示例#1
0
def lti_tool():
    key = request.form.get('oauth_consumer_key')
    if key:
        secret = oauth_creds.get(key)
        if secret:
            tool_provider = ToolProvider(key, secret, request.form)
        else:
            tool_provider = ToolProvider(None, None, request.form)
            tool_provider.lti_msg = 'Your consumer didn\'t use a recognized key'
            tool_provider.lti_errorlog = 'You did it wrong!'
            return render_template('error.html', message = 'Consumer key wasn\'t recognized', params = request.form)
    else:
        return render_template('error.html', message='No consumer key')

    if not tool_provider.is_launch_request():
        print 'invalid request'
        return render_template('error.html', message='OAuth signature was invalid', params=request.form)

    if time() - int(tool_provider.oauth_timestamp) > 60*60:
        print 'timed out'
        return render_template('error.html', message='Your request is too old.')

    if was_nonce_used_in_last_x_minutes(tool_provider.oauth_nonce, 60):
        print 'nonce error'
        return render_template('error.html', message='Why are you reusing the nonce?')

    session['launch_params'] = tool_provider.to_params()
    username = tool_provider.username('Dude')

    if tool_provider.is_outcome_service():
        return render_template('assessment.html', username=username)
    else:
        tool_provider.lti_msg = 'This tool does not return a score.'
        return render_template('boring_tool', username=username, student=tool_provider.is_student(), instructor=tool_provider.is_teacher(),
                roles=tool_provider.roles, launch_presentation_return_url=tool_provider.launch_presentation_return_url)
示例#2
0
def verify_credentials():
    if 'oauth_consumer_key' in request.form:
        consumer_key = request.form['oauth_consumer_key']
        permission_to_lt_user = PermissionToLtUser.find(key = consumer_key)
        # TODO: check for nonce
        # TODO: check for old requests
        if permission_to_lt_user is None:
            response = Response(render_template('lti/errors.html', message = gettext("Invalid consumer key. Please check it again.")))
            # response.status_code = 412
            return response
        secret = permission_to_lt_user.secret
        # The original dict is in unicode, which does not work with ToolProvider
        USE_UNICODE = False
        if USE_UNICODE:
            data_dict = request.form.to_dict()
        else:
            data_dict = {} 
            for key, value in request.form.to_dict().iteritems():
                data_dict[key.encode('utf8')] = value.encode('utf8')
        tool_provider = ToolProvider(consumer_key, secret, data_dict)
        try:
            return_value = tool_provider.valid_request(request)
        except:
            traceback.print_exc()
            response = Response(render_template('lti/errors.html', message = gettext("Invalid secret: could not validate request.")))
            # response.status_code = 403
            return response
        else:
            if return_value == False:
                response = Response(render_template('lti/errors.html', message = gettext("Request checked and failed. Please check that the 'secret' is correct.")))
                # response.status_code = 403
                return response
        session['author_identifier']  = request.form['user_id']
        if 'lis_person_name_full' in request.form:
            session['user_fullname'] = request.form['lis_person_name_full']
        if 'context_id' in request.form:
            session['group_id'] = request.form['context_id']
        if 'context_title' in request.form:
            session['group_name'] = request.form['context_title']
        if 'launch_presentation_locale' in request.form:
            session['launch_locale'] = request.form['launch_presentation_locale']
        if 'launch_presentation_document_target' in request.form:
            session['launch_presentation_document_target'] = request.form['launch_presentation_document_target']
        if 'launch_presentation_return_url' in request.form:
            session['launch_presentation_return_url'] = request.form['launch_presentation_return_url']
        session['consumer'] = consumer_key
        session['last_request'] = time()
        return
    elif 'consumer' in session:
        if float(session['last_request']) - time() < 60 * 60 * 5: # Five Hours
            session['last_request'] = time()
            return
    else:
        response = Response(render_template('lti/errors.html', message = gettext("Session not initialized. Are you a LMS?")))
        # response.status_code = 403
        return response
示例#3
0
def assessment():
    if session['launch_params']:
        key = session['launch_params']['oauth_consumer_key']
    else:
        return render_template('error.html', message='The tool never launched')

    tool_provider = ToolProvider(key, oauth_creds[key], session['launch_params'])

    if not tool_provider.is_outcome_service():
        return render_template('error.html', message='The tool wasn\'t launched as an outcome service.')

