diff --git a/src/main/java/org/imsglobal/lti/launch/LtiLaunch.java b/src/main/java/org/imsglobal/lti/launch/LtiLaunch.java index 4e322f1..4784da4 100644 --- a/src/main/java/org/imsglobal/lti/launch/LtiLaunch.java +++ b/src/main/java/org/imsglobal/lti/launch/LtiLaunch.java @@ -1,6 +1,7 @@ package org.imsglobal.lti.launch; import javax.servlet.http.HttpServletRequest; +import java.util.Collection; import java.util.Map; /** @@ -38,6 +39,16 @@ public LtiLaunch(Map parameters) { this.toolConsumerInstanceGuid = parameters.get("tool_consumer_instance_guid"); } + public LtiLaunch(Collection parameters) { + this.user = new LtiUser(parameters); + this.version = LtiOauthVerifier.getKey(parameters, "lti_version"); + this.messageType = LtiOauthVerifier.getKey(parameters, "lti_message_type"); + this.resourceLinkId = LtiOauthVerifier.getKey(parameters, "resource_link_id"); + this.contextId = LtiOauthVerifier.getKey(parameters, "context_id"); + this.launchPresentationReturnUrl = LtiOauthVerifier.getKey(parameters, "launch_presentation_return_url"); + this.toolConsumerInstanceGuid = LtiOauthVerifier.getKey(parameters, "tool_consumer_instance_guid"); + } + public LtiUser getUser() { return user; } diff --git a/src/main/java/org/imsglobal/lti/launch/LtiOauthVerifier.java b/src/main/java/org/imsglobal/lti/launch/LtiOauthVerifier.java index 09027f6..bdb0a45 100644 --- a/src/main/java/org/imsglobal/lti/launch/LtiOauthVerifier.java +++ b/src/main/java/org/imsglobal/lti/launch/LtiOauthVerifier.java @@ -4,8 +4,7 @@ import net.oauth.server.OAuthServlet; import javax.servlet.http.HttpServletRequest; -import java.util.Arrays; -import java.util.Map; +import java.util.*; import java.util.logging.Logger; /** @@ -15,7 +14,7 @@ */ public class LtiOauthVerifier implements LtiVerifier { - public static final String OAUTH_KEY_PARAMETER= "oauth_consumer_key"; + public static final String OAUTH_KEY_PARAMETER = "oauth_consumer_key"; private final static Logger logger = Logger.getLogger(LtiOauthVerifier.class.getName()); @@ -60,16 +59,39 @@ public LtiVerificationResult verify(HttpServletRequest request, String secret) t */ @Override public LtiVerificationResult verifyParameters(Map parameters, String url, String method, String secret) throws LtiVerificationException { - OAuthMessage oam = new OAuthMessage(method, url, parameters.entrySet()); - OAuthConsumer cons = new OAuthConsumer(null, parameters.get(OAUTH_KEY_PARAMETER), secret, null); - OAuthValidator oav = new SimpleOAuthValidator(); - OAuthAccessor acc = new OAuthAccessor(cons); + return verifyParameters(parameters.entrySet(), url, method, secret); + } - try { - oav.validateMessage(oam, acc); - } catch (Exception e) { - return new LtiVerificationResult(false, LtiError.BAD_REQUEST, "Failed to validate: " + e.getLocalizedMessage() + ", Parameters: " + Arrays.toString(parameters.entrySet().toArray())); + @Override + public LtiVerificationResult verifyParameters(Collection parameters, String url, String method, String secret) throws LtiVerificationException { + OAuthMessage oam = new OAuthMessage(method, url, parameters); + String key = getKey(parameters, OAUTH_KEY_PARAMETER); + if(key == null) { + return new LtiVerificationResult(false, LtiError.BAD_REQUEST, "No key found in LTI request with parameters: " + Arrays.toString(parameters.toArray())); + } else { + OAuthConsumer cons = new OAuthConsumer(null, key, secret, null); + OAuthValidator oav = new SimpleOAuthValidator(); + OAuthAccessor acc = new OAuthAccessor(cons); + + try { + oav.validateMessage(oam, acc); + } catch (Exception e) { + return new LtiVerificationResult(false, LtiError.BAD_REQUEST, "Failed to validate: " + e.getLocalizedMessage() + ", Parameters: " + Arrays.toString(parameters.toArray())); + } + return new LtiVerificationResult(true, new LtiLaunch(parameters)); + } + } + + /** + * Given a collection of parameters, return the first value for the given key. + * returns null if no entry is found with the given key. + */ + public static String getKey(Collection parameters, String