--- loncom/auth/lonauth.pm 2021/10/26 15:52:54 1.168 +++ loncom/auth/lonauth.pm 2021/11/03 01:04:02 1.169 @@ -1,7 +1,7 @@ # The LearningOnline Network # User Authentication Module # -# $Id: lonauth.pm,v 1.168 2021/10/26 15:52:54 raeburn Exp $ +# $Id: lonauth.pm,v 1.169 2021/11/03 01:04:02 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -178,6 +178,22 @@ sub success { $destination .= 'source=login'; } + if (($env{'request.deeplink.login'} eq $lowerurl) && + (($env{'request.linkprot'}) || ($env{'request.linkkey'} ne ''))) { + my %info; + if ($env{'request.linkprot'}) { + $info{'linkprot'} = $env{'request.linkprot'}; + } elsif ($env{'request.linkkey'} ne '') { + $info{'linkkey'} = $env{'request.linkkey'}; + } + $info{'origurl'} = $lowerurl; + my $token = &Apache::lonnet::tmpput(\%info,$r->dir_config('lonHostID'),'link'); + unless (($token eq 'con_lost') || ($token eq 'refused') || + ($token eq 'unknown_cmd') || ($token eq 'no_such_host')) { + $destination .= (($destination =~ /\?/) ? '&' : '?') . 'ttoken='.$token; + } + } + my $windowname = 'loncapaclient'; if ($env{'request.lti.login'}) { $windowname .= 'lti'; @@ -329,7 +345,7 @@ sub failed { } if (exists($form->{linkprot})) { my $ltoken = &Apache::lonnet::tmpput({linkprot => $form->{'linkprot'}}, - $r->dir_config('lonHostID')); + $r->dir_config('lonHostID'),'retry'); if ($ltoken) { $retry .= (($retry =~ /\?/) ? '&' : '?').'ltoken='.$ltoken; } @@ -398,44 +414,71 @@ sub handler { my $end_page = &Apache::loncommon::end_page(); my $dest = '/adm/roles'; - if ($env{'form.firsturl'} ne '') { - $dest = $env{'form.firsturl'}; - if (($dest =~ m{^/tiny/$match_domain/\w+$}) && ($env{'request.course.id'})) { - my $cnum = $env{'course.'.$env{'request.course.id'}.'.num'}; - my $cdom = $env{'course.'.$env{'request.course.id'}.'.domain'}; - my $symb = &Apache::loncommon::symb_from_tinyurl($dest,$cnum,$cdom); - if ($symb) { - my $buffer; - if ($r->header_in('Content-length') > 0) { - $r->read($buffer,$r->header_in('Content-length'),0); - } - my %form; - foreach my $pair (split(/&/,$buffer)) { - my ($name,$value) = split(/=/,$pair); - $value =~ tr/+/ /; - $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C",hex($1))/eg; - $form{$name}=$value; + my %form = &get_form_items($r); + if ($form{'logtoken'}) { + my $tmpinfo = &Apache::lonnet::reply('tmpget:'.$form{'logtoken'}, + $form{'serverid'}); + unless (($tmpinfo=~/^error/) || ($tmpinfo eq 'con_lost') || + ($tmpinfo eq 'no_such_host')) { + my ($des_key,$firsturl,@rest)=split(/&/,$tmpinfo); + $firsturl = &unescape($firsturl); + my %info; + foreach my $item (@rest) { + my ($key,$value) = split(/=/,$item); + $info{$key} = &unescape($value); + } + if ($firsturl ne '') { + $info{'firsturl'} = $firsturl; + $dest = $firsturl; + my $relogin; + if ($dest =~ m{^/tiny/$match_domain/\w+$}) { + if ($env{'request.course.id'}) { + my $cnum = $env{'course.'.$env{'request.course.id'}.'.num'}; + my $cdom = $env{'course.'.$env{'request.course.id'}.'.domain'}; + my $symb = &Apache::loncommon::symb_from_tinyurl($dest,$cnum,$cdom); + if ($symb) { + unless (&set_deeplink_login(%info) eq 'ok') { + $relogin = 1; + } + } + } + if ($relogin) { + $r->print( + $start_page + .'
'.&mt('You are already logged in!').'
' + .''.&mt('Please [_1]log out[_2] first, and then try your access again', + '','') + .'
' + .$end_page); + } else { + if (($info{'linkprot'}) || ($info{'linkkey'} ne '')) { + my $token = &Apache::lonnet::tmpput(\%info,$r->dir_config('lonHostID'),'link'); + unless (($token eq 'con_lost') || ($token eq 'refused') || + ($token eq 'unknown_cmd') || ($token eq 'no_such_host')) { + $dest .= (($dest =~ /\?/) ? '&' : '?') . 'ttoken='.$token; + } + } + $r->print( + $start_page + .''.&mt('You are already logged in!').'
' + .''.&mt('Please either [_1]continue the current session[_2] or [_3]log out[_4] first, and then try your access again', + '','', + '','') + .'
' + .$end_page); + } + return OK; } - &set_deeplink_login(%form); - } else { - $r->print( - $start_page - .''.&mt('You are already logged in!').'
' - .''.&mt('Please [_1]log out[_2] first, and then try your access again', - '','') - .'
