d3/d2d/xapitoken_8php_source.html

<?php

/* Copyright (c) 1998-2019 ILIAS open source, Extended GPL, see docs/LICENSE */


chdir("../../");

require_once 'libs/composer/vendor/autoload.php';


$tokenRestriction = true;


$origParam = $_GET['param'];


if (!isset($origParam) || !strlen($origParam)) {

    $error = array('error-code' => 3,'error-text' => 'invalid request: missing or empty param request parameter');

    send($error);

}


try {

    $param = base64_decode(rawurldecode($origParam));


    $param = json_decode(openssl_decrypt(

        $param,

        ilCmiXapiAuthToken::OPENSSL_ENCRYPTION_METHOD,

        ilCmiXapiAuthToken::getWacSalt(),

        0,

        ilCmiXapiAuthToken::OPENSSL_IV

    ), true);


    $_COOKIE[session_name()] = $param[session_name()];

    $_COOKIE['ilClientId'] = $param['ilClientId'];

    $objId = $param['obj_id'];

    $refId = $param['ref_id'];


    #\XapiProxy\DataService::initIlias($_COOKIE['ilClientId']);

    ilInitialisation::initILIAS();

    $DIC = $GLOBALS['DIC'];

} catch (ilCmiXapiException $e) {

    $error = array('error-code' => '3','error-text' => 'internal server error');

    send($error);

}


try {

    $object = ilObjectFactory::getInstanceByObjId($objId, false);

    $token = ilCmiXapiAuthToken::getInstanceByObjIdAndRefIdAndUsrId($objId, $refId, $DIC->user()->getId());

    if ($object->getContentType() == ilObjCmiXapi::CONT_TYPE_CMI5) {

        $tokenCmi5Session = $token->getCmi5Session();

        $alreadyReturnedCmi5Session = $token->getReturnedForCmi5Session();

        if ($tokenCmi5Session == $alreadyReturnedCmi5Session) {

            // what about reloaded or refreshed pages?

            // see: https://stackoverflow.com/questions/456841/detect-whether-the-browser-is-refreshed-or-not-using-php/456915

            // Beware that the xapitoken request is an ajax request and not all clients send HTTP_REFERRER Header

            if ($tokenRestriction == true) {

                $error = array('error-code' => '1','error-text' => 'The authorization token has already been returned.');

                send($error);

            }

        }

        $token->setReturnedForCmi5Session($tokenCmi5Session);

        $token->update();

    }

    if ($object->isBypassProxyEnabled()) {

        $authToken = $object->getLrsType()->getBasicAuthWithoutBasic();

    } else {

        $authToken = base64_encode(CLIENT_ID . ':' . $token->getToken());

    }


    $response = array("auth-token" => $authToken);

    send($response);

} catch (ilCmiXapiException $e) {

    $error = array('error-code' => '2','error-text' => 'could not create valid session from token.');

    send($error);

}


function send($response)

{

    header('Access-Control-Allow-Origin: ' . $_SERVER["HTTP_ORIGIN"]);

    header('Access-Control-Allow-Credentials: true');

    header('Content-type:application/json;charset=utf-8');

    echo json_encode($response);

    exit;

}

$GLOBALS
if(!defined('PATH_SEPARATOR')) $GLOBALS['_PEAR_default_error_mode']
Definition: PEAR.php:64

$_GET
$_GET["client_id"]
Definition: cfg.phpunit.template.php:12

php
An exception for terminatinating execution or to throw for unit testing.

ilCmiXapiAuthToken\OPENSSL_IV
const OPENSSL_IV
Definition: class.ilCmiXapiAuthToken.php:21

ilCmiXapiAuthToken\getWacSalt
static getWacSalt()
Definition: class.ilCmiXapiAuthToken.php:507

ilCmiXapiAuthToken\getInstanceByObjIdAndRefIdAndUsrId
static getInstanceByObjIdAndRefIdAndUsrId($objId, $refId, $usrId, $checkValid=true)
Definition: class.ilCmiXapiAuthToken.php:433

ilCmiXapiAuthToken\OPENSSL_ENCRYPTION_METHOD
const OPENSSL_ENCRYPTION_METHOD
Definition: class.ilCmiXapiAuthToken.php:19

ilCmiXapiException
Definition: class.ilCmiXapiException.php:16

ilInitialisation\initILIAS
static initILIAS()
ilias initialisation
Definition: class.ilInitialisation.php:1158

ilObjCmiXapi\CONT_TYPE_CMI5
const CONT_TYPE_CMI5
Definition: class.ilObjCmiXapi.php:46

ilObjectFactory\getInstanceByObjId
static getInstanceByObjId($a_obj_id, $stop_on_error=true)
get an instance of an Ilias object by object id
Definition: class.ilObjectFactory.php:70

CLIENT_ID
const CLIENT_ID
Definition: constants.php:39

exit
exit
Definition: login.php:29

Vendor\Package\$e
$e
Definition: example_cleaned.php:31

$_SERVER
$_SERVER['HTTP_HOST']
Definition: raiseError.php:10

$token
$token
Definition: xapitoken.php:52

$DIC
$DIC
Definition: xapitoken.php:44

$_COOKIE
$_COOKIE[session_name()]
Definition: xapitoken.php:37

$objId
$objId
Definition: xapitoken.php:39

$tokenRestriction
$tokenRestriction
see: https://github.com/AICC/CMI-5_Spec_Current/blob/quartz/cmi5_spec.md#fetch_url response should al...
Definition: xapitoken.php:17

send
catch(ilCmiXapiException $e) send($response)
Definition: xapitoken.php:82

$origParam
$origParam
Definition: xapitoken.php:19

$refId
$refId
Definition: xapitoken.php:40

$param
$param
Definition: xapitoken.php:29

$response
$response
Definition: xapitoken.php:75