--- loncom/auth/lonauth.pm 2022/08/30 12:10:43 1.121.2.24.2.5
+++ loncom/auth/lonauth.pm 2023/07/05 17:33:03 1.121.2.24.2.7
@@ -1,7 +1,7 @@
# The LearningOnline Network
# User Authentication Module
#
-# $Id: lonauth.pm,v 1.121.2.24.2.5 2022/08/30 12:10:43 raeburn Exp $
+# $Id: lonauth.pm,v 1.121.2.24.2.7 2023/07/05 17:33:03 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -36,6 +36,7 @@ use Apache::loncommon();
use Apache::lonnet;
use Apache::lonmenu();
use Apache::createaccount;
+use Apache::ltiauth;
use Fcntl qw(:flock);
use Apache::lonlocal;
use Apache::File();
@@ -46,7 +47,7 @@ use CGI::Cookie();
# ------------------------------------------------------------ Successful login
sub success {
my ($r, $username, $domain, $authhost, $lowerurl, $extra_env,
- $form,$cid,$expirepub,$write_to_opener) = @_;
+ $form,$skipcritical,$cid,$expirepub,$write_to_opener) = @_;
# ------------------------------------------------------------ Get cookie ready
my $cookie =
@@ -66,10 +67,12 @@ sub success {
# ------------------------------------------------- Check for critical messages
- my @what=&Apache::lonnet::dump('critical',$domain,$username);
- if ($what[0]) {
- if (($what[0] ne 'con_lost') && ($what[0]!~/^error\:/)) {
- $lowerurl='/adm/email?critical=display';
+ unless ($skipcritical) {
+ my @what=&Apache::lonnet::dump('critical',$domain,$username);
+ if ($what[0]) {
+ if (($what[0] ne 'con_lost') && ($what[0]!~/^error\:/)) {
+ $lowerurl='/adm/email?critical=display';
+ }
}
}
@@ -96,7 +99,35 @@ sub success {
}
# -------------------------------------------------------- Menu script and info
my $destination = $lowerurl;
-
+ if ($env{'request.lti.login'}) {
+ if (($env{'request.lti.reqcrs'}) && ($env{'request.lti.reqrole'} eq 'cc')) {
+ &Apache::loncommon::content_type($r,'text/html');
+ if ($securecookie) {
+ $r->headers_out->add('Set-cookie' => $securecookie);
+ }
+ if ($defaultcookie) {
+ $r->headers_out->add('Set-cookie' => $defaultcookie);
+ }
+ $r->send_http_header;
+ if (ref($form) eq 'HASH') {
+ $form->{'lti.login'} = $env{'request.lti.login'};
+ $form->{'lti.reqcrs'} = $env{'request.lti.reqcrs'};
+ $form->{'lti.reqrole'} = $env{'request.lti.reqrole'};
+ $form->{'lti.sourcecrs'} = $env{'request.lti.sourcecrs'};
+ }
+ &Apache::ltiauth::lti_reqcrs($r,$domain,$form,$username,$domain);
+ return;
+ }
+ if ($env{'request.lti.selfenrollrole'}) {
+ if (&Apache::ltiauth::lti_enroll($username,$domain,
+ $env{'request.lti.selfenrollrole'}) eq 'ok') {
+ $form->{'role'} = $env{'request.lti.selfenrollrole'};
+ &Apache::lonnet::delenv('request.lti.selfenrollrole');
+ } else {
+ &Apache::ltiauth::invalid_request($r,24);
+ }
+ }
+ }
if (defined($form->{role})) {
my $envkey = 'user.role.'.$form->{role};
my $now=time;
@@ -116,6 +147,10 @@ sub success {
$destination .= 'selectrole=1&'.$newrole.'=1';
}
}
+ } elsif (defined($form->{display})) {
+ if ($destination =~ m{^/adm/email($|\?)}) {
