Code Coverage
 
Lines
Functions and Methods
Classes and Traits
Total
0.00% covered (danger)
0.00%
0 / 188
0.00% covered (danger)
0.00%
0 / 1
 CRAP
0.00% covered (danger)
0.00%
0 / 1
LtiServiceProvider
0.00% covered (danger)
0.00%
0 / 188
0.00% covered (danger)
0.00%
0 / 1
 2
0.00% covered (danger)
0.00%
0 / 1
 __invoke
0.00% covered (danger)
0.00%
0 / 188
0.00% covered (danger)
0.00%
0 / 1
 2
1<?php
2
3/**
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU General Public License
6 * as published by the Free Software Foundation; under version 2
7 * of the License (non-upgradable).
8 *
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
12 * GNU General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, write to the Free Software
16 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
17 *
18 * Copyright (c) 2021-2022 (original work) Open Assessment Technologies SA;
19 */
20
21declare(strict_types=1);
22
23namespace oat\taoLti\models\classes\ServiceProvider;
24
25use GuzzleHttp\ClientInterface;
26use League\OAuth2\Server\Entities\ScopeEntityInterface;
27use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface;
28use League\OAuth2\Server\Repositories\ClientRepositoryInterface;
29use League\OAuth2\Server\Repositories\ScopeRepositoryInterface;
30use oat\generis\model\DependencyInjection\ContainerServiceProviderInterface;
31use oat\generis\model\DependencyInjection\ServiceOptions;
32use oat\generis\persistence\PersistenceManager;
33use OAT\Library\Lti1p3Ags\Factory\Score\ScoreFactory;
34use OAT\Library\Lti1p3Ags\Factory\Score\ScoreFactoryInterface;
35use OAT\Library\Lti1p3Ags\Service\Score\Client\ScoreServiceClient;
36use OAT\Library\Lti1p3Ags\Service\Score\ScoreServiceInterface;
37use OAT\Library\Lti1p3Core\Registration\RegistrationRepositoryInterface;
38use OAT\Library\Lti1p3Core\Security\Jwks\Fetcher\JwksFetcher;
39use OAT\Library\Lti1p3Core\Security\Jwks\Fetcher\JwksFetcherInterface;
40use OAT\Library\Lti1p3Core\Security\OAuth2\Entity\Scope;
41use OAT\Library\Lti1p3Core\Security\OAuth2\Factory\AuthorizationServerFactory;
42use OAT\Library\Lti1p3Core\Security\OAuth2\Repository\AccessTokenRepository;
43use OAT\Library\Lti1p3Core\Security\OAuth2\Repository\ClientRepository;
44use OAT\Library\Lti1p3Core\Security\OAuth2\Repository\ScopeRepository;
45use OAT\Library\Lti1p3Core\Service\Client\LtiServiceClient;
46use OAT\Library\Lti1p3Core\Service\Client\LtiServiceClientInterface;
47use oat\oatbox\cache\factory\CacheItemPoolFactory;
48use oat\oatbox\cache\ItemPoolSimpleCacheAdapter;
49use oat\oatbox\log\LoggerService;
50use oat\oatbox\session\SessionService;
51use oat\tao\model\DynamicConfig\DynamicConfigProviderInterface;
52use oat\tao\model\accessControl\RoleBasedContextRestrictAccess;
53use oat\tao\model\menu\SectionVisibilityByRoleFilter;
54use oat\taoLti\models\classes\Client\LtiClientFactory;
55use oat\taoLti\models\classes\DynamicConfig\LtiConfigProvider;
56use oat\taoLti\models\classes\LtiAgs\LtiAgsScoreService;
57use oat\taoLti\models\classes\LtiAgs\LtiAgsScoreServiceInterface;
58use oat\taoLti\models\classes\LtiRoles;
59use oat\taoLti\models\classes\Platform\Repository\DefaultToolConfig;
60use oat\taoLti\models\classes\Platform\Repository\Lti1p3RegistrationRepository;
61use oat\taoLti\models\classes\Platform\Repository\Lti1p3RegistrationSnapshotRepository;
62use oat\taoLti\models\classes\Platform\Repository\LtiPlatformFactory;
63use oat\taoLti\models\classes\Platform\Service\UpdatePlatformRegistrationSnapshotListener;
64use oat\taoLti\models\classes\Security\DataAccess\Repository\CachedPlatformKeyChainRepository;
65use oat\taoLti\models\classes\Security\DataAccess\Repository\PlatformKeyChainRepository;
66use oat\taoLti\models\classes\Tool\Service\AuthoringLtiRoleService;
67use oat\taoLti\models\classes\Tool\Validation\AuthoringToolValidator;
68use oat\taoLti\models\classes\Tool\Validation\Lti1p3Validator;
69use Psr\Cache\CacheItemPoolInterface;
70use Symfony\Component\DependencyInjection\Loader\Configurator\ContainerConfigurator;
71
72use function Symfony\Component\DependencyInjection\Loader\Configurator\env;
