version 1.121.2.20, 2020/10/23 21:21:44
|
version 1.121.2.24.2.8, 2024/10/09 18:12:23
|
Line 29
|
Line 29
|
package Apache::lonauth; |
package Apache::lonauth; |
|
|
use strict; |
use strict; |
use LONCAPA; |
use LONCAPA qw(:DEFAULT :match); |
use Apache::Constants qw(:common); |
use Apache::Constants qw(:common); |
use CGI qw(:standard); |
use CGI qw(:standard); |
use Apache::loncommon(); |
use Apache::loncommon(); |
use Apache::lonnet; |
use Apache::lonnet; |
use Apache::lonmenu(); |
use Apache::lonmenu(); |
use Apache::createaccount; |
use Apache::createaccount; |
|
use Apache::ltiauth; |
use Fcntl qw(:flock); |
use Fcntl qw(:flock); |
use Apache::lonlocal; |
use Apache::lonlocal; |
use Apache::File(); |
use Apache::File(); |
use HTML::Entities; |
use HTML::Entities; |
use Digest::MD5; |
use Digest::MD5; |
|
use CGI::Cookie(); |
|
|
# ------------------------------------------------------------ Successful login |
# ------------------------------------------------------------ Successful login |
sub success { |
sub success { |
my ($r, $username, $domain, $authhost, $lowerurl, $extra_env, |
my ($r, $username, $domain, $authhost, $lowerurl, $extra_env, |
$form,$cid) = @_; |
$form,$skipcritical,$cid,$expirepub,$write_to_opener) = @_; |
|
|
# ------------------------------------------------------------ Get cookie ready |
# ------------------------------------------------------------ Get cookie ready |
my $cookie = |
my $cookie = |
Line 59 sub success {
|
Line 61 sub success {
|
|
|
# -------------------------------------------------------------------- Log this |
# -------------------------------------------------------------------- Log this |
|
|
|
my $ip = &Apache::lonnet::get_requestor_ip(); |
&Apache::lonnet::log($domain,$username,$authhost, |
&Apache::lonnet::log($domain,$username,$authhost, |
"Login $ENV{'REMOTE_ADDR'}"); |
"Login $ip"); |
|
|
# ------------------------------------------------- Check for critical messages |
# ------------------------------------------------- Check for critical messages |
|
|
my @what=&Apache::lonnet::dump('critical',$domain,$username); |
unless ($skipcritical) { |
if ($what[0]) { |
my @what=&Apache::lonnet::dump('critical',$domain,$username); |
if (($what[0] ne 'con_lost') && ($what[0]!~/^error\:/)) { |
if ($what[0]) { |
$lowerurl='/adm/email?critical=display'; |
if (($what[0] ne 'con_lost') && ($what[0]!~/^error\:/)) { |
|
$lowerurl='/adm/email?critical=display'; |
|
} |
} |
} |
} |
} |
|
|
Line 94 sub success {
|
Line 99 sub success {
|
} |
} |
# -------------------------------------------------------- Menu script and info |
# -------------------------------------------------------- Menu script and info |
my $destination = $lowerurl; |
my $destination = $lowerurl; |
|
if ($env{'request.lti.login'}) { |
|
if (($env{'request.lti.reqcrs'}) && ($env{'request.lti.reqrole'} eq 'cc')) { |
|
&Apache::loncommon::content_type($r,'text/html'); |
|
if ($securecookie) { |
|
$r->headers_out->add('Set-cookie' => $securecookie); |
|
} |
|
if ($defaultcookie) { |
|
$r->headers_out->add('Set-cookie' => $defaultcookie); |
|
} |
|
$r->send_http_header; |
|
if (ref($form) eq 'HASH') { |
|
$form->{'lti.login'} = $env{'request.lti.login'}; |
|
$form->{'lti.reqcrs'} = $env{'request.lti.reqcrs'}; |
|
$form->{'lti.reqrole'} = $env{'request.lti.reqrole'}; |
|
$form->{'lti.sourcecrs'} = $env{'request.lti.sourcecrs'}; |
|
} |
|
&Apache::ltiauth::lti_reqcrs($r,$domain,$form,$username,$domain); |
|
return; |
|
} |
|
if ($env{'request.lti.selfenrollrole'}) { |
|
if (&Apache::ltiauth::lti_enroll($username,$domain, |
|
$env{'request.lti.selfenrollrole'}) eq 'ok') { |
|
$form->{'role'} = $env{'request.lti.selfenrollrole'}; |
|
&Apache::lonnet::delenv('request.lti.selfenrollrole'); |
|
} else { |
|
&Apache::ltiauth::invalid_request($r,24); |
|
} |
|
} |
|
} |
if (defined($form->{role})) { |
if (defined($form->{role})) { |
my $envkey = 'user.role.'.$form->{role}; |
my $envkey = 'user.role.'.$form->{role}; |
my $now=time; |
my $now=time; |
Line 114 sub success {
|
Line 147 sub success {
|
$destination .= 'selectrole=1&'.$newrole.'=1'; |
$destination .= 'selectrole=1&'.$newrole.'=1'; |
} |
} |
} |
} |
|
} elsif (defined($form->{display})) { |
|
if ($destination =~ m{^/adm/email($|\?)}) { |
|
$destination .= ($destination =~ /\?/) ? '&' : '?' .'display='.&escape($form->{display}); |
|
} |
} |
} |
if (defined($form->{symb})) { |
if (defined($form->{symb})) { |
my $destsymb = $form->{symb}; |
