d6/d23/ltiauth_8php_source.html

<?php


declare(strict_types=1);


require_once("../vendor/composer/vendor/autoload.php");


if (strtoupper($_SERVER['REQUEST_METHOD']) == 'POST') {

    $orig = new ArrayObject($_POST);

    $data = $orig->getArrayCopy();

} elseif (strtoupper($_SERVER['REQUEST_METHOD']) == 'GET') {

    $orig = new ArrayObject($_GET);

    $data = $orig->getArrayCopy();

    // early removing client_id from $_GET

    // otherwise the client_id is interpreted as ILIAS client_id

    // and client.ini.php will not be found

    if (isset($_GET['client_id'])) {

        unset($_GET['client_id']);

    }

} else {

    header($_SERVER["SERVER_PROTOCOL"] . " 405 Method Not Allowed", true, 405);

    exit;

}


ilInitialisation::initILIAS();


global $DIC;


$ltiMessageHint = $data['lti_message_hint'];


if (empty($ltiMessageHint)) {

    $DIC->http()->saveResponse(

        $DIC->http()->response()

        ->withStatus(400)

    );

    try {

        $DIC->http()->sendResponse();

        $DIC->http()->close();

    } catch (\ILIAS\HTTP\Response\Sender\ResponseSendingException $e) {

        $DIC->http()->close();

    }

}

$mh = explode(":", $ltiMessageHint);

$isContentSelection = false;

$ref_id = '';

$client_id = '';

$redirect_uri = '';

if (count($mh) == 2) { // launch message auth

    list($ref_id, $client_id) = explode(":", $ltiMessageHint);

} else { // contentSelection message auth

    $isContentSelection = true;

    list($ref_id, $client_id, $redirect_uri) = explode(":", $ltiMessageHint);

}


ilSession::set('lti13_login_data', $data);

if ($isContentSelection) {

    $url = "../../../" . base64_decode($redirect_uri);

} else {

    $url = "../../../goto.php?target=lti_" . $ref_id . "&client_id=" . $client_id;

}


function buildSameSiteNoneSessionCookieHeader(): ?string

{

    if (session_status() !== PHP_SESSION_ACTIVE || session_id() === '') {

        return null;

    }


    $cookieParams = session_get_cookie_params();

    $secure = (bool) ($cookieParams['secure'] ?? false);

    if (!$secure) {

        return null;

    }


    $cookieName = session_name();

    $cookieValue = session_id();

    $path = (string) ($cookieParams['path'] ?? '/');

    $domain = (string) ($cookieParams['domain'] ?? '');

    $httpOnly = (bool) ($cookieParams['httponly'] ?? true);


    $parts = [

        rawurlencode($cookieName) . '=' . rawurlencode($cookieValue),

        'Path=' . $path,

        'Secure',

        'SameSite=None'

    ];


    if ($domain !== '') {

        $parts[] = 'Domain=' . $domain;

    }

    if ($httpOnly) {

        $parts[] = 'HttpOnly';

    }


    return implode('; ', $parts);

}


$response = $DIC->http()->response()

    ->withStatus(302)

    ->withAddedHeader('Location', $url);


$sessionCookieHeader = buildSameSiteNoneSessionCookieHeader();

if ($sessionCookieHeader !== null) {

    $response = $response->withAddedHeader('Set-Cookie', $sessionCookieHeader);

}


$DIC->http()->saveResponse(

    $response

);

try {

    $DIC->http()->sendResponse();

    $DIC->http()->close();

} catch (\ILIAS\HTTP\Response\Sender\ResponseSendingException $e) {

    $DIC->http()->close();

}

ilInitialisation\initILIAS
static initILIAS()
ilias initialisation
Definition: class.ilInitialisation.php:1151

ilSession\set
static set(string $a_var, $a_val)
Set a value.
Definition: class.ilSession.php:386

$_GET
$_GET['cmd']
Definition: lti.php:26

$_POST
$_POST['cmd']
Definition: lti.php:27

$redirect_uri
$redirect_uri
Definition: ltiauth.php:68

$client_id
$client_id
Definition: ltiauth.php:67

$sessionCookieHeader
$sessionCookieHeader
Definition: ltiauth.php:122

$isContentSelection
$isContentSelection
Definition: ltiauth.php:65

$DIC
global $DIC
Definition: ltiauth.php:48

exit
exit
Definition: ltiauth.php:43

$mh
if(empty($ltiMessageHint)) $mh
Definition: ltiauth.php:64

$ltiMessageHint
$ltiMessageHint
Definition: ltiauth.php:50

buildSameSiteNoneSessionCookieHeader
buildSameSiteNoneSessionCookieHeader()
Definition: ltiauth.php:83

$ref_id
$ref_id
Definition: ltiauth.php:66

$response
$response
Definition: ltiauth.php:118

$data
$data
Definition: ltiregistration.php:29

$path
$path
Definition: ltiservices.php:30

$parts
if($clientAssertionType !='urn:ietf:params:oauth:client-assertion-type:jwt-bearer'|| $grantType !='client_credentials') $parts
Definition: ltitoken.php:61

ILIAS\UI\examples\Symbol\Glyph\Header\header
header()
Definition: header.php:29

ILIAS
Interface Observer \BackgroundTasks Contains several chained tasks and infos about them.
Definition: AccessControl.php:21

Vendor\Package\$e
$e
Definition: example_cleaned.php:49

$_SERVER
$_SERVER['HTTP_HOST']
Definition: raiseError.php:26

$url
$url
Definition: shib_logout.php:70