MDL-45843 mod_lti: introduced support to LTI 2.0

This commit introduces support to the LTI module for LTI 2.0.
As well as the initial commit the following changes were made
and then squashed into the single commit for integration:

* Fixed bug in services
  Fixed bug which limited characters allowed in values of template
  variables (e.g. vendor ID) in service endpoints.
  Changed language file to refer to tool registrations rather than
  tool proxies.

* Refactored service classes
  Moved classes relating to services into areas where Moodle will
  autoload them

* Ran code through code checker
  Removed all errors reported by the Code checker module
  excluding third-party OAuth.php file.

* UI improvements
  Mainly when adding an external tool to a course - fields which
  should not be changed for a selected tool are either hidden or
  disabled. Admin settings page now shows the Tool Registration
  name against a tool rather than the launch URL, and the
  registration URL replaces the GUID on the tool registrations
  page.

* Updated tool proxy registration
  Added check of tool proxy to ensure only offered capabilities
  and services are included.  Also check tool proxy when processing
  a service request.

* Code review changes
  Some fixes based on code review by Mark Nielsen and addition of
  some PHPDocs comments.

* Updates from code/PHPdocs checks
  Removed use of eval and corrected invalid PHPdocs for new
  functions/classes

* Corrected namespace error and incorrect string terminator

* Updates based on forum feedback
  Added dependencies and backup, restore and uninstall methods for
  ltiservice subplugins.
  Changed most uses of is_null to empty

* Updated custom parameters test
  Updated test_split_custom_parameters to include new function
  parameters.
  Corrected PHPdoc entry for lti_split_custom_parameters
  Fixed incorrect line separators in ltiservice.php

* Added require_capability to registrationreturn.php

* SQL and EOL updates
  Moved PHP variable in SQL into a named parameter
  Improved checks for end-of-line characters to include CR and LF
  on their own or together

* Check for semicolon separators
  Semicolon separators in custom parameters are changed to EOL
  characters when upgrading to the 2014100100 version.

* Remove unused file
  basiclti.js file not being used so removed.

* Adjust line lengths
  Split long lines in upgrade.php

* Added savepoint to upgrade.php
  savepoint omitted from earlier update to upgrade.php

* Updated namespaces and upgrade
  Service and resource classes moved into .../local/...
  Upgrade SQL moved into a function and unit test created

* Updated lti_tool_proxies table
  Added indices and foreign keys to lti_tool_proxies table

* Fixed formatting and documentation issues

* ltiservice class moved into local

* Replaced lti_scale_used comments
  Put back commented out code for lti_scale_used

* Removed redundant sesskey code

* Fixed namespace and path check
  Updated ltiservice namespace for move into local
  Added check for existence of $_SERVER['PATH_INFO']

* Updated upgrade code
  Added indices and keys to lti_tool_settings table when upgrading
  Fixed errors in upgradelib_test.php (thanks to jleyva)
  Update SQL to use Moodle functions

* Use of empty with class method
  PHP 5.4 does not like the use of empty with a class method so saved the
  value to a variable first.  PHP 5.5 seems to accept the use of a method
  with empty.

* Removed redundant indices
  Removed creation of indices for foreign keys on lti_tool_settings table
  from install.xml and upgrade.php

* Fixes based on feedback
  Minor changes and corrections based on review in JIRA

* Fixed bug in toolproxy service
  Corrected bug which failed to respond properly to an invalid request
  Also updated upgrade.txt file

* Improved admin navigation
  Added the manage tool registrations page as a separate entry on the
  admin menu (within a folder named LTI).  Made this entry the current
  position for the related pages.

* Updated PHPdocs with class names
  Added class names with namespaces to PHPdocs to replace generic
  references to "object"

* Changed object to iframe
  Use of object tag in register.php changed to use an iframe tag in line
  with the similar update made to view.php.

* Improved registration process
  A message is now displayed if the registration page has not been loaded
  in the iframe within 20 seconds.  If a user is returned to Moodle
  without a tool proxy being sent, the registration is moved back from
  pending to configured.

