ccnmtl
diff --git a/‎metricsmentor/main/views.py‎
Lines changed: 274 additions & 2 deletions b/‎metricsmentor/main/views.py‎
Lines changed: 274 additions & 2 deletions
diff --git a/‎metricsmentor/settings_shared.py‎
Lines changed: 20 additions & 1 deletion b/‎metricsmentor/settings_shared.py‎
Lines changed: 20 additions & 1 deletion
diff --git a/‎metricsmentor/templates/registration/lti_registration.html‎
Lines changed: 26 additions & 0 deletions b/‎metricsmentor/templates/registration/lti_registration.html‎
Lines changed: 26 additions & 0 deletions
@@ -4,15 +4,15 @@
 from courseaffils.columbia import CourseStringTemplate, CanvasTemplate
 from courseaffils.models import Course
 from courseaffils.views import get_courses_for_user
-from django.conf import settings
+from django.conf import settings, LazySettings
 from django.contrib import messages
 from django.contrib.auth.mixins import (
     LoginRequiredMixin
 )
 from django.contrib.auth.models import Group
 from django.shortcuts import render, get_object_or_404
 from django.http import (
-    HttpResponseRedirect
+    HttpResponseRedirect, HttpResponse
 )
 from django.urls.base import reverse
 from django.views.generic.base import TemplateView, View
@@ -31,6 +31,38 @@
 import statsmodels.api as sm
 import json
 import math
+from lti_tool.views import LtiLaunchBaseView, OIDCLoginInitView
+from lti_dynamic_registration.views import DynamicRegistrationBaseView
+from lti_dynamic_registration.constants import CanvasPrivacyLevel
+from lti_dynamic_registration.types import (
+    CanvasLtiMessage,
+    CanvasLtiRegistration,
+    CanvasLtiToolConfiguration,
+)
+from urllib.parse import urljoin, urlparse
+from django.templatetags.static import static
+from django.views.decorators.clickjacking import xframe_options_exempt
+
+
+def ensure_https(url: str) -> str:
+    if not url.startswith('http://') and not url.startswith('https://'):
+        return 'https://' + url
+    return url
+
+
+def is_static_file_remote(path: str) -> bool:
+    url = static(path)
+    parsed = urlparse(url)
+    return bool(parsed.scheme and parsed.netloc)
+
+
+def get_icon_url(settings: LazySettings, host: str) -> str:
+    icon_url = static(settings.LTI_TOOL_CONFIGURATION['embed_icon_url'])
+
+    if not is_static_file_remote(icon_url):
+        icon_url = urljoin(f'https://{host}', icon_url)
+
+    return icon_url
 
 
 class CoursesView(LoginRequiredMixin, TemplateView):
@@ -130,6 +162,246 @@ def post(self, request, *args, **kwargs):
             )
 