my $destsymb = $form->{symb}; |
Line 146 sub success {
|
Line 183 sub success {
|
$destination .= 'source=login'; |
$destination .= 'source=login'; |
} |
} |
|
|
|
my $brcrum = [{'href' => '', |
|
'text' => 'Successful Login'},]; |
|
my $args = {'no_inline_link' => 1, |
|
'bread_crumbs' => $brcrum,}; |
|
if (($env{'request.deeplink.login'} eq $lowerurl) && |
|
(($env{'request.linkprot'}) || ($env{'request.linkkey'} ne ''))) { |
|
my %info; |
|
if ($env{'request.linkprot'}) { |
|
$info{'linkprot'} = $env{'request.linkprot'}; |
|
foreach my $item ('linkprotuser','linkprotexit','linkprotpbid','linkprotpburl') { |
|
if ($form->{$item}) { |
|
$info{$item} = $form->{$item}; |
|
} |
|
} |
|
$args = {'only_body' => 1,}; |
|
} elsif ($env{'request.linkkey'} ne '') { |
|
$info{'linkkey'} = $env{'request.linkkey'}; |
|
} |
|
$info{'origurl'} = $lowerurl; |
|
my $token = &Apache::lonnet::tmpput(\%info,$r->dir_config('lonHostID'),'link'); |
|
unless (($token eq 'con_lost') || ($token eq 'refused') || |
|
($token eq 'unknown_cmd') || ($token eq 'no_such_host')) { |
|
$destination .= (($destination =~ /\?/) ? '&' : '?') . 'ttoken='.$token; |
|
} |
|
} |
|
if (($env{'request.deeplink.login'}) || ($env{'request.lti.login'})) { |
|
if ($env{'environment.remote'} eq 'on') { |
|
&Apache::lonnet::appenv({'environment.remote' => 'off'}); |
|
} |
|
} |
|
my $startupremote; |
|
if ($write_to_opener) { |
|
if ($env{'environment.remote'} eq 'on') { |
|
&Apache::lonnet::appenv({'environment.remote' => 'off'}); |
|
} |
|
$args->{'redirect'} = [0,$destination,'',$write_to_opener]; |
|
} else { |
|
if ($env{'environment.remote'} eq 'on') { |
|
my $checkexempt; |
|
if ($env{'user.loadbalexempt'} eq $r->dir_config('lonHostID')) { |
|
if ($env{'user.loadbalcheck.time'} + 600 > time) { |
|
$checkexempt = 1; |
|
} |
|
} |
|
if ($env{'user.noloadbalance'} eq $r->dir_config('lonHostID')) { |
|
$checkexempt = 1; |
|
} |
|
unless (($checkexempt) || |
|
(($destination =~ m{^/adm/switchserver}) && (!$r->is_initial_req()))) { |
|
my ($is_balancer,$otherserver) = |
|
&Apache::lonnet::check_loadbalancing($env{'user.name'}, |
|
$env{'user.domain'}); |
|
if (($is_balancer) && ($otherserver ne '') && |
|
($otherserver ne $r->dir_config('lonHostID'))) { |
|
$env{'environment.remote'} = 'off'; |
|
} |
|
} |
|
} |
|
$startupremote=&Apache::lonmenu::startupremote($destination); |
|
} |
|
|
my $windowinfo=&Apache::lonmenu::open($env{'browser.os'}); |
my $windowinfo=&Apache::lonmenu::open($env{'browser.os'}); |
my $startupremote=&Apache::lonmenu::startupremote($destination); |
|
my $remoteinfo=&Apache::lonmenu::load_remote_msg($lowerurl); |
my $remoteinfo=&Apache::lonmenu::load_remote_msg($lowerurl); |
my $setflags=&Apache::lonmenu::setflags(); |
my $setflags=&Apache::lonmenu::setflags(); |
my $maincall=&Apache::lonmenu::maincall(); |
my $maincall=&Apache::lonmenu::maincall(); |
my $brcrum = [{'href' => '', |
|
'text' => 'Successful Login'},]; |
|
my $start_page=&Apache::loncommon::start_page('Successful Login', |
my $start_page=&Apache::loncommon::start_page('Successful Login', |
$startupremote, |
$startupremote,$args); |
{'no_inline_link' => 1, |
|
'bread_crumbs' => $brcrum,}); |
|
my $end_page =&Apache::loncommon::end_page(); |
my $end_page =&Apache::loncommon::end_page(); |
|
|
my $continuelink; |
my $continuelink; |
if ($env{'environment.remote'} eq 'off') { |
if ($env{'environment.remote'} eq 'off') { |
$continuelink='<a href="'.$destination.'">'.&mt('Continue').'</a>'; |
unless ($write_to_opener) { |
|
$continuelink='<a href="'.$destination.'">'.&mt('Continue').'</a>'; |
|
} |
} |
} |
# ------------------------------------------------- Output for successful login |
# ------------------------------------------------- Output for successful login |
|
|
Line 172 sub success {
|
Line 267 sub success {
|
if ($defaultcookie) { |
if ($defaultcookie) { |
$r->headers_out->add('Set-cookie' => $defaultcookie); |
$r->headers_out->add('Set-cookie' => $defaultcookie); |
} |
} |
|
if ($expirepub) { |
|
my $c = new CGI::Cookie(-name => 'lonPubID', |
|
-value => '', |
|
-expires => '-10y',); |
|
$r->headers_out->add('Set-cookie' => $c); |
|
} |
$r->send_http_header; |
$r->send_http_header; |
|
|
my %lt=&Apache::lonlocal::texthash( |
if (($env{'request.linkprot'}) || ($env{'request.lti.login'})) { |
'wel' => 'Welcome', |
$r->print(<<END); |
'pro' => 'Login problems?', |
$start_page |
); |
<br />$continuelink |
my $loginhelp = &loginhelpdisplay($domain); |