* Fixes for integration
  Removed comment - the template is the default path unless overridden, so
  get_path and get_template should both be defined.
  Added comment and intval to fix the issue with obtaining an error
  reason.

lib/classes/plugin_manager.php

@@ -1052,6 +1052,10 @@ public static function standard_plugins_list($type) {
                 'database', 'legacy', 'standard',
             ),
 
+            'ltiservice' => array(
+                'profile', 'toolproxy', 'toolsettings'
+            ),
+
             'message' => array(
                 'airnotifier', 'email', 'jabber', 'popup'
             ),

mod/lti/OAuthBody.php

@@ -1,4 +1,19 @@
 <?php
+// This file is part of Moodle - http://moodle.org/
+//
+// Moodle is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// Moodle is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
+//
 // This file is part of BasicLTI4Moodle
 //
 // BasicLTI4Moodle is an IMS BasicLTI (Basic Learning Tools for Interoperability)
@@ -15,96 +30,51 @@
 //
 // BasicLTI4Moodle is copyright 2009 by Marc Alier Forment, Jordi Piguillem and Nikolas Galanis
 // of the Universitat Politecnica de Catalunya http://www.upc.edu
-// Contact info: Marc Alier Forment granludo @ gmail.com or marc.alier @ upc.edu
-//
-// OAuthBody.php is distributed under the MIT License
-//
-// The MIT License
-//
-// Copyright (c) 2007 Andy Smith
-//
-// Permission is hereby granted, free of charge, to any person obtaining a copy
-// of this software and associated documentation files (the "Software"), to deal
-// in the Software without restriction, including without limitation the rights
-// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-// copies of the Software, and to permit persons to whom the Software is
-// furnished to do so, subject to the following conditions:
-//
-// The above copyright notice and this permission notice shall be included in
-// all copies or substantial portions of the Software.
-//
-// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-// THE SOFTWARE.
-//
-// Moodle is free software: you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation, either version 3 of the License, or
-// (at your option) any later version.
-//
-// Moodle is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License
-// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
+// Contact info: Marc Alier Forment granludo @ gmail.com or marc.alier @ upc.edu.
 
-namespace moodle\mod\lti;//Using a namespace as the basicLTI module imports classes with the same names
+namespace moodle\mod\lti; // Using a namespace as the basicLTI module imports classes with the same names.
 
 defined('MOODLE_INTERNAL') || die;
 
 require_once($CFG->dirroot . '/mod/lti/OAuth.php');
 require_once($CFG->dirroot . '/mod/lti/TrivialStore.php');
 
-function getOAuthKeyFromHeaders()
-{
-    $request_headers = OAuthUtil::get_headers();
-    // print_r($request_headers);
+function get_oauth_key_from_headers() {
+    $requestheaders = OAuthUtil::get_headers();
 
-    if (@substr($request_headers['Authorization'], 0, 6) == "OAuth ") {
-        $header_parameters = OAuthUtil::split_header($request_headers['Authorization']);
+    if (@substr($requestheaders['Authorization'], 0, 6) == "OAuth ") {
+        $headerparameters = OAuthUtil::split_header($requestheaders['Authorization']);
 
-        // echo("HEADER PARMS=\n");
-        // print_r($header_parameters);
-        return $header_parameters['oauth_consumer_key'];
+        return format_string($headerparameters['oauth_consumer_key']);
     }
     return false;
 }
 
-function handleOAuthBodyPOST($oauth_consumer_key, $oauth_consumer_secret, $body, $request_headers = null)
-{
-    if($request_headers == null){
-        $request_headers = OAuthUtil::get_headers();
+function handle_oauth_body_post($oauthconsumerkey, $oauthconsumersecret, $body, $requestheaders = null) {
+
+    if ($requestheaders == null) {
+        $requestheaders = OAuthUtil::get_headers();
     }
 
-    // Must reject application/x-www-form-urlencoded
-    if (isset($request_headers['Content-type'])) {
-        if ($request_headers['Content-type'] == 'application/x-www-form-urlencoded' ) {
+    // Must reject application/x-www-form-urlencoded.
+    if (isset($requestheaders['Content-type'])) {
+        if ($requestheaders['Content-type'] == 'application/x-www-form-urlencoded' ) {
             throw new OAuthException("OAuth request body signing must not use application/x-www-form-urlencoded");
         }
     }
 