73use function Symfony\Component\DependencyInjection\Loader\Configurator\inline_service;
74use function Symfony\Component\DependencyInjection\Loader\Configurator\param;
75use function Symfony\Component\DependencyInjection\Loader\Configurator\service;
76
77class LtiServiceProvider implements ContainerServiceProviderInterface
78{
79    private const PORTAL_ACCESS_ROLES = [
80        LtiRoles::CONTEXT_LTI1P3_ADMINISTRATOR_SUB_DEVELOPER,
81        LtiRoles::CONTEXT_LTI1P3_CONTENT_DEVELOPER_SUB_CONTENT_DEVELOPER,
82        LtiRoles::CONTEXT_LTI1P3_CONTENT_DEVELOPER_SUB_CONTENT_EXPERT,
83        LTIRoles::CONTEXT_INSTITUTION_LTI1P3_ADMINISTRATOR,
84        LtiRoles::CONTEXT_LTI1P3_INSTRUCTOR
85    ];
86    public function __invoke(ContainerConfigurator $configurator): void
87    {
88        $services = $configurator->services();
89        $parameters = $configurator->parameters();
90
91        $parameters->set(
92            'defaultScope',
93            $_ENV['LTI_DEFAULT_SCOPE'] ?? 'https://purl.imsglobal.org/spec/lti-bo/scope/basicoutcome'
94        );
95
96        $parameters->set(
97            'rolesAllowed',
98            self::PORTAL_ACCESS_ROLES
99        );
100
101        $parameters->set(
102            'restrictedRolesForSectionMap',
103            [
104                'help' => self::PORTAL_ACCESS_ROLES,
105                'settings_my_password' => self::PORTAL_ACCESS_ROLES,
106                'settings_my_settings' => self::PORTAL_ACCESS_ROLES
107            ]
108        );
109
110        $services
111            ->set(LtiClientFactory::class)
112            ->args(
113                [
114                    service(ServiceOptions::class),
115                ]
116            );
117
118        $services
119            ->set(JwksFetcherInterface::class, JwksFetcher::class)
120            ->public()
121            ->args(
122                [
123                    service(ItemPoolSimpleCacheAdapter::class),
124                    null,
125                    null,
126                    service(LoggerService::SERVICE_ID),
127                ]
128            );
129
130        $services
131            ->set(ClientRepositoryInterface::class, ClientRepository::class)
132            ->public()
133            ->args(
134                [
135                    service(Lti1p3RegistrationRepository::class),
136                    service(JwksFetcherInterface::class),
137                    service(LoggerService::SERVICE_ID),
138                ]
139            );
140
141        $services
142            ->set(AccessTokenRepositoryInterface::class, AccessTokenRepository::class)
143            ->public()
144            ->args(
145                [
146                    service(ItemPoolSimpleCacheAdapter::class),
147                    service(LoggerService::SERVICE_ID),
148                ]
149            );
150
151        $services
152            ->set(ScopeEntityInterface::class, Scope::class)
153            ->public()
154            ->args(
155                [
156                    param('defaultScope'),
157                ]
158            );
159
160        $services
161            ->set(ScopeRepositoryInterface::class, ScopeRepository::class)
162            ->public()
163            ->args(
164                [
165                    [service(ScopeEntityInterface::class)],
166                ]
167            );
168
169        $services
170            ->set(AuthorizationServerFactory::class, AuthorizationServerFactory::class)
171            ->public()
172            ->args(
173                [
174                    service(ClientRepositoryInterface::class),
175                    service(AccessTokenRepositoryInterface::class),
176                    service(ScopeRepositoryInterface::class),
177                    env('LTI_AUTHORIZATION_SERVER_FACTORY_ENCRYPTION_KEY'),
178                ]
179            );
180
181        $services
182            ->set(LtiServiceClientInterface::class, LtiServiceClient::class)
183            ->args(
184                [
185                    inline_service(CacheItemPoolInterface::class)
186                        ->factory([service(CacheItemPoolFactory::class), 'create'])
