loncom/auth/lonauth.pm - diff

Return to lonauth.pm CVS log

Up to [LON-CAPA] / loncom / auth

Diff for /loncom/auth/lonauth.pm between versions 1.121.2.24.2.3 and 1.121.2.24.2.7

version 1.121.2.24.2.3, 2022/02/27 02:57:35	version 1.121.2.24.2.7, 2023/07/05 17:33:03
Line 36 use Apache::loncommon();	Line 36 use Apache::loncommon();
use Apache::lonnet;	use Apache::lonnet;
use Apache::lonmenu();	use Apache::lonmenu();
use Apache::createaccount;	use Apache::createaccount;
	use Apache::ltiauth;
use Fcntl qw(:flock);	use Fcntl qw(:flock);
use Apache::lonlocal;	use Apache::lonlocal;
use Apache::File();	use Apache::File();
Line 46 use CGI::Cookie();	Line 47 use CGI::Cookie();
# ------------------------------------------------------------ Successful login	# ------------------------------------------------------------ Successful login
sub success {	sub success {
my ($r, $username, $domain, $authhost, $lowerurl, $extra_env,	my ($r, $username, $domain, $authhost, $lowerurl, $extra_env,
$form,$cid,$expirepub) = @_;	$form,$skipcritical,$cid,$expirepub,$write_to_opener) = @_;

# ------------------------------------------------------------ Get cookie ready	# ------------------------------------------------------------ Get cookie ready
my $cookie =	my $cookie =
Line 66 sub success {	Line 67 sub success {

# ------------------------------------------------- Check for critical messages	# ------------------------------------------------- Check for critical messages

my @what=&Apache::lonnet::dump('critical',$domain,$username);	unless ($skipcritical) {
if ($what[0]) {	my @what=&Apache::lonnet::dump('critical',$domain,$username);
if (($what[0] ne 'con_lost') && ($what[0]!~/^error\:/)) {	if ($what[0]) {
$lowerurl='/adm/email?critical=display';	if (($what[0] ne 'con_lost') && ($what[0]!~/^error\:/)) {
	$lowerurl='/adm/email?critical=display';
	}
}	}
}	}

Line 96 sub success {	Line 99 sub success {
}	}
# -------------------------------------------------------- Menu script and info	# -------------------------------------------------------- Menu script and info
my $destination = $lowerurl;	my $destination = $lowerurl;
	if ($env{'request.lti.login'}) {
	if (($env{'request.lti.reqcrs'}) && ($env{'request.lti.reqrole'} eq 'cc')) {
	&Apache::loncommon::content_type($r,'text/html');
	if ($securecookie) {
	$r->headers_out->add('Set-cookie' => $securecookie);
	}
	if ($defaultcookie) {
	$r->headers_out->add('Set-cookie' => $defaultcookie);
	}
	$r->send_http_header;
	if (ref($form) eq 'HASH') {
	$form->{'lti.login'} = $env{'request.lti.login'};
	$form->{'lti.reqcrs'} = $env{'request.lti.reqcrs'};
	$form->{'lti.reqrole'} = $env{'request.lti.reqrole'};
	$form->{'lti.sourcecrs'} = $env{'request.lti.sourcecrs'};
	}
	&Apache::ltiauth::lti_reqcrs($r,$domain,$form,$username,$domain);
	return;
	}
	if ($env{'request.lti.selfenrollrole'}) {
	if (&Apache::ltiauth::lti_enroll($username,$domain,
	$env{'request.lti.selfenrollrole'}) eq 'ok') {
	$form->{'role'} = $env{'request.lti.selfenrollrole'};
	&Apache::lonnet::delenv('request.lti.selfenrollrole');
	} else {
	&Apache::ltiauth::invalid_request($r,24);
	}
	}
	}
if (defined($form->{role})) {	if (defined($form->{role})) {
my $envkey = 'user.role.'.$form->{role};	my $envkey = 'user.role.'.$form->{role};
my $now=time;	my $now=time;
Line 116 sub success {	Line 147 sub success {
$destination .= 'selectrole=1&'.$newrole.'=1';	$destination .= 'selectrole=1&'.$newrole.'=1';
}	}
}	}
	} elsif (defined($form->{display})) {
	if ($destination =~ m{^/adm/email($\|\?)}) {
	$destination .= ($destination =~ /\?/) ? '&' : '?' .'display='.&escape($form->{display});
	}
}	}
if (defined($form->{symb})) {	if (defined($form->{symb})) {
my $destsymb = $form->{symb};	my $destsymb = $form->{symb};
Line 148 sub success {	Line 183 sub success {
$destination .= 'source=login';	$destination .= 'source=login';
}	}