$end_page |
if ($loginhelp) { |
END |
$loginhelp = '<p><a href="'.$loginhelp.'">'.$lt{'pro'}.'</a></p>'; |
} else { |
} |
my %lt=&Apache::lonlocal::texthash( |
|
'wel' => 'Welcome', |
|
'pro' => 'Login problems?', |
|
); |
|
my $loginhelp = &loginhelpdisplay($domain); |
|
if ($loginhelp) { |
|
$loginhelp = '<p><a href="'.$loginhelp.'">'.$lt{'pro'}.'</a></p>'; |
|
} |
|
|
my $welcome = &mt('Welcome to the Learning[_1]Online[_2] Network with CAPA. Please wait while your session is being set up.','<i>','</i>'); |
my $welcome = &mt('Welcome to the Learning[_1]Online[_2] Network with CAPA. Please wait while your session is being set up.','<i>','</i>'); |
$r->print(<<ENDSUCCESS); |
$r->print(<<ENDSUCCESS); |
$start_page |
$start_page |
$setflags |
$setflags |
$windowinfo |
$windowinfo |
Line 196 $maincall
|
Line 304 $maincall
|
$continuelink |
$continuelink |
$end_page |
$end_page |
ENDSUCCESS |
ENDSUCCESS |
|
} |
return; |
return; |
} |
} |
|
|
# --------------------------------------------------------------- Failed login! |
# --------------------------------------------------------------- Failed login! |
|
|
sub failed { |
sub failed { |
my ($r,$message,$form) = @_; |
my ($r,$message,$form,$authhost) = @_; |
(undef,undef,undef,my $clientmathml,my $clientunicode) = |
(undef,undef,undef,my $clientmathml,my $clientunicode) = |
&Apache::loncommon::decode_user_agent(); |
&Apache::loncommon::decode_user_agent(); |
my $args = {}; |
my $args = {}; |
if ($clientunicode && !$clientmathml) { |
if ($clientunicode && !$clientmathml) { |
$args = {'browser.unicode' => 1}; |
$args = {'browser.unicode' => 1}; |
} |
} |
|
if ($form->{firsturl} =~ m{^/tiny/$match_domain/\w+$}) { |
|
if ($form->{linkprot}) { |
|
$args->{only_body} = 1; |
|
} |
|
} |
|
|
|
my @actions; |
my $start_page = &Apache::loncommon::start_page('Unsuccessful Login',undef,$args); |
my $start_page = &Apache::loncommon::start_page('Unsuccessful Login',undef,$args); |
my $uname = &Apache::loncommon::cleanup_html($form->{'uname'}); |
my $uname = &Apache::loncommon::cleanup_html($form->{'uname'}); |
my $udom = &Apache::loncommon::cleanup_html($form->{'udom'}); |
my $udom = &Apache::loncommon::cleanup_html($form->{'udom'}); |
if (&Apache::lonnet::domain($udom,'description') eq '') { |
if (&Apache::lonnet::domain($udom,'description') eq '') { |
undef($udom); |
undef($udom); |
} |
} |
|
my $authtype; |
|
if (($udom ne '') && ($uname ne '') && ($authhost eq 'no_host')) { |
|
$authtype = &Apache::lonnet::queryauthenticate($uname,$udom); |
|
} |
my $retry = '/adm/login'; |
my $retry = '/adm/login'; |
if ($uname eq $form->{'uname'}) { |
if (($uname eq $form->{'uname'}) && ($authtype !~ /^lti:/)) { |
$retry .= '?username='.$uname; |
$retry .= '?username='.$uname; |
} |
} |
if ($udom) { |
if ($udom) { |
$retry .= (($retry=~/\?/)?'&':'?').'domain='.$udom; |
$retry .= (($retry=~/\?/)?'&':'?').'domain='.$udom; |
} |
} |
if (exists($form->{role})) { |
my $lonhost = $r->dir_config('lonHostID'); |
my $role = &Apache::loncommon::cleanup_html($form->{role}); |
my $querystr; |
if ($role ne '') { |
my $result = &set_retry_token($form,$lonhost,\$querystr); |
$retry .= (($retry=~/\?/)?'&':'?').'role='.$role; |
if ($result eq 'fail') { |
|
if (exists($form->{role})) { |
|
my $role = &Apache::loncommon::cleanup_html($form->{role}); |
|
if ($role ne '') { |
|
$retry .= (($retry=~/\?/)?'&':'?').'role='.$role; |
|
} |
} |
} |
} |
if (exists($form->{symb})) { |
if (exists($form->{symb})) { |
my $symb = &Apache::loncommon::cleanup_html($form->{symb}); |
my $symb = &Apache::loncommon::cleanup_html($form->{symb}); |
if ($symb ne '') { |
if ($symb ne '') { |
$retry .= (($retry=~/\?/)?'&':'?').'symb='.$symb; |
$retry .= (($retry=~/\?/)?'&':'?').'symb='.$symb; |
} |
|
} |
|
if (exists($form->{firsturl})) { |
|
my $firsturl = &Apache::loncommon::cleanup_html($form->{firsturl}); |
|
if ($firsturl ne '') { |
|
$retry .= (($retry=~/\?/)?'&':'?').'firsturl='.$firsturl; |
|
if ($form->{firsturl} =~ m{^/tiny/$match_domain/\w+$}) { |
|
unless (exists($form->{linkprot})) { |
|
if (exists($form->{linkkey})) { |
|
$retry .= 'linkkey='.$form->{linkkey}; |
|
} |
|
} |
|
} |
|
} |
|
} |
|
if (exists($form->{linkprot})) { |
|
my %info = ( |
|
'linkprot' => $form->{'linkprot'}, |
|
); |
|
foreach my $item ('linkprotuser','linkprotexit','linkprotpbid','linkprotpburl') { |
|
if ($form->{$item} ne '') { |
|
$info{$item} = $form->{$item}; |
|
} |
|
} |
|
my $ltoken = &Apache::lonnet::tmpput(\%info, |