' - .$end_page); - return OK; } } } $r->print( - $start_page - .''.&mt('You are already logged in!').'
' - .''.&mt('Please either [_1]continue the current session[_2] or [_3]log out[_4].' - ,'','','','') - .'
' - .$end_page + $start_page + .''.&mt('You are already logged in!').'
' + .''.&mt('Please either [_1]continue the current session[_2] or [_3]log out[_4].' + ,'','','','') + .'
' + .$end_page ); return OK; } @@ -443,19 +486,7 @@ sub handler { # ---------------------------------------------------- No valid token, continue - - my $buffer; - if ($r->header_in('Content-length') > 0) { - $r->read($buffer,$r->header_in('Content-length'),0); - } - my %form; - foreach my $pair (split(/&/,$buffer)) { - my ($name,$value) = split(/=/,$pair); - $value =~ tr/+/ /; - $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C",hex($1))/eg; - $form{$name}=$value; - } - + my %form = &get_form_items($r); if ((!$form{'uname'}) || (!$form{'upass0'}) || (!$form{'udom'})) { &failed($r,'Username, password and domain need to be specified.', \%form); @@ -499,7 +530,8 @@ sub handler { return OK; } - my ($key,$firsturl,@rest)=split(/&/,$tmpinfo); + my ($des_key,$firsturl,@rest)=split(/&/,$tmpinfo); + $firsturl = &unescape($firsturl); foreach my $item (@rest) { my ($key,$value) = split(/=/,$item); $form{$key} = &unescape($value); @@ -508,7 +540,7 @@ sub handler { $form{'firsturl'} = $firsturl; } my $upass = $ENV{HTTPS} ? $form{'upass0'} - : &Apache::loncommon::des_decrypt($key,$form{'upass0'}); + : &Apache::loncommon::des_decrypt($des_key,$form{'upass0'}); # ---------------------------------------------------------------- Authenticate @@ -570,9 +602,9 @@ sub handler { $firsturl='/adm/roles'; } - my $hosthere; + my ($hosthere,%sessiondata); if ($form{'iptoken'}) { - my %sessiondata = &Apache::lonnet::tmpget($form{'iptoken'}); + %sessiondata = &Apache::lonnet::tmpget($form{'iptoken'}); my $delete = &Apache::lonnet::tmpdel($form{'iptoken'}); if (($sessiondata{'domain'} eq $form{'udom'}) && ($sessiondata{'username'} eq $form{'uname'})) { @@ -616,7 +648,7 @@ sub handler { unless ($suprim eq $uprim) { unless ($suintdom eq $uintdom) { &Apache::lonnet::logthis('Attempted switch user ' - .'to user with different "internet domain".'); + .'to user with different "internet domain".'); $noprivswitch = 1; } } @@ -778,6 +810,18 @@ sub handler { $form{'noloadbalance'} = $hosthere; } my $extra_env; + if (($hosthere) && ($sessiondata{'sessionserver'} ne '')) { + if ($sessiondata{'origurl'} ne '') { + $firsturl = $sessiondata{'origurl'}; + $form{'firsturl'} = $sessiondata{'origurl'}; + my @names = ('role','symb','linkprot','linkkey'); + foreach my $item (@names) { + if ($sessiondata{$item} ne '') { + $form{$item} = $sessiondata{$item}; + } + } + } + } if ($form{'linkprot'}) { my ($linkprotector,$uri) = split(/:/,$form{'linkprot'},2); if ($linkprotector) { @@ -817,14 +861,31 @@ sub handler { } } +sub get_form_items { + my ($r) = @_; + my $buffer; + if ($r->header_in('Content-length') > 0) { + $r->read($buffer,$r->header_in('Content-length'),0); + } + my %form; + foreach my $pair (split(/&/,$buffer)) { + my ($name,$value) = split(/=/,$pair); + $value =~ tr/+/ /; + $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C",hex($1))/eg; + $form{$name}=$value; + } + return %form; +} + sub set_deeplink_login { my (%form) = @_; + my $disallow; if ($form{'firsturl'} =~ m{^/tiny/($match_domain)/\w+$}) { my $cdom = $1; my ($cnum,$symb) = &Apache::loncommon::symb_from_tinyurl($form{'firsturl'},'',$cdom); if ($symb) { if ($env{'request.course.id'} eq $cdom.'_'.$cnum) { - my ($disallow,$deeplink); + my $deeplink; if ($symb =~ /\.(page|sequence)$/) { my $mapname = &Apache::lonnet::deversion((&Apache::lonnet::decode_symb($symb))[2]); my $navmap = Apache::lonnavmaps::navmap->new(); @@ -857,14 +918,17 @@ sub set_deeplink_login { } } } - return; + if ($disallow) { + return; + } + return 'ok'; } sub set_retry_token { my ($form,$lonhost,$querystr) = @_; if (ref($form) eq 'HASH') { my ($firsturl,$token,$extras,@names); - @names = ('role','symb','linkprot','linkkey'); + @names = ('role','symb','linkprot','linkkey','iptoken'); foreach my $name (@names) { if ($form->{$name} ne '') { $extras .= '&'.$name.'='.&escape($form->{$name});