ILIAS  trunk Revision v11.0_alpha-1715-g7fc467680fb
All Data Structures Namespaces Files Functions Variables Enumerations Enumerator Modules Pages
xapitoken.php
Go to the documentation of this file.
1 <?php
2 
19 declare(strict_types=1);
20 
21 chdir("../../../");
22 require_once 'vendor/composer/vendor/autoload.php';
23 
34 $tokenRestriction = true;
35 
36 $origParam = $_GET['param'];
37 
38 if (!isset($origParam) || !strlen($origParam)) {
39  $error = array('error-code' => 3,'error-text' => 'invalid request: missing or empty param request parameter');
40  send($error);
41 }
42 
43 try {
44  $param = base64_decode(rawurldecode($origParam));
45 
46  $param = json_decode(openssl_decrypt(
47  $param,
48  ilCmiXapiAuthToken::OPENSSL_ENCRYPTION_METHOD,
49  ilCmiXapiAuthToken::getWacSalt(),
50  0,
51  ilCmiXapiAuthToken::OPENSSL_IV
52  ), true);
53 
54  $_COOKIE[session_name()] = $param[session_name()];
55 
56  $_COOKIE['ilClientId'] = $param['ilClientId'];
57  $objId = $param['obj_id'];
58  $refId = $param['ref_id'];
59 
60  #\XapiProxy\DataService::initIlias($_COOKIE['ilClientId']);
61  ilInitialisation::initILIAS();
62  $DIC = $GLOBALS['DIC'];
63 } catch (ilCmiXapiException $e) {
64  $error = array('error-code' => '3','error-text' => 'internal server error');
65  send($error);
66 }
67 
68 try {
69  $object = ilObjectFactory::getInstanceByObjId($objId, false);
70  $token = ilCmiXapiAuthToken::getInstanceByObjIdAndRefIdAndUsrId($objId, $refId, $DIC->user()->getId());
71  if ($object->getContentType() == ilObjCmiXapi::CONT_TYPE_CMI5) {
72  $tokenCmi5Session = $token->getCmi5Session();
73  $alreadyReturnedCmi5Session = $token->getReturnedForCmi5Session();
74  if ($tokenCmi5Session == $alreadyReturnedCmi5Session) {
75  // what about reloaded or refreshed pages?
76  // see: https://stackoverflow.com/questions/456841/detect-whether-the-browser-is-refreshed-or-not-using-php/456915
77  // Beware that the xapitoken request is an ajax request and not all clients send HTTP_REFERRER Header
78  if ($tokenRestriction == true) {
79  $error = array('error-code' => '1','error-text' => 'The authorization token has already been returned.');
80  send($error);
81  }
82  }
83  $token->setReturnedForCmi5Session($tokenCmi5Session);
84  $token->update();
85  }
86  if ($object->isBypassProxyEnabled()) {
87  $authToken = $object->getLrsType()->getBasicAuthWithoutBasic();
88  } else {
89  $authToken = base64_encode(CLIENT_ID . ':' . $token->getToken());
90  }
91 
92 
93  $response = array("auth-token" => $authToken);
94  send($response);
95 } catch (ilCmiXapiException $e) {
96  $error = array('error-code' => '2','error-text' => 'could not create valid session from token.');
97  send($error);
98 }
99 
100 function send($response): void
101 {
102  if (isset($_SERVER["HTTP_ORIGIN"]) && $_SERVER["HTTP_ORIGIN"] != "") {
103  header('Access-Control-Allow-Origin: ' . $_SERVER["HTTP_ORIGIN"]);
104  }
105  header('Access-Control-Allow-Credentials: true');
106  header('Content-type:application/json;charset=utf-8');
107  echo json_encode($response);
108  exit;
109 }
$tokenRestriction
$tokenRestriction
see: https://github.com/AICC/CMI-5_Spec_Current/blob/quartz/cmi5_spec.md#fetch_url response should al...
Definition: xapitoken.php:34
$_GET
$_GET["client_id"]
Definition: webdav.php:30
$response
$response
Definition: xapitoken.php:93
$objId
$objId
Definition: xapitoken.php:57
$refId
$refId
Definition: xapitoken.php:58
ilInitialisation\initILIAS
static initILIAS()
ilias initialisation
Definition: class.ilInitialisation.php:1145
$GLOBALS
$GLOBALS["DIC"]
Definition: wac.php:53
$token
$token
Definition: xapitoken.php:70
$_SERVER
$_SERVER['HTTP_HOST']
Definition: raiseError.php:26
$param
$param
Definition: xapitoken.php:46
CLIENT_ID
const CLIENT_ID
Definition: constants.php:41
ilCmiXapiAuthToken\getInstanceByObjIdAndRefIdAndUsrId
static getInstanceByObjIdAndRefIdAndUsrId(int $objId, int $refId, int $usrId, bool $checkValid=true)
Definition: class.ilCmiXapiAuthToken.php:358
$DIC
$DIC
Definition: xapitoken.php:62
ilObjectFactory\getInstanceByObjId
static getInstanceByObjId(?int $obj_id, bool $stop_on_error=true)
get an instance of an Ilias object by object id
Definition: class.ilObjectFactory.php:84
$origParam
$origParam
Definition: xapitoken.php:36
$_COOKIE
$_COOKIE[session_name()]
Definition: xapitoken.php:54
ILIAS\UI\examples\Symbol\Glyph\Header\header
header()
expected output: > ILIAS shows the rendered Component.
Definition: header.php:29
exit
exit
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: zoneinfo_generator.php:19
send
catch(ilCmiXapiException $e) send($response)
Definition: xapitoken.php:100