, it's just here to remind you that real
# tools should be checking the OAuth nonce
if was_nonce_used_in_last_x_minutes(tool_provider.oauth_nonce, 60):
return render_template('error.html', message='Why are you reusing the nonce?')
session['canvas_user_id'] = canvas_user_id
session['lti_logged_in'] = True
session['launch_params'] = tool_provider.to_params()
return redirect(url_for('quiz', course_id=course_id))
