def requires_lms_auth(): UNAUTHORIZED = Response( response=gettext("Could not verify your credentials for that URL"), status=401, headers={'WWW-Authenticate': 'Basic realm="Login Required"'}) auth = request.authorization if not auth: json_data = get_json() if json_data is None: return UNAUTHORIZED username = json_data.get('lms_username', '') password = json_data.get('lms_password', '') else: username = auth.username password = auth.password password = unicode(password) hash_password = hashlib.new(ALGORITHM, password.encode('utf8')).hexdigest() # TODO: check if there could be a conflict between two LTs with same key?? credential = db.session.query(BasicHttpCredentials).filter_by( lt_login=username, lt_password=hash_password).first() if credential is None: return UNAUTHORIZED g.lt = credential.lt.name
def lms_admin_authenticate(): """SCORM packages will perform requests to this method, which will interact with the permitted laboratories""" if request.method == 'GET': return render_template("test_admin_authentication.html") json_data = get_json() if json_data is None: return "Could not process JSON data" code = uuid.uuid4().hex TOKENS[code] = { 'user_name' : json_data['full-name'], 'lms' : g.lms, 'referrer' : '' } return app.config.get('URL_ROOT', request.url_root) + url_for('lms_admin_redeem_authentication', token = code)
def lms_admin_authenticate(): """SCORM packages will perform requests to this method, which will interact with the permitted laboratories""" if request.method == 'GET': return render_template("test_admin_authentication.html") json_data = get_json() if json_data is None: return "Could not process JSON data" code = uuid.uuid4().hex TOKENS[code] = { 'user_name': json_data['full-name'], 'lms': g.lms, 'referrer': '' } return app.config.get('URL_ROOT', request.url_root) + url_for( 'lms_admin_redeem_authentication', token=code)
def decorated(*args, **kwargs): login_required = Response( 'Could not verify your access level for that URL.\n' 'You have to login with proper credentials', 401, {'WWW-Authenticate': 'Basic realm="Login Required"'}) auth = request.authorization if not auth: json_data = get_json() if json_data is None: return login_required username = json_data.get('lms_username','') password = json_data.get('lms_password','') else: username = auth.username password = auth.password if not check_lms_auth(username, password): return login_required return f(*args, **kwargs)
def decorated(*args, **kwargs): login_required = Response( 'Could not verify your access level for that URL.\n' 'You have to login with proper credentials', 401, {'WWW-Authenticate': 'Basic realm="Login Required"'}) auth = request.authorization if not auth: json_data = get_json() if json_data is None: return login_required username = json_data.get('lms_username', '') password = json_data.get('lms_password', '') else: username = auth.username password = auth.password if not check_lms_auth(username, password): return login_required return f(*args, **kwargs)
def requires_lms_auth(): UNAUTHORIZED = Response(response=gettext("Could not verify your credentials for that URL"), status=401, headers = {'WWW-Authenticate':'Basic realm="Login Required"'}) auth = request.authorization if not auth: json_data = get_json() if json_data is None: return UNAUTHORIZED username = json_data.get('lms_username','') password = json_data.get('lms_password','') else: username = auth.username password = auth.password password = unicode(password) hash_password = hashlib.new('sha', password.encode('utf8')).hexdigest() # TODO: check if there could be a conflict between two LTs with same key?? credential = db.session.query(BasicHttpCredentials).filter_by(lt_login = username, lt_password = hash_password).first() if credential is None: return UNAUTHORIZED g.lt = credential.lt.name
def requests(): """SCORM packages will perform requests to this method, which will interact with the permitted laboratories""" if request.method == 'GET': return render_template("test_requests.html") json_data = get_json() if json_data is None: return "Could not process JSON data" courses = json_data['courses'] request_payload_str = json_data['request-payload'] general_role = json_data.get('is-admin', False) author = json_data['user-id'] complete_name = json_data['full-name'] user_agent = json_data.get('user-agent', 'unknown user agent') origin_ip = json_data.get('origin-ip', 'unknown IP address') referer = json_data.get('referer', 'unknown referer') try: request_payload = json.loads(request_payload_str) except: traceback.print_exc() return "error: the request payload