loncom/auth/lonauth.pm - diff

Return to lonauth.pm CVS log

Up to [LON-CAPA] / loncom / auth

Diff for /loncom/auth/lonauth.pm between versions 1.169 and 1.174

version 1.169, 2021/11/03 01:04:02	version 1.174, 2022/06/18 02:10:18
Line 42 use Apache::lonlocal;	Line 42 use Apache::lonlocal;
use Apache::File();	use Apache::File();
use HTML::Entities;	use HTML::Entities;
use Digest::MD5;	use Digest::MD5;
	use CGI::Cookie();

# ------------------------------------------------------------ Successful login	# ------------------------------------------------------------ Successful login
sub success {	sub success {
my ($r, $username, $domain, $authhost, $lowerurl, $extra_env,	my ($r, $username, $domain, $authhost, $lowerurl, $extra_env,
$form,$skipcritical,$cid) = @_;	$form,$skipcritical,$cid,$expirepub) = @_;

# ------------------------------------------------------------ Get cookie ready	# ------------------------------------------------------------ Get cookie ready
my $cookie =	my $cookie =
Line 233 sub success {	Line 234 sub success {
if ($defaultcookie) {	if ($defaultcookie) {
$r->headers_out->add('Set-cookie' => $defaultcookie);	$r->headers_out->add('Set-cookie' => $defaultcookie);
}	}
	if ($expirepub) {
	my $c = new CGI::Cookie(-name => 'lonPubID',
	-value => '',
	-expires => '-10y',);
	$r->headers_out->add('Set-cookie' => $c);
	}
$r->send_http_header;	$r->send_http_header;

my ($start_page,$js,$pagebody,$end_page);	my ($start_page,$js,$pagebody,$end_page);
Line 241 sub success {	Line 248 sub success {
if ($env{'request.lti.target'} eq '') {	if ($env{'request.lti.target'} eq '') {
my $ltitarget = (($destination =~ /\?/) ? '&' : '?').	my $ltitarget = (($destination =~ /\?/) ? '&' : '?').
'ltitarget=iframe';	'ltitarget=iframe';
	&js_escape(\$destination);
$js = <<"ENDJS";	$js = <<"ENDJS";

<script type="text/javascript">	<script type="text/javascript">
Line 293 ENDSUCCESS	Line 301 ENDSUCCESS
# --------------------------------------------------------------- Failed login!	# --------------------------------------------------------------- Failed login!

sub failed {	sub failed {
my ($r,$message,$form) = @_;	my ($r,$message,$form,$authhost) = @_;
(undef,undef,undef,my $clientmathml,my $clientunicode) =	(undef,undef,undef,my $clientmathml,my $clientunicode) =
&Apache::loncommon::decode_user_agent();	&Apache::loncommon::decode_user_agent();
my $args = {};	my $args = {};
if ($clientunicode && !$clientmathml) {	if ($clientunicode && !$clientmathml) {
$args = {'browser.unicode' => 1};	$args = {'browser.unicode' => 1};
}	}
	if ($form->{firsturl} =~ m{^/tiny/$match_domain/\w+$}) {
	if ($form->{linkprot}) {
	$args->{only_body} = 1;
	}
	}

