search

Izumi-kun / LTI-Tool-Provider-Library-PHP

LTI Tool Provider library for PHP
Apache License 2.0
21 stars 6 forks source link

LTI2 Registration Broken in 1.1.1 #7

Closed dac514 closed 6 years ago

dac514 commented 6 years ago

This commit: https://github.com/Izumi-kun/LTI-Tool-Provider-Library-PHP/commit/12c4c032945d861592e2300b589f2ac4f77d90aa

Broke our LTI2 Registration flow. We now get: Required capability not offered: oauth_consumer_key, resource_link_id, roles, user_id

The latest commit doesn't check against "Array of message types to which the constraint applies (optional, default is all)" (see: \IMSGlobal\LTI\ToolProvider\ToolProvider::setParameterConstraint)

Code snippets.

$_POST['lti_message_type'] === 'ToolProxyRegistrationRequest'

$tool->setParameterConstraint( 'oauth_consumer_key', true, 50, [ 'basic-lti-launch-request', 'ContentItemSelectionRequest' ] );
$tool->setParameterConstraint( 'resource_link_id', true, 50, [ 'basic-lti-launch-request' ] );
$tool->setParameterConstraint( 'user_id', true, 50, [ 'basic-lti-launch-request' ] );
$tool->setParameterConstraint( 'roles', true, null, [ 'basic-lti-launch-request' ] );
dac514 commented 6 years ago

Probably something like?

if ( ! in_array( $name, $capabilities, true ) &&
    ( empty( $constraint['messages'] ) || in_array( $_POST['lti_message_type'], $constraint['messages'], true ) )
) {
Izumi-kun commented 6 years ago

Just realized that this block

https://github.com/Izumi-kun/LTI-Tool-Provider-Library-PHP/blob/12c4c032945d861592e2300b589f2ac4f77d90aa/src/ToolProvider/ToolProvider.php#L909-L915

is not needed because of this check bellow

https://github.com/Izumi-kun/LTI-Tool-Provider-Library-PHP/blob/12c4c032945d861592e2300b589f2ac4f77d90aa/src/ToolProvider/ToolProvider.php#L963-L988