def lti_tool():
key = request.form.get('oauth_consumer_key')
if key:
secret = oauth_creds.get(key)
if secret:
tool_provider = ToolProvider(key, secret, request.form)
else:
tool_provider = ToolProvider(None, None, request.form)
tool_provider.lti_msg = 'Your consumer didn\'t use a recognized key'
tool_provider.lti_errorlog = 'You did it wrong!'
return render_template('error.html', message = 'Consumer key wasn\'t recognized', params = request.form)
else:
return render_template('error.html', message='No consumer key')
if not tool_provider.is_launch_request():
print 'invalid request'
return render_template('error.html', message='OAuth signature was invalid', params=request.form)
if time() - int(tool_provider.oauth_timestamp) > 60*60:
print 'timed out'
return render_template('error.html', message='Your request is too old.')
if was_nonce_used_in_last_x_minutes(tool_provider.oauth_nonce, 60):
print 'nonce error'
return render_template('error.html', message='Why are you reusing the nonce?')
session['launch_params'] = tool_provider.to_params()
username = tool_provider.username('Dude')
if tool_provider.is_outcome_service():
return render_template('assessment.html', username=username)
else:
tool_provider.lti_msg = 'This tool does not return a score.'
return render_template('boring_tool', username=username, student=tool_provider.is_student(), instructor=tool_provider.is_teacher(),
roles=tool_provider.roles, launch_presentation_return_url=tool_provider.launch_presentation_return_url)
def verify_credentials():
if 'oauth_consumer_key' in request.form:
consumer_key = request.form['oauth_consumer_key']
permission_to_lt_user = PermissionToLtUser.find(key = consumer_key)
# TODO: check for nonce
# TODO: check for old requests
if permission_to_lt_user is None:
response = Response(render_template('lti/errors.html', message = gettext("Invalid consumer key. Please check it again.")))
# response.status_code = 412
return response
secret = permission_to_lt_user.secret
# The original dict is in unicode, which does not work with ToolProvider
USE_UNICODE = False
if USE_UNICODE:
data_dict = request.form.to_dict()
else:
data_dict = {}
for key, value in request.form.to_dict().iteritems():
data_dict[key.encode('utf8')] = value.encode('utf8')
tool_provider = ToolProvider(consumer_key, secret, data_dict)
try:
return_value = tool_provider.valid_request(request)
except:
traceback.print_exc()
response = Response(render_template('lti/errors.html', message = gettext("Invalid secret: could not validate request.")))
# response.status_code = 403
return response
else:
if return_value == False:
response = Response(render_template('lti/errors.html', message = gettext("Request checked and failed. Please check that the 'secret' is correct.")))
# response.status_code = 403
return response
session['author_identifier'] = request.form['user_id']
if 'lis_person_name_full' in request.form:
session['user_fullname'] = request.form['lis_person_name_full']
if 'context_id' in request.form:
session['group_id'] = request.form['context_id']
if 'context_title' in request.form:
session['group_name'] = request.form['context_title']
if 'launch_presentation_locale' in request.form:
session['launch_locale'] = request.form['launch_presentation_locale']
if 'launch_presentation_document_target' in request.form:
session['launch_presentation_document_target'] = request.form['launch_presentation_document_target']
if 'launch_presentation_return_url' in request.form:
session['launch_presentation_return_url'] = request.form['launch_presentation_return_url']
session['consumer'] = consumer_key
session['last_request'] = time()
return
elif 'consumer' in session:
if float(session['last_request']) - time() < 60 * 60 * 5: # Five Hours
session['last_request'] = time()
return
else:
response = Response(render_template('lti/errors.html', message = gettext("Session not initialized. Are you a LMS?")))
# response.status_code = 403
return response
def assessment():
if session['launch_params']:
key = session['launch_params']['oauth_consumer_key']
else:
return render_template('error.html', message='The tool never launched')
tool_provider = ToolProvider(key, oauth_creds[key], session['launch_params'])
if not tool_provider.is_outcome_service():
return render_template('error.html', message='The tool wasn\'t launched as an outcome service.')
# Post the score to the ToolConsumer
score = request.form.get('score')
response = tool_provider.post_replace_result(request.form.get('score'))
print score
tool_provider.lti_message = 'Message shown when arriving back at Tool Consumer.'
return render_template('assessment_finished.html', score=score)
def verify_credentials():
if 'oauth_consumer_key' in request.form:
consumer_key = request.form['oauth_consumer_key']
permission_to_lt_user = PermissionToLtUser.find(key=consumer_key)
# TODO: check for nonce
# TODO: check for old requests
if permission_to_lt_user is None:
response = Response(
render_template(
'lti/errors.html',
message=gettext(
"Invalid consumer key. Please check it again.")))