|
$r->dir_config('lonHostID'),'retry'); |
|
if ($ltoken) { |
|
$retry .= (($retry =~ /\?/) ? '&' : '?').'ltoken='.$ltoken; |
|
} |
} |
} |
|
} elsif ($querystr ne '') { |
|
$retry .= (($retry=~/\?/)?'&':'?').$querystr; |
} |
} |
my $end_page = &Apache::loncommon::end_page(); |
my $end_page = &Apache::loncommon::end_page(); |
&Apache::loncommon::content_type($r,'text/html'); |
&Apache::loncommon::content_type($r,'text/html'); |
$r->send_http_header; |
$r->send_http_header; |
my @actions = |
if ($authtype =~ /^lti:/) { |
(&mt('Please [_1]log in again[_2].','<a href="'.$retry.'">','</a>')); |
$message = &mt('Direct login is not supported with the username you entered.'). |
|
'<br /><br />'. |
|
&mt('You likely need to launch LON-CAPA from within a course in a different Learning Management System.'). |
|
'<br />'. |
|
&mt('You can also try to log in with a different username.'); |
|
@actions = |
|
(&mt('Try your [_1]log in again[_2].','<a href="'.$retry.'">','</a>')); |
|
} else { |
|
$message = &mt($message); |
|
@actions = |
|
(&mt('Please [_1]log in again[_2].','<a href="'.$retry.'">','</a>')); |
|
} |
my $loginhelp = &loginhelpdisplay($udom); |
my $loginhelp = &loginhelpdisplay($udom); |
if ($loginhelp) { |
if ($loginhelp) { |
push(@actions, '<a href="'.$loginhelp.'">'.&mt('Login problems?').'</a>'); |
push(@actions, '<a href="'.$loginhelp.'">'.&mt('Login problems?').'</a>'); |
} |
} |
#FIXME: link to helpdesk might be added here |
#FIXME: link to helpdesk might be added here |
|
|
$r->print( |
$r->print( |
$start_page |
$start_page |
.'<h2>'.&mt('Sorry ...').'</h2>' |
.'<h2>'.&mt('Sorry ...').'</h2>' |
.&Apache::lonhtmlcommon::confirm_success(&mt($message),1).'<br /><br />' |
.&Apache::lonhtmlcommon::confirm_success($message,1).'<br /><br />' |
.&Apache::lonhtmlcommon::actionbox(\@actions) |
.&Apache::lonhtmlcommon::actionbox(\@actions) |
.$end_page |
.$end_page |
); |
); |
Line 296 sub handler {
|
Line 460 sub handler {
|
my $end_page = |
my $end_page = |
&Apache::loncommon::end_page(); |
&Apache::loncommon::end_page(); |
my $dest = '/adm/roles'; |
my $dest = '/adm/roles'; |
if ($env{'form.firsturl'} ne '') { |
my %form = &get_form_items($r); |
$dest = $env{'form.firsturl'}; |
if ($form{'logtoken'}) { |
|
my $tmpinfo = &Apache::lonnet::reply('tmpget:'.$form{'logtoken'}, |
|
$form{'serverid'}); |
|
unless (($tmpinfo=~/^error/) || ($tmpinfo eq 'con_lost') || |
|
($tmpinfo eq 'no_such_host')) { |
|
my ($des_key,$firsturl,@rest)=split(/&/,$tmpinfo); |
|
$firsturl = &unescape($firsturl); |
|
my %info; |
|
foreach my $item (@rest) { |
|
my ($key,$value) = split(/=/,$item); |
|
$info{$key} = &unescape($value); |
|
} |
|
if ($firsturl ne '') { |
|
$info{'firsturl'} = $firsturl; |
|
$dest = $firsturl; |
|
my $relogin; |
|
if ($dest =~ m{^/tiny/$match_domain/\w+$}) { |
|
if ($env{'request.course.id'}) { |
|
my $cnum = $env{'course.'.$env{'request.course.id'}.'.num'}; |
|
my $cdom = $env{'course.'.$env{'request.course.id'}.'.domain'}; |
|
my $symb = &Apache::loncommon::symb_from_tinyurl($dest,$cnum,$cdom); |
|
if ($symb) { |
|
unless (&set_deeplink_login(%info) eq 'ok') { |
|
$relogin = 1; |
|
} |
|
} |
|
} |
|
if ($relogin) { |
|
$r->print( |
|
$start_page |
|
.'<p class="LC_warning">'.&mt('You are already logged in!').'</p>' |
|
.'<p>'.&mt('Please [_1]log out[_2] first, and then try your access again', |
|
'<a href="/adm/logout">','</a>') |
|
.'</p>' |
|
.$end_page); |
|
} else { |
|
if (($info{'linkprot'}) || ($info{'linkkey'} ne '')) { |
|
if (($info{'linkprot'}) && ($info{'linkprotuser'} ne '')) { |
|
unless ($info{'linkprotuser'} eq $env{'user.name'}.':'.$env{'user.domain'}) { |
|
$r->print( |
|
$start_page |
|
.'<p class="LC_warning">'.&mt('You are already logged in, but as a different user from the one expected for the link you followed from another system').'</p>' |
|
.'<p>'.&mt('Please [_1]log out[_2] first, and then try following the link again from the other system', |
|
'<a href="/adm/logout">','</a>') |
|
|
|
.'</p>' |
|
.$end_page); |
|
return OK; |
|
} |
|
} |
|
my $token = &Apache::lonnet::tmpput(\%info,$r->dir_config('lonHostID'),'link'); |
|
unless (($token eq 'con_lost') || ($token eq 'refused') || |
|
($token eq 'unknown_cmd') || ($token eq 'no_such_host')) { |
|
$dest .= (($dest =~ /\?/) ? '&' : '?') . 'ttoken='.$token; |
|
} |
|
} |
|
$r->print( |
|
$start_page |
|
.'<p class="LC_warning">'.&mt('You are already logged in!').'</p>' |
|
