def wrapper(request, *args, user=None, **kwargs):
"""Redirect user."""
if oauth_condition(request) is False:
return view_function(request, *args, user=user, **kwargs)
consumer_key = request.params["oauth_consumer_key"]
application_instance = find_by_oauth_consumer_key(request.db, consumer_key)
client_id = application_instance.developer_key
if application_instance is None:
raise exc.HTTPInternalServerError()
authorization_base_url = build_auth_base_url(
application_instance.lms_url, authorization_base_endpoint
)
redirect_uri = build_redirect_uri(request.url, redirect_endpoint)
oauth_session = requests_oauthlib.OAuth2Session(
client_id, redirect_uri=redirect_uri
)
authorization_url, state_guid = oauth_session.authorization_url(
authorization_base_url
)
oauth_state = find_or_create_from_user(
request.db, state_guid, user, request.params
)
if oauth_state is None:
raise exc.HTTPInternalServerError()
return exc.HTTPFound(location=authorization_url)
def should_canvas_oauth(request):
"""Determine if we should perform a canvas oauth."""
# We know we are launching from canvas if we have
# been provided custom_canvas_course_id in the lti
# launch via variable substitution
# also only do oauth if we have a developer key and secret
consumer_key = request.params["oauth_consumer_key"]
application_instance = find_by_oauth_consumer_key(request.db, consumer_key)
return ("custom_canvas_course_id" in request.params
and application_instance.developer_key is not None)
def wrapper(request, *args, **kwargs):
"""Route to handle content item selection oauth response."""
if "state" not in request.params or "code" not in request.params:
raise exc.HTTPInternalServerError("Invalid Oauth Response")
lti_params = lti_params_for(request)
application_instance = find_by_oauth_consumer_key(
request.db, lti_params["oauth_consumer_key"]
)
if application_instance is None:
raise exc.HTTPInternalServerError()
aes_secret = request.registry.settings["aes_secret"]
client_id = application_instance.developer_key
client_secret = application_instance.decrypted_developer_secret(aes_secret)
token_url = build_canvas_token_url(application_instance.lms_url)
state = request.params["state"]
session = requests_oauthlib.OAuth2Session(client_id, state=state)
oauth_resp = session.fetch_token(
token_url,
client_secret=client_secret,
authorization_response=request.url,
code=request.params["code"],
)
user = find_user_from_state(request.db, state)
if application_instance is None:
raise exc.HTTPInternalServerError("Application instance was not found")
new_token = build_token_from_oauth_response(oauth_resp)
update_user_token(request.db, new_token, user)
jwt_token = build_jwt_from_lti_launch(
lti_params, request.registry.settings["jwt_secret"]
)
return view_function(
request,
*args,
token=new_token,
lti_params=lti_params,
user=user,
jwt=jwt_token,
**kwargs
)
def wrapper(request, decoded_jwt, user):
"""Wrap view function."""
if user is None:
return exc.HTTPNotFound()
token = find_token_by_user_id(request.db, user.id)
consumer_key = decoded_jwt["consumer_key"]
application_instance = find_by_oauth_consumer_key(
request.db, consumer_key)
if token is None or application_instance is None:
return exc.HTTPNotFound()
api = CanvasApi(token.access_token, application_instance.lms_url)
return view_function(request, decoded_jwt, user=user, canvas_api=api)
def provisioning_enabled(self):
"""
Return True if provisioning is enabled for this request.
Return True if the provisioning feature is enabled for the current
request, False otherwise.
:raise HTTPBadRequest: if there's no oauth_consumer_key in the request
params
"""
application_instance = find_by_oauth_consumer_key(
self._request.db, self._get_param("oauth_consumer_key"))
if application_instance is None:
return False
return application_instance.provisioning
def handle_lti_launch(request,
token=None,
lti_params=None,
user=None,
jwt=None):
"""
Handle determining which view should be rendered for a given lti launch.
The following cases are supported:
1. If a student launches before a teacher has configured the document then it will
display a message say that the teacher still needs to configure the document.
2. If a student or teacher launch after the document has been configured then it displays the
document with the annotation tools.
3. If a teacher launches and no document has been configured, ict renders a form that allows
them to configure the document.
4. If a student or teacher launches a module item that has been configured
as a canvas file
"""
_check_params(lti_params)
lti_key = lti_params["oauth_consumer_key"]
context_id = lti_params["context_id"]
tool_consumer_instance_guid = lti_params["tool_consumer_instance_guid"]
if is_url_configured(request, lti_params):
return launch_lti(
request,
lti_key=lti_key,
context_id=context_id,
document_url=lti_params["url"],
jwt=jwt,
)
if is_db_configured(request, lti_params):
config = request.db.query(ModuleItemConfiguration).filter(
and_(
ModuleItemConfiguration.resource_link_id ==
lti_params["resource_link_id"],
ModuleItemConfiguration.tool_consumer_instance_guid ==
tool_consumer_instance_guid,
))
return launch_lti(
request,
lti_key=lti_key,
context_id=context_id,
document_url=config.one().document_url,
jwt=jwt,
)
if is_canvas_file(request, lti_params):
token = find_token_by_user_id(request.db, user.id)
application_instance = find_by_oauth_consumer_key(
request.db, lti_params["oauth_consumer_key"])
canvas_api = CanvasApi(token.access_token,
application_instance.lms_url)
file_id = lti_params["file_id"]
result = canvas_api.proxy(f"/api/v1/files/{file_id}/public_url", GET,
{})
if result.status_code < 400:
document_url = result.json()["public_url"]
return launch_lti(
request,
lti_key=lti_key,
context_id=context_id,
document_url=document_url,
jwt=jwt,
)
return _unauthorized(request)
if is_authorized_to_configure(request, lti_params):
consumer_key = request.params["oauth_consumer_key"]
application_instance = get_application_instance(
request.db, consumer_key)
return content_item_form(
request,
lti_params=request.params,
content_item_return_url=request.route_url(
"module_item_configurations"),
lms_url=application_instance.lms_url,
jwt=jwt,
)
return _unauthorized(request)
def should_show_file_picker(lti_params, request):
consumer_key = lti_params["oauth_consumer_key"]
application_instance = find_by_oauth_consumer_key(request.db, consumer_key)
return ("custom_canvas_course_id" in lti_params
and application_instance.developer_key is not None)