MDL-79675 enrol_lti: replace ImsCookie use with local implementation

The default implementation, previously included with the library, is no longer shipped there. Clients must provide their own implementation of the ICookie interface instead.
2025-01-17 21:49:15 +01:00 · 2024-01-18 14:35:09 +08:00 · 2024-01-18 14:35:09 +08:00 · 7560375ad6
commit 7560375ad6
parent 63569a4776
5 changed files with 69 additions and 8 deletions
--- a/enrol/lti/classes/local/ltiadvantage/lib/lti_cookie.php
+++ b/enrol/lti/classes/local/ltiadvantage/lib/lti_cookie.php
@ -0,0 +1,61 @@
+<?php
+// This file is part of Moodle - http://moodle.org/
+//
+// Moodle is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// Moodle is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
+
+namespace enrol_lti\local\ltiadvantage\lib;
+
+use Packback\Lti1p3\Interfaces\ICookie;
+
+/**
+ * Cookie representation used by the lti1p3 library code.
+ *
+ * This implementation is a copy of the Packback ImsCookie implementation, a class previously included in the library
+ * but which is now deprecated there.
+ *
+ * @package    enrol_lti
+ * @copyright  2024 Jake Dallimore <jrhdallimore@gmail.com
+ * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
+ */
+class lti_cookie implements ICookie {
+
+    public function getCookie(string $name): ?string {
+        if (isset($_COOKIE[$name])) {
+            return $_COOKIE[$name];
+        }
+        // Look for backup cookie if same site is not supported by the user's browser.
+        if (isset($_COOKIE['LEGACY_'.$name])) {
+            return $_COOKIE['LEGACY_'.$name];
+        }
+
+        return null;
+    }
+
+    public function setCookie(string $name, string $value, int $exp = 3600, array $options = []): void {
+        $cookieoptions = [
+            'expires' => time() + $exp,
+        ];
+
+        // SameSite none and secure will be required for tools to work inside iframes.
+        $samesiteoptions = [
+            'samesite' => 'None',
+            'secure' => true,
+        ];
+
+        setcookie($name, $value, array_merge($cookieoptions, $samesiteoptions, $options));
+
+        // Set a second fallback cookie in the event that "SameSite" is not supported.
+        setcookie('LEGACY_'.$name, $value, array_merge($cookieoptions, $options));
+    }
+}
--- a/enrol/lti/configure.php
+++ b/enrol/lti/configure.php
@ -23,12 +23,12 @@
 */

 use core\http_client;
+use enrol_lti\local\ltiadvantage\lib\lti_cookie;
 use enrol_lti\local\ltiadvantage\lib\launch_cache_session;
 use enrol_lti\local\ltiadvantage\lib\issuer_database;
 use enrol_lti\local\ltiadvantage\repository\application_registration_repository;
 use enrol_lti\local\ltiadvantage\repository\deployment_repository;
 use enrol_lti\local\ltiadvantage\repository\published_resource_repository;
-use Packback\Lti1p3\ImsStorage\ImsCookie;
 use Packback\Lti1p3\LtiDeepLinkResource;
 use Packback\Lti1p3\LtiLineitem;
 use Packback\Lti1p3\LtiMessageLaunch;
@ -47,7 +47,7 @@ $grades = optional_param_array('grades', [], PARAM_INT);

 $sesscache = new launch_cache_session();
 $issdb = new issuer_database(new application_registration_repository(), new deployment_repository());
-$cookie = new ImsCookie();
+$cookie = new lti_cookie();
 $serviceconnector = new LtiServiceConnector($sesscache, new http_client());
 $messagelaunch = LtiMessageLaunch::fromCache($launchid, $issdb, $sesscache, $serviceconnector);