is not a valid JSON request" try: action = request_payload['action'] if action == 'reserve': experiment_identifier = request_payload['experiment'] else: # TODO: other operations: for teachers, etc. return "Unsupported operation" except KeyError: traceback.print_exc() return "Invalid response" # reserving... db_lms = db_session.query(LMS).filter_by(lms_login = g.lms).first() permission_on_lab = db_session.query(PermissionOnLaboratory).filter_by(lms_id = db_lms.id, local_identifier = experiment_identifier).first() good_msg = "No good news :-(" error_msg = None if permission_on_lab is None: error_msg = "Your LMS does not have permission to use that laboratory or that identifier does not exist" else: courses_configurations = [] for course_permission in permission_on_lab.course_permissions: if course_permission.course.course_id in courses: # Let the server choose among the best possible configuration courses_configurations.append(course_permission.configuration) if len(courses_configurations) == 0 and not general_role: error_msg = "Your LMS has permission to use that laboratory; but you are not enrolled in any course with permissions to use it" else: lms_configuration = permission_on_lab.configuration db_laboratory = permission_on_lab.laboratory db_rlms = db_laboratory.rlms db_rlms_version = db_rlms.rlms_version db_rlms_type = db_rlms_version.rlms_type ManagerClass = get_manager_class(db_rlms_type.name, db_rlms_version.version) remote_laboratory = ManagerClass(db_rlms.configuration) reservation_url = remote_laboratory.reserve(db_laboratory.laboratory_id, author, lms_configuration, courses_configurations, request_payload, user_agent, origin_ip, referer) good_msg = "You have been assigned %s of type %s version %s! <br/> Try it at <a href='%s'>%s</a>" % (db_rlms.name, db_rlms_type.name, db_rlms_version.version, reservation_url, reservation_url) if app.config.get('DEBUGGING_REQUESTS', True): courses_code = "<table><thead><tr><th>Course ID</th><th>Role</th></tr></thead><tbody>\n" for course_id in courses: role_in_course = courses[course_id] courses_code += "<tr><td>%s</td><td>%s</td></tr>\n" % (course_id, role_in_course) courses_code += "</tbody></table>" return """Hi %(name)s (username %(author)s), <p>I know that you're an admin ( %(admin)s ) in the LMS %(lms)s, and that you are in the following courses:</p> <br/> %(course_code)s <br/> <p>The following error messages were sent: %(error_msg)s</p> <p>The following good messages were sent: %(good_msg)s</p> Furthermore, you sent me this request: <pre> %(request)s </pre> And I'll process it! Original request: <pre> %(json)s </pre> """ % { 'name' : cgi.escape(complete_name), 'author' : cgi.escape(author), 'lms' : cgi.escape(g.lms), 'course_code' : courses_code, 'request' : cgi.escape(request_payload_str), 'admin' : general_role, 'json' : cgi.escape(json.dumps(json_data)), 'error_msg' : cgi.escape(error_msg or 'no error message'), 'good_msg' : good_msg or 'no good message', } else: if error_msg is None: return reservation_url else: return 'error:%s' % error_msg
def requests(): """SCORM packages will perform requests to this method, which will interact with the permitted laboratories""" if request.method == 'GET': return render_template("test_requests.html") json_data = get_json() if json_data is None: return "Could not process JSON data" courses = json_data['courses'] request_payload_str = json_data['request-payload'] general_role = json_data.get('is-admin', False) author = json_data['user-id'] complete_name = json_data['full-name'] user_agent = json_data.get('user-agent', 'unknown user agent') origin_ip = json_data.get('origin-ip', 'unknown IP address') referer = json_data.get('referer', 'unknown referer') try: request_payload = json.loads(request_payload_str) except: traceback.print_exc() return "error: the request payload is not a valid JSON request" try: action = request_payload['action'] if action == 'reserve': experiment_identifier = request_payload['experiment'] else: # TODO: other operations: for teachers, etc. return "Unsupported operation" except KeyError: traceback.print_exc() return "Invalid response" # reserving... db_lms = db_session.query(LMS).filter_by(lms_login=g.lms).first() permission_on_lab = db_session.query(PermissionOnLaboratory).filter_by( lms_id=db_lms.id, local_identifier=experiment_identifier).first() good_msg = "No good news :-(" error_msg = None if permission_on_lab is None: error_msg = "Your LMS does not have permission to use that laboratory or that identifier does not exist" else: courses_configurations = [] for