.'<p>'.&mt('Please either [_1]continue the current session[_2] or [_3]log out[_4] first, and then try your access again', |
|
'<a href="'.$dest.'">','</a>', |
|
'<a href="/adm/logout">','</a>') |
|
.'</p>' |
|
.$end_page); |
|
} |
|
return OK; |
|
} |
|
} |
|
} |
} |
} |
$r->print( |
$r->print( |
$start_page |
$start_page |
Line 313 sub handler {
|
Line 545 sub handler {
|
|
|
# ---------------------------------------------------- No valid token, continue |
# ---------------------------------------------------- No valid token, continue |
|
|
|
my %form = &get_form_items($r); |
my $buffer; |
|
if ($r->header_in('Content-length') > 0) { |
|
$r->read($buffer,$r->header_in('Content-length'),0); |
|
} |
|
my %form; |
|
foreach my $pair (split(/&/,$buffer)) { |
|
my ($name,$value) = split(/=/,$pair); |
|
$value =~ tr/+/ /; |
|
$value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C",hex($1))/eg; |
|
$form{$name}=$value; |
|
} |
|
|
|
if ((!$form{'uname'}) || (!$form{'upass0'}) || (!$form{'udom'})) { |
if ((!$form{'uname'}) || (!$form{'upass0'}) || (!$form{'udom'})) { |
&failed($r,'Username, password and domain need to be specified.', |
&failed($r,'Username, password and domain need to be specified.', |
\%form); |
\%form); |
Line 369 sub handler {
|
Line 589 sub handler {
|
return OK; |
return OK; |
} |
} |
|
|
my ($key,$firsturl,$rolestr,$symbstr,$iptokenstr)=split(/&/,$tmpinfo); |
my ($des_key,$firsturl,@rest)=split(/&/,$tmpinfo); |
if ($rolestr) { |
$firsturl = &unescape($firsturl); |
$rolestr = &unescape($rolestr); |
foreach my $item (@rest) { |
} |
my ($key,$value) = split(/=/,$item); |
if ($symbstr) { |
$form{$key} = &unescape($value); |
$symbstr= &unescape($symbstr); |
|
} |
|
if ($iptokenstr) { |
|
$iptokenstr = &unescape($iptokenstr); |
|
} |
|
if ($rolestr =~ /^role=/) { |
|
(undef,$form{'role'}) = split('=',$rolestr); |
|
} |
|
if ($symbstr =~ /^symb=/) { |
|
(undef,$form{'symb'}) = split('=',$symbstr); |
|
} |
} |
if ($iptokenstr =~ /^iptoken=/) { |
if ($firsturl =~ m{^/tiny/$match_domain/\w+$}) { |
(undef,$form{'iptoken'}) = split('=',$iptokenstr); |
$form{'firsturl'} = $firsturl; |
} |
} |
|
my $upass = &Apache::loncommon::des_decrypt($des_key,$form{'upass0'}); |
my $upass = &Apache::loncommon::des_decrypt($key,$form{'upass0'}); |
|
|
|
# ---------------------------------------------------------------- Authenticate |
# ---------------------------------------------------------------- Authenticate |
|
|
Line 410 sub handler {
|
Line 619 sub handler {
|
# --------------------------------------------------------------------- Failed? |
# --------------------------------------------------------------------- Failed? |
|
|
if ($authhost eq 'no_host') { |
if ($authhost eq 'no_host') { |
&failed($r,'Username and/or password could not be authenticated.', |
my $pwdverify; |
\%form); |
if (&Apache::lonnet::homeserver($form{'uname'},$form{'udom'}) eq 'no_host') { |
return OK; |
my %possunames = &alternate_unames_check($form{'uname'},$form{'udom'}); |
|
if (keys(%possunames) > 0) { |
|
foreach my $rulematch (keys(%possunames)) { |
|
my $possuname = $possunames{$rulematch}; |
|
if (($possuname ne '') && ($possuname =~ /^$match_username$/)) { |
|
$authhost=Apache::lonnet::authenticate($possuname,$upass, |
|
$form{'udom'},undef, |
|
$clientcancheckhost); |
|
if (($authhost eq 'no_host') || ($authhost eq 'no_account_on_host')) { |
|
next; |
|
} elsif (($authhost ne '') && (&Apache::lonnet::hostname($authhost) ne '')) { |
|
$pwdverify = 1; |
|
&Apache::lonnet::logthis("Authenticated user: $possuname was submitted as: $form{'uname'}"); |
|
$form{'uname'} = $possuname; |
|
last; |
|
} |
|
} |
|
} |
|
} |
|
} |
|
unless ($pwdverify) { |
|
&failed($r,'Username and/or password could not be authenticated.', |
|
\%form,$authhost); |
|
return OK; |
|
} |
} elsif ($authhost eq 'no_account_on_host') { |
} elsif ($authhost eq 'no_account_on_host') { |
if ($defaultauth) { |
if ($defaultauth) { |
my $domdesc = &Apache::lonnet::domain($form{'udom'},'description'); |
my $domdesc = &Apache::lonnet::domain($form{'udom'},'description'); |
Line 451 sub handler {
|
Line 684 sub handler {
|
$firsturl='/adm/roles'; |
$firsturl='/adm/roles'; |
} |
} |
|
|
my $hosthere; |
my ($hosthere,%sessiondata); |
if ($form{'iptoken'}) { |
if ($form{'iptoken'}) { |
my %sessiondata = &Apache::lonnet::tmpget($form{'iptoken'}); |
%sessiondata = &Apache::lonnet::tmpget($form{'iptoken'}); |
my $delete = &Apache::lonnet::tmpdel($form{'iptoken'}); |
