openedx
diff --git a/‎.gitignore‎
Lines changed: 3 additions & 0 deletions b/‎.gitignore‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎README.rst‎
Lines changed: 5 additions & 0 deletions b/‎README.rst‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎lti_consumer/__init__.py‎
Lines changed: 1 addition & 1 deletion b/‎lti_consumer/__init__.py‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎lti_consumer/api.py‎
Lines changed: 4 additions & 2 deletions b/‎lti_consumer/api.py‎
Lines changed: 4 additions & 2 deletions
diff --git a/‎lti_consumer/lti_xblock.py‎
Lines changed: 8 additions & 176 deletions b/‎lti_consumer/lti_xblock.py‎
Lines changed: 8 additions & 176 deletions
diff --git a/‎lti_consumer/models.py‎
Lines changed: 39 additions & 24 deletions b/‎lti_consumer/models.py‎
Lines changed: 39 additions & 24 deletions
@@ -24,3 +24,6 @@ venv/
 .python-version
 
 .tox
+
+# VS Code
+.vscode
@@ -369,6 +369,11 @@ Changelog
 
 Please See the [releases tab](https://github.com/edx/xblock-lti-consumer/releases) for the complete changelog.
 
+4.4.0 - 2022-08-17
+------------------
+* Move the LTI 1.3 Access Token and Launch Callback endpoint logic from the XBlock to the Django views
+* Adds support for accessing LTI 1.3 URLs using both location and the lti_config_id
+
 4.2.2 - 2022-06-30
 ------------------
 * Fix server 500 error when using names/roles and grades services, due to not returning a user during auth.
 
@@ -4,4 +4,4 @@
 from .apps import LTIConsumerApp
 from .lti_xblock import LtiConsumerXBlock
 
-__version__ = '4.3.3'
+__version__ = '4.4.0'
@@ -129,13 +129,15 @@ def get_lti_1p3_launch_info(config_id=None, block=None):
         if dl_content_items.exists():
             deep_linking_content_items = [item.attributes for item in dl_content_items]
 
+    link_location = lti_config.location if lti_config.location else lti_config.config_id
+
     # Return LTI launch information for end user configuration
     return {
         'client_id': lti_config.lti_1p3_client_id,
-        'keyset_url': get_lms_lti_keyset_link(lti_config.location),
+        'keyset_url': get_lms_lti_keyset_link(link_location),
         'deployment_id': '1',
         'oidc_callback': get_lms_lti_launch_link(),
-        'token_url': get_lms_lti_access_token_link(lti_config.location),
+        'token_url': get_lms_lti_access_token_link(link_location),
         'deep_linking_launch_url': deep_linking_launch_url,
         'deep_linking_content_items':
             json.dumps(deep_linking_content_items, indent=4) if deep_linking_content_items else None,
 
@@ -71,16 +71,6 @@
 from .exceptions import LtiError
 from .lti_1p1.consumer import LtiConsumer1p1, parse_result_json, LTI_PARAMETERS
 from .lti_1p1.oauth import log_authorization_header
-from .lti_1p3.exceptions import (
-    Lti1p3Exception,
-    UnsupportedGrantType,
-    MalformedJwtToken,
-    MissingRequiredClaim,
-    NoSuitableKeys,
-    TokenSignatureExpired,
-    UnknownClientId,
-)
-from .lti_1p3.constants import LTI_1P3_CONTEXT_TYPE
 from .outcomes import OutcomeService
 from .track import track_event
 from .utils import _, resolve_custom_parameter_template, external_config_filter_enabled, database_config_enabled
@@ -1168,187 +1158,29 @@ def lti_launch_handler(self, request, suffix=''):  # pylint: disable=unused-argu
         template = loader.render_django_template('/templates/html/lti_launch.html', context)
         return Response(template, content_type='text/html')
 