course_permission in permission_on_lab.course_permissions: if course_permission.course.course_id in courses: # Let the server choose among the best possible configuration courses_configurations.append(course_permission.configuration) if len(courses_configurations) == 0 and not general_role: error_msg = "Your LMS has permission to use that laboratory; but you are not enrolled in any course with permissions to use it" else: lms_configuration = permission_on_lab.configuration db_laboratory = permission_on_lab.laboratory db_rlms = db_laboratory.rlms db_rlms_version = db_rlms.rlms_version db_rlms_type = db_rlms_version.rlms_type ManagerClass = get_manager_class(db_rlms_type.name, db_rlms_version.version) remote_laboratory = ManagerClass(db_rlms.configuration) reservation_url = remote_laboratory.reserve( db_laboratory.laboratory_id, author, lms_configuration, courses_configurations, user_agent, origin_ip, referer) good_msg = "You have been assigned %s of type %s version %s! <br/> Try it at <a href='%s'>%s</a>" % ( db_rlms.name, db_rlms_type.name, db_rlms_version.version, reservation_url, reservation_url) if app.config.get('DEBUGGING_REQUESTS', True): courses_code = "<table><thead><tr><th>Course ID</th><th>Role</th></tr></thead><tbody>\n" for course_id in courses: role_in_course = courses[course_id] courses_code += "<tr><td>%s</td><td>%s</td></tr>\n" % ( course_id, role_in_course) courses_code += "</tbody></table>" return """Hi %(name)s (username %(author)s), <p>I know that you're an admin ( %(admin)s ) in the LMS %(lms)s, and that you are in the following courses:</p> <br/> %(course_code)s <br/> <p>The following error messages were sent: %(error_msg)s</p> <p>The following good messages were sent: %(good_msg)s</p> Furthermore, you sent me this request: <pre> %(request)s </pre> And I'll process it! Original request: <pre> %(json)s </pre> """ % { 'name': cgi.escape(complete_name), 'author': cgi.escape(author), 'lms': cgi.escape(g.lms), 'course_code': courses_code, 'request': cgi.escape(request_payload_str), 'admin': general_role, 'json': cgi.escape(json.dumps(json_data)), 'error_msg': cgi.escape(error_msg or 'no error message'), 'good_msg': good_msg or 'no good message', } else: if error_msg is None: return reservation_url else: return 'error:%s' % error_msg
def requests(): """SCORM packages will perform requests to this method, which will interact with the permitted laboratories""" db_lt = db.session.query(LearningTool).filter_by(name = g.lt).first() if request.method == 'GET': local_identifiers = [ permission.local_identifier for permission in db_lt.lab_permissions ] return render_template("http/requests.html", local_identifiers = local_identifiers, remote_addr = remote_addr(), courses = db_lt.courses) from labmanager.views import get_json json_data = get_json() if json_data is None: return messages_codes["ERROR_json"] courses = json_data['courses'] request_payload_str = json_data['request-payload'] general_role = json_data.get('is-admin', False) author = json_data['user-id'] complete_name = json_data['full-name'] user_agent = json_data.get('user-agent', 'unknown user agent') origin_ip = json_data.get('origin-ip', 'unknown IP address') referer = json_data.get('referer', 'unknown referer') try: request_payload = json.loads(request_payload_str) except: traceback.print_exc() return messages_codes["ERROR_invalid_json"] try: action = request_payload['action'] if action == 'reserve': experiment_identifier = request_payload['experiment'] else: # TODO: other operations: for instructors, booking, etc. return messages_codes["ERROR_unsupported"] except KeyError: traceback.print_exc() return messages_codes["ERROR_invalid"] # reserving... permission_to_lt = db.session.query(PermissionToLt).filter_by(lt = db_lt, local_identifier = experiment_identifier).first() good_msg = messages_codes["ERROR_no_good"] error_msg = None reservation_url = "" if permission_to_lt is None: error_msg = messages_codes["ERROR_permission"] else: courses_configurations = [] for course_permission in permission_to_lt.course_permissions: if course_permission.course.context_id in courses: # Let the server choose among the best possible configuration courses_configurations.append(course_permission.configuration) if len(courses_configurations) == 0 and not general_role: error_msg = messages_codes["ERROR_enrolled"] else: lt_configuration = permission_to_lt.configuration db_laboratory = permission_to_lt.laboratory db_rlms = db_laboratory.rlms rlms_version = db_rlms.version rlms_kind = db_rlms.kind # # Load the plug-in for the current RLMS, and instanciate