Code Coverage
 
Lines
Functions and Methods
Classes and Traits
Total
0.00% covered (danger)
0.00%
0 / 188
0.00% covered (danger)
0.00%
0 / 1
CRAP
0.00% covered (danger)
0.00%
0 / 1
LtiServiceProvider
0.00% covered (danger)
0.00%
0 / 188
0.00% covered (danger)
0.00%
0 / 1
2
0.00% covered (danger)
0.00%
0 / 1
 __invoke
0.00% covered (danger)
0.00%
0 / 188
0.00% covered (danger)
0.00%
0 / 1
2
1<?php
2
3/**
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU General Public License
6 * as published by the Free Software Foundation; under version 2
7 * of the License (non-upgradable).
8 *
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
12 * GNU General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, write to the Free Software
16 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
17 *
18 * Copyright (c) 2021-2022 (original work) Open Assessment Technologies SA;
19 */
20
21declare(strict_types=1);
22
23namespace oat\taoLti\models\classes\ServiceProvider;
24
25use GuzzleHttp\ClientInterface;
26use League\OAuth2\Server\Entities\ScopeEntityInterface;
27use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface;
28use League\OAuth2\Server\Repositories\ClientRepositoryInterface;
29use League\OAuth2\Server\Repositories\ScopeRepositoryInterface;
30use oat\generis\model\DependencyInjection\ContainerServiceProviderInterface;
31use oat\generis\model\DependencyInjection\ServiceOptions;
32use oat\generis\persistence\PersistenceManager;
33use OAT\Library\Lti1p3Ags\Factory\Score\ScoreFactory;
34use OAT\Library\Lti1p3Ags\Factory\Score\ScoreFactoryInterface;
35use OAT\Library\Lti1p3Ags\Service\Score\Client\ScoreServiceClient;
36use OAT\Library\Lti1p3Ags\Service\Score\ScoreServiceInterface;
37use OAT\Library\Lti1p3Core\Registration\RegistrationRepositoryInterface;
38use OAT\Library\Lti1p3Core\Security\Jwks\Fetcher\JwksFetcher;
39use OAT\Library\Lti1p3Core\Security\Jwks\Fetcher\JwksFetcherInterface;
40use OAT\Library\Lti1p3Core\Security\OAuth2\Entity\Scope;
41use OAT\Library\Lti1p3Core\Security\OAuth2\Factory\AuthorizationServerFactory;
42use OAT\Library\Lti1p3Core\Security\OAuth2\Repository\AccessTokenRepository;
43use OAT\Library\Lti1p3Core\Security\OAuth2\Repository\ClientRepository;
44use OAT\Library\Lti1p3Core\Security\OAuth2\Repository\ScopeRepository;
45use OAT\Library\Lti1p3Core\Service\Client\LtiServiceClient;
46use OAT\Library\Lti1p3Core\Service\Client\LtiServiceClientInterface;
47use oat\oatbox\cache\factory\CacheItemPoolFactory;
48use oat\oatbox\cache\ItemPoolSimpleCacheAdapter;
49use oat\oatbox\log\LoggerService;
50use oat\oatbox\session\SessionService;
51use oat\tao\model\DynamicConfig\DynamicConfigProviderInterface;
52use oat\tao\model\accessControl\RoleBasedContextRestrictAccess;
53use oat\tao\model\menu\SectionVisibilityByRoleFilter;
54use oat\taoLti\models\classes\Client\LtiClientFactory;
55use oat\taoLti\models\classes\DynamicConfig\LtiConfigProvider;
56use oat\taoLti\models\classes\LtiAgs\LtiAgsScoreService;
57use oat\taoLti\models\classes\LtiAgs\LtiAgsScoreServiceInterface;
58use oat\taoLti\models\classes\LtiRoles;
59use oat\taoLti\models\classes\Platform\Repository\DefaultToolConfig;
60use oat\taoLti\models\classes\Platform\Repository\Lti1p3RegistrationRepository;
61use oat\taoLti\models\classes\Platform\Repository\Lti1p3RegistrationSnapshotRepository;
62use oat\taoLti\models\classes\Platform\Repository\LtiPlatformFactory;
63use oat\taoLti\models\classes\Platform\Service\UpdatePlatformRegistrationSnapshotListener;
64use oat\taoLti\models\classes\Security\DataAccess\Repository\CachedPlatformKeyChainRepository;
65use oat\taoLti\models\classes\Security\DataAccess\Repository\PlatformKeyChainRepository;
66use oat\taoLti\models\classes\Tool\Service\AuthoringLtiRoleService;
67use oat\taoLti\models\classes\Tool\Validation\AuthoringToolValidator;
68use oat\taoLti\models\classes\Tool\Validation\Lti1p3Validator;
69use Psr\Cache\CacheItemPoolInterface;
70use Symfony\Component\DependencyInjection\Loader\Configurator\ContainerConfigurator;
71
72use function Symfony\Component\DependencyInjection\Loader\Configurator\env;
73use function Symfony\Component\DependencyInjection\Loader\Configurator\inline_service;