-    @XBlock.handler
-    def lti_1p3_launch_callback(self, request, suffix=''):  # pylint: disable=unused-argument
-        """
-        XBlock handler for launching the LTI 1.3 tool.
-
-        This endpoint is only valid when a LTI 1.3 tool is being used.
-
-        Returns:
-            webob.response: HTML LTI launch form or error page if misconfigured
-        """
-        if self.lti_version != "lti_1p3":
-            return Response(status=404)
-
-        loader = ResourceLoader(__name__)
-        context = {}
-
-        user_role = self.runtime.get_user_role()
-        lti_consumer = self._get_lti_consumer()
-
-        try:
-            # Pass user data
-            lti_consumer.set_user_data(
-                user_id=self.external_user_id,
-                # Pass django user role to library
-                role=user_role
-            )
-
-            # Set launch context
-            # Hardcoded for now, but we need to translate from
-            # self.launch_target to one of the LTI compliant names,
-            # either `iframe`, `frame` or `window`
-            # This is optional though
-            lti_consumer.set_launch_presentation_claim('iframe')
-
-            # Set context claim
-            # This is optional
-            context_title = " - ".join([
-                self.course.display_name_with_default,
-                self.course.display_org_with_default
-            ])
-            lti_consumer.set_context_claim(
-                self.context_id,
-                context_types=[LTI_1P3_CONTEXT_TYPE.course_offering],
-                context_title=context_title,
-                context_label=self.context_id
-            )
-
-            # Retrieve preflight response
-            preflight_response = dict(request.GET)
-            lti_message_hint = preflight_response.get('lti_message_hint', '')
-
-            # Set LTI Launch URL
-            launch_url = self.lti_1p3_launch_url
-            if self.config_type == 'database':
-                launch_url = lti_consumer.launch_url
-            context.update({'launch_url': launch_url})
-
-            # Modify LTI Launch URL dependind on launch type
-            # Deep Linking Launch - Configuration flow launched by
-            # course creators to set up content.
-            lti_advantage_deep_linking_enabled = lti_consumer.lti_dl_enabled()
-            if lti_advantage_deep_linking_enabled and lti_message_hint == 'deep_linking_launch':
-                # Check if the user is staff before LTI doing deep linking launch.
-                # If not, raise exception and display error page
-                if user_role not in ['instructor', 'staff']:
-                    raise AssertionError('Deep Linking can only be performed by instructors and staff.')
-                # Set deep linking launch
-                context.update({'launch_url': lti_consumer.lti_dl.deep_linking_launch_url})
-
-            # Deep Linking ltiResourceLink content presentation
-            # When content type is `ltiResourceLink`, the tool will be launched with
-            # different parameters, set by instructors when running the DL configuration flow.
-            elif lti_advantage_deep_linking_enabled and 'deep_linking_content_launch' in lti_message_hint:
-                # Retrieve Deep Linking parameters using lti_message_hint parameter.
-                deep_linking_id = lti_message_hint.split(':')[1]
-                from lti_consumer.api import get_deep_linking_data  # pylint: disable=import-outside-toplevel
-                dl_params = get_deep_linking_data(deep_linking_id, block=self)
-
-                # Modify LTI launch and set ltiResourceLink parameters
-                lti_consumer.set_dl_content_launch_parameters(
-                    url=dl_params.get('url'),
-                    custom=dl_params.get('custom')
-                )
-
-            # Update context with LTI launch parameters
-            context.update({
-                "preflight_response": preflight_response,
-                "launch_request": lti_consumer.generate_launch_request(
-                    resource_link=str(self.location),  # pylint: disable=no-member
-                    preflight_response=preflight_response
-                )
-            })
-
-            # emit tracking event
-            event = {
-                'lti_version': self.lti_version,
-                'user_roles': user_role,
-                'launch_url': self.lti_1p3_launch_url,
-            }
-            track_event('xblock.launch_request', event)
-
-            template = loader.render_mako_template('/templates/html/lti_1p3_launch.html', context)
-            return Response(template, content_type='text/html')
-        except (Lti1p3Exception, LtiError, NotImplementedError, TypeError, ValueError) as exc:
-            log.warning(
-                "Error preparing LTI 1.3 launch for block %r: %s",
-                str(self.location),  # pylint: disable=no-member
-                exc,
-                exc_info=True,
-            )
-            template = loader.render_django_template('/templates/html/lti_1p3_launch_error.html', context)
-            return Response(template, status=400, content_type='text/html')
-        except AssertionError as exc:
-            log.warning(
-                "Permission on LTI block %r denied for user %r: %s",
-                str(self.location),  # pylint: disable=no-member
-                self.external_user_id,
-                exc,
-                exc_info=True
-            )
-            template = loader.render_django_template('/templates/html/lti_1p3_permission_error.html', context)
-            return Response(template, status=403, content_type='text/html')
-
     @XBlock.handler
     def lti_1p3_access_token(self, request, suffix=''):  # pylint: disable=unused-argument
         """
         XBlock handler for creating access tokens for the LTI 1.3 tool.
-
         This endpoint is only valid when a LTI 1.3 tool is being used.
-
         Returns:
-            webob.response:
+            django.http.HttpResponse:
                 Either an access token or error message detailing the failure.
                 All responses are RFC 6749 compliant.
-
         References:
             Sucess: https://tools.ietf.org/html/rfc6749#section-4.4.3
             Failure: https://tools.ietf.org/html/rfc6749#section-5.2
         """
         if self.lti_version != "lti_1p3":
             return Response(status=404)
-        if request.method != "POST":
-            return Response(status=405)
 
