Loading...

XML

Word

Printable

Type: Bug
Resolution: Fixed
Priority: Critical
Fix Version/s: 4.0.7, 4.1.2
Affects Version/s: 4.0.6, 4.1.1
Component/s: LTI External tool
Labels:

Affected Branches:
MOODLE_400_STABLE, MOODLE_401_STABLE
Fixed Branches:
MOODLE_400_STABLE, MOODLE_401_STABLE
Pull from Repository:
https://github.com/snake/moodle
Pull 4.1 Branch:
~~MDL-77077~~-401
Pull 4.1 Diff URL:
https://github.com/snake/moodle/compare/67bbf6c4160...MDL-77077-401
Pull Main Branch:
~~MDL-77077~~-master
Pull Main Diff URL:
https://github.com/snake/moodle/compare/880462a1685...MDL-77077-master

Testing Instructions:

Hide

Testing prerequisites (tool-platform setup)

You need two Moodle sites (localhost is fine but please make sure both are http to avoid known browser cookie issues) - one called 'platform' and one called 'tool'
In the tool site admin settings:
- Enable enrol_lti and auth_lti plugins
  - For enrol, go to Site admin > Plugins > Enrolment plugins > Manage enrolment plugins
  - For auth, go to Site admin > Plugins > Authentication plugins > Manage authentication plugins
- Enable "Allow frame embedding"
In BOTH sites:
- Go to "Administration > Security > HTTP security" and clear all values from the 'curlsecurityblockedhosts' admin setting and save (to permit localhost-to-localhost calls)
Now, in the tool site, go to "Admin > Plugins > Enrolment plugins > Publish as LTI tool > Tool registration
Generate a new dynamic registation URL by clicking the button
Copy the URL using the copy to clipboard feature
Now, in the platform site, login as admin
Go to "Admin > Plugins > Activities > External tool > Manage tools"
Paste the dynamic registration URL you copied into the text field and click "Add LTI Advantage". You should now see a tool card.
Activate the preconfigured tool using the button on the tool card.
Change the name of this tool to "Moodle tool" and save.

Testing

In an editor of your choice, edit the tool site's lib/lti1p3/src/JwksEndpoint.php, commenting out the 'alg' line in getPublicJWKS here: https://github.com/moodle/moodle/blob/6c0ffde138f33490e8f9a34d7d9a60bbbaa71e93/lib/lti1p3/src/JwksEndpoint.php#L43
e.g.

...

 $components = [

    'kty' => 'RSA',

    //'alg' => 'RS256',

    'use' => 'sig',

    'e' => JWT::urlsafeB64Encode($key_details['rsa']['e']),

    'n' => JWT::urlsafeB64Encode($key_details['rsa']['n']),

    'kid' => $kid,

];

...

In the tool site, create a course with an assignment
In Course -> Published as LTI tools, publish the assignment over LTI Advantage
Log out of the tool
Log in to the platform site
Purge caches (since the JWKS vals are cached)
Go to a course
Click to add an activity or resource
Select "External tool"
From the select menu, pick the "Moodle tool" tool
click "Select content"
Proceed through any prompts to link logins, relaunching the content selection when you're done.
Pick the assignment you published earlier and click "Add content"
Verify you see a confirmation message pop up briefly and that you're taken back to the module edit form, which has now had its module name updated successfully