	my $brcrum = [{'href' => '',
	'text' => 'Successful Login'},];
	my $args = {'no_inline_link' => 1,
	'bread_crumbs' => $brcrum,};
if (($env{'request.deeplink.login'} eq $lowerurl) &&	if (($env{'request.deeplink.login'} eq $lowerurl) &&
(($env{'request.linkprot'}) \|\| ($env{'request.linkkey'} ne ''))) {	(($env{'request.linkprot'}) \|\| ($env{'request.linkkey'} ne ''))) {
my %info;	my %info;
if ($env{'request.linkprot'}) {	if ($env{'request.linkprot'}) {
$info{'linkprot'} = $env{'request.linkprot'};	$info{'linkprot'} = $env{'request.linkprot'};
	foreach my $item ('linkprotuser','linkprotexit','linkprotpbid','linkprotpburl') {
	if ($form->{$item}) {
	$info{$item} = $form->{$item};
	}
	}
	$args = {'only_body' => 1,};
} elsif ($env{'request.linkkey'} ne '') {	} elsif ($env{'request.linkkey'} ne '') {
$info{'linkkey'} = $env{'request.linkkey'};	$info{'linkkey'} = $env{'request.linkkey'};
}	}
Line 163 sub success {	Line 208 sub success {
$destination .= (($destination =~ /\?/) ? '&' : '?') . 'ttoken='.$token;	$destination .= (($destination =~ /\?/) ? '&' : '?') . 'ttoken='.$token;
}	}
}	}
if ($env{'request.deeplink.login'}) {	if (($env{'request.deeplink.login'}) \|\| ($env{'request.lti.login'})) {
if ($env{'environment.remote'} eq 'on') {	if ($env{'environment.remote'} eq 'on') {
&Apache::lonnet::appenv({'environment.remote' => 'off'});	&Apache::lonnet::appenv({'environment.remote' => 'off'});
}	}
}	}
	my $startupremote;
	if ($write_to_opener) {
	if ($env{'environment.remote'} eq 'on') {
	&Apache::lonnet::appenv({'environment.remote' => 'off'});
	}
	$args->{'redirect'} = [0,$destination,'',$write_to_opener];
	} else {
	$startupremote=&Apache::lonmenu::startupremote($destination);
	}

my $windowinfo=&Apache::lonmenu::open($env{'browser.os'});	my $windowinfo=&Apache::lonmenu::open($env{'browser.os'});
my $startupremote=&Apache::lonmenu::startupremote($destination);
my $remoteinfo=&Apache::lonmenu::load_remote_msg($lowerurl);	my $remoteinfo=&Apache::lonmenu::load_remote_msg($lowerurl);
my $setflags=&Apache::lonmenu::setflags();	my $setflags=&Apache::lonmenu::setflags();
my $maincall=&Apache::lonmenu::maincall();	my $maincall=&Apache::lonmenu::maincall();
my $brcrum = [{'href' => '',
'text' => 'Successful Login'},];
my $start_page=&Apache::loncommon::start_page('Successful Login',	my $start_page=&Apache::loncommon::start_page('Successful Login',
$startupremote,	$startupremote,$args);
{'no_inline_link' => 1,
'bread_crumbs' => $brcrum,});
my $end_page =&Apache::loncommon::end_page();	my $end_page =&Apache::loncommon::end_page();

my $continuelink;	my $continuelink;
if ($env{'environment.remote'} eq 'off') {	if ($env{'environment.remote'} eq 'off') {
$continuelink='<a href="'.$destination.'">'.&mt('Continue').'</a>';	unless ($write_to_opener) {
	$continuelink='<a href="'.$destination.'">'.&mt('Continue').'</a>';
	}
}	}
# ------------------------------------------------- Output for successful login	# ------------------------------------------------- Output for successful login