-        lti_consumer = self._get_lti_consumer()
-        try:
-            token = lti_consumer.access_token(
-                dict(urllib.parse.parse_qsl(
-                    request.body.decode('utf-8'),
-                    keep_blank_values=True
-                ))
-            )
-            # The returned `token` is compliant with RFC 6749 so we just
-            # need to return a 200 OK response with the token as Json body
-            return Response(json_body=token, content_type="application/json")
-
-        # Handle errors and return a proper response
-        except MissingRequiredClaim:
-            # Missing request attibutes
-            return Response(
-                json_body={"error": "invalid_request"},
-                status=400
-            )
-        except (MalformedJwtToken, TokenSignatureExpired):
-            # Triggered when a invalid grant token is used
-            return Response(
-                json_body={"error": "invalid_grant"},
-                status=400,
-            )
-        except (NoSuitableKeys, UnknownClientId):
-            # Client ID is not registered in the block or
-            # isn't possible to validate token using available keys.
-            return Response(
-                json_body={"error": "invalid_client"},
-                status=400,
-            )
-        except UnsupportedGrantType:
-            return Response(
-                json_body={"error": "unsupported_grant_type"},
-                status=400,
-            )
+        # Asserting that the consumer can be created. This makes sure that the LtiConfiguration
+        # object exists before calling the Django View
+        assert self._get_lti_consumer()
+        # Runtime import because this can only be run in the LMS/Studio Django
+        # environments. Importing the views on the top level will cause RuntimeErorr
+        from lti_consumer.plugin.views import access_token_endpoint  # pylint: disable=import-outside-toplevel
+        return access_token_endpoint(request, usage_id=str(self.location))  # pylint: disable=no-member
 
     @XBlock.handler
     def outcome_service_handler(self, request, suffix=''):  # pylint: disable=unused-argument
 
@@ -4,6 +4,7 @@
 import logging
 import uuid
 import json
+
 from django.db import models
 from django.core.validators import MinValueValidator
 from django.core.exceptions import ValidationError
@@ -401,45 +402,60 @@ def _setup_lti_1p3_ags(self, consumer):
         """
         Set up LTI 1.3 Advantage Assigment and Grades Services.
         """
+
         try:
             lti_advantage_ags_mode = self.get_lti_advantage_ags_mode()
         except NotImplementedError as exc:
             log.exception("Error setting up LTI 1.3 Advantage Assignment and Grade Services: %s", exc)
             return
 