parameterName) { + for(Map.Entry entry: parameters) { + if(entry.getKey().equals(parameterName)) { + return entry.getValue(); + } } - return new LtiVerificationResult(true, new LtiLaunch(parameters)); + return null; } } diff --git a/src/main/java/org/imsglobal/lti/launch/LtiUser.java b/src/main/java/org/imsglobal/lti/launch/LtiUser.java index 8131459..bb35a46 100644 --- a/src/main/java/org/imsglobal/lti/launch/LtiUser.java +++ b/src/main/java/org/imsglobal/lti/launch/LtiUser.java @@ -1,6 +1,7 @@ package org.imsglobal.lti.launch; import javax.servlet.http.HttpServletRequest; +import java.util.Collection; import java.util.LinkedList; import java.util.List; import java.util.Map; @@ -33,6 +34,22 @@ public LtiUser(Map parameters) { } } + public LtiUser(Collection parameters) { + this.id = LtiOauthVerifier.getKey(parameters, "user_id"); + this.roles = new LinkedList<>(); + String parameterRoles = LtiOauthVerifier.getKey(parameters, "roles"); + if(parameterRoles != null) { + for (String role : parameterRoles.split(",")) { + this.roles.add(role.trim()); + } + } + } + + public LtiUser(String id, List roles) { + this.id = id; + this.roles = roles; + } + public String getId() { return id; } diff --git a/src/main/java/org/imsglobal/lti/launch/LtiVerifier.java b/src/main/java/org/imsglobal/lti/launch/LtiVerifier.java index 1a21c23..1c13dd9 100644 --- a/src/main/java/org/imsglobal/lti/launch/LtiVerifier.java +++ b/src/main/java/org/imsglobal/lti/launch/LtiVerifier.java @@ -2,6 +2,7 @@ import javax.servlet.http.HttpServletRequest; +import java.util.Collection; import java.util.Map; /** @@ -24,13 +25,13 @@ public interface LtiVerifier { * information about the request). * @throws LtiVerificationException */ - public LtiVerificationResult verify(HttpServletRequest request, String secret) throws LtiVerificationException; + LtiVerificationResult verify(HttpServletRequest request, String secret) throws LtiVerificationException; /** * This method will verify a list of properties (mapped * by key & value). - * @param parameters the parameters that will be verified. mapped by key & value - * @param url the url this request was made at + * @param parameters the parameters that will be verified. mapped by key & value. This should only include parameters explicitly included in the body (not the url). + * @param url The url this request was made at. The url passed should be the same as sent for the request (along with any parameters). * @param method the method this url was requested with * @param secret the secret to verify the propertihes with * @return an LtiVerificationResult which will @@ -39,6 +40,23 @@ public interface LtiVerifier { * information about the request). * @throws LtiVerificationException */ - public LtiVerificationResult verifyParameters(Map parameters, String url, String method, String secret) throws LtiVerificationException; + LtiVerificationResult verifyParameters(Map parameters, String url, String method, String secret) throws LtiVerificationException; + + /** + * This method will verify a list of properties (mapped + * by key & value). + * @param parameters the parameters that will be verified. mapped by key & value. This should only include parameters explicitly included in the body (not the url). + * The entries must be of type `Entry`. If a specific key has multiple values (i.e. an array), each value must be in its own entry, each + * with the same key. + * @param url The url this request was made at. The url passed should be the same as sent for the request (along with any parameters). + * @param method the method this url was requested with + * @param secret the secret to verify the propertihes with + * @return an LtiVerificationResult which will + * contain information about the request (whether or + * not it is valid, and if it is valid, contextual + * information about the request). + * @throws LtiVerificationException + */ + LtiVerificationResult verifyParameters(Collection parameters, String url, String method, String secret) throws LtiVerificationException; }