my $delete = &Apache::lonnet::tmpdel($form{'iptoken'}); |
if (($sessiondata{'domain'} eq $form{'udom'}) && |
if (($sessiondata{'domain'} eq $form{'udom'}) && |
($sessiondata{'username'} eq $form{'uname'})) { |
($sessiondata{'username'} eq $form{'uname'})) { |
Line 532 sub handler {
|
Line 765 sub handler {
|
} |
} |
} |
} |
|
|
|
if ($form{'firsturl'} =~ m{^/tiny/$match_domain/\w+$}) { |
|
if (($form{'linkprot'}) && ($form{'linkprotuser'} ne '')) { |
|
unless($form{'linkprotuser'} eq $form{'uname'}.':'.$form{'udom'}) { |
|
delete($form{'udom'}); |
|
delete($form{'uname'}); |
|
&failed($r,'Username and/or domain are different to that expected for the link you followed from another system', |
|
\%form,$authhost); |
|
return OK; |
|
} |
|
} |
|
} |
|
|
my ($is_balancer,$otherserver); |
my ($is_balancer,$otherserver); |
|
|
unless ($hosthere) { |
unless ($hosthere) { |
Line 547 sub handler {
|
Line 792 sub handler {
|
my $lowest_load; |
my $lowest_load; |
($otherserver,undef,undef,undef,$lowest_load) = &Apache::lonnet::choose_server($form{'udom'}); |
($otherserver,undef,undef,undef,$lowest_load) = &Apache::lonnet::choose_server($form{'udom'}); |
if ($lowest_load > 100) { |
if ($lowest_load > 100) { |
$otherserver = &Apache::lonnet::spareserver($lowest_load,$lowest_load,1,$form{'udom'}); |
$otherserver = &Apache::lonnet::spareserver($r,$lowest_load,$lowest_load,1,$form{'udom'}); |
} |
} |
} |
} |
if ($otherserver ne '') { |
if ($otherserver ne '') { |
Line 573 sub handler {
|
Line 818 sub handler {
|
if ($form{'symb'}) { |
if ($form{'symb'}) { |
$switchto .= '&symb='.$form{'symb'}; |
$switchto .= '&symb='.$form{'symb'}; |
} |
} |
|
if ($form{'linkprot'}) { |
|
$env{'request.linkprot'} = $form{'linkprot'}; |
|
foreach my $item ('linkprotuser','linkprotexit','linkprotpbid','linkprotpburl') { |
|
if ($form{$item}) { |
|
$env{'request.'.$item} = $form{$item}; |
|
} |
|
} |
|
} elsif ($form{'linkkey'} ne '') { |
|
$env{'request.linkkey'} = $form{'linkkey'}; |
|
} |
|
if ($form{'firsturl'} =~ m{^/tiny/$match_domain/\w+$}) { |
|
&set_deeplink_login(%form); |
|
} elsif ($firsturl eq '/adm/email') { |
|
if ($form{'display'} && ($form{'mailrecip'} eq "$form{'uname'}:$form{'udom'}")) { |
|
$env{'request.display'} = $form{'display'}; |
|
$env{'request.mailrecip'} = $form{'mailrecip'}; |
|
} |
|
} |
$r->internal_redirect($switchto); |
$r->internal_redirect($switchto); |
} else { |
} else { |
&Apache::loncommon::content_type($r,'text/html'); |
&Apache::loncommon::content_type($r,'text/html'); |
Line 596 sub handler {
|
Line 859 sub handler {
|
if ($form{'symb'}) { |
if ($form{'symb'}) { |
$switchto .= '&symb='.$form{'symb'}; |
$switchto .= '&symb='.$form{'symb'}; |
} |
} |
|
if ($form{'linkprot'}) { |
|
$env{'request.linkprot'} = $form{'linkprot'}; |
|
foreach my $item ('linkprotuser','linkprotexit','linkprotpbid','linkprotpburl') { |
|
if ($form{$item}) { |
|
$env{'request.'.$item} = $form{$item}; |
|
} |
|
} |
|
} elsif ($form{'linkkey'} ne '') { |
|
$env{'request.linkkey'} = $form{'linkkey'}; |
|
} |
|
if ($form{'firsturl'} =~ m{^/tiny/$match_domain/\w+$}) { |
|
&set_deeplink_login(%form); |
|
} elsif ($firsturl eq '/adm/email') { |
|
if ($form{'display'} && ($form{'mailrecip'} eq "$form{'uname'}:$form{'udom'}")) { |
|
$env{'request.display'} = $form{'display'}; |
|
$env{'request.mailrecip'} = $form{'mailrecip'}; |
|
} |
|
} |
$r->internal_redirect($switchto); |
$r->internal_redirect($switchto); |
} else { |
} else { |
&Apache::loncommon::content_type($r,'text/html'); |
&Apache::loncommon::content_type($r,'text/html'); |
Line 620 sub handler {
|
Line 901 sub handler {
|
|
|
# ---------------------------------------------------------- Are we overloaded? |
# ---------------------------------------------------------- Are we overloaded? |
if ((($userloadpercent>100.0)||($loadpercent>100.0))) { |
if ((($userloadpercent>100.0)||($loadpercent>100.0))) { |
my $unloaded=Apache::lonnet::spareserver($loadpercent,$userloadpercent,1,$form{'udom'}); |
my $unloaded=Apache::lonnet::spareserver($r,$loadpercent,$userloadpercent,1,$form{'udom'}); |
if (!$unloaded) { |
if (!$unloaded) { |
($unloaded) = &Apache::lonnet::choose_server($form{'udom'}); |
($unloaded) = &Apache::lonnet::choose_server($form{'udom'}); |
} |
} |
if ($unloaded) { |
if ($unloaded) { |
&success($r,$form{'uname'},$form{'udom'},$authhost,'noredirect', |
&success($r,$form{'uname'},$form{'udom'},$authhost,'noredirect', |
undef,\%form); |
undef,\%form); |
|
if ($form{'linkprot'}) { |