+ $destination .= ($destination =~ /\?/) ? '&' : '?' .'display='.&escape($form->{display});
+ }
}
if (defined($form->{symb})) {
my $destsymb = $form->{symb};
@@ -157,7 +192,7 @@ sub success {
my %info;
if ($env{'request.linkprot'}) {
$info{'linkprot'} = $env{'request.linkprot'};
- foreach my $item ('linkprotuser','linkprotexit') {
+ foreach my $item ('linkprotuser','linkprotexit','linkprotpbid','linkprotpburl') {
if ($form->{$item}) {
$info{$item} = $form->{$item};
}
@@ -173,7 +208,7 @@ sub success {
$destination .= (($destination =~ /\?/) ? '&' : '?') . 'ttoken='.$token;
}
}
- if ($env{'request.deeplink.login'}) {
+ if (($env{'request.deeplink.login'}) || ($env{'request.lti.login'})) {
if ($env{'environment.remote'} eq 'on') {
&Apache::lonnet::appenv({'environment.remote' => 'off'});
}
@@ -219,7 +254,7 @@ sub success {
}
$r->send_http_header;
- if ($env{'request.linkprot'}) {
+ if (($env{'request.linkprot'}) || ($env{'request.lti.login'})) {
$r->print(<$continuelink
@@ -268,14 +303,19 @@ sub failed {
}
}
+ my @actions;
my $start_page = &Apache::loncommon::start_page('Unsuccessful Login',undef,$args);
my $uname = &Apache::loncommon::cleanup_html($form->{'uname'});
my $udom = &Apache::loncommon::cleanup_html($form->{'udom'});
if (&Apache::lonnet::domain($udom,'description') eq '') {
undef($udom);
}
+ my $authtype;
+ if (($udom ne '') && ($uname ne '') && ($authhost eq 'no_host')) {
+ $authtype = &Apache::lonnet::queryauthenticate($uname,$udom);
+ }
my $retry = '/adm/login';
- if ($uname eq $form->{'uname'}) {
+ if (($uname eq $form->{'uname'}) && ($authtype !~ /^lti:/)) {
$retry .= '?username='.$uname;
}
if ($udom) {
@@ -314,7 +354,7 @@ sub failed {
my %info = (
'linkprot' => $form->{'linkprot'},
);
- foreach my $item ('linkprotuser','linkprotexit') {
+ foreach my $item ('linkprotuser','linkprotexit','linkprotpbid','linkprotpburl') {
if ($form->{$item} ne '') {
$info{$item} = $form->{$item};
}
@@ -331,18 +371,28 @@ sub failed {
my $end_page = &Apache::loncommon::end_page();
&Apache::loncommon::content_type($r,'text/html');
$r->send_http_header;
- my @actions =
- (&mt('Please [_1]log in again[_2].','',''));
+ if ($authtype =~ /^lti:/) {
+ $message = &mt('Direct login is not supported with the username you entered.').
+ '
'.
+ &mt('You likely need to launch LON-CAPA from within a course in a different Learning Management System.').
+ '
'.
+ &mt('You can also try to log in with a different username.');
+ @actions =
+ (&mt('Try your [_1]log in again[_2].','',''));
+ } else {
+ $message = &mt($message);
+ @actions =
+ (&mt('Please [_1]log in again[_2].','',''));
+ }
my $loginhelp = &loginhelpdisplay($udom);
if ($loginhelp) {
push(@actions, ''.&mt('Login problems?').'');
}
#FIXME: link to helpdesk might be added here
-
$r->print(
$start_page
.''.&mt('Sorry ...').'
'
- .&Apache::lonhtmlcommon::confirm_success(&mt($message),1).'
'
+ .&Apache::lonhtmlcommon::confirm_success($message,1).'