-    if (@substr($request_headers['Authorization'], 0, 6) == "OAuth ") {
-        $header_parameters = OAuthUtil::split_header($request_headers['Authorization']);
-
-        // echo("HEADER PARMS=\n");
-        // print_r($header_parameters);
-        $oauth_body_hash = $header_parameters['oauth_body_hash'];
-        // echo("OBH=".$oauth_body_hash."\n");
+    if (@substr($requestheaders['Authorization'], 0, 6) == "OAuth ") {
+        $headerparameters = OAuthUtil::split_header($requestheaders['Authorization']);
+        $oauthbodyhash = $headerparameters['oauth_body_hash'];
     }
 
-    if ( ! isset($oauth_body_hash)  ) {
+    if ( ! isset($oauthbodyhash)  ) {
         throw new OAuthException("OAuth request body signing requires oauth_body_hash body");
     }
 
-    // Verify the message signature
+    // Verify the message signature.
     $store = new TrivialOAuthDataStore();
-    $store->add_consumer($oauth_consumer_key, $oauth_consumer_secret);
+    $store->add_consumer($oauthconsumerkey, $oauthconsumersecret);
 
     $server = new OAuthServer($store);
 
@@ -120,46 +90,12 @@ function handleOAuthBodyPOST($oauth_consumer_key, $oauth_consumer_secret, $body,
     }
 
     $postdata = $body;
-    // echo($postdata);
 
-    $hash = base64_encode(sha1($postdata, TRUE));
+    $hash = base64_encode(sha1($postdata, true));
 
-    if ( $hash != $oauth_body_hash ) {
+    if ( $hash != $oauthbodyhash ) {
         throw new OAuthException("OAuth oauth_body_hash mismatch");
     }
 
     return $postdata;
 }
-
-function sendOAuthBodyPOST($method, $endpoint, $oauth_consumer_key, $oauth_consumer_secret, $content_type, $body)
-{
-    $hash = base64_encode(sha1($body, TRUE));
-
-    $parms = array('oauth_body_hash' => $hash);
-
-    $test_token = '';
-    $hmac_method = new OAuthSignatureMethod_HMAC_SHA1();
-    $test_consumer = new OAuthConsumer($oauth_consumer_key, $oauth_consumer_secret, NULL);
-
-    $acc_req = OAuthRequest::from_consumer_and_token($test_consumer, $test_token, $method, $endpoint, $parms);
-    $acc_req->sign_request($hmac_method, $test_consumer, $test_token);
-
-    $header = $acc_req->to_header();
-    $header = $header . "\r\nContent-type: " . $content_type . "\r\n";
-
-    $params = array('http' => array(
-        'method' => 'POST',
-        'content' => $body,
-	'header' => $header
-        ));
-    $ctx = stream_context_create($params);
-    $fp = @fopen($endpoint, 'rb', false, $ctx);
-    if (!$fp) {
-        throw new OAuthException("Problem with $endpoint, $php_errormsg");
-    }
-    $response = @stream_get_contents($fp);
-    if ($response === false) {
-        throw new OAuthException("Problem reading data from $endpoint, $php_errormsg");
-    }
-    return $response;
-}

mod/lti/TrivialStore.php

@@ -1,22 +1,20 @@
 <?php
-// This file is part of BasicLTI4Moodle
+// This file is part of Moodle - http://moodle.org/
+//
+// Moodle is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
 //
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements.  See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership.  The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License.  You may obtain a copy of the License at
+// Moodle is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
 //
-// http://www.apache.org/licenses/LICENSE-2.0
+// You should have received a copy of the GNU General Public License
+// along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
 //
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied.  See the License for the
-// specific language governing permissions and limitations
-// under the License.
+// This file is part of BasicLTI4Moodle
 //
 // BasicLTI4Moodle is an IMS BasicLTI (Basic Learning Tools for Interoperability)
 // consumer for Moodle 1.9 and Moodle 2.0. BasicLTI is a IMS Standard that allows web
@@ -32,20 +30,7 @@
 //
 // BasicLTI4Moodle is copyright 2009 by Marc Alier Forment, Jordi Piguillem and Nikolas Galanis
 // of the Universitat Politecnica de Catalunya http://www.upc.edu
-// Contact info: Marc Alier Forment granludo @ gmail.com or marc.alier @ upc.edu
-//
-// Moodle is free software: you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation, either version 3 of the License, or
-// (at your option) any later version.
-//
-// Moodle is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License
-// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
+// Contact info: Marc Alier Forment granludo @ gmail.com or marc.alier @ upc.edu.
 