-        if lti_advantage_ags_mode != self.LTI_ADVANTAGE_AGS_DISABLED:
-            lineitem = None
-            # If using the declarative approach, we should create a LineItem if it
-            # doesn't exist. This is because on this mode the tool is not able to create
-            # and manage lineitems using the AGS endpoints.
-            if lti_advantage_ags_mode == self.LTI_ADVANTAGE_AGS_DECLARATIVE:
-                # Set grade attributes
+        if lti_advantage_ags_mode == self.LTI_ADVANTAGE_AGS_DISABLED:
+            log.info('LTI Advantage AGS is disabled for %s', self)
+            return
+
+        lineitem = self.ltiagslineitem_set.first()
+        # If using the declarative approach, we should create a LineItem if it
+        # doesn't exist. This is because on this mode the tool is not able to create
+        # and manage lineitems using the AGS endpoints.
+        if not lineitem and lti_advantage_ags_mode == self.LTI_ADVANTAGE_AGS_DECLARATIVE:
+            try:
+                block = self.block
+            except ValueError:  # There is no location to load the block
+                block = None
+
+            if block:
                 default_values = {
-                    'resource_id': self.block.location,
+                    'resource_id': self.location,
                     'score_maximum': self.block.weight,
                     'label': self.block.display_name,
                 }
-
                 if hasattr(self.block, 'start'):
                     default_values['start_date_time'] = self.block.start
 
                 if hasattr(self.block, 'due'):
                     default_values['end_date_time'] = self.block.due
+            else:
+                # TODO find a way to make these defaults more sensible
+                default_values = {
+                    'resource_id': self.location,
+                    'score_maximum': 100,
+                    'label': 'LTI Consumer at ' + str(self.location)
+                }
 
-                # create LineItem if there is none for current lti configuration
-                lineitem, _ = LtiAgsLineItem.objects.get_or_create(
-                    lti_configuration=self,
-                    resource_link_id=self.block.location,
-                    defaults=default_values
-                )
+            # create LineItem if there is none for current lti configuration
+            lineitem = LtiAgsLineItem.objects.create(
+                lti_configuration=self,
+                resource_link_id=self.location,
+                **default_values
+            )
 
-            consumer.enable_ags(
-                lineitems_url=get_lti_ags_lineitems_url(self.id),
-                lineitem_url=get_lti_ags_lineitems_url(self.id, lineitem.id) if lineitem else None,
-                allow_programmatic_grade_interaction=(
-                    lti_advantage_ags_mode == self.LTI_ADVANTAGE_AGS_PROGRAMMATIC
-                )
+        consumer.enable_ags(
+            lineitems_url=get_lti_ags_lineitems_url(self.id),
+            lineitem_url=get_lti_ags_lineitems_url(self.id, lineitem.id) if lineitem else None,
+            allow_programmatic_grade_interaction=(
+                lti_advantage_ags_mode == self.LTI_ADVANTAGE_AGS_PROGRAMMATIC
             )
+        )
 
     def _setup_lti_1p3_deep_linking(self, consumer):
         """
@@ -471,7 +487,6 @@ def _get_lti_1p3_consumer(self):
         Uses the `config_store` variable to determine where to
         look for the configuration and instance the class.
         """
-        # If LTI configuration is stored in the XBlock.
         if self.config_store == self.CONFIG_ON_XBLOCK:
             consumer = LtiAdvantageConsumer(
                 iss=get_lms_base(),
@@ -505,13 +520,13 @@ def _get_lti_1p3_consumer(self):
                 tool_keyset_url=self.lti_1p3_tool_keyset_url,
             )
         else:
-            # This should not occur, but raise an error if self.config_store is not CONFIG_ON_XBLOCK or CONFIG_ON_DB.
+            # This should not occur, but raise an error if self.config_store is not CONFIG_ON_XBLOCK
+            # or CONFIG_ON_DB.
             raise NotImplementedError
 
         self._setup_lti_1p3_ags(consumer)
         self._setup_lti_1p3_deep_linking(consumer)
         self._setup_lti_1p3_nrps(consumer)
-
         return consumer
 
     def get_lti_consumer(self):