From a5701e5f6a57e5514eab3c5f3063405ad3c106eb Mon Sep 17 00:00:00 2001 From: Brian Lin Date: Wed, 20 Jul 2022 13:41:14 -0500 Subject: [PATCH 1/3] PODB-603: Update error message and write test. --- src/LtiMessageLaunch.php | 26 +++++++++++++++++++++----- tests/LtiMessageLaunchTest.php | 3 ++- 2 files changed, 23 insertions(+), 6 deletions(-) diff --git a/src/LtiMessageLaunch.php b/src/LtiMessageLaunch.php index d66aaf3c..cf0b1bf7 100644 --- a/src/LtiMessageLaunch.php +++ b/src/LtiMessageLaunch.php @@ -28,7 +28,14 @@ class LtiMessageLaunch public const ERR_INVALID_ID_TOKEN = 'Invalid id_token, JWT must contain 3 parts'; public const ERR_MISSING_NONCE = 'Missing Nonce.'; public const ERR_INVALID_NONCE = 'Invalid Nonce.'; - public const ERR_MISSING_REGISTRATION = 'Registration not found. Please have your admin confirm your Issuer URL, client ID, and deployment ID.'; + + /** + * :issuerUrl and :clientId are used to substitute the queried issuerUrl + * and clientId. Do not change those substrings without changing how the + * error message is built. + */ + public const ERR_MISSING_REGISTRATION = 'LTI 1.3 Registration not found for Issuer :issuerUrl and Client ID :clientId. Please make sure the LMS has provided the right information, and that the LMS has been registered correctly in the tool.'; + public const ERR_CLIENT_NOT_REGISTERED = 'Client id not registered for this issuer.'; public const ERR_NO_KID = 'No KID specified in the JWT Header.'; public const ERR_INVALID_SIGNATURE = 'Invalid signature on id_token'; @@ -276,6 +283,14 @@ public function getLaunchId() return $this->launch_id; } + public function getMissingRegistrationErrorMsg(string $issuerUrl, string $clientId): string + { + $search = [':issuerUrl', ':clientId']; + $replace = [$issuerUrl, $clientId]; + + return str_replace($search, $replace, static::ERR_MISSING_REGISTRATION); + } + private function getPublicKey() { $request = new ServiceRequest( @@ -403,15 +418,16 @@ private function validateNonce() private function validateRegistration() { // Find registration. - $client_id = is_array($this->jwt['body']['aud']) ? $this->jwt['body']['aud'][0] : $this->jwt['body']['aud']; - $this->registration = $this->db->findRegistrationByIssuer($this->jwt['body']['iss'], $client_id); + $clientId = is_array($this->jwt['body']['aud']) ? $this->jwt['body']['aud'][0] : $this->jwt['body']['aud']; + $issuerUrl = $this->jwt['body']['iss']; + $this->registration = $this->db->findRegistrationByIssuer($issuerUrl, $clientId); if (empty($this->registration)) { - throw new LtiException(static::ERR_MISSING_REGISTRATION); + throw new LtiException($this->getMissingRegistrationErrorMsg($issuerUrl, $clientId)); } // Check client id. - if ($client_id !== $this->registration->getClientId()) { + if ($clientId !== $this->registration->getClientId()) { // Client not registered. throw new LtiException(static::ERR_CLIENT_NOT_REGISTERED); } diff --git a/tests/LtiMessageLaunchTest.php b/tests/LtiMessageLaunchTest.php index a8d42497..2faf90bf 100644 --- a/tests/LtiMessageLaunchTest.php +++ b/tests/LtiMessageLaunchTest.php @@ -294,7 +294,8 @@ public function testALaunchFailsIfMissingRegistration() ->once()->andReturn(); $this->expectException(LtiException::class); - $this->expectExceptionMessage(LtiMessageLaunch::ERR_MISSING_REGISTRATION); + $expectedMsg = $this->messageLaunch->getMissingRegistrationErrorMsg($this->issuer['issuer'], $this->issuer['client_id']); + $this->expectExceptionMessage($expectedMsg); $actual = $this->messageLaunch->validate($payload); } From 1c7ac41baf88b603c7cffe80ea3569a038551510 Mon Sep 17 00:00:00 2001 From: Brian Lin Date: Wed, 20 Jul 2022 14:48:36 -0500 Subject: [PATCH 2/3] PODB-603: Make function static for external use. --- src/LtiMessageLaunch.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/LtiMessageLaunch.php b/src/LtiMessageLaunch.php index cf0b1bf7..ff816b64 100644 --- a/src/LtiMessageLaunch.php +++ b/src/LtiMessageLaunch.php @@ -283,7 +283,7 @@ public function getLaunchId() return $this->launch_id; } - public function getMissingRegistrationErrorMsg(string $issuerUrl, string $clientId): string + public static function getMissingRegistrationErrorMsg(string $issuerUrl, string $clientId): string { $search = [':issuerUrl', ':clientId']; $replace = [$issuerUrl, $clientId]; From de328e5971be3247eb50b1cfb2645456f584bf8e Mon Sep 17 00:00:00 2001 From: Brian Lin Date: Wed, 20 Jul 2022 15:01:47 -0500 Subject: [PATCH 3/3] PODB-603: Protect against client ID being null. --- src/LtiMessageLaunch.php | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/LtiMessageLaunch.php b/src/LtiMessageLaunch.php index ff816b64..b34d580a 100644 --- a/src/LtiMessageLaunch.php +++ b/src/LtiMessageLaunch.php @@ -283,8 +283,13 @@ public function getLaunchId() return $this->launch_id; } - public static function getMissingRegistrationErrorMsg(string $issuerUrl, string $clientId): string + public static function getMissingRegistrationErrorMsg(string $issuerUrl, ?string $clientId = null): string { + // Guard against client ID being null + if (!isset($clientId)) { + $clientId = '(N/A)'; + } + $search = [':issuerUrl', ':clientId']; $replace = [$issuerUrl, $clientId];