187                        ->args([[]]),
188                    inline_service(ClientInterface::class)
189                        ->factory([service(LtiClientFactory::class), 'create']),
190                ]
191            );
192
193        $services
194            ->set(ScoreServiceInterface::class, ScoreServiceClient::class)
195            ->public()
196            ->args(
197                [
198                    service(LtiServiceClientInterface::class),
199                ]
200            );
201
202        $services
203            ->set(ScoreFactoryInterface::class, ScoreFactory::class)
204            ->public();
205
206        $services
207            ->set(LtiAgsScoreServiceInterface::class, LtiAgsScoreService::class)
208            ->public()
209            ->args(
210                [
211                    service(ScoreServiceInterface::class),
212                    service(ScoreFactoryInterface::class),
213                ]
214            );
215
216        $services
217            ->set(RegistrationRepositoryInterface::class, Lti1p3RegistrationSnapshotRepository::class)
218            ->public()
219            ->args(
220                [
221                    service(PersistenceManager::SERVICE_ID),
222                    service(CachedPlatformKeyChainRepository::class),
223                    service(PlatformKeyChainRepository::class),
224                    inline_service(DefaultToolConfig::class)->arg('$baseUri', ROOT_URL),
225                    'default'
226                ]
227            );
228
229        $services
230            ->set(UpdatePlatformRegistrationSnapshotListener::class, UpdatePlatformRegistrationSnapshotListener::class)
231            ->public()
232            ->args(
233                [
234                    service(RegistrationRepositoryInterface::class),
235                    service(LtiPlatformFactory::class)
236                ]
237            );
238
239        $services
240            ->set(Lti1p3Validator::class, Lti1p3Validator::class)
241            ->public()
242            ->args(
243                [
244                    service(RegistrationRepositoryInterface::class),
245                    service(ItemPoolSimpleCacheAdapter::class)
246                ]
247            );
248
249
250        $services
251            ->set(AuthoringToolValidator::class, AuthoringToolValidator::class)
252            ->public()
253            ->args(
254                [
255                    service(RegistrationRepositoryInterface::class),
256                ]
257            );
258
259        $services
260            ->set(Lti1p3Validator::class . 'Authoring', Lti1p3Validator::class)
261            ->public()
262            ->args(
263                [
264                    service(RegistrationRepositoryInterface::class),
265                    service(ItemPoolSimpleCacheAdapter::class),
266                    service(AuthoringToolValidator::class),
267                ]
268            );
269
270        $services
271            ->set(AuthoringLtiRoleService::class, AuthoringLtiRoleService::class)
272            ->public()
273            ->args(
274                [
275                    param('rolesAllowed')
276                ]
277            );
278
279        $services
280            ->get(RoleBasedContextRestrictAccess::class)
281            ->arg('$restrictedRoles', [
282                'ltiAuthoringLaunchRestrictRoles' => param('rolesAllowed')
283            ]);
284
285        $services->set(SectionVisibilityByRoleFilter::class, SectionVisibilityByRoleFilter::class)
286            ->public()
287            ->args([param('restrictedRolesForSectionMap')]);
288
289        $services
290            ->set(LtiConfigProvider::class)
291            ->decorate(DynamicConfigProviderInterface::class)
292            ->public()
293            ->args(
294                [
295                    service(LtiConfigProvider::class . '.inner'),
296                    service(SessionService::SERVICE_ID),
297                    service(LoggerService::SERVICE_ID),
298                ]
299            );
300    }
301}