Show

Testing prerequisites (tool-platform setup) You need two Moodle sites (localhost is fine but please make sure both are http to avoid known browser cookie issues) - one called 'platform' and one called 'tool' In the tool site admin settings: Enable enrol_lti and auth_lti plugins For enrol, go to Site admin > Plugins > Enrolment plugins > Manage enrolment plugins For auth, go to Site admin > Plugins > Authentication plugins > Manage authentication plugins Enable "Allow frame embedding" In BOTH sites: Go to "Administration > Security > HTTP security" and clear all values from the 'curlsecurityblockedhosts' admin setting and save (to permit localhost-to-localhost calls) Now, in the tool site, go to "Admin > Plugins > Enrolment plugins > Publish as LTI tool > Tool registration Generate a new dynamic registation URL by clicking the button Copy the URL using the copy to clipboard feature Now, in the platform site, login as admin Go to "Admin > Plugins > Activities > External tool > Manage tools" Paste the dynamic registration URL you copied into the text field and click "Add LTI Advantage". You should now see a tool card. Activate the preconfigured tool using the button on the tool card. Change the name of this tool to "Moodle tool" and save. Testing In an editor of your choice, edit the tool site's lib/lti1p3/src/JwksEndpoint.php, commenting out the 'alg' line in getPublicJWKS here: https://github.com/moodle/moodle/blob/6c0ffde138f33490e8f9a34d7d9a60bbbaa71e93/lib/lti1p3/src/JwksEndpoint.php#L43 e.g. ... $components = [ 'kty' => 'RSA', //'alg' => 'RS256', 'use' => 'sig', 'e' => JWT::urlsafeB64Encode($key_details['rsa']['e']), 'n' => JWT::urlsafeB64Encode($key_details['rsa']['n']), 'kid' => $kid, ]; ... In the tool site, create a course with an assignment In Course -> Published as LTI tools, publish the assignment over LTI Advantage Log out of the tool Log in to the platform site Purge caches (since the JWKS vals are cached) Go to a course Click to add an activity or resource Select "External tool" From the select menu, pick the "Moodle tool" tool click "Select content" Proceed through any prompts to link logins, relaunching the content selection when you're done. Pick the assignment you published earlier and click "Add content" Verify you see a confirmation message pop up briefly and that you're taken back to the module edit form, which has now had its module name updated successfully

Story Points:
2
Sprint:
Team Hedgehog Sprint 1 review

Issue

firebase/php-jwt 6 made 'alg' a required property, and this causes some issue when tools don't provide this in their JWKS.

Replication steps

We'll use a local moodle tool provider to replicate this. In reality, any tool omitting the JWKS 'alg' property will result in the same failure.

Set up 2 local Moodle sites - one platform, one tool
In the tool codebase, edit lib/lti1p3/src/JwksEndpoint.php, commenting out the 'alg' line in getPublicJWKS here: https://github.com/moodle/moodle/blob/6c0ffde138f33490e8f9a34d7d9a60bbbaa71e93/lib/lti1p3/src/JwksEndpoint.php#L43
See https://docs.moodle.org/401/en/Publish_as_LTI_tool to register the tool site with the platform. At the end of this process you should have registered the tool with the platform and have a new preconfigured tool in the platform site admin.
In the tool site, create a course with an assignment
In Course -> Published as LTI tools, publish the assignment over LTI Advantage
Now, log into the platform site and go to a course
Click to add a new activity and select the External tool you created in 2.
Select "Add content" and proceed through any login linking process
Select the assignment you published in 5.
Click "Add content"
Expected: the content item message is returned without an error
Actual: You'll see the error "Exception - JWK must contain an "alg" parameter"

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List
  - Download All

400.gif
01/Feb/23 11:07 AM
165 kB
Ron Carl Alfon Yu
401.gif
01/Feb/23 11:07 AM
209 kB
Ron Carl Alfon Yu
lit_content_loaded_into_platform_site.png
31/Jan/23 12:42 PM
141 kB
David Woloszyn
master.gif
01/Feb/23 11:07 AM
570 kB
Ron Carl Alfon Yu
units_tests_pass.png
31/Jan/23 12:42 PM
49 kB
David Woloszyn

is a regression caused by

MDL-71712 Upgrade PHP-JWT to latest version

Closed

Assignee:: Jake Dallimore

Reporter:: Jake Dallimore

Peer reviewer:: David Woloszyn

Integrator:: Ilya Tregubov

Tester:: Ron Carl Alfon Yu

Participants:: CiBoT, David Woloszyn, Ilya Tregubov, Jake Dallimore, Ron Carl Alfon Yu

Votes:: 1 Vote for this issue

Watchers:: 6 Start watching this issue

Created:: 30/Jan/23 9:40 AM

Updated:: 03/Feb/23 6:04 PM

Resolved:: 03/Feb/23 6:04 PM

Estimated:

Not Specified

Remaining:

Logged:

1d 2h 1m

Details

Testing prerequisites (tool-platform setup)

Testing

Description

Issue

Replication steps

Attachments

Attachments

Issue Links

Activity

People

Dates

Time Tracking

Clockify