 /**
  * This file contains a Trivial memory-based store - no support for tokens
@@ -58,50 +43,97 @@
  * @license http://www.apache.org/licenses/LICENSE-2.0
  */
 
-namespace moodle\mod\lti;//Using a namespace as the basicLTI module imports classes with the same names
+namespace moodle\mod\lti; // Using a namespace as the basicLTI module imports classes with the same names.
 
 defined('MOODLE_INTERNAL') || die;
 
 /**
- * A Trivial memory-based store - no support for tokens
+ * A Trivial memory-based store - no support for tokens.
  */
 class TrivialOAuthDataStore extends OAuthDataStore {
+
+    /** @var array $consumers  Array of tool consumer keys and secrets */
     private $consumers = array();
 
-    function add_consumer($consumer_key, $consumer_secret) {
-        $this->consumers[$consumer_key] = $consumer_secret;
+    /**
+     * Add a consumer to the array
+     *
+     * @param string $consumerkey     Consumer key
+     * @param string $consumersecret  Consumer secret
+     */
+    public function add_consumer($consumerkey, $consumersecret) {
+        $this->consumers[$consumerkey] = $consumersecret;
     }
 
-    function lookup_consumer($consumer_key) {
-        if ( strpos($consumer_key, "http://" ) === 0 ) {
-            $consumer = new OAuthConsumer($consumer_key, "secret", null);
+    /**
+     * Get OAuth consumer given its key
+     *
+     * @param string $consumerkey     Consumer key
+     *
+     * @return moodle\mod\lti\OAuthConsumer  OAuthConsumer object
+     */
+    public function lookup_consumer($consumerkey) {
+        if (strpos($consumerkey, "http://" ) === 0) {
+            $consumer = new OAuthConsumer($consumerkey, "secret", null);
             return $consumer;
         }
-        if ( $this->consumers[$consumer_key] ) {
-            $consumer = new OAuthConsumer($consumer_key, $this->consumers[$consumer_key], null);
+        if ( $this->consumers[$consumerkey] ) {
+            $consumer = new OAuthConsumer($consumerkey, $this->consumers[$consumerkey], null);
             return $consumer;
         }
         return null;
     }
 
-    function lookup_token($consumer, $token_type, $token) {
-        return new OAuthToken($consumer, "");
+    /**
+     * Create a dummy OAuthToken object for a consumer
+     *
+     * @param moodle\mod\lti\OAuthConsumer $consumer     Consumer
+     * @param string $tokentype    Type of token
+     * @param string $token        Token ID
+     *
+     * @return moodle\mod\lti\OAuthToken OAuthToken object
+     */
+    public function lookup_token($consumer, $tokentype, $token) {
+        return new OAuthToken($consumer, '');
     }
 
-    // Return NULL if the nonce has not been used
-    // Return $nonce if the nonce was previously used
-    function lookup_nonce($consumer, $token, $nonce, $timestamp) {
+    /**
+     * Nonce values are not checked so just return a null
+     *
+     * @param moodle\mod\lti\OAuthConsumer $consumer     Consumer
+     * @param string $token        Token ID
+     * @param string $nonce        Nonce value
+     * @param string $timestamp    Timestamp
+     *
+     * @return null
+     */
+    public function lookup_nonce($consumer, $token, $nonce, $timestamp) {
         // Should add some clever logic to keep nonces from
-        // being reused - for no we are really trusting
-        // that the timestamp will save us
+        // being reused - for now we are really trusting
+        // that the timestamp will save us.
         return null;
     }
 
-    function new_request_token($consumer) {
+    /**
+     * Tokens are not used so just return a null.
+     *
+     * @param moodle\mod\lti\OAuthConsumer $consumer     Consumer
+     *
+     * @return null
+     */
+    public function new_request_token($consumer) {
         return null;
     }
 
-    function new_access_token($token, $consumer) {
+    /**
+     * Tokens are not used so just return a null.
+     *
+     * @param string $token        Token ID
+     * @param moodle\mod\lti\OAuthConsumer $consumer     Consumer
+     *
+     * @return null
+     */
+    public function new_access_token($token, $consumer) {
         return null;
     }
 }