ILIAS  trunk Revision v12.0_alpha-377-g3641b37b9db
xapitoken.php
Go to the documentation of this file.
1<?php
2
19declare(strict_types=1);
20
21require_once __DIR__ . '/../vendor/composer/vendor/autoload.php';
32$tokenRestriction = true;
33
34$origParam = $_GET['param'];
35
36if (!isset($origParam) || !strlen($origParam)) {
37 $error = array('error-code' => 3,'error-text' => 'invalid request: missing or empty param request parameter');
38 send($error);
39}
40
41try {
42 $param = base64_decode(rawurldecode($origParam));
43
44 $param = json_decode(openssl_decrypt(
45 $param,
46 ilCmiXapiAuthToken::OPENSSL_ENCRYPTION_METHOD,
47 ilCmiXapiAuthToken::getWacSalt(),
48 0,
49 ilCmiXapiAuthToken::OPENSSL_IV
50 ), true);
51
52 $_COOKIE[session_name()] = $param[session_name()];
53
54 $_COOKIE['ilClientId'] = $param['ilClientId'];
55 $objId = $param['obj_id'];
56 $refId = $param['ref_id'];
57
58 ilInitialisation::initILIAS();
59 $DIC = $GLOBALS['DIC'];
60} catch (ilCmiXapiException $e) {
61 $error = array('error-code' => '3','error-text' => 'internal server error');
62 send($error);
63}
64
65try {
66 $object = ilObjectFactory::getInstanceByObjId($objId, false);
67 $token = ilCmiXapiAuthToken::getInstanceByObjIdAndRefIdAndUsrId($objId, $refId, $DIC->user()->getId());
68 if ($object->getContentType() == ilObjCmiXapi::CONT_TYPE_CMI5) {
69 $tokenCmi5Session = $token->getCmi5Session();
70 $alreadyReturnedCmi5Session = $token->getReturnedForCmi5Session();
71 if ($tokenCmi5Session == $alreadyReturnedCmi5Session) {
72 // what about reloaded or refreshed pages?
73 // see: https://stackoverflow.com/questions/456841/detect-whether-the-browser-is-refreshed-or-not-using-php/456915
74 // Beware that the xapitoken request is an ajax request and not all clients send HTTP_REFERRER Header
75 if ($tokenRestriction == true) {
76 $error = array('error-code' => '1','error-text' => 'The authorization token has already been returned.');
77 send($error);
78 }
79 }
80 $token->setReturnedForCmi5Session($tokenCmi5Session);
81 $token->update();
82 }
83 if ($object->isBypassProxyEnabled()) {
84 $authToken = $object->getLrsType()->getBasicAuthWithoutBasic();
85 } else {
86 $authToken = base64_encode(CLIENT_ID . ':' . $token->getToken());
87 }
88
89
90 $response = array("auth-token" => $authToken);
91 send($response);
92} catch (ilCmiXapiException $e) {
93 $error = array('error-code' => '2','error-text' => 'could not create valid session from token.');
94 send($error);
95}
96
97function send($response): void
98{
99 if (isset($_SERVER["HTTP_ORIGIN"]) && $_SERVER["HTTP_ORIGIN"] != "") {
100 header('Access-Control-Allow-Origin: ' . $_SERVER["HTTP_ORIGIN"]);
101 }
102 header('Access-Control-Allow-Credentials: true');
103 header('Content-type:application/json;charset=utf-8');
104 echo json_encode($response);
105 exit;
106}
ilCmiXapiAuthToken\getInstanceByObjIdAndRefIdAndUsrId
static getInstanceByObjIdAndRefIdAndUsrId(int $objId, int $refId, int $usrId, bool $checkValid=true)
Definition: class.ilCmiXapiAuthToken.php:358
ilInitialisation\initILIAS
static initILIAS()
ilias initialisation
Definition: class.ilInitialisation.php:1144
ilObjectFactory\getInstanceByObjId
static getInstanceByObjId(?int $obj_id, bool $stop_on_error=true)
get an instance of an Ilias object by object id
Definition: class.ilObjectFactory.php:84
CLIENT_ID
const CLIENT_ID
Definition: constants.php:41
exit
exit
Definition: dummy_client.php:21
$_GET
$_GET['cmd']
Definition: lti.php:26
$_SERVER
$_SERVER['HTTP_HOST']
Definition: raiseError.php:26
$GLOBALS
$GLOBALS["DIC"]
Definition: wac.php:54
$token
$token
Definition: xapitoken.php:67
$DIC
$DIC
Definition: xapitoken.php:59
$_COOKIE
$_COOKIE[session_name()]
Definition: xapitoken.php:52
$objId
$objId
Definition: xapitoken.php:55
$tokenRestriction
$tokenRestriction
see: https://github.com/AICC/CMI-5_Spec_Current/blob/quartz/cmi5_spec.md#fetch_url response should al...
Definition: xapitoken.php:32
send
catch(ilCmiXapiException $e) send($response)
Definition: xapitoken.php:97
$origParam
$origParam
Definition: xapitoken.php:34
$refId
$refId
Definition: xapitoken.php:56
$param
$param
Definition: xapitoken.php:44
$response
$response
Definition: xapitoken.php:90