d3/d2d/xapitoken_8php_source.html

<?php

/* Copyright (c) 1998-2019 ILIAS open source, Extended GPL, see docs/LICENSE */


chdir("../../");

require_once 'libs/composer/vendor/autoload.php';


$tokenRestriction = true;


$origParam = $_GET['param'];


if (!isset($origParam) || !strlen($origParam))

{

    $error = array('error-code' => 3,'error-text'=> 'invalid request: missing or empty param request parameter');

    send($error);

}


try

{

    $param = base64_decode(rawurldecode($origParam));


    $param = json_decode(openssl_decrypt(

        $param,

        ilCmiXapiAuthToken::OPENSSL_ENCRYPTION_METHOD,

        ilCmiXapiAuthToken::getWacSalt(),

        0,

        ilCmiXapiAuthToken::OPENSSL_IV

    ), true);


    $_COOKIE[session_name()] = $param[session_name()];

    $_COOKIE['ilClientId'] = $param['ilClientId'];

    $objId = $param['obj_id'];

    $refId = $param['ref_id'];


    #\XapiProxy\DataService::initIlias($_COOKIE['ilClientId']);

    ilInitialisation::initILIAS();

    $DIC = $GLOBALS['DIC'];

}

catch (ilCmiXapiException $e)

{

    $error = array('error-code' => '3','error-text'=> 'internal server error');

    send($error);

}


try

{

    $object = ilObjectFactory::getInstanceByObjId($objId, false);

    $token = ilCmiXapiAuthToken::getInstanceByObjIdAndRefIdAndUsrId($objId, $refId, $DIC->user()->getId());

    if ($object->getContentType() == ilObjCmiXapi::CONT_TYPE_CMI5)

    {

        $tokenCmi5Session = $token->getCmi5Session();

        $alreadyReturnedCmi5Session = $token->getReturnedForCmi5Session();

        if ($tokenCmi5Session == $alreadyReturnedCmi5Session)

        {

            // what about reloaded or refreshed pages?

            // see: https://stackoverflow.com/questions/456841/detect-whether-the-browser-is-refreshed-or-not-using-php/456915

            // Beware that the xapitoken request is an ajax request and not all clients send HTTP_REFERRER Header

            if ($tokenRestriction == true)

            {

                $error = array('error-code' => '1','error-text'=> 'The authorization token has already been returned.');

                send($error);

            }

        }

        $token->setReturnedForCmi5Session($tokenCmi5Session);

        $token->update();

    }

    if ($object->isBypassProxyEnabled()) {

        $authToken = $object->getLrsType()->getBasicAuthWithoutBasic();

    } else {

        $authToken = base64_encode(CLIENT_ID . ':' . $token->getToken());

    }


    $response = array("auth-token" => $authToken);

    send($response);

}

catch (ilCmiXapiException $e)

{

    $error = array('error-code' => '2','error-text'=> 'could not create valid session from token.');

    send($error);

}


function send($response)

{

    header('Access-Control-Allow-Origin: '.$_SERVER["HTTP_ORIGIN"]);

    header('Access-Control-Allow-Credentials: true');

    header('Content-type:application/json;charset=utf-8');

    echo json_encode($response);

    exit;

}

$GLOBALS
if(!defined('PATH_SEPARATOR')) $GLOBALS['_PEAR_default_error_mode']
Definition: PEAR.php:64

$_GET
$_GET["client_id"]
Definition: cfg.phpunit.template.php:12

php
An exception for terminatinating execution or to throw for unit testing.

ilCmiXapiAuthToken\OPENSSL_IV
const OPENSSL_IV
Definition: class.ilCmiXapiAuthToken.php:22

ilCmiXapiAuthToken\getWacSalt
static getWacSalt()
Definition: class.ilCmiXapiAuthToken.php:511

ilCmiXapiAuthToken\getInstanceByObjIdAndRefIdAndUsrId
static getInstanceByObjIdAndRefIdAndUsrId($objId, $refId, $usrId, $checkValid=true)
Definition: class.ilCmiXapiAuthToken.php:434

ilCmiXapiAuthToken\OPENSSL_ENCRYPTION_METHOD
const OPENSSL_ENCRYPTION_METHOD
Definition: class.ilCmiXapiAuthToken.php:20

ilCmiXapiException
Definition: class.ilCmiXapiException.php:16

ilInitialisation\initILIAS
static initILIAS()
ilias initialisation
Definition: class.ilInitialisation.php:1041

ilObjCmiXapi\CONT_TYPE_CMI5
const CONT_TYPE_CMI5
Definition: class.ilObjCmiXapi.php:46

ilObjectFactory\getInstanceByObjId
static getInstanceByObjId($a_obj_id, $stop_on_error=true)
get an instance of an Ilias object by object id
Definition: class.ilObjectFactory.php:77

exit
exit
Definition: login.php:29

Vendor\Package\$e
$e
Definition: example_cleaned.php:31

$_SERVER
$_SERVER['HTTP_HOST']
Definition: raiseError.php:10

$token
$token
Definition: xapitoken.php:57

$DIC
$DIC
Definition: xapitoken.php:46

$_COOKIE
$_COOKIE[session_name()]
Definition: xapitoken.php:39

$objId
$objId
Definition: xapitoken.php:41

$tokenRestriction
$tokenRestriction
see: https://github.com/AICC/CMI-5_Spec_Current/blob/quartz/cmi5_spec.md#fetch_url response should al...
Definition: xapitoken.php:17

send
catch(ilCmiXapiException $e) send($response)
Definition: xapitoken.php:92

$origParam
$origParam
Definition: xapitoken.php:19

$refId
$refId
Definition: xapitoken.php:42

$param
$param
Definition: xapitoken.php:31

$response
$response
Definition: xapitoken.php:83