'
.&Apache::lonhtmlcommon::actionbox(\@actions)
.$end_page
);
@@ -572,7 +622,7 @@ sub handler {
}
unless ($pwdverify) {
&failed($r,'Username and/or password could not be authenticated.',
- \%form);
+ \%form,$authhost);
return OK;
}
} elsif ($authhost eq 'no_account_on_host') {
@@ -749,7 +799,7 @@ sub handler {
}
if ($form{'linkprot'}) {
$env{'request.linkprot'} = $form{'linkprot'};
- foreach my $item ('linkprotuser','linkprotexit') {
+ foreach my $item ('linkprotuser','linkprotexit','linkprotpbid','linkprotpburl') {
if ($form{$item}) {
$env{'request.'.$item} = $form{$item};
}
@@ -759,6 +809,11 @@ sub handler {
}
if ($form{'firsturl'} =~ m{^/tiny/$match_domain/\w+$}) {
&set_deeplink_login(%form);
+ } elsif ($firsturl eq '/adm/email') {
+ if ($form{'display'} && ($form{'mailrecip'} eq "$form{'uname'}:$form{'udom'}")) {
+ $env{'request.display'} = $form{'display'};
+ $env{'request.mailrecip'} = $form{'mailrecip'};
+ }
}
$r->internal_redirect($switchto);
} else {
@@ -785,7 +840,7 @@ sub handler {
}
if ($form{'linkprot'}) {
$env{'request.linkprot'} = $form{'linkprot'};
- foreach my $item ('linkprotuser','linkprotexit') {
+ foreach my $item ('linkprotuser','linkprotexit','linkprotpbid','linkprotpburl') {
if ($form{$item}) {
$env{'request.'.$item} = $form{$item};
}
@@ -795,6 +850,11 @@ sub handler {
}
if ($form{'firsturl'} =~ m{^/tiny/$match_domain/\w+$}) {
&set_deeplink_login(%form);
+ } elsif ($firsturl eq '/adm/email') {
+ if ($form{'display'} && ($form{'mailrecip'} eq "$form{'uname'}:$form{'udom'}")) {
+ $env{'request.display'} = $form{'display'};
+ $env{'request.mailrecip'} = $form{'mailrecip'};
+ }
}
$r->internal_redirect($switchto);
} else {
@@ -834,6 +894,11 @@ sub handler {
}
if ($form{'firsturl'} =~ m{^/tiny/$match_domain/\w+$}) {
&set_deeplink_login(%form);
+ } elsif ($firsturl eq '/adm/email') {
+ if ($form{'display'} && ($form{'mailrecip'} eq "$form{'uname'}:$form{'udom'}")) {
+ $env{'request.display'} = $form{'display'};
+ $env{'request.mailrecip'} = $form{'mailrecip'};
+ }
}
$r->internal_redirect('/adm/switchserver?otherserver='.$unloaded.'&origurl='.$firsturl);
return OK;
@@ -853,6 +918,14 @@ sub handler {
$form{$item} = $sessiondata{$item};
}
}
+ if ($sessiondata{'origurl'} eq '/adm/email') {
+ if (($sessiondata{'display'}) && ($sessiondata{'mailrecip'})) {
+ if (&unescape($sessiondata{'mailrecip'}) eq "$form{'uname'}:$form{'udom'}") {
+ $form{'display'} = &unescape($sessiondata{'display'});
+ $form{'mailrecip'} = &unescape($sessiondata{'mailrecip'});
+ }
+ }
+ }
}
}
if ($form{'linkprot'}) {
@@ -876,6 +949,12 @@ sub handler {
if ($form{'linkprotexit'}) {
$extra_env->{'request.linkprotexit'} = $form{'linkprotexit'};
}
+ if ($form{'linkprotpbid'}) {
+ $extra_env->{'request.linkprotpbid'} = $form{'linkprotpbid'};
+ }
+ if ($form{'linkprotpburl'}) {
+ $extra_env->{'request.linkprotpburl'} = $form{'linkprotpburl'};
+ }
} elsif ($form{'linkkey'} ne '') {
if (ref($extra_env) eq 'HASH') {
%{$extra_env} = ( %{$extra_env}, 'request.linkkey' => $form{'linkkey'} );
@@ -964,7 +1043,7 @@ sub set_retry_token {
my ($form,$lonhost,$querystr) = @_;
if (ref($form) eq 'HASH') {
my ($firsturl,$token,$extras,@names);
- @names = ('role','symb','linkprotuser','linkprotexit','linkprot','linkkey','iptoken');
+ @names = ('role','symb','linkprotuser','linkprotexit','linkprot','linkkey','iptoken','linkprotpbid','linkprotpburl');
foreach my $name (@names) {
if ($form->{$name} ne '') {
$extras .= '&'.$name.'='.&escape($form->{$name});
@@ -1051,6 +1130,11 @@ sub check_can_host {
$form);
if ($form->{'firsturl'} =~ m{^/tiny/$match_domain/\w+$}) {
$env{'request.deeplink.login'} = $form->{'firsturl'};
+ } elsif ($form->{'firsturl'} eq '/adm/email') {
+ if ($form->{'display'} && ($form->{'mailrecip'} eq $form->{'uname'}.':'.$form->{'udom'})) {
+ $env{'request.display'} = $form->{'mailrecip'};
+ $env{'request.mailrecip'} = $form->{'mailrecip'};
+ }
}
if ($form->{'linkprot'}) {
$env{'request.linkprot'} = $form->{'linkprot'};