Line 203 sub success {	Line 254 sub success {
}	}
$r->send_http_header;	$r->send_http_header;

my %lt=&Apache::lonlocal::texthash(	if (($env{'request.linkprot'}) \|\| ($env{'request.lti.login'})) {
'wel' => 'Welcome',	$r->print(<<END);
'pro' => 'Login problems?',	$start_page
);	<br />$continuelink
my $loginhelp = &loginhelpdisplay($domain);	$end_page
if ($loginhelp) {	END
$loginhelp = '<p><a href="'.$loginhelp.'">'.$lt{'pro'}.'</a></p>';	} else {
}	my %lt=&Apache::lonlocal::texthash(
	'wel' => 'Welcome',
	'pro' => 'Login problems?',
	);
	my $loginhelp = &loginhelpdisplay($domain);
	if ($loginhelp) {
	$loginhelp = '<p><a href="'.$loginhelp.'">'.$lt{'pro'}.'</a></p>';
	}

my $welcome = &mt('Welcome to the Learning[_1]Online[_2] Network with CAPA. Please wait while your session is being set up.','<i>','</i>');	my $welcome = &mt('Welcome to the Learning[_1]Online[_2] Network with CAPA. Please wait while your session is being set up.','<i>','</i>');
$r->print(<<ENDSUCCESS);	$r->print(<<ENDSUCCESS);
$start_page	$start_page
$setflags	$setflags
$windowinfo	$windowinfo
Line 225 $maincall	Line 283 $maincall
$continuelink	$continuelink
$end_page	$end_page
ENDSUCCESS	ENDSUCCESS
	}
return;	return;
}	}

Line 238 sub failed {	Line 297 sub failed {
if ($clientunicode && !$clientmathml) {	if ($clientunicode && !$clientmathml) {
$args = {'browser.unicode' => 1};	$args = {'browser.unicode' => 1};
}	}
	if ($form->{firsturl} =~ m{^/tiny/$match_domain/\w+$}) {
	if ($form->{linkprot}) {
	$args->{only_body} = 1;
	}
	}