74use function Symfony\Component\DependencyInjection\Loader\Configurator\param;
75use function Symfony\Component\DependencyInjection\Loader\Configurator\service;
76
77class LtiServiceProvider implements ContainerServiceProviderInterface
78{
79    private const PORTAL_ACCESS_ROLES = [
80        LtiRoles::CONTEXT_LTI1P3_ADMINISTRATOR_SUB_DEVELOPER,
81        LtiRoles::CONTEXT_LTI1P3_CONTENT_DEVELOPER,
82        LtiRoles::CONTEXT_LTI1P3_CONTENT_DEVELOPER_SUB_CONTENT_DEVELOPER,
83        LtiRoles::CONTEXT_LTI1P3_CONTENT_DEVELOPER_SUB_CONTENT_EXPERT,
84        LTIRoles::CONTEXT_INSTITUTION_LTI1P3_ADMINISTRATOR,
85        LtiRoles::CONTEXT_LTI1P3_INSTRUCTOR
86    ];
87    public function __invoke(ContainerConfigurator $configurator): void
88    {
89        $services = $configurator->services();
90        $parameters = $configurator->parameters();
91
92        $parameters->set(
93            'defaultScope',
94            $_ENV['LTI_DEFAULT_SCOPE'] ?? 'https://purl.imsglobal.org/spec/lti-bo/scope/basicoutcome'
95        );
96
97        $parameters->set(
98            'rolesAllowed',
99            self::PORTAL_ACCESS_ROLES
100        );
101
102        $parameters->set(
103            'restrictedRolesForSectionMap',
104            [
105                'help' => self::PORTAL_ACCESS_ROLES,
106                'settings_my_password' => self::PORTAL_ACCESS_ROLES,
107                'settings_my_settings' => self::PORTAL_ACCESS_ROLES
108            ]
109        );
110
111        $services
112            ->set(LtiClientFactory::class)
113            ->args(
114                [
115                    service(ServiceOptions::class),
116                ]
117            );
118
119        $services
120            ->set(JwksFetcherInterface::class, JwksFetcher::class)
121            ->public()
122            ->args(
123                [
124                    service(ItemPoolSimpleCacheAdapter::class),
125                    null,
126                    null,
127                    service(LoggerService::SERVICE_ID),
128                ]
129            );
130
131        $services
132            ->set(ClientRepositoryInterface::class, ClientRepository::class)
133            ->public()
134            ->args(
135                [
136                    service(Lti1p3RegistrationRepository::class),
137                    service(JwksFetcherInterface::class),
138                    service(LoggerService::SERVICE_ID),
139                ]
140            );
141
142        $services
143            ->set(AccessTokenRepositoryInterface::class, AccessTokenRepository::class)
144            ->public()
145            ->args(
146                [
147                    service(ItemPoolSimpleCacheAdapter::class),
148                    service(LoggerService::SERVICE_ID),
149                ]
150            );
151
152        $services
153            ->set(ScopeEntityInterface::class, Scope::class)
154            ->public()
155            ->args(
156                [
157                    param('defaultScope'),
158                ]
159            );
160
161        $services
162            ->set(ScopeRepositoryInterface::class, ScopeRepository::class)
163            ->public()
164            ->args(
165                [
166                    [service(ScopeEntityInterface::class)],
167                ]
168            );
169
170        $services
171            ->set(AuthorizationServerFactory::class, AuthorizationServerFactory::class)
172            ->public()
173            ->args(
174                [
175                    service(ClientRepositoryInterface::class),
176                    service(AccessTokenRepositoryInterface::class),
177                    service(ScopeRepositoryInterface::class),
178                    env('LTI_AUTHORIZATION_SERVER_FACTORY_ENCRYPTION_KEY'),
179                ]
180            );
181
182        $services
183            ->set(LtiServiceClientInterface::class, LtiServiceClient::class)
184            ->args(
185                [
186                    inline_service(CacheItemPoolInterface::class)
187                        ->factory([service(CacheItemPoolFactory::class), 'create'])