# response.status_code = 412
return response
secret = permission_to_lt_user.secret
# The original dict is in unicode, which does not work with ToolProvider
USE_UNICODE = False
if USE_UNICODE:
data_dict = request.form.to_dict()
else:
data_dict = {}
for key, value in request.form.to_dict().iteritems():
data_dict[key.encode('utf8')] = value.encode('utf8')
tool_provider = ToolProvider(consumer_key, secret, data_dict)
try:
return_value = tool_provider.valid_request(request)
except:
traceback.print_exc()
response = Response(
render_template(
'lti/errors.html',
message=gettext(
"Invalid secret: could not validate request.")))
# response.status_code = 403
return response
else:
if return_value == False:
response = Response(
render_template(
'lti/errors.html',
message=gettext(
"Request checked and failed. Please check that the 'secret' is correct."
)))
# response.status_code = 403
return response
session['author_identifier'] = request.form['user_id']
if 'lis_person_name_full' in request.form:
session['user_fullname'] = request.form['lis_person_name_full']
if 'context_id' in request.form:
session['group_id'] = request.form['context_id']
if 'context_title' in request.form:
session['group_name'] = request.form['context_title']
if 'launch_presentation_locale' in request.form:
session['launch_locale'] = request.form[
'launch_presentation_locale']
if 'launch_presentation_document_target' in request.form:
session['launch_presentation_document_target'] = request.form[
'launch_presentation_document_target']
if 'launch_presentation_return_url' in request.form:
session['launch_presentation_return_url'] = request.form[
'launch_presentation_return_url']
session['consumer'] = consumer_key
session['last_request'] = time()
return
elif 'consumer' in session:
if float(session['last_request']) - time() < 60 * 60 * 5: # Five Hours
session['last_request'] = time()
return
else:
response = Response(
render_template(
'lti/errors.html',
message=gettext("Session not initialized. Are you a LMS?")))
# response.status_code = 403
return response
def lti_tool():
"""
Bootstrapper for lti.
"""
course_id = request.values.get('custom_canvas_course_id')
canvas_user_id = request.values.get('custom_canvas_user_id')
canvas_domain = request.values.get('custom_canvas_api_domain')
if canvas_domain not in config.ALLOWED_CANVAS_DOMAINS:
msg = (
'<p>This tool is only available from the following domain(s):<br/>{}</p>'
'<p>You attempted to access from this domain:<br/>{}</p>'
)
return render_template(
'error.html',
message=msg.format(', '.join(config.ALLOWED_CANVAS_DOMAINS), canvas_domain),
)
roles = request.form.get('ext_roles', [])
if "Administrator" not in roles and "Instructor" not in roles:
return render_template(
'error.html',
message='Must be an Administrator or Instructor',
params=request.form
)
session["is_admin"] = "Administrator" in roles
key = request.form.get('oauth_consumer_key')
if key:
secret = oauth_creds.get(key)
if secret:
tool_provider = ToolProvider(key, secret, request.form)
else:
tool_provider = ToolProvider(None, None, request.form)
tool_provider.lti_msg = 'Your consumer didn\'t use a recognized key'
tool_provider.lti_errorlog = 'You did it wrong!'
return render_template(
'error.html',
message='Consumer key wasn\'t recognized',
params=request.form
)
else:
return render_template('error.html', message='No consumer key')
if not tool_provider.is_valid_request(request):
return render_template(
'error.html',
message='The OAuth signature was invalid',
params=request.form
)
if time() - int(tool_provider.oauth_timestamp) > 60 * 60:
return render_template('error.html', message='Your request is too old.')
# This does truly check anything, it's just here to remind you that real
# tools should be checking the OAuth nonce
if was_nonce_used_in_last_x_minutes(tool_provider.oauth_nonce, 60):
return render_template('error.html', message='Why are you reusing the nonce?')
session['canvas_user_id'] = canvas_user_id
session['lti_logged_in'] = True
session['launch_params'] = tool_provider.to_params()
return redirect(url_for('quiz', course_id=course_id))
def create_test_tp():
'''
Returns a new ToolProvider.
'''
return ToolProvider('hi', 'oi', create_params_tp())
