ILIAS  release_7 Revision v7.30-3-g800a261c036
All Data Structures Namespaces Files Functions Variables Modules Pages
xapitoken.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (c) 1998-2019 ILIAS open source, Extended GPL, see docs/LICENSE */
3 
4 chdir("../../");
5 require_once 'libs/composer/vendor/autoload.php';
6 
17 $tokenRestriction = true;
18 
19 $origParam = $_GET['param'];
20 
21 if (!isset($origParam) || !strlen($origParam)) {
22  $error = array('error-code' => 3,'error-text' => 'invalid request: missing or empty param request parameter');
23  send($error);
24 }
25 
26 try {
27  $param = base64_decode(rawurldecode($origParam));
28 
29  $param = json_decode(openssl_decrypt(
30  $param,
31  ilCmiXapiAuthToken::OPENSSL_ENCRYPTION_METHOD,
32  ilCmiXapiAuthToken::getWacSalt(),
33  0,
34  ilCmiXapiAuthToken::OPENSSL_IV
35  ), true);
36 
37  $_COOKIE[session_name()] = $param[session_name()];
38  $_COOKIE['ilClientId'] = $param['ilClientId'];
39  $objId = $param['obj_id'];
40  $refId = $param['ref_id'];
41 
42  #\XapiProxy\DataService::initIlias($_COOKIE['ilClientId']);
43  ilInitialisation::initILIAS();
44  $DIC = $GLOBALS['DIC'];
45 } catch (ilCmiXapiException $e) {
46  $error = array('error-code' => '3','error-text' => 'internal server error');
47  send($error);
48 }
49 
50 try {
51  $object = ilObjectFactory::getInstanceByObjId($objId, false);
52  $token = ilCmiXapiAuthToken::getInstanceByObjIdAndRefIdAndUsrId($objId, $refId, $DIC->user()->getId());
53  if ($object->getContentType() == ilObjCmiXapi::CONT_TYPE_CMI5) {
54  $tokenCmi5Session = $token->getCmi5Session();
55  $alreadyReturnedCmi5Session = $token->getReturnedForCmi5Session();
56  if ($tokenCmi5Session == $alreadyReturnedCmi5Session) {
57  // what about reloaded or refreshed pages?
58  // see: https://stackoverflow.com/questions/456841/detect-whether-the-browser-is-refreshed-or-not-using-php/456915
59  // Beware that the xapitoken request is an ajax request and not all clients send HTTP_REFERRER Header
60  if ($tokenRestriction == true) {
61  $error = array('error-code' => '1','error-text' => 'The authorization token has already been returned.');
62  send($error);
63  }
64  }
65  $token->setReturnedForCmi5Session($tokenCmi5Session);
66  $token->update();
67  }
68  if ($object->isBypassProxyEnabled()) {
69  $authToken = $object->getLrsType()->getBasicAuthWithoutBasic();
70  } else {
71  $authToken = base64_encode(CLIENT_ID . ':' . $token->getToken());
72  }
73 
74 
75  $response = array("auth-token" => $authToken);
76  send($response);
77 } catch (ilCmiXapiException $e) {
78  $error = array('error-code' => '2','error-text' => 'could not create valid session from token.');
79  send($error);
80 }
81 
82 function send($response)
83 {
84  header('Access-Control-Allow-Origin: ' . $_SERVER["HTTP_ORIGIN"]);
85  header('Access-Control-Allow-Credentials: true');
86  header('Content-type:application/json;charset=utf-8');
87  echo json_encode($response);
88  exit;
89 }
$tokenRestriction
$tokenRestriction
see: https://github.com/AICC/CMI-5_Spec_Current/blob/quartz/cmi5_spec.md#fetch_url response should al...
Definition: xapitoken.php:17
exit
exit
Definition: login.php:29
$_GET
$_GET["client_id"]
Definition: cfg.phpunit.template.php:12
$response
$response
Definition: xapitoken.php:75
$objId
$objId
Definition: xapitoken.php:39
$refId
$refId
Definition: xapitoken.php:40
ilInitialisation\initILIAS
static initILIAS()
ilias initialisation
Definition: class.ilInitialisation.php:1158
$token
$token
Definition: xapitoken.php:52
$_SERVER
$_SERVER['HTTP_HOST']
Definition: raiseError.php:10
$param
$param
Definition: xapitoken.php:29
CLIENT_ID
const CLIENT_ID
Definition: constants.php:39
$GLOBALS
if(!defined('PATH_SEPARATOR')) $GLOBALS['_PEAR_default_error_mode']
Definition: PEAR.php:64
$DIC
$DIC
Definition: xapitoken.php:44
ilObjectFactory\getInstanceByObjId
static getInstanceByObjId($a_obj_id, $stop_on_error=true)
get an instance of an Ilias object by object id
Definition: class.ilObjectFactory.php:70
ilCmiXapiAuthToken\getInstanceByObjIdAndRefIdAndUsrId
static getInstanceByObjIdAndRefIdAndUsrId($objId, $refId, $usrId, $checkValid=true)
Definition: class.ilCmiXapiAuthToken.php:433
$origParam
$origParam
Definition: xapitoken.php:19
$_COOKIE
$_COOKIE[session_name()]
Definition: xapitoken.php:37
send
catch(ilCmiXapiException $e) send($response)
Definition: xapitoken.php:82