--- a/enrol/lti/launch.php
+++ b/enrol/lti/launch.php
@ -30,6 +30,7 @@
 */

 use core\http_client;
+use enrol_lti\local\ltiadvantage\lib\lti_cookie;
 use enrol_lti\local\ltiadvantage\lib\issuer_database;
 use enrol_lti\local\ltiadvantage\lib\launch_cache_session;
 use enrol_lti\local\ltiadvantage\repository\application_registration_repository;
@ -40,7 +41,6 @@ use enrol_lti\local\ltiadvantage\repository\resource_link_repository;
 use enrol_lti\local\ltiadvantage\repository\user_repository;
 use enrol_lti\local\ltiadvantage\service\tool_launch_service;
 use enrol_lti\local\ltiadvantage\utility\message_helper;
-use Packback\Lti1p3\ImsStorage\ImsCookie;
 use Packback\Lti1p3\LtiMessageLaunch;
 use Packback\Lti1p3\LtiServiceConnector;

@ -64,7 +64,7 @@ if (empty($idtoken) && empty($launchid)) {
 // Support caching the launch and retrieving it after the account binding process described in auth::complete_login().
 $sesscache = new launch_cache_session();
 $issdb = new issuer_database(new application_registration_repository(), new deployment_repository());
-$cookie = new ImsCookie();
+$cookie = new lti_cookie();
 $serviceconnector = new LtiServiceConnector($sesscache, new http_client());
 if ($idtoken) {
    $messagelaunch = LtiMessageLaunch::new($issdb, $sesscache, $cookie, $serviceconnector)
--- a/enrol/lti/launch_deeplink.php
+++ b/enrol/lti/launch_deeplink.php
@ -29,12 +29,12 @@
 */

 use core\http_client;
+use enrol_lti\local\ltiadvantage\lib\lti_cookie;
 use enrol_lti\local\ltiadvantage\lib\issuer_database;
 use enrol_lti\local\ltiadvantage\lib\launch_cache_session;
 use enrol_lti\local\ltiadvantage\repository\application_registration_repository;
 use enrol_lti\local\ltiadvantage\repository\deployment_repository;
 use enrol_lti\local\ltiadvantage\repository\published_resource_repository;
-use Packback\Lti1p3\ImsStorage\ImsCookie;
 use Packback\Lti1p3\LtiMessageLaunch;
 use Packback\Lti1p3\LtiServiceConnector;

@ -58,7 +58,7 @@ if (empty($idtoken) && empty($launchid)) {
 // First launch from the platform: get launch data and cache it in case the user's not authenticated.
 $sesscache = new launch_cache_session();
 $issdb = new issuer_database(new application_registration_repository(), new deployment_repository());
-$cookie = new ImsCookie();
+$cookie = new lti_cookie();
 $serviceconnector = new LtiServiceConnector($sesscache, new http_client());
 if ($idtoken) {
    $messagelaunch = LtiMessageLaunch::new($issdb, $sesscache, $cookie, $serviceconnector)
--- a/enrol/lti/login.php
+++ b/enrol/lti/login.php
@ -26,11 +26,11 @@
 * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
 */

+use enrol_lti\local\ltiadvantage\lib\lti_cookie;
 use enrol_lti\local\ltiadvantage\lib\issuer_database;
 use enrol_lti\local\ltiadvantage\lib\launch_cache_session;
 use enrol_lti\local\ltiadvantage\repository\application_registration_repository;
 use enrol_lti\local\ltiadvantage\repository\deployment_repository;
-use Packback\Lti1p3\ImsStorage\ImsCookie;
 use Packback\Lti1p3\LtiOidcLogin;

 require_once(__DIR__."/../../config.php");
@ -80,7 +80,7 @@ if (empty($_REQUEST['client_id']) && !empty($_REQUEST['id'])) {
 LtiOidcLogin::new(
    new issuer_database(new application_registration_repository(), new deployment_repository()),
    new launch_cache_session(),
-    new ImsCookie()
+    new lti_cookie()
 )
    ->doOidcLoginRedirect($targetlinkuri)
    ->doRedirect();