MDL-78578 enrol_lti: permit launch cache access during launch redirects

This handles things like site policies, which store the current URL, redirect to the policy agreement, then redirect back the current URL afterwards. In such cases, we want to redirect back with 'launchid' set so that we can fetch the id_token from the session cache. This is the same thing we already do during account binding, so the patch only makes sure the PAGE->url is properly set before calling require_login.
moodle · Jun 27, 2023 · 8d3fd17 · 8d3fd17
1 parent eb1fab7
commit 8d3fd17
Showing 1 changed file with 4 additions and 2 deletions.
diff --git a/enrol/lti/launch.php b/enrol/lti/launch.php
@@ -108,10 +108,12 @@
     $legacyconsumersecrets ?? []
 );
 
-require_login(null, false);
 global $USER, $CFG, $PAGE;
+// Page URL must be set before the require_login check, so that things like policies can redirect back with the launchid.
+$PAGE->set_url(new moodle_url('/enrol/lti/launch.php'), ['launchid' => $messagelaunch->getLaunchId()]);
+
+require_login(null, false);
 $PAGE->set_context(context_system::instance());
-$PAGE->set_url(new moodle_url('/enrol/lti/launch.php'));
 $PAGE->set_pagelayout('popup'); // Same layout as the tool.php page in Legacy 1.1/2.0 launches.
 $PAGE->set_title(get_string('opentool', 'enrol_lti'));