Search moodle.org's
Developer Documentation

See Release Notes
Long Term Support Release

  • Bug fixes for general core bugs in 4.1.x will end 13 November 2023 (12 months).
  • Bug fixes for security issues in 4.1.x will end 10 November 2025 (36 months).
  • PHP version: minimum PHP 7.4.0 Note: minimum PHP version has increased since Moodle 4.0. PHP 8.0.x is supported too.
/auth/lti/ -> login.php (source)
   1  <?php
   2  // This file is part of Moodle - http://moodle.org/
   3  //
   4  // Moodle is free software: you can redistribute it and/or modify
   5  // it under the terms of the GNU General Public License as published by
   6  // the Free Software Foundation, either version 3 of the License, or
   7  // (at your option) any later version.
   8  //
   9  // Moodle is distributed in the hope that it will be useful,
  10  // but WITHOUT ANY WARRANTY; without even the implied warranty of
  11  // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12  // GNU General Public License for more details.
  13  //
  14  // You should have received a copy of the GNU General Public License
  15  // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
  16  /**
  17   * Page allowing a platform user, identified by their {iss, sub} tuple, to be bound to a new or existing Moodle account.
  18   *
  19   * This is an LTI Advantage specific login feature.
  20   *
  21   * The auth flow defined in auth_lti\auth::complete_login() redirects here when a launching user does not have an
  22   * account binding yet. This page prompts the user to select between:
  23   * a) An auto provisioned account.
  24   * An account with auth type 'lti' is created for the user. This account is bound to the launch credentials.
  25   * Or
  26   * b) Use an existing account
  27   * The standard Moodle auth flow is leveraged to get an existing user account. This account is then bound to the launch
  28   * credentials.
  29   *
  30   * @package    auth_lti
  31   * @copyright  2021 Jake Dallimore <jrhdallimore@gmail.com>
  32   * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  33   */
  34  
  35  use core\event\user_login_failed;
  36  use core\output\notification;
  37  
  38  require_once(__DIR__ . '/../../config.php');
  39  
  40  global $OUTPUT, $PAGE, $SESSION;
  41  
  42  // Form fields dealing with the user's choice about account types (new, existing).
  43  $newaccount = optional_param('new_account', false, PARAM_BOOL);
  44  $existingaccount = optional_param('existing_account', false, PARAM_BOOL);
  45  
  46  if (empty($SESSION->auth_lti) || empty($SESSION->auth_lti->launchdata)) {
  47      throw new coding_exception('Missing LTI launch credentials.');
  48  }
  49  if (empty($SESSION->auth_lti->returnurl)) {
  50      throw new coding_exception('Missing return URL.');
  51  }
  52  
  53  if ($newaccount) {
  54      require_sesskey();
  55      $launchdata = $SESSION->auth_lti->launchdata;
  56      $returnurl = $SESSION->auth_lti->returnurl;
  57      unset($SESSION->auth_lti);
  58  
  59      if (!empty($CFG->authpreventaccountcreation)) {
  60          // If 'authpreventaccountcreation' is enabled, the option to create a new account isn't presented to users in the form.
  61          // This just ensures no action is taken were the 'newaccount' value to be present in the submitted data.
  62  
  63          // Trigger login failed event.
  64          $failurereason = AUTH_LOGIN_UNAUTHORISED;
  65          $event = user_login_failed::create(['other' => ['reason' => $failurereason]]);
  66          $event->trigger();
  67  
  68          // Site settings prevent creating new accounts.
  69          $errormsg = get_string('cannotcreateaccounts', 'auth_lti');
  70          $SESSION->loginerrormsg = $errormsg;
  71          redirect(new moodle_url('/login/index.php'));
  72      } else {
  73          // Create a new account and link it, logging the user in.
  74          $auth = get_auth_plugin('lti');
  75          $newuser = $auth->find_or_create_user_from_launch($launchdata, true);
  76          complete_user_login($newuser);
  77  
  78          $PAGE->set_context(context_system::instance());
  79          $PAGE->set_url(new moodle_url('/auth/lti/login.php'));
  80          $PAGE->set_pagelayout('popup');
  81          $renderer = $PAGE->get_renderer('auth_lti');
  82          echo $OUTPUT->header();
  83          echo $renderer->render_account_binding_complete(
  84              new notification(get_string('accountcreatedsuccess', 'auth_lti'), notification::NOTIFY_SUCCESS, false),
  85              $returnurl
  86          );
  87          echo $OUTPUT->footer();
  88          exit();
  89      }
  90  } else if ($existingaccount) {
  91      // Only when authenticated can an account be bound, allowing the user to continue to the original launch action.
  92      require_login(null, false);
  93      require_sesskey();
  94      $launchdata = $SESSION->auth_lti->launchdata;
  95      $returnurl = $SESSION->auth_lti->returnurl;
  96      unset($SESSION->auth_lti);
  97  
  98      global $USER;
  99      $auth = get_auth_plugin('lti');
 100      $auth->create_user_binding($launchdata['iss'], $launchdata['sub'], $USER->id);
 101  
 102      $PAGE->set_context(context_system::instance());
 103      $PAGE->set_url(new moodle_url('/auth/lti/login.php'));
 104      $PAGE->set_pagelayout('popup');
 105      $renderer = $PAGE->get_renderer('auth_lti');
 106      echo $OUTPUT->header();
 107      echo $renderer->render_account_binding_complete(
 108          new notification(get_string('accountlinkedsuccess', 'auth_lti'), notification::NOTIFY_SUCCESS, false),
 109          $returnurl
 110      );
 111      echo $OUTPUT->footer();
 112      exit();
 113  }
 114  
 115  // Render the relevant account provisioning page, based on the provisioningmode set in the calling code.
 116  $PAGE->set_context(context_system::instance());
 117  $PAGE->set_url(new moodle_url('/auth/lti/login.php'));
 118  $PAGE->set_pagelayout('popup');
 119  $renderer = $PAGE->get_renderer('auth_lti');
 120  
 121  echo $OUTPUT->header();
 122  require_once($CFG->dirroot . '/auth/lti/auth.php');
 123  echo $renderer->render_account_binding_options_page($SESSION->auth_lti->provisioningmode);
 124  echo $OUTPUT->footer();