188                        ->args([[]]),
189                    inline_service(ClientInterface::class)
190                        ->factory([service(LtiClientFactory::class), 'create']),
191                ]
192            );
193
194        $services
195            ->set(ScoreServiceInterface::class, ScoreServiceClient::class)
196            ->public()
197            ->args(
198                [
199                    service(LtiServiceClientInterface::class),
200                ]
201            );
202
203        $services
204            ->set(ScoreFactoryInterface::class, ScoreFactory::class)
205            ->public();
206
207        $services
208            ->set(LtiAgsScoreServiceInterface::class, LtiAgsScoreService::class)
209            ->public()
210            ->args(
211                [
212                    service(ScoreServiceInterface::class),
213                    service(ScoreFactoryInterface::class),
214                ]
215            );
216
217        $services
218            ->set(RegistrationRepositoryInterface::class, Lti1p3RegistrationSnapshotRepository::class)
219            ->public()
220            ->args(
221                [
222                    service(PersistenceManager::SERVICE_ID),
223                    service(CachedPlatformKeyChainRepository::class),
224                    service(PlatformKeyChainRepository::class),
225                    inline_service(DefaultToolConfig::class)->arg('$baseUri', ROOT_URL),
226                    'default'
227                ]
228            );
229
230        $services
231            ->set(UpdatePlatformRegistrationSnapshotListener::class, UpdatePlatformRegistrationSnapshotListener::class)
232            ->public()
233            ->args(
234                [
235                    service(RegistrationRepositoryInterface::class),
236                    service(LtiPlatformFactory::class)
237                ]
238            );
239
240        $services
241            ->set(Lti1p3Validator::class, Lti1p3Validator::class)
242            ->public()
243            ->args(
244                [
245                    service(RegistrationRepositoryInterface::class),
246                    service(ItemPoolSimpleCacheAdapter::class)
247                ]
248            );
249
250
251        $services
252            ->set(AuthoringToolValidator::class, AuthoringToolValidator::class)
253            ->public()
254            ->args(
255                [
256                    service(RegistrationRepositoryInterface::class),
257                ]
258            );
259
260        $services
261            ->set(Lti1p3Validator::class . 'Authoring', Lti1p3Validator::class)
262            ->public()
263            ->args(
264                [
265                    service(RegistrationRepositoryInterface::class),
266                    service(ItemPoolSimpleCacheAdapter::class),
267                    service(AuthoringToolValidator::class),
268                ]
269            );
270
271        $services
272            ->set(AuthoringLtiRoleService::class, AuthoringLtiRoleService::class)
273            ->public()
274            ->args(
275                [
276                    param('rolesAllowed')
277                ]
278            );
279
280        $services
281            ->get(RoleBasedContextRestrictAccess::class)
282            ->arg('$restrictedRoles', [
283                'ltiAuthoringLaunchRestrictRoles' => param('rolesAllowed')
284            ]);
285
286        $services->set(SectionVisibilityByRoleFilter::class, SectionVisibilityByRoleFilter::class)
287            ->public()
288            ->args([param('restrictedRolesForSectionMap')]);
289
290        $services
291            ->set(LtiConfigProvider::class)
292            ->decorate(DynamicConfigProviderInterface::class)
293            ->public()
294            ->args(
295                [
296                    service(LtiConfigProvider::class . '.inner'),
297                    service(SessionService::SERVICE_ID),
298                    service(LoggerService::SERVICE_ID),
299                ]
300            );
301    }
302}