Merge branch 'MDL-65536-master' of https://github.com/snake/moodle

lib/classes/component.php

@@ -87,6 +87,7 @@ class core_component {
         'PHPMailer\\PHPMailer' => 'lib/phpmailer/src',
         'RedeyeVentures\\GeoPattern' => 'lib/geopattern-php/GeoPattern',
         'MongoDB' => 'cache/stores/mongodb/MongoDB',
+        'Firebase\\JWT' => 'lib/php-jwt/src',
     );
 
     /**

mod/lti/db/install.php

@@ -28,20 +28,13 @@ defined('MOODLE_INTERNAL') || die();
  * Stub for database installation.
  */
 function xmldb_lti_install() {
-    global $CFG;
-
-    // Add platform ID configuration setting.
-    set_config('platformid', $CFG->wwwroot, 'mod_lti');
+    global $CFG, $OUTPUT;
 
     // Create the private key.
-    $kid = bin2hex(openssl_random_pseudo_bytes(10));
-    set_config('kid', $kid, 'mod_lti');
-    $config = array(
-        "digest_alg" => "sha256",
-        "private_key_bits" => 2048,
-        "private_key_type" => OPENSSL_KEYTYPE_RSA,
-    );
-    $res = openssl_pkey_new($config);
-    openssl_pkey_export($res, $privatekey);
-    set_config('privatekey', $privatekey, 'mod_lti');
+    require_once($CFG->dirroot . '/mod/lti/upgradelib.php');
+
+    $warning = mod_lti_verify_private_key();
+    if (!empty($warning)) {
+        echo $OUTPUT->notification($warning, 'notifyproblem');
+    }
 }

mod/lti/db/upgrade.php

@@ -59,7 +59,7 @@
  * @return boolean
  */
 function xmldb_lti_upgrade($oldversion) {
-    global $CFG, $DB;
+    global $CFG, $DB, $OUTPUT;
 
     $dbman = $DB->get_manager();
 
@@ -157,20 +157,12 @@ function xmldb_lti_upgrade($oldversion) {
             $dbman->add_index($table, $index);
         }
 
-        // Add platform ID configuration setting.
-        set_config('platformid', $CFG->wwwroot, 'mod_lti');
+        require_once($CFG->dirroot . '/mod/lti/upgradelib.php');
 
-        // Create the private key.
-        $kid = bin2hex(openssl_random_pseudo_bytes(10));
-        set_config('kid', $kid, 'mod_lti');
-        $config = array(
-            "digest_alg" => "sha256",
-            "private_key_bits" => 2048,
-            "private_key_type" => OPENSSL_KEYTYPE_RSA,
-        );
-        $res = openssl_pkey_new($config);
-        openssl_pkey_export($res, $privatekey);
-        set_config('privatekey', $privatekey, 'mod_lti');
+        $warning = mod_lti_verify_private_key();
+        if (!empty($warning)) {
+            echo $OUTPUT->notification($warning, 'notifyproblem');
+        }
 
         // Lti savepoint reached.
         upgrade_mod_savepoint(true, 2019031300, 'lti');

mod/lti/edit_form.php

@@ -339,4 +339,28 @@ class mod_lti_edit_types_form extends moodleform {
             $service->get_configuration_options($mform);
         }
     }
+
+    /**
+     * Validate the form data before we allow them to save the tool type.
+     *
+     * @param array $data
+     * @param array $files
+     * @return array Error messages
+     */
+    public function validation($data, $files) {
+        global $CFG;
+
+        $errors = parent::validation($data, $files);
+
+        if ($data['lti_ltiversion'] == LTI_VERSION_1P3) {
+            require_once($CFG->dirroot . '/mod/lti/upgradelib.php');
+
+            $warning = mod_lti_verify_private_key();
+            if (!empty($warning)) {
+                $errors['lti_ltiversion'] = $warning;
+                return $errors;
+            }
+        }
+        return $errors;
+    }
 }

mod/lti/instructor_edit_tool_type.php

@@ -121,8 +121,13 @@ EOF;
                 window.opener.M.mod_lti.editor.addToolType({$json});
 EOF;
         }
+        echo html_writer::script($script . $closewindow);
+    } else if ($form->is_cancelled()) {
+        echo html_writer::script($closewindow);
+    } else {
+        echo $OUTPUT->heading(get_string('toolsetup', 'lti'));
+        $form->display();
     }
-    echo html_writer::script($script . $closewindow);
 }
 
 echo $OUTPUT->footer();

mod/lti/lang/en/lti.php

@@ -483,6 +483,7 @@ $string['show_in_course_lti2_help'] = 'This tool can be shown in the activity ch
 $string['show_in_course_no'] = 'Do not show; use only when a matching tool URL is entered';
 $string['show_in_course_preconfigured'] = 'Show as preconfigured tool when adding an external tool';
 $string['size'] = 'Size parameters';
+$string['opensslconfiginvalid'] = 'LTI 1.3 requires a valid openssl.cnf to be configured and available to your web server. Please contact the site administrator to configure and enable openssl for this site.';
 $string['submission'] = 'Submission';
 $string['submissions'] = 'Submissions';
 $string['submissionsfor'] = 'Submissions for {$a}';

mod/lti/locallib.php

@@ -59,7 +59,6 @@ require_once($CFG->dirroot.'/mod/lti/OAuth.php');
 require_once($CFG->libdir.'/weblib.php');
 require_once($CFG->dirroot . '/course/modlib.php');
 require_once($CFG->dirroot . '/mod/lti/TrivialStore.php');
-require_once($CFG->libdir . '/php-jwt/src/JWT.php');
 
 define('LTI_URL_DOMAIN_REGEX', '/(?:https?:\/\/)?(?:www\.)?([^\/]+)(?:\/|$)/i');
 
