Moodle 4.2 XRef and Diffs

Search moodle.org's
Developer Documentation
Bug fixes for general core bugs in 4.2.x will end 22 April 2024 (12 months).
Bug fixes for security issues in 4.2.x will end 7 October 2024 (18 months).
PHP version: minimum PHP 8.0.0 Note: minimum PHP version has increased since Moodle 4.1. PHP 8.1.x is supported too.
Moodle 4.2 Database Schema (by Marcus Green)
   1  <?php
   2  // This file is part of Moodle - http://moodle.org/
   3  //
   4  // Moodle is free software: you can redistribute it and/or modify
   5  // it under the terms of the GNU General Public License as published by
   6  // the Free Software Foundation, either version 3 of the License, or
   7  // (at your option) any later version.
   8  //
   9  // Moodle is distributed in the hope that it will be useful,
  10  // but WITHOUT ANY WARRANTY; without even the implied warranty of
  11  // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12  // GNU General Public License for more details.
  13  //
  14  // You should have received a copy of the GNU General Public License
  15  // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
  16  
  17  /**
  18   * LTI 1.3 login endpoint.
  19   *
  20   * See: http://www.imsglobal.org/spec/security/v1p0/#step-1-third-party-initiated-login
  21   *
  22   * This must support both POST and GET methods, as per the spec.
  23   *
  24   * @package    enrol_lti
  25   * @copyright  2021 Jake Dallimore <jrhdallimore@gmail.com
  26   * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  27   */
  28  
  29  use enrol_lti\local\ltiadvantage\lib\issuer_database;
  30  use enrol_lti\local\ltiadvantage\lib\launch_cache_session;
  31  use enrol_lti\local\ltiadvantage\repository\application_registration_repository;
  32  use enrol_lti\local\ltiadvantage\repository\deployment_repository;
  33  use Packback\Lti1p3\ImsStorage\ImsCookie;
  34  use Packback\Lti1p3\LtiOidcLogin;
  35  
  36  require_once(__DIR__."/../../config.php");
  37  
  38  // Required fields for OIDC 3rd party initiated login.
  39  // See http://www.imsglobal.org/spec/security/v1p0/#step-1-third-party-initiated-login.
  40  // Validate these here, despite further validation in the LTI 1.3 library.
  41  $iss = required_param('iss', PARAM_URL); // Issuer URI of the calling platform.
  42  $loginhint = required_param('login_hint', PARAM_INT); // Platform ID for the person to login.
  43  $targetlinkuri = required_param('target_link_uri', PARAM_URL); // The took launch URL.
  44  
  45  // Optional lti_message_hint. See https://www.imsglobal.org/spec/lti/v1p3#additional-login-parameters-0.
  46  // If found, this must be returned unmodified to the platform.
  47  $ltimessagehint = optional_param('lti_message_hint', null, PARAM_RAW);
  48  
  49  // The target_link_uri param should contain the endpoint that will be executed at the end of the OIDC login process.
  50  // In Moodle, this will either be:
  51  // - enrol/lti/launch.php endpoint (for regular resource link launches) or
  52  // - enrol/lti/launch_deeplink.php endpoint (for deep linking launches)
  53  // Thus, the target_link_uri signifies intent to perform a certain launch type. It can be used to generate the
  54  // redirect_uri param for the auth request but must first be verified, as it is unsigned data at this stage.
  55  // See here: https://www.imsglobal.org/spec/lti/v1p3/impl#verify-the-target_link_uri.
  56  //
  57  // Also note that final redirection to the resource (after the login process is complete) should rely on the
  58  // https://purl.imsglobal.org/spec/lti/claim/target_link_uri claim instead of the target_link_uri value provided here.
  59  // See here: http://www.imsglobal.org/spec/lti/v1p3/#target-link-uri.
  60  $validuris = [
  61      (new moodle_url('/enrol/lti/launch.php'))->out(false), // Resource link launches.
  62      (new moodle_url('/enrol/lti/launch_deeplink.php'))->out(false) // Deep linking launches.
  63  ];
  64  
  65  // This code verifies the target_link_uri. Only two values are permitted (see endpoints listed above).
  66  if (!in_array($targetlinkuri, $validuris)) {
  67      $msg = 'The target_link_uri param must match one of the redirect URIs set during tool registration.';
  68      throw new coding_exception($msg);
  69  }
  70  
  71  // Because client_id is optional, this endpoint receives a param 'id', a unique id generated when creating the registration.
  72  // A registration can thus be located by either the tuple {iss, client_id} (if client_id is provided), or by the tuple {iss, id},
  73  // (if client_id is not provided). See https://www.imsglobal.org/spec/lti/v1p3/#client_id-login-parameter.
  74  global $_REQUEST;
  75  if (empty($_REQUEST['client_id']) && !empty($_REQUEST['id'])) {
  76      $_REQUEST['client_id'] = $_REQUEST['id'];
  77  }
  78  
  79  // Now, do the OIDC login.
  80  LtiOidcLogin::new(
  81      new issuer_database(new application_registration_repository(), new deployment_repository()),
  82      new launch_cache_session(),
  83      new ImsCookie()
  84  )
  85      ->doOidcLoginRedirect($targetlinkuri)
  86      ->doRedirect();