From 64472be40607d817e8d39ad858b11cecae11a33d Mon Sep 17 00:00:00 2001 From: Markos Gogoulos Date: Thu, 29 Jan 2026 15:27:49 +0200 Subject: [PATCH] wtv --- lti/views.py | 117 ++++++++++++++++++ moodle-plugins/filter_mediacmslti/version.php | 4 +- 2 files changed, 119 insertions(+), 2 deletions(-) diff --git a/lti/views.py b/lti/views.py index c223016e..7458fe24 100644 --- a/lti/views.py +++ b/lti/views.py @@ -236,6 +236,10 @@ class LaunchView(View): if media_token: logger.error(f"[LTI LAUNCH DEBUG] Found media_friendly_token in custom claims: {media_token}") + # Clear retry counter on successful launch + if 'lti_retry_count' in request.session: + del request.session['lti_retry_count'] + LTILaunchLog.objects.create(platform=platform, user=user, resource_link=resource_link_obj, launch_type='resource_link', success=True, claims=claims) redirect_url = self.determine_redirect(launch_data, resource_link_obj) @@ -244,6 +248,14 @@ class LaunchView(View): return HttpResponseRedirect(redirect_url) except LtiException as e: # noqa + error_message = str(e) + + # Special handling for "State not found" errors - attempt retry + if "State not found" in error_message or "state not found" in error_message.lower(): + logger.warning("[LTI LAUNCH] State not found error detected, attempting recovery") + return self.handle_state_not_found(request, platform) + + # Other LTI exceptions - fail normally traceback.print_exc() except Exception as e: # noqa traceback.print_exc() @@ -282,6 +294,111 @@ class LaunchView(View): return reverse('lti:my_media') + def handle_state_not_found(self, request, platform=None): + """ + Handle state not found errors by attempting to restart the OIDC flow. + + This can happen when: + - Cookies are blocked/deleted + - Session expired + - Browser privacy settings interfere + """ + try: + # Check retry count to prevent infinite loops + retry_count = request.session.get('lti_retry_count', 0) + MAX_RETRIES = 2 + + if retry_count >= MAX_RETRIES: + logger.error(f"[LTI RETRY] Max retries ({MAX_RETRIES}) exceeded for state recovery") + return render( + request, + 'lti/launch_error.html', + { + 'error': 'Authentication Failed', + 'message': ( + 'Unable to establish a secure session. This may be due to browser ' + 'cookie settings or privacy features. Please try:\n\n' + '1. Enabling cookies for this site\n' + '2. Disabling tracking protection for this site\n' + '3. Using a different browser\n' + '4. Contacting your administrator if the issue persists' + ), + 'is_cookie_error': True, + }, + status=400, + ) + + # Extract launch parameters from the POST request + id_token = request.POST.get('id_token') + state = request.POST.get('state') + + if not id_token: + raise ValueError("No id_token available for retry") + + # Decode JWT to extract issuer and target info (no verification needed for this) + unverified = jwt.decode(id_token, options={"verify_signature": False}) + + iss = unverified.get('iss') + aud = unverified.get('aud') # This is the client_id + target_link_uri = unverified.get('https://purl.imsglobal.org/spec/lti/claim/target_link_uri') + + # Get login_hint and lti_message_hint if available + login_hint = request.POST.get('login_hint') or unverified.get('sub') + + if not all([iss, aud, target_link_uri]): + raise ValueError("Missing required parameters for OIDC retry") + + # Try to identify platform + if not platform: + try: + platform = LTIPlatform.objects.get(platform_id=iss, client_id=aud) + except LTIPlatform.DoesNotExist: + raise ValueError(f"Platform not found: {iss}/{aud}") + + # Increment retry counter + request.session['lti_retry_count'] = retry_count + 1 + request.session.modified = True + + logger.warning(f"[LTI RETRY] State not found, attempting retry #{retry_count + 1}. " f"Platform: {platform.name}, State: {state}, Target: {target_link_uri}") + + # Build OIDC login URL with all parameters + oidc_login_url = request.build_absolute_uri(reverse('lti:oidc_login')) + + params = { + 'iss': iss, + 'client_id': aud, + 'target_link_uri': target_link_uri, + 'login_hint': login_hint, + } + + # Include lti_message_hint if we have it + lti_message_hint = request.POST.get('lti_message_hint') + if lti_message_hint: + params['lti_message_hint'] = lti_message_hint + + # Add retry indicator + params['retry'] = retry_count + 1 + + redirect_url = f"{oidc_login_url}?{urlencode(params)}" + + logger.error(f"[LTI RETRY] Redirecting to OIDC login: {redirect_url}") + + return HttpResponseRedirect(redirect_url) + + except Exception as retry_error: + logger.error(f"[LTI RETRY] Failed to handle state recovery: {retry_error}") + traceback.print_exc() + + return render( + request, + 'lti/launch_error.html', + { + 'error': 'LTI Launch Failed', + 'message': f'State validation failed and automatic retry was unsuccessful: {str(retry_error)}', + }, + status=400, + ) + def handle_deep_linking_launch(self, request, message_launch, platform, launch_data): """Handle deep linking request""" deep_linking_settings = launch_data.get('https://purl.imsglobal.org/spec/lti-dl/claim/deep_linking_settings', {}) diff --git a/moodle-plugins/filter_mediacmslti/version.php b/moodle-plugins/filter_mediacmslti/version.php index 28e3bd80..165cf2a4 100644 --- a/moodle-plugins/filter_mediacmslti/version.php +++ b/moodle-plugins/filter_mediacmslti/version.php @@ -24,8 +24,8 @@ defined('MOODLE_INTERNAL') || die(); -$plugin->version = 2026012806; // The current plugin version (Date: YYYYMMDDXX). +$plugin->version = 2026012900; // The current plugin version (Date: YYYYMMDDXX). $plugin->requires = 2024100700; // Requires Moodle 5.0 or later. $plugin->component = 'filter_mediacmslti'; // Full name of the plugin (used for diagnostics). $plugin->maturity = MATURITY_STABLE; -$plugin->release = 'v1.1.3'; +$plugin->release = 'v1.1.4';