@@ -3018,6 +3017,7 @@ function lti_sign_parameters($oldparms, $endpoint, $method, $oauthconsumerkey, $
  * @return array|null
  */
 function lti_sign_jwt($parms, $endpoint, $oauthconsumerkey, $typeid = 0, $nonce = '') {
+    global $CFG;
 
     if (empty($typeid)) {
         $typeid = 0;
@@ -3054,7 +3054,7 @@ function lti_sign_jwt($parms, $endpoint, $oauthconsumerkey, $typeid = 0, $nonce
         'iat' => $now,
         'exp' => $now + 60,
     );
-    $payload['iss'] = get_config('mod_lti', 'platformid');
+    $payload['iss'] = $CFG->wwwroot;
     $payload['aud'] = $oauthconsumerkey;
     $payload[LTI_JWT_CLAIM_PREFIX . '/claim/deployment_id'] = strval($typeid);
     $payload[LTI_JWT_CLAIM_PREFIX . '/claim/target_link_uri'] = $endpoint;
@@ -3264,7 +3264,7 @@ function lti_post_launch_html($newparms, $endpoint, $debug=false) {
  */
 function lti_initiate_login($courseid, $id, $instance, $config, $messagetype = 'basic-lti-launch-request', $title = '',
         $text = '') {
-    global $SESSION, $USER;
+    global $SESSION, $USER, $CFG;
 
     if (!empty($instance)) {
         $endpoint = !empty($instance->toolurl) ? $instance->toolurl : $config->lti_toolurl;
@@ -3284,7 +3284,7 @@ function lti_initiate_login($courseid, $id, $instance, $config, $messagetype = '
     }
 
     $params = array();
-    $params['iss'] = get_config('mod_lti', 'platformid');
+    $params['iss'] = $CFG->wwwroot;
     $params['target_link_uri'] = $endpoint;
     $params['login_hint'] = $USER->id;
     $params['lti_message_hint'] = $id;
@@ -3839,7 +3839,8 @@ function get_tool_type_state_info(stdClass $type) {
  * @return array An array with configuration details
  */
 function get_tool_type_config($type) {
-    $platformid = get_config('mod_lti', 'platformid');
+    global $CFG;
+    $platformid = $CFG->wwwroot;
     $clientid = $type->clientid;
     $deploymentid = $type->id;
     $publickeyseturl = new moodle_url('/mod/lti/certs.php');
@@ -3940,7 +3941,7 @@ function serialise_tool_type(stdClass $type) {
         'description' => $description,
         'urls' => get_tool_type_urls($type),
         'state' => get_tool_type_state_info($type),
-        'platformid' => get_config('mod_lti', 'platformid'),
+        'platformid' => $CFG->wwwroot,
         'clientid' => $type->clientid,
         'deploymentid' => $type->id,
         'hascapabilitygroups' => !empty($capabilitygroups),

mod/lti/upgradelib.php

@@ -0,0 +1,62 @@
+<?php
+// This file is part of Moodle - http://moodle.org/
+//
+// Moodle is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// Moodle is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
+
+/**
+ * This file contains functions used by upgrade and install.
+ *
+ * Because this is used during install it should not include additional files.
+ *
+ * @package   mod_lti
+ * @copyright 2019 Damyon Wiese
+ * @license   http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
+ */
+
+defined('MOODLE_INTERNAL') || die();
+
+/**
+ * This function checks if a private key has been generated for this site.
+ *
+ * If the key does not exist it generates a new one. If the openssl
+ * extension is not installed or configured properly it returns a warning message.
+ *
+ * @return string A warning message if a private key does not exist and cannot be generated.
+ */
+function mod_lti_verify_private_key() {
+    $key = get_config('privatekey', 'mod_lti');
+
+    // If we already generated a valid key, no need to check.
+    if (empty($key)) {
+
+        // Create the private key.
+        $kid = bin2hex(openssl_random_pseudo_bytes(10));
+        set_config('kid', $kid, 'mod_lti');
+        $config = array(
+            "digest_alg" => "sha256",
+            "private_key_bits" => 2048,
+            "private_key_type" => OPENSSL_KEYTYPE_RSA,
+        );
+        $res = openssl_pkey_new($config);
+        openssl_pkey_export($res, $privatekey);
+
+        if (!empty($privatekey)) {
+            set_config('privatekey', $privatekey, 'mod_lti');
+        } else {
+            return get_string('opensslconfiginvalid', 'mod_lti');
+        }
+    }
+
+    return '';
+}