it ManagerClass = get_manager_class(rlms_kind, rlms_version, db_rlms.id) remote_laboratory = ManagerClass(db_rlms.configuration) response = remote_laboratory.reserve(laboratory_id = db_laboratory.laboratory_id, username = author, institution = db_lt.name, general_configuration_str = lt_configuration, particular_configurations = courses_configurations, request_payload = request_payload, user_properties = { 'user_agent' : user_agent, 'from_ip' : origin_ip, 'referer' : referer, }) reservation_url = response['load_url'] good_msg = messages_codes['MSG_asigned'] % (db_rlms.kind, db_rlms.version, db_rlms.url, reservation_url, reservation_url) if app.config.get('DEBUGGING_REQUESTS', False): rendering_data = { 'name' : cgi.escape(complete_name), 'author' : cgi.escape(author), 'lms' : cgi.escape(g.lt), 'courses' : courses, 'request' : cgi.escape(request_payload_str), 'admin' : general_role, 'json' : cgi.escape(json.dumps(json_data)), 'error_msg' : cgi.escape(error_msg or 'no error message'), 'good_msg' : good_msg or 'no good message', } return render_template('debug.html', data=rendering_data) if error_msg: return error_msg return reservation_url
def requests(): """SCORM packages will perform requests to this method, which will interact with the permitted laboratories""" db_lt = db.session.query(LearningTool).filter_by(name=g.lt).first() if request.method == 'GET': local_identifiers = [ permission.local_identifier for permission in db_lt.lab_permissions ] return render_template("http/requests.html", local_identifiers=local_identifiers, remote_addr=remote_addr(), courses=db_lt.courses) from labmanager.views import get_json json_data = get_json() if json_data is None: return messages_codes["ERROR_json"] courses = json_data['courses'] request_payload_str = json_data['request-payload'] general_role = json_data.get('is-admin', False) author = json_data['user-id'] complete_name = json_data['full-name'] user_agent = json_data.get('user-agent', 'unknown user agent') origin_ip = json_data.get('origin-ip', 'unknown IP address') referer = json_data.get('referer', 'unknown referer') try: request_payload = json.loads(request_payload_str) except: traceback.print_exc() return messages_codes["ERROR_invalid_json"] try: action = request_payload['action'] if action == 'reserve': experiment_identifier = request_payload['experiment'] else: # TODO: other operations: for instructors, booking, etc. return messages_codes["ERROR_unsupported"] except KeyError: traceback.print_exc() return messages_codes["ERROR_invalid"] # reserving... permission_to_lt = db.session.query(PermissionToLt).filter_by( lt=db_lt, local_identifier=experiment_identifier).first() good_msg = messages_codes["ERROR_no_good"] error_msg = None reservation_url = "" if permission_to_lt is None: error_msg = messages_codes["ERROR_permission"] else: courses_configurations = [] for course_permission in permission_to_lt.course_permissions: if course_permission.course.context_id in courses: # Let the server choose among the best possible configuration courses_configurations.append(course_permission.configuration) if len(courses_configurations) == 0 and not general_role: error_msg = messages_codes["ERROR_enrolled"] else: lt_configuration = permission_to_lt.configuration db_laboratory = permission_to_lt.laboratory db_rlms = db_laboratory.rlms rlms_version = db_rlms.version rlms_kind = db_rlms.kind # # Load the plug-in for the current RLMS, and instanciate it ManagerClass = get_manager_class(rlms_kind, rlms_version, db_rlms.id) remote_laboratory = ManagerClass(db_rlms.configuration) response = remote_laboratory.reserve( laboratory_id=db_laboratory.laboratory_id, username=author, institution=db_lt.name, general_configuration_str=lt_configuration, particular_configurations=courses_configurations, request_payload=request_payload, user_properties={ 'user_agent': user_agent, 'from_ip': origin_ip, 'referer': referer, }) reservation_url = response['load_url'] good_msg = messages_codes['MSG_asigned'] % ( db_rlms.kind, db_rlms.version, db_rlms.url, reservation_url, reservation_url) if app.config.get('DEBUGGING_REQUESTS', False): rendering_data = { 'name': cgi.escape(complete_name), 'author': cgi.escape(author), 'lms': cgi.escape(g.lt), 'courses': courses, 'request': cgi.escape(request_payload_str), 'admin': general_role, 'json': cgi.escape(json.dumps(json_data)), 'error_msg': cgi.escape(error_msg or 'no error message'), 'good_msg': good_msg or 'no good message', } return render_template('debug.html', data=rendering_data) if error_msg: return error_msg return reservation_url