    # Post the score to the ToolConsumer
    score = request.form.get('score')    
    response = tool_provider.post_replace_result(request.form.get('score'))
    print score
    tool_provider.lti_message = 'Message shown when arriving back at Tool Consumer.'
    return render_template('assessment_finished.html', score=score)
示例#4
0
def verify_credentials():
    if 'oauth_consumer_key' in request.form:
        consumer_key = request.form['oauth_consumer_key']
        permission_to_lt_user = PermissionToLtUser.find(key=consumer_key)
        # TODO: check for nonce
        # TODO: check for old requests
        if permission_to_lt_user is None:
            response = Response(
                render_template(
                    'lti/errors.html',
                    message=gettext(
                        "Invalid consumer key. Please check it again.")))
            # response.status_code = 412
            return response
        secret = permission_to_lt_user.secret
        # The original dict is in unicode, which does not work with ToolProvider
        USE_UNICODE = False
        if USE_UNICODE:
            data_dict = request.form.to_dict()
        else:
            data_dict = {}
            for key, value in request.form.to_dict().iteritems():
                data_dict[key.encode('utf8')] = value.encode('utf8')
        tool_provider = ToolProvider(consumer_key, secret, data_dict)
        try:
            return_value = tool_provider.valid_request(request)
        except:
            traceback.print_exc()
            response = Response(
                render_template(
                    'lti/errors.html',
                    message=gettext(
                        "Invalid secret: could not validate request.")))
            # response.status_code = 403
            return response
        else:
            if return_value == False:
                response = Response(
                    render_template(
                        'lti/errors.html',
                        message=gettext(
                            "Request checked and failed. Please check that the 'secret' is correct."
                        )))
                # response.status_code = 403
                return response
        session['author_identifier'] = request.form['user_id']
        if 'lis_person_name_full' in request.form:
            session['user_fullname'] = request.form['lis_person_name_full']
        if 'context_id' in request.form:
            session['group_id'] = request.form['context_id']
        if 'context_title' in request.form:
            session['group_name'] = request.form['context_title']
        if 'launch_presentation_locale' in request.form:
            session['launch_locale'] = request.form[
                'launch_presentation_locale']
        if 'launch_presentation_document_target' in request.form:
            session['launch_presentation_document_target'] = request.form[
                'launch_presentation_document_target']
        if 'launch_presentation_return_url' in request.form:
            session['launch_presentation_return_url'] = request.form[
                'launch_presentation_return_url']
        session['consumer'] = consumer_key
        session['last_request'] = time()
        return
    elif 'consumer' in session:
        if float(session['last_request']) - time() < 60 * 60 * 5:  # Five Hours
            session['last_request'] = time()
            return
    else:
        response = Response(
            render_template(
                'lti/errors.html',
                message=gettext("Session not initialized. Are you a LMS?")))
        # response.status_code = 403
        return response
示例#5
0
def lti_tool():
    """
    Bootstrapper for lti.
    """
    course_id = request.values.get('custom_canvas_course_id')
    canvas_user_id = request.values.get('custom_canvas_user_id')
    canvas_domain = request.values.get('custom_canvas_api_domain')

    if canvas_domain not in config.ALLOWED_CANVAS_DOMAINS:
        msg = (
            '<p>This tool is only available from the following domain(s):<br/>{}</p>'
            '<p>You attempted to access from this domain:<br/>{}</p>'
        )
        return render_template(
            'error.html',
            message=msg.format(', '.join(config.ALLOWED_CANVAS_DOMAINS), canvas_domain),
        )

    roles = request.form.get('ext_roles', [])
    if "Administrator" not in roles and "Instructor" not in roles:
        return render_template(
            'error.html',
            message='Must be an Administrator or Instructor',
            params=request.form
        )

    session["is_admin"] = "Administrator" in roles

    key = request.form.get('oauth_consumer_key')
    if key:
        secret = oauth_creds.get(key)
        if secret:
            tool_provider = ToolProvider(key, secret, request.form)
        else:
            tool_provider = ToolProvider(None, None, request.form)
            tool_provider.lti_msg = 'Your consumer didn\'t use a recognized key'
            tool_provider.lti_errorlog = 'You did it wrong!'
            return render_template(
                'error.html',
                message='Consumer key wasn\'t recognized',
                params=request.form
            )
    else:
        return render_template('error.html', message='No consumer key')
    if not tool_provider.is_valid_request(request):
        return render_template(
            'error.html',
            message='The OAuth signature was invalid',
            params=request.form
        )

    if time() - int(tool_provider.oauth_timestamp) > 60 * 60:
        return render_template('error.html', message='Your request is too old.')

    # This does truly check anything, it's just here to remind you  that real
    # tools should be checking the OAuth nonce
    if was_nonce_used_in_last_x_minutes(tool_provider.oauth_nonce, 60):
        return render_template('error.html', message='Why are you reusing the nonce?')

    session['canvas_user_id'] = canvas_user_id
    session['lti_logged_in'] = True
    session['launch_params'] = tool_provider.to_params()

    return redirect(url_for('quiz', course_id=course_id))
示例#6
0
def create_test_tp():
    '''
    Returns a new ToolProvider.
    '''
    return ToolProvider('hi', 'oi', create_params_tp())