|
$env{'request.linkprot'} = $form{'linkprot'}; |
|
} elsif ($form{'linkkey'} ne '') { |
|
$env{'request.linkkey'} = $form{'linkkey'}; |
|
} |
|
if ($form{'firsturl'} =~ m{^/tiny/$match_domain/\w+$}) { |
|
&set_deeplink_login(%form); |
|
} elsif ($firsturl eq '/adm/email') { |
|
if ($form{'display'} && ($form{'mailrecip'} eq "$form{'uname'}:$form{'udom'}")) { |
|
$env{'request.display'} = $form{'display'}; |
|
$env{'request.mailrecip'} = $form{'mailrecip'}; |
|
} |
|
} |
$r->internal_redirect('/adm/switchserver?otherserver='.$unloaded.'&origurl='.$firsturl); |
$r->internal_redirect('/adm/switchserver?otherserver='.$unloaded.'&origurl='.$firsturl); |
return OK; |
return OK; |
} |
} |
Line 634 sub handler {
|
Line 928 sub handler {
|
if (($is_balancer) && ($hosthere)) { |
if (($is_balancer) && ($hosthere)) { |
$form{'noloadbalance'} = $hosthere; |
$form{'noloadbalance'} = $hosthere; |
} |
} |
&success($r,$form{'uname'},$form{'udom'},$authhost,$firsturl,undef, |
my $extra_env; |
|
if (($hosthere) && ($sessiondata{'sessionserver'} ne '')) { |
|
if ($sessiondata{'origurl'} ne '') { |
|
$firsturl = $sessiondata{'origurl'}; |
|
$form{'firsturl'} = $sessiondata{'origurl'}; |
|
my @names = ('role','symb','linkprot','linkkey'); |
|
foreach my $item (@names) { |
|
if ($sessiondata{$item} ne '') { |
|
$form{$item} = $sessiondata{$item}; |
|
} |
|
} |
|
if ($sessiondata{'origurl'} eq '/adm/email') { |
|
if (($sessiondata{'display'}) && ($sessiondata{'mailrecip'})) { |
|
if (&unescape($sessiondata{'mailrecip'}) eq "$form{'uname'}:$form{'udom'}") { |
|
$form{'display'} = &unescape($sessiondata{'display'}); |
|
$form{'mailrecip'} = &unescape($sessiondata{'mailrecip'}); |
|
} |
|
} |
|
} |
|
} |
|
} |
|
if ($form{'linkprot'}) { |
|
my ($linkprotector,$uri) = split(/:/,$form{'linkprot'},2); |
|
if ($linkprotector) { |
|
$extra_env = {'user.linkprotector' => $linkprotector, |
|
'user.linkproturi' => $uri}; |
|
} |
|
} elsif ($form{'linkkey'} ne '') { |
|
$extra_env = {'user.deeplinkkey' => $form{'linkkey'}, |
|
'user.keyedlinkuri' => $form{'firsturl'}}; |
|
} |
|
if ($form{'firsturl'} =~ m{^/tiny/$match_domain/\w+$}) { |
|
&set_deeplink_login(%form); |
|
if ($form{'linkprot'}) { |
|
if (ref($extra_env) eq 'HASH') { |
|
%{$extra_env} = ( %{$extra_env}, 'request.linkprot' => $form{'linkprot'} ); |
|
} else { |
|
$extra_env = {'request.linkprot' => $form{'linkprot'}}; |
|
} |
|
if ($form{'linkprotexit'}) { |
|
$extra_env->{'request.linkprotexit'} = $form{'linkprotexit'}; |
|
} |
|
if ($form{'linkprotpbid'}) { |
|
$extra_env->{'request.linkprotpbid'} = $form{'linkprotpbid'}; |
|
} |
|
if ($form{'linkprotpburl'}) { |
|
$extra_env->{'request.linkprotpburl'} = $form{'linkprotpburl'}; |
|
} |
|
} elsif ($form{'linkkey'} ne '') { |
|
if (ref($extra_env) eq 'HASH') { |
|
%{$extra_env} = ( %{$extra_env}, 'request.linkkey' => $form{'linkkey'} ); |
|
} else { |
|
$extra_env = {'request.linkkey' => $form{'linkkey'}}; |
|
} |
|
} |
|
if ($env{'request.deeplink.login'}) { |
|
if (ref($extra_env) eq 'HASH') { |
|
%{$extra_env} = ( %{$extra_env}, 'request.deeplink.login' => $form{'firsturl'} ); |
|
} else { |
|
$extra_env = {'request.deeplink.login' => $form{'firsturl'}}; |
|
} |
|
} |
|
} |
|
&success($r,$form{'uname'},$form{'udom'},$authhost,$firsturl,$extra_env, |
\%form); |
\%form); |
return OK; |
return OK; |
} |
} |
} |
} |
|
|
|
sub get_form_items { |
|
my ($r) = @_; |
|
my $buffer; |
|
if ($r->header_in('Content-length') > 0) { |
|
$r->read($buffer,$r->header_in('Content-length'),0); |
|
} |
|
my %form; |
|
foreach my $pair (split(/&/,$buffer)) { |
|
my ($name,$value) = split(/=/,$pair); |
|
$value =~ tr/+/ /; |
|
$value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C",hex($1))/eg; |
|
$form{$name}=$value; |
|
} |
|
return %form; |
|
} |
|
|
|
sub set_deeplink_login { |
|
my (%form) = @_; |
|
my $disallow; |
|
if ($form{'firsturl'} =~ m{^/tiny/($match_domain)/\w+$}) { |
|
my $cdom = $1; |
|
my ($cnum,$symb) = &Apache::loncommon::symb_from_tinyurl($form{'firsturl'},'',$cdom); |
|
if ($symb) { |
|
if ($env{'request.course.id'} eq $cdom.'_'.$cnum) { |
|
my $deeplink; |
|
if ($symb =~ /\.(page|sequence)$/) { |
|
my $mapname = &Apache::lonnet::deversion((&Apache::lonnet::decode_symb($symb))[2]); |
|
my $navmap = Apache::lonnavmaps::navmap->new(); |
|
if (ref($navmap)) { |
|
$deeplink = $navmap->get_mapparam(undef,$mapname,'0.deeplink'); |
|
} |
|
} else { |
|
$deeplink = &Apache::lonnet::EXT('resource.0.deeplink',$symb); |