 
+class JSONConfigView(View):
+    """
+    JSON configuration endpoint for LTI 1.3.
+
+    In Canvas LMS, an LTI Developer Key can be created via Manual
+    Entry, or by URL. This view provides the JSON necessary for URL
+    configuration in Canvas.
+
+    https://canvas.instructure.com/doc/api/file.lti_dev_key_config.html
+    """
+    def get(self, request, *args, **kwargs):
+        domain = request.get_host()
+        title = settings.LTI_TOOL_CONFIGURATION['title']
+        icon_url = static(settings.LTI_TOOL_CONFIGURATION['embed_icon_url'])
+        target_link_uri = urljoin(
+            'https://{}'.format(domain), reverse('lti-launch'))
+
+        uuid_str = kwargs.get('registration_uuid')
+        oidc_init_uri = urljoin(
+            'https://{}'.format(domain),
+            reverse('init', kwargs={'registration_uuid': uuid_str}))
+
+        lti_platform = 'columbiasce.test.instructure.com'
+        if hasattr(settings, 'LTI_PLATFORM'):
+            lti_platform = settings.LTI_PLATFORM
+
+        json_obj = {
+            'title': title,
+            'description': settings.LTI_TOOL_CONFIGURATION['description'],
+            'oidc_initiation_url': oidc_init_uri,
+            'target_link_uri': target_link_uri,
+            'scopes': [
+                'https://purl.imsglobal.org/spec/lti-ags/scope/lineitem',
+                'https://purl.imsglobal.org/spec/lti-ags/lti/claim/lis',
+
+                'https://purl.imsglobal.org/'
+                'spec/lti-ags/scope/result.readonly',
+
+                'https://purl.imsglobal.org/'
+                'spec/lti-nrps/scope/contextmembership.readonly',
+            ],
+            'extensions': [
+                {
+                    'domain': domain,
+                    'tool_id': 'metricsmentor',
+                    'platform': lti_platform,
+                    'privacy_level': 'public',
+                    'settings': {
+                        'text': 'Launch ' + title,
+                        'labels': {
+                            'en': 'Launch ' + title,
+                        },
+                        'icon_url': icon_url,
+                        'selection_height': 800,
+                        'selection_width': 800,
+                        'placements': [
+                            {
+                                'text': 'MetricsMentor',
+                                'icon_url': icon_url,
+                                'placement': 'course_navigation',
+                                'message_type': 'LtiResourceLinkRequest',
+                                'target_link_uri': target_link_uri,
+                                'selection_height': 500,
+                                'selection_width': 500
+                            }
+                        ],
+                    }
+                }
+            ],
+            'public_jwk_url': urljoin(
+                'https://{}'.format(domain), reverse('jwks'))
+        }
+        return JsonResponse(json_obj)
+
+
+@method_decorator(xframe_options_exempt, name='dispatch')
+class MyOIDCLoginInitView(OIDCLoginInitView):
+    pass
+
+
+@method_decorator(xframe_options_exempt, name='dispatch')
+class LtiLaunchView(LtiLaunchBaseView, TemplateView):
+    """
+    https://github.com/academic-innovation/django-lti/blob/main/README.md#handling-an-lti-launch
+    """
+    template_name = 'lti_provider/landing_page.html'
+    lti_tool_name = None
+    course = None
+
+    @xframe_options_exempt
+    def handle_resource_launch(self, request, lti_launch):
+        if settings.DEBUG:
+            print('All lti_launch data:', lti_launch.get_launch_data())
+            print('User:', lti_launch.user.__dict__)
+            print('NRPS claim:', lti_launch.nrps_claim)
+            print('Roles claim:', lti_launch.roles_claim)
+
+        self.lti_tool_name = lti_launch.platform_instance_claim.get(
+            'product_family_code')
+        if self.lti_tool_name:
+            self.lti_tool_name = self.lti_tool_name.capitalize()
+
+        self.deployment_id = lti_launch.deployment.deployment_id
+        self.course_id = lti_launch.context_claim.get('id')
+        self.course_name = lti_launch.context_claim.get('title')
+
+        # Search for course by context_id in EconPractice database
+        try:
+            self.course = Course.objects.get(
+                context_id=self.course_id, deployment_id=self.deployment_id)
+        except Course.DoesNotExist:
+            pass
+
+        return self.get(request)
+
+    @xframe_options_exempt
+    def get_context_data(self, **kwargs):
+        domain = self.request.get_host()
+        url = settings.LTI_TOOL_CONFIGURATION['landing_url'].format(
+            self.request.scheme, domain, kwargs.get('context'))
+
+        lti_tool_name = 'LTI'
+        if self.lti_tool_name:
+            lti_tool_name = self.lti_tool_name
+
+        return {
+            'DEBUG': settings.DEBUG,
+            'landing_url': url,
+            'title': settings.LTI_TOOL_CONFIGURATION['title'],
+            'lti_tool_name': lti_tool_name,
+            'course': self.course,
+            'deployment_id': self.deployment_id,
+            'course_id': self.course_id,
+            'course_name': self.course_name,
+        }
+
+
+class DynamicRegistrationView(DynamicRegistrationBaseView):
+    tool_friendly_name = "MetricsMentor"
+    lti_platform = 'columbiasce.test.instructure.com'
+
+    def dispatch(self, *args, **kwargs) -> HttpResponse:
+        if hasattr(settings, 'LTI_PLATFORM'):
+            self.lti_platform = settings.LTI_PLATFORM
+
+        return super().dispatch(*args, **kwargs)
+
+    def get(self, request, *args, **kwargs) -> HttpResponse:
+        context = {
+            # Pass in a default lti_platform
+            'lti_platform': ensure_https(self.lti_platform),
+        }
+        return render(request, 'registration/lti_registration.html', context)
+
+    def post(self, request, *args, **kwargs) -> HttpResponse:
+        # Perform the registration steps. Typically this would involve:
+        # 1. Register the platform in the tool
+        issuer = request.POST.get('issuer')
+        if issuer:
+            issuer = issuer.strip()
+            issuer = ensure_https(issuer)
+
+        authorization_endpoint = urljoin(issuer, '/api/lti/authorize_redirect')
+
+        token_endpoint = urljoin(issuer, '/login/oauth2/token')
+        jwks_uri = urljoin(issuer, '/api/lti/security/jwks')
+
+        reg = self.register_platform_in_tool(
+            issuer, {
+                'issuer': issuer,
+                'authorization_endpoint': authorization_endpoint,
+                'token_endpoint': token_endpoint,
+                'jwks_uri': jwks_uri,
+            }
+        )
+
+        # 2. Register the tool in the platform
+        openid_config = self.get_openid_config()
+        privacy_level = CanvasPrivacyLevel('public')
+        host = request.get_host()
+        target_link_uri = f'https://{host}/lti/launch/'
+        icon_url = get_icon_url(settings, host)
+        oidc_init_uri = urljoin(
+            'https://{}'.format(host),
+            reverse('oidc_init', kwargs={'registration_uuid': reg.uuid}))
+
+        lti_tool_config = CanvasLtiToolConfiguration(
+            domain=self.lti_platform,
+            target_link_uri=target_link_uri,
+            claims=[
+                'sub',
+                'iss',
+                'name',
+                'given_name',
+                'family_name',
+                'nickname',
+                'picture',
+                'email',
+                'locale'
+            ],
+            messages=[
+                CanvasLtiMessage(
+                    label='MetricsMentor',
+                    icon_uri=icon_url,
+                    type='LtiResourceLinkRequest',
+                    placements=['course_navigation'],
+                    target_link_uri=target_link_uri,
+                    default_enabled=True
+                )
+            ],
+            description=settings.LTI_TOOL_CONFIGURATION['description'],
+            privacy_level=privacy_level,
+            tool_id='metricsmentor',
+        )
+        tool_platform_registration = CanvasLtiRegistration(
+            client_name='MetricsMentor',
+            target_link_uri=target_link_uri,
+            initiate_login_uri=oidc_init_uri,
+            jwks_uri=jwks_uri,
+            scopes=[
+                'https://purl.imsglobal.org/spec/lti-ags/scope/lineitem',
+            ],
+            lti_tool_configuration=lti_tool_config,
+        )
+
+        if settings.DEBUG:
+            print('registration', tool_platform_registration.to_dict())
+        client_id = self.register_tool_in_platform(
+            openid_config, tool_platform_registration)
+
+        # 3. Update the platform registration with the client ID returned in
+        #    step 2
+        reg.client_id = client_id
+        reg.save()
+
+        # Return a page containing javascript that calls a special
+        # platform postMessage endpoint
+        return self.success_response()
+
+
 class LTICourseCreate(LoginRequiredMixin, View):
 