	my @actions;
my $start_page = &Apache::loncommon::start_page('Unsuccessful Login',undef,$args);	my $start_page = &Apache::loncommon::start_page('Unsuccessful Login',undef,$args);
my $uname = &Apache::loncommon::cleanup_html($form->{'uname'});	my $uname = &Apache::loncommon::cleanup_html($form->{'uname'});
my $udom = &Apache::loncommon::cleanup_html($form->{'udom'});	my $udom = &Apache::loncommon::cleanup_html($form->{'udom'});
if (&Apache::lonnet::domain($udom,'description') eq '') {	if (&Apache::lonnet::domain($udom,'description') eq '') {
undef($udom);	undef($udom);
}	}
	my $authtype;
	if (($udom ne '') && ($uname ne '') && ($authhost eq 'no_host')) {
	$authtype = &Apache::lonnet::queryauthenticate($uname,$udom);
	}
my $retry = '/adm/login';	my $retry = '/adm/login';
if ($uname eq $form->{'uname'}) {	if (($uname eq $form->{'uname'}) && ($authtype !~ /^lti:/)) {
$retry .= '?username='.$uname;	$retry .= '?username='.$uname;
}	}
if ($udom) {	if ($udom) {
Line 344 sub failed {	Line 362 sub failed {
}	}
}	}
if (exists($form->{linkprot})) {	if (exists($form->{linkprot})) {
my $ltoken = &Apache::lonnet::tmpput({linkprot => $form->{'linkprot'}},	my %info = (
	'linkprot' => $form->{'linkprot'},
	);
	if ($form->{linkprotuser} ne '') {
	$info{'linkprotuser'} = $form->{linkprotuser};
	}
	my $ltoken = &Apache::lonnet::tmpput(\%info,
$r->dir_config('lonHostID'),'retry');	$r->dir_config('lonHostID'),'retry');
if ($ltoken) {	if ($ltoken) {
$retry .= (($retry =~ /\?/) ? '&' : '?').'ltoken='.$ltoken;	$retry .= (($retry =~ /\?/) ? '&' : '?').'ltoken='.$ltoken;
Line 356 sub failed {	Line 380 sub failed {
my $end_page = &Apache::loncommon::end_page();	my $end_page = &Apache::loncommon::end_page();
&Apache::loncommon::content_type($r,'text/html');	&Apache::loncommon::content_type($r,'text/html');
$r->send_http_header;	$r->send_http_header;
my @actions =	if ($authtype =~ /^lti:/) {
(&mt('Please [_1]log in again[_2].','<a href="'.$retry.'">','</a>'));	$message = &mt('Direct login is not supported with the username you entered.').
	'<br /><br />'.
	&mt('You likely need to launch LON-CAPA from within a course in a different Learning Management System.').
	'<br />'.
	&mt('You can also try to log in with a different username.');
	@actions =
	(&mt('Try your [_1]log in again[_2].','<a href="'.$retry.'">','</a>'));
	} else {
	$message = &mt($message);
	@actions =
	(&mt('Please [_1]log in again[_2].','<a href="'.$retry.'">','</a>'));
	}
my $loginhelp = &loginhelpdisplay($udom);	my $loginhelp = &loginhelpdisplay($udom);
if ($loginhelp) {	if ($loginhelp) {
push(@actions, '<a href="'.$loginhelp.'">'.&mt('Login problems?').'</a>');	push(@actions, '<a href="'.$loginhelp.'">'.&mt('Login problems?').'</a>');
}	}
#FIXME: link to helpdesk might be added here	#FIXME: link to helpdesk might be added here

$r->print(	$r->print(
$start_page	$start_page
.'<h2>'.&mt('Sorry ...').'</h2>'	.'<h2>'.&mt('Sorry ...').'</h2>'
.&Apache::lonhtmlcommon::confirm_success(&mt($message),1).'<br /><br />'	.&Apache::lonhtmlcommon::confirm_success($message,1).'<br /><br />'
.&Apache::lonhtmlcommon::actionbox(\@actions)	.&Apache::lonhtmlcommon::actionbox(\@actions)
.$end_page	.$end_page
);	);
Line 452 sub handler {	Line 486 sub handler {
.$end_page);	.$end_page);
} else {	} else {
if (($info{'linkprot'}) \|\| ($info{'linkkey'} ne '')) {	if (($info{'linkprot'}) \|\| ($info{'linkkey'} ne '')) {
	if (($info{'linkprot'}) && ($info{'linkprotuser'} ne '')) {
	unless ($info{'linkprotuser'} eq $env{'user.name'}.':'.$env{'user.domain'}) {
	$r->print(
	$start_page
	.'<p class="LC_warning">'.&mt('You are already logged in, but as a different user from the one expected for the link you followed from another system').'</p>'
	.'<p>'.&mt('Please [_1]log out[_2] first, and then try following the link again from the other system',
	'<a href="/adm/logout">','</a>')

	.'</p>'
	.$end_page);
	return OK;
	}
	}
my $token = &Apache::lonnet::tmpput(\%info,$r->dir_config('lonHostID'),'link');	my $token = &Apache::lonnet::tmpput(\%info,$r->dir_config('lonHostID'),'link');
unless (($token eq 'con_lost') \|\| ($token eq 'refused') \|\|	unless (($token eq 'con_lost') \|\| ($token eq 'refused') \|\|
($token eq 'unknown_cmd') \|\| ($token eq 'no_such_host')) {	($token eq 'unknown_cmd') \|\| ($token eq 'no_such_host')) {
Line 561 sub handler {	Line 608 sub handler {
# --------------------------------------------------------------------- Failed?	# --------------------------------------------------------------------- Failed?