|
} |
|
if ($deeplink ne '') { |
|
my ($state,$others,$listed,$scope,$protect) = split(/,/,$deeplink); |
|
if (($protect ne 'none') && ($protect ne '')) { |
|
my ($acctype,$item) = split(/:/,$protect); |
|
if ($acctype =~ /lti(c|d)$/) { |
|
unless ($form{'linkprot'} eq $item.$1.':'.$env{'request.deeplink.login'}) { |
|
$disallow = 1; |
|
} |
|
} elsif ($acctype eq 'key') { |
|
unless ($form{'linkkey'} eq $item) { |
|
$disallow = 1; |
|
} |
|
} |
|
} |
|
} |
|
unless ($disallow) { |
|
$env{'request.deeplink.login'} = $form{'firsturl'}; |
|
} |
|
} else { |
|
$env{'request.deeplink.login'} = $form{'firsturl'}; |
|
} |
|
} |
|
} |
|
if ($disallow) { |
|
return; |
|
} |
|
return 'ok'; |
|
} |
|
|
|
sub set_retry_token { |
|
my ($form,$lonhost,$querystr) = @_; |
|
if (ref($form) eq 'HASH') { |
|
my ($firsturl,$token,$extras,@names); |
|
@names = ('role','symb','linkprotuser','linkprotexit','linkprot','linkkey','iptoken','linkprotpbid','linkprotpburl'); |
|
foreach my $name (@names) { |
|
if ($form->{$name} ne '') { |
|
$extras .= '&'.$name.'='.&escape($form->{$name}); |
|
last if ($name eq 'linkprot'); |
|
} |
|
} |
|
my $firsturl = $form->{'firsturl'}; |
|
if (($firsturl ne '') || ($extras ne '')) { |
|
$extras .= ':retry'; |
|
$token = &Apache::lonnet::reply('tmpput:'.&escape($firsturl). |
|
$extras,$lonhost); |
|
if (($token eq 'con_lost') || ($token eq 'no_such_host')) { |
|
return 'fail'; |
|
} else { |
|
if (ref($querystr)) { |
|
$$querystr = 'retry='.$token; |
|
} |
|
return 'ok'; |
|
} |
|
} |
|
} |
|
return; |
|
} |
|
|
sub check_can_host { |
sub check_can_host { |
my ($r,$form,$authhost,$domdesc) = @_; |
my ($r,$form,$authhost,$domdesc) = @_; |
return unless (ref($form) eq 'HASH'); |
return unless (ref($form) eq 'HASH'); |
Line 680 sub check_can_host {
|
Line 1129 sub check_can_host {
|
if ($login_host ne '') { |
if ($login_host ne '') { |
my $protocol = $Apache::lonnet::protocol{$login_host}; |
my $protocol = $Apache::lonnet::protocol{$login_host}; |
$protocol = 'http' if ($protocol ne 'https'); |
$protocol = 'http' if ($protocol ne 'https'); |
|
my $alias = &Apache::lonnet::use_proxy_alias($r,$login_host); |
|
$hostname = $alias if ($alias ne ''); |
my $newurl = $protocol.'://'.$hostname.'/adm/createaccount'; |
my $newurl = $protocol.'://'.$hostname.'/adm/createaccount'; |
|
#FIXME Should preserve where user was going and linkprot by setting ltoken at $login_host |
$r->print(&Apache::loncommon::start_page('Create a user account in LON-CAPA'). |
$r->print(&Apache::loncommon::start_page('Create a user account in LON-CAPA'). |
'<h3>'.&mt('Account creation').'</h3>'. |
'<h3>'.&mt('Account creation').'</h3>'. |
&mt('You do not currently have a LON-CAPA account at this institution.').'<br />'. |
&mt('You do not currently have a LON-CAPA account at this institution.').'<br />'. |
Line 697 sub check_can_host {
|
Line 1149 sub check_can_host {
|
} else { |
} else { |
&success($r,$form->{'uname'},$udom,$authhost,'noredirect',undef, |
&success($r,$form->{'uname'},$udom,$authhost,'noredirect',undef, |
$form); |
$form); |
|
if ($form->{'firsturl'} =~ m{^/tiny/$match_domain/\w+$}) { |
|
$env{'request.deeplink.login'} = $form->{'firsturl'}; |
|
} elsif ($form->{'firsturl'} eq '/adm/email') { |
|
if ($form->{'display'} && ($form->{'mailrecip'} eq $form->{'uname'}.':'.$form->{'udom'})) { |
|
$env{'request.display'} = $form->{'mailrecip'}; |
|
$env{'request.mailrecip'} = $form->{'mailrecip'}; |
|
} |
|
} |
|
if ($form->{'linkprot'}) { |
|
$env{'request.linkprot'} = $form->{'linkprot'}; |
|
} elsif ($form->{'linkkey'} ne '') { |
|
$env{'request.linkkey'} = $form->{'linkkey'}; |
|
} |
my ($otherserver) = &Apache::lonnet::choose_server($udom); |
my ($otherserver) = &Apache::lonnet::choose_server($udom); |
$r->internal_redirect('/adm/switchserver?otherserver='.$otherserver); |
$r->internal_redirect('/adm/switchserver?otherserver='.$otherserver); |
} |
} |
Line 740 sub loginhelpdisplay {
|
Line 1205 sub loginhelpdisplay {
|
return; |
return; |
} |
} |
|
|
|
sub alternate_unames_check { |
|
my ($uname,$udom) = @_; |
|
my %possunames; |
|
my %domdefs = &Apache::lonnet::get_domain_defaults($udom); |
|
if (ref($domdefs{'unamemap_rule'}) eq 'ARRAY') { |
|
if (@{$domdefs{'unamemap_rule'}} > 0) { |
|
%possunames = |
|
&Apache::lonnet::inst_rulecheck($udom,$uname,undef, |
|
'unamemap',$domdefs{'unamemap_rule'}); |
|
} |
|
} |
|
return %possunames; |
|
} |
|
|
1; |
1; |
__END__ |
__END__ |
|
|