--- loncom/auth/lonlogin.pm 2024/07/13 20:59:10 1.158.2.17 +++ loncom/auth/lonlogin.pm 2014/10/04 02:59:32 1.159 @@ -1,7 +1,7 @@ # The LearningOnline Network # Login Screen # -# $Id: lonlogin.pm,v 1.158.2.17 2024/07/13 20:59:10 raeburn Exp $ +# $Id: lonlogin.pm,v 1.159 2014/10/04 02:59:32 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -37,10 +37,7 @@ use Apache::lonauth(); use Apache::lonlocal; use Apache::migrateuser(); use lib '/home/httpd/lib/perl/'; -use LONCAPA qw(:DEFAULT :match); -use URI::Escape; -use HTML::Entities(); -use CGI::Cookie(); +use LONCAPA; sub handler { my $r = shift; @@ -49,72 +46,19 @@ sub handler { (join('&',$ENV{'QUERY_STRING'},$env{'request.querystring'}, $ENV{'REDIRECT_QUERY_STRING'}), ['interface','username','domain','firsturl','localpath','localres', - 'token','role','symb','iptoken','btoken','saml','sso','retry']); + 'token','role','symb','iptoken']); + if (!defined($env{'form.firsturl'})) { + &Apache::lonacc::get_posted_cgi($r,['firsturl']); + } # -- check if they are a migrating user if (defined($env{'form.token'})) { return &Apache::migrateuser::handler($r); } - my $lonhost = $r->dir_config('lonHostID'); - if (($env{'form.sso'}) || ($env{'form.retry'})) { - my $infotoken; - if ($env{'form.sso'}) { - $infotoken = $env{'form.sso'}; - } else { - $infotoken = $env{'form.retry'}; - } - my $data = &Apache::lonnet::reply('tmpget:'.$infotoken,$lonhost); - unless (($data=~/^error/) || ($data eq 'con_lost') || - ($data eq 'no_such_host')) { - my %info = &decode_token($data); - foreach my $item (keys(%info)) { - $env{'form.'.$item} = $info{$item}; - } - &Apache::lonnet::tmpdel($infotoken); - } - } else { - if (!defined($env{'form.firsturl'})) { - &Apache::lonacc::get_posted_cgi($r,['firsturl']); - } - if ($env{'form.firsturl'} eq '/adm/logout') { - delete($env{'form.firsturl'}); - } - } - -# For "public user" - remove any exising "public" cookie, as user really wants to log-in - my ($handle,$lonidsdir,$expirepub,$userdom); - $lonidsdir=$r->dir_config('lonIDsDir'); - unless ($r->header_only) { - $handle = &Apache::lonnet::check_for_valid_session($r,'lonID',undef,\$userdom); - if ($handle ne '') { - if ($handle=~/^publicuser\_/) { - unlink($r->dir_config('lonIDsDir')."/$handle.id"); - undef($handle); - undef($userdom); - $expirepub = 1; - } - } - } - &Apache::loncommon::no_cache($r); &Apache::lonlocal::get_language_handle($r); &Apache::loncommon::content_type($r,'text/html'); - if ($expirepub) { - my $c = new CGI::Cookie(-name => 'lonPubID', - -value => '', - -expires => '-10y',); - $r->header_out('Set-cookie' => $c); - } elsif (($handle eq '') && ($userdom ne '')) { - my %cookies=CGI::Cookie->parse($r->header_in('Cookie')); - foreach my $name (keys(%cookies)) { - next unless ($name =~ /^lon(|S|Link|Pub)ID$/); - my $c = new CGI::Cookie(-name => $name, - -value => '', - -expires => '-10y',); - $r->headers_out->add('Set-cookie' => $c); - } - } $r->send_http_header; return OK if $r->header_only; @@ -126,97 +70,37 @@ sub handler { return OK; } -# Check if browser sent a LON-CAPA load balancer cookie (and this is a balancer) + $env{'form.firsturl'} =~ s/(`)/'/g; - my ($found_server,$balancer_cookie) = &Apache::lonnet::check_for_balancer_cookie($r,1); - if ($found_server) { - my $hostname = &Apache::lonnet::hostname($found_server); - if ($hostname ne '') { - my $protocol = $Apache::lonnet::protocol{$found_server}; - $protocol = 'http' if ($protocol ne 'https'); +# -------------------------------- Prevent users from attempting to login twice + my $handle = &Apache::lonnet::check_for_valid_session($r); + if ($handle ne '') { + my $lonidsdir=$r->dir_config('lonIDsDir'); + if ($handle=~/^publicuser\_/) { +# For "public user" - remove it, we apparently really want to login + unlink($r->dir_config('lonIDsDir')."/$handle.id"); + } else { +# Indeed, a valid token is found + &Apache::lonnet::transfer_profile_to_env($lonidsdir,$handle); + my $start_page = + &Apache::loncommon::start_page('Already logged in'); + my $end_page = + &Apache::loncommon::end_page(); my $dest = '/adm/roles'; if ($env{'form.firsturl'} ne '') { - $dest = &HTML::Entities::encode($env{'form.firsturl'},'\'"<>&'); + $dest = $env{'form.firsturl'}; } - my %info = ( - balcookie => $lonhost.':'.$balancer_cookie, - ); - if ($env{'form.role'}) { - $info{'role'} = $env{'form.role'}; - } - if ($env{'form.symb'}) { - $info{'symb'} = $env{'form.symb'}; - } - my $balancer_token = &Apache::lonnet::tmpput(\%info,$found_server); - unless (($balancer_token eq 'con_lost') || ($balancer_token eq 'refused') || - ($balancer_token eq 'unknown_cmd') || ($balancer_token eq 'no_such_host')) { - $dest .= (($dest=~/\?/)?'&':'?') . 'btoken='.$balancer_token; - } - unless ($found_server eq $lonhost) { - my $alias = &Apache::lonnet::use_proxy_alias($r,$found_server); - $hostname = $alias if ($alias ne ''); - } - my $url = $protocol.'://'.$hostname.$dest; - my $start_page = - &Apache::loncommon::start_page('Switching Server ...',undef, - {'redirect' => [0,$url],}); - my $end_page = &Apache::loncommon::end_page(); - $r->print($start_page.$end_page); - return OK; - } - } - -# -# Check if a LON-CAPA load balancer sent user here because user's browser sent -# it a balancer cookie for an active session on this server. -# - - my $balcookie; - if ($env{'form.btoken'}) { - my %info = &Apache::lonnet::tmpget($env{'form.btoken'}