if ($authhost eq 'no_host') {	if ($authhost eq 'no_host') {
&failed($r,'Username and/or password could not be authenticated.',	my $pwdverify;
\%form);	if (&Apache::lonnet::homeserver($form{'uname'},$form{'udom'}) eq 'no_host') {
return OK;	my %possunames = &alternate_unames_check($form{'uname'},$form{'udom'});
	if (keys(%possunames) > 0) {
	foreach my $rulematch (keys(%possunames)) {
	my $possuname = $possunames{$rulematch};
	if (($possuname ne '') && ($possuname =~ /^$match_username$/)) {
	$authhost=Apache::lonnet::authenticate($possuname,$upass,
	$form{'udom'},undef,
	$clientcancheckhost);
	if (($authhost eq 'no_host') \|\| ($authhost eq 'no_account_on_host')) {
	next;
	} elsif (($authhost ne '') && (&Apache::lonnet::hostname($authhost) ne '')) {
	$pwdverify = 1;
	&Apache::lonnet::logthis("Authenticated user: $possuname was submitted as: $form{'uname'}");
	$form{'uname'} = $possuname;
	last;
	}
	}
	}
	}
	}
	unless ($pwdverify) {
	&failed($r,'Username and/or password could not be authenticated.',
	\%form,$authhost);
	return OK;
	}
} elsif ($authhost eq 'no_account_on_host') {	} elsif ($authhost eq 'no_account_on_host') {
if ($defaultauth) {	if ($defaultauth) {
my $domdesc = &Apache::lonnet::domain($form{'udom'},'description');	my $domdesc = &Apache::lonnet::domain($form{'udom'},'description');
Line 683 sub handler {	Line 754 sub handler {
}	}
}	}

	if ($form{'firsturl'} =~ m{^/tiny/$match_domain/\w+$}) {
	if (($form{'linkprot'}) && ($form{'linkprotuser'} ne '')) {
	unless($form{'linkprotuser'} eq $form{'uname'}.':'.$form{'udom'}) {
	delete($form{'udom'});
	delete($form{'uname'});
	&failed($r,'Username and/or domain are different to that expected for the link you followed from another system',
	\%form,$authhost);
	return OK;
	}
	}
	}

my ($is_balancer,$otherserver);	my ($is_balancer,$otherserver);

unless ($hosthere) {	unless ($hosthere) {
Line 928 sub set_retry_token {	Line 1011 sub set_retry_token {
my ($form,$lonhost,$querystr) = @_;	my ($form,$lonhost,$querystr) = @_;
if (ref($form) eq 'HASH') {	if (ref($form) eq 'HASH') {
my ($firsturl,$token,$extras,@names);	my ($firsturl,$token,$extras,@names);
@names = ('role','symb','linkprot','linkkey','iptoken');	@names = ('role','symb','linkprotuser','linkprot','linkkey','iptoken');
foreach my $name (@names) {	foreach my $name (@names) {
if ($form->{$name} ne '') {	if ($form->{$name} ne '') {
$extras .= '&'.$name.'='.&escape($form->{$name});	$extras .= '&'.$name.'='.&escape($form->{$name});
Line 1064 sub loginhelpdisplay {	Line 1147 sub loginhelpdisplay {
return;	return;
}	}

	sub alternate_unames_check {
	my ($uname,$udom) = @_;
	my %possunames;
	my %domdefs = &Apache::lonnet::get_domain_defaults($udom);
	if (ref($domdefs{'unamemap_rule'}) eq 'ARRAY') {
	if (@{$domdefs{'unamemap_rule'}} > 0) {
	%possunames =
	&Apache::lonnet::inst_rulecheck($udom,$uname,undef,
	'unamemap',$domdefs{'unamemap_rule'});
	}
	}
	return %possunames;
	}

1;	1;
__END__	__END__

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>

Removed from v.1.169
changed lines
	Added in v.1.174