     def notify_staff(self, course):
 
@@ -22,13 +22,19 @@
     'metricsmentor.main',
     'courseaffils',
     'lti_provider',
+    'lti_tool',
     'contactus',
     'debug_toolbar',
 ]
 
 MIDDLEWARE += [  # noqa
     'django.middleware.csrf.CsrfViewMiddleware',
     'debug_toolbar.middleware.DebugToolbarMiddleware',
+    'django.contrib.sessions.middleware.SessionMiddleware',
+    'lti_tool.middleware.LtiLaunchMiddleware',
+    'django.contrib.auth.middleware.AuthenticationMiddleware',
+    'django.middleware.clickjacking.XFrameOptionsMiddleware',
+    'lti_authentication.middleware.LtiLaunchAuthenticationMiddleware',
 ]
 
 THUMBNAIL_SUBDIR = "thumbs"
@@ -42,6 +48,9 @@
 DEFAULT_AUTO_FIELD = 'django.db.models.AutoField'
 
 AUTHENTICATION_BACKENDS += [  # noqa
+    'django.contrib.auth.backends.ModelBackend',
+    # django-lti-authentication (LTI 1.3)
+    'lti_authentication.backends.LtiLaunchAuthenticationBackend',
     'lti_provider.auth.LTIBackend',
 ]
 
@@ -55,11 +64,21 @@
 EMAIL_HOST_USER = os.environ.get('SES_USERNAME')
 EMAIL_HOST_PASSWORD = os.environ.get('SES_PASSWORD')
 
+LTI_AUTHENTICATION = {
+    'use_person_sourcedid': True,
+}
+
+SESSION_ENGINE = 'django.contrib.sessions.backends.signed_cookies'
+SESSION_COOKIE_SECURE = True
+SESSION_COOKIE_HTTPONLY = True
+SESSION_COOKIE_DOMAIN = None
+SESSION_COOKIE_SAMESITE = 'Lax'
+X_FRAME_OPTIONS = 'SAMEORIGIN'
 
 LTI_TOOL_CONFIGURATION = {
     'title': 'Metrics Mentor',
     'description': 'Econometrics Simulations',
-    'launch_url': 'lti/',
+    'launch_url': 'launch/',
     'embed_url': '',
     'embed_icon_url': '',
     'embed_tool_id': '',
 
@@ -0,0 +1,26 @@
+<!DOCTYPE html>
+<html>
+    <head>
+        <title>MetricsMentor: LTI 1.3 Dynamic Registration</title>
+        <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.7/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-LN+7fdVzj6u52u30Kp6M/trliBMCMKTyK833zpbD+pXdCLuTusPj697FH4R/5mcr" crossorigin="anonymous">
+    </head>
+    <body class="container">
+
+        <h5>
+            MetricsMentor: LTI 1.3 Dynamic Registration
+        </h5>
+
+        <form method="post">
+            {% csrf_token %}
+            <div class="mb-3">
+                <label for="issuerInput" class="form-label">Issuer</label>
+                <input type="text" class="form-control" name="issuer" required
+                       id="issuerInput" aria-describedby="issuerHelp"
+                       value="{{ lti_platform }}">
+                <div id="issuerHelp" class="form-text">e.g.: https://courseworks2.columbia.edu/</div>
+            </div>
+            <button type="submit" class="btn btn-primary">Submit</button>
+        </form>
+
+    </body>
+</html>