	my @actions;
my $start_page = &Apache::loncommon::start_page('Unsuccessful Login',undef,$args);	my $start_page = &Apache::loncommon::start_page('Unsuccessful Login',undef,$args);
my $uname = &Apache::loncommon::cleanup_html($form->{'uname'});	my $uname = &Apache::loncommon::cleanup_html($form->{'uname'});
my $udom = &Apache::loncommon::cleanup_html($form->{'udom'});	my $udom = &Apache::loncommon::cleanup_html($form->{'udom'});
if (&Apache::lonnet::domain($udom,'description') eq '') {	if (&Apache::lonnet::domain($udom,'description') eq '') {
undef($udom);	undef($udom);
}	}
	my $authtype;
	if (($udom ne '') && ($uname ne '') && ($authhost eq 'no_host')) {
	$authtype = &Apache::lonnet::queryauthenticate($uname,$udom);
	}
my $retry = '/adm/login';	my $retry = '/adm/login';
if ($uname eq $form->{'uname'}) {	if (($uname eq $form->{'uname'}) && ($authtype !~ /^lti:/)) {
$retry .= '?username='.$uname;	$retry .= '?username='.$uname;
}	}
if ($udom) {	if ($udom) {
Line 282 sub failed {	Line 351 sub failed {
}	}
}	}
if (exists($form->{linkprot})) {	if (exists($form->{linkprot})) {
my $ltoken = &Apache::lonnet::tmpput({linkprot => $form->{'linkprot'}},	my %info = (
	'linkprot' => $form->{'linkprot'},
	);
	foreach my $item ('linkprotuser','linkprotexit','linkprotpbid','linkprotpburl') {
	if ($form->{$item} ne '') {
	$info{$item} = $form->{$item};
	}
	}
	my $ltoken = &Apache::lonnet::tmpput(\%info,
$r->dir_config('lonHostID'),'retry');	$r->dir_config('lonHostID'),'retry');
if ($ltoken) {	if ($ltoken) {
$retry .= (($retry =~ /\?/) ? '&' : '?').'ltoken='.$ltoken;	$retry .= (($retry =~ /\?/) ? '&' : '?').'ltoken='.$ltoken;
Line 294 sub failed {	Line 371 sub failed {
my $end_page = &Apache::loncommon::end_page();	my $end_page = &Apache::loncommon::end_page();
&Apache::loncommon::content_type($r,'text/html');	&Apache::loncommon::content_type($r,'text/html');
$r->send_http_header;	$r->send_http_header;
my @actions =	if ($authtype =~ /^lti:/) {
(&mt('Please [_1]log in again[_2].','<a href="'.$retry.'">','</a>'));	$message = &mt('Direct login is not supported with the username you entered.').
	'<br /><br />'.
	&mt('You likely need to launch LON-CAPA from within a course in a different Learning Management System.').
	'<br />'.
	&mt('You can also try to log in with a different username.');
	@actions =
	(&mt('Try your [_1]log in again[_2].','<a href="'.$retry.'">','</a>'));
	} else {
	$message = &mt($message);
	@actions =
	(&mt('Please [_1]log in again[_2].','<a href="'.$retry.'">','</a>'));
	}
my $loginhelp = &loginhelpdisplay($udom);	my $loginhelp = &loginhelpdisplay($udom);
if ($loginhelp) {	if ($loginhelp) {
push(@actions, '<a href="'.$loginhelp.'">'.&mt('Login problems?').'</a>');	push(@actions, '<a href="'.$loginhelp.'">'.&mt('Login problems?').'</a>');
}	}
#FIXME: link to helpdesk might be added here	#FIXME: link to helpdesk might be added here

$r->print(	$r->print(
$start_page	$start_page
.'<h2>'.&mt('Sorry ...').'</h2>'	.'<h2>'.&mt('Sorry ...').'</h2>'
.&Apache::lonhtmlcommon::confirm_success(&mt($message),1).'<br /><br />'	.&Apache::lonhtmlcommon::confirm_success($message,1).'<br /><br />'
.&Apache::lonhtmlcommon::actionbox(\@actions)	.&Apache::lonhtmlcommon::actionbox(\@actions)
.$end_page	.$end_page
);	);
Line 390 sub handler {	Line 477 sub handler {
.$end_page);	.$end_page);
} else {	} else {
if (($info{'linkprot'}) \|\| ($info{'linkkey'} ne '')) {	if (($info{'linkprot'}) \|\| ($info{'linkkey'} ne '')) {
	if (($info{'linkprot'}) && ($info{'linkprotuser'} ne '')) {
	unless ($info{'linkprotuser'} eq $env{'user.name'}.':'.$env{'user.domain'}) {
	$r->print(
	$start_page
	.'<p class="LC_warning">'.&mt('You are already logged in, but as a different user from the one expected for the link you followed from another system').'</p>'
	.'<p>'.&mt('Please [_1]log out[_2] first, and then try following the link again from the other system',
	'<a href="/adm/logout">','</a>')

	.'</p>'
	.$end_page);
	return OK;
	}
	}
my $token = &Apache::lonnet::tmpput(\%info,$r->dir_config('lonHostID'),'link');	my $token = &Apache::lonnet::tmpput(\%info,$r->dir_config('lonHostID'),'link');
unless (($token eq 'con_lost') \|\| ($token eq 'refused') \|\|	unless (($token eq 'con_lost') \|\| ($token eq 'refused') \|\|
($token eq 'unknown_cmd') \|\| ($token eq 'no_such_host')) {	($token eq 'unknown_cmd') \|\| ($token eq 'no_such_host')) {
Line 522 sub handler {	Line 622 sub handler {
}	}
unless ($pwdverify) {	unless ($pwdverify) {
&failed($r,'Username and/or password could not be authenticated.',	&failed($r,'Username and/or password could not be authenticated.',
\%form);	\%form,$authhost);
return OK;	return OK;
}	}
} elsif ($authhost eq 'no_account_on_host') {	} elsif ($authhost eq 'no_account_on_host') {
Line 644 sub handler {	Line 744 sub handler {
}	}
}	}

