MDL-76113 enrol_lti: Fix secret on lti user for LTI 2.0 consumers

Fixes the enrol_lti_users.consumersecret field for LTI 2.0 users. This field erroneously contained the tool secret and not the consumer secret needed for service requests when used with LTI 2.0 consumers, which resulted in complete grade sync failure for LTI 2.0 consumers. This patch: - adds an upgrade step to address existing incorrect secrets for LTI 2.0 launched users. It sets these to the correct consumer secret. - fixes the way the secret is first set during a launch, ensuring this->consumer->secret is used, which properly captures either the tool secret (for 1.1 launches) or the consumer secret (for 2.0 launches).
2025-03-14 12:40:01 +01:00 · 2022-11-02 15:12:56 +08:00 · 2022-11-02 15:12:56 +08:00 · 1b9ebba57b
commit 1b9ebba57b
parent fa7a55aa5d
3 changed files with 23 additions and 2 deletions
--- a/enrol/lti/classes/tool_provider.php
+++ b/enrol/lti/classes/tool_provider.php
@ -354,7 +354,7 @@ class tool_provider extends ToolProvider {
            $userlog->serviceurl = $serviceurl;
            $userlog->sourceid = $sourceid;
            $userlog->consumerkey = $this->consumer->getKey();
-            $userlog->consumersecret = $tool->secret;
+            $userlog->consumersecret = $this->consumer->secret;
            $userlog->lastgrade = 0;
            $userlog->lastaccess = time();
            $userlog->timecreated = time();
--- a/enrol/lti/db/upgrade.php
+++ b/enrol/lti/db/upgrade.php
@ -462,5 +462,26 @@ function xmldb_enrol_lti_upgrade($oldversion) {
        upgrade_plugin_savepoint(true, 2022061500, 'enrol', 'lti');
    }

+    if ($oldversion < 2022103100) {
+        // Update lti user information for LTI 2.0 users having the wrong consumer secret recorded.
+        // This applies to any LTI 2.0 user who has launched the tool (i.e. has lastaccess) and fixes a non-functional grade sync
+        // for LTI 2.0 consumers.
+        $sql = "SELECT lu.id, lc.secret
+                  FROM {enrol_lti_users} lu
+                  JOIN {enrol_lti_lti2_consumer} lc
+                    ON (lu.consumerkey = lc.consumerkey256)
+                 WHERE lc.ltiversion = :ltiversion
+                   AND lu.consumersecret != lc.secret
+                   AND lu.lastaccess IS NOT NULL";
+        $affectedltiusersrs = $DB->get_recordset_sql($sql, ['ltiversion' => 'LTI-2p0']);
+        foreach ($affectedltiusersrs as $ltiuser) {
+            $DB->set_field('enrol_lti_users', 'consumersecret', $ltiuser->secret, ['id' => $ltiuser->id]);
+        }
+        $affectedltiusersrs->close();
+
+        // Lti savepoint reached.
+        upgrade_plugin_savepoint(true, 2022103100, 'enrol', 'lti');
+    }
+
    return true;
 }
--- a/enrol/lti/version.php
+++ b/enrol/lti/version.php
@ -24,7 +24,7 @@

 defined('MOODLE_INTERNAL') || die();

-$plugin->version = 2022061500; // The current plugin version (Date: YYYYMMDDXX).
+$plugin->version = 2022103100; // The current plugin version (Date: YYYYMMDDXX).
 $plugin->requires = 2022041200; // Requires this Moodle version.
 $plugin->component = 'enrol_lti'; // Full name of the plugin (used for diagnostics).
 $plugin->dependencies = [