	if ($form{'firsturl'} =~ m{^/tiny/$match_domain/\w+$}) {
	if (($form{'linkprot'}) && ($form{'linkprotuser'} ne '')) {
	unless($form{'linkprotuser'} eq $form{'uname'}.':'.$form{'udom'}) {
	delete($form{'udom'});
	delete($form{'uname'});
	&failed($r,'Username and/or domain are different to that expected for the link you followed from another system',
	\%form,$authhost);
	return OK;
	}
	}
	}

my ($is_balancer,$otherserver);	my ($is_balancer,$otherserver);

unless ($hosthere) {	unless ($hosthere) {
Line 687 sub handler {	Line 799 sub handler {
}	}
if ($form{'linkprot'}) {	if ($form{'linkprot'}) {
$env{'request.linkprot'} = $form{'linkprot'};	$env{'request.linkprot'} = $form{'linkprot'};
	foreach my $item ('linkprotuser','linkprotexit','linkprotpbid','linkprotpburl') {
	if ($form{$item}) {
	$env{'request.'.$item} = $form{$item};
	}
	}
} elsif ($form{'linkkey'} ne '') {	} elsif ($form{'linkkey'} ne '') {
$env{'request.linkkey'} = $form{'linkkey'};	$env{'request.linkkey'} = $form{'linkkey'};
}	}
if ($form{'firsturl'} =~ m{^/tiny/$match_domain/\w+$}) {	if ($form{'firsturl'} =~ m{^/tiny/$match_domain/\w+$}) {
&set_deeplink_login(%form);	&set_deeplink_login(%form);
	} elsif ($firsturl eq '/adm/email') {
	if ($form{'display'} && ($form{'mailrecip'} eq "$form{'uname'}:$form{'udom'}")) {
	$env{'request.display'} = $form{'display'};
	$env{'request.mailrecip'} = $form{'mailrecip'};
	}
}	}
$r->internal_redirect($switchto);	$r->internal_redirect($switchto);
} else {	} else {
Line 718 sub handler {	Line 840 sub handler {
}	}
if ($form{'linkprot'}) {	if ($form{'linkprot'}) {
$env{'request.linkprot'} = $form{'linkprot'};	$env{'request.linkprot'} = $form{'linkprot'};
	foreach my $item ('linkprotuser','linkprotexit','linkprotpbid','linkprotpburl') {
	if ($form{$item}) {
	$env{'request.'.$item} = $form{$item};
	}
	}
} elsif ($form{'linkkey'} ne '') {	} elsif ($form{'linkkey'} ne '') {
$env{'request.linkkey'} = $form{'linkkey'};	$env{'request.linkkey'} = $form{'linkkey'};
}	}
if ($form{'firsturl'} =~ m{^/tiny/$match_domain/\w+$}) {	if ($form{'firsturl'} =~ m{^/tiny/$match_domain/\w+$}) {
&set_deeplink_login(%form);	&set_deeplink_login(%form);
	} elsif ($firsturl eq '/adm/email') {
	if ($form{'display'} && ($form{'mailrecip'} eq "$form{'uname'}:$form{'udom'}")) {
	$env{'request.display'} = $form{'display'};
	$env{'request.mailrecip'} = $form{'mailrecip'};
	}
}	}
$r->internal_redirect($switchto);	$r->internal_redirect($switchto);
} else {	} else {
Line 762 sub handler {	Line 894 sub handler {
}	}
if ($form{'firsturl'} =~ m{^/tiny/$match_domain/\w+$}) {	if ($form{'firsturl'} =~ m{^/tiny/$match_domain/\w+$}) {
&set_deeplink_login(%form);	&set_deeplink_login(%form);
	} elsif ($firsturl eq '/adm/email') {
	if ($form{'display'} && ($form{'mailrecip'} eq "$form{'uname'}:$form{'udom'}")) {
	$env{'request.display'} = $form{'display'};
	$env{'request.mailrecip'} = $form{'mailrecip'};
	}
}	}
$r->internal_redirect('/adm/switchserver?otherserver='.$unloaded.'&origurl='.$firsturl);	$r->internal_redirect('/adm/switchserver?otherserver='.$unloaded.'&origurl='.$firsturl);
return OK;	return OK;
Line 781 sub handler {	Line 918 sub handler {
$form{$item} = $sessiondata{$item};	$form{$item} = $sessiondata{$item};
}	}
}	}
	if ($sessiondata{'origurl'} eq '/adm/email') {
	if (($sessiondata{'display'}) && ($sessiondata{'mailrecip'})) {
	if (&unescape($sessiondata{'mailrecip'}) eq "$form{'uname'}:$form{'udom'}") {
	$form{'display'} = &unescape($sessiondata{'display'});
	$form{'mailrecip'} = &unescape($sessiondata{'mailrecip'});
	}
	}
	}
}	}
}	}
if ($form{'linkprot'}) {	if ($form{'linkprot'}) {
Line 801 sub handler {	Line 946 sub handler {
} else {	} else {
$extra_env = {'request.linkprot' => $form{'linkprot'}};	$extra_env = {'request.linkprot' => $form{'linkprot'}};
}	}
	if ($form{'linkprotexit'}) {
	$extra_env->{'request.linkprotexit'} = $form{'linkprotexit'};
	}
	if ($form{'linkprotpbid'}) {
	$extra_env->{'request.linkprotpbid'} = $form{'linkprotpbid'};
	}
	if ($form{'linkprotpburl'}) {
	$extra_env->{'request.linkprotpburl'} = $form{'linkprotpburl'};
	}
} elsif ($form{'linkkey'} ne '') {	} elsif ($form{'linkkey'} ne '') {
if (ref($extra_env) eq 'HASH') {	if (ref($extra_env) eq 'HASH') {
%{$extra_env} = ( %{$extra_env}, 'request.linkkey' => $form{'linkkey'} );	%{$extra_env} = ( %{$extra_env}, 'request.linkkey' => $form{'linkkey'} );
Line 889 sub set_retry_token {	Line 1043 sub set_retry_token {
my ($form,$lonhost,$querystr) = @_;	my ($form,$lonhost,$querystr) = @_;
if (ref($form) eq 'HASH') {	if (ref($form) eq 'HASH') {
my ($firsturl,$token,$extras,@names);	my ($firsturl,$token,$extras,@names);
@names = ('role','symb','linkprot','linkkey','iptoken');	@names = ('role','symb','linkprotuser','linkprotexit','linkprot','linkkey','iptoken','linkprotpbid','linkprotpburl');
foreach my $name (@names) {	foreach my $name (@names) {
if ($form->{$name} ne '') {	if ($form->{$name} ne '') {
$extras .= '&'.$name.'='.&escape($form->{$name});	$extras .= '&'.$name.'='.&escape($form->{$name});
Line 976 sub check_can_host {	Line 1130 sub check_can_host {
$form);	$form);
if ($form->{'firsturl'} =~ m{^/tiny/$match_domain/\w+$}) {	if ($form->{'firsturl'} =~ m{^/tiny/$match_domain/\w+$}) {
$env{'request.deeplink.login'} = $form->{'firsturl'};	$env{'request.deeplink.login'} = $form->{'firsturl'};
	} elsif ($form->{'firsturl'} eq '/adm/email') {
	if ($form->{'display'} && ($form->{'mailrecip'} eq $form->{'uname'}.':'.$form->{'udom'})) {
	$env{'request.display'} = $form->{'mailrecip'};
	$env{'request.mailrecip'} = $form->{'mailrecip'};
	}
}	}
if ($form->{'linkprot'}) {	if ($form->{'linkprot'}) {
$env{'request.linkprot'} = $form->{'linkprot'};	$env{'request.linkprot'} = $form->{'linkprot'};

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>

Removed from v.1.121.2.24.2.3
changed lines
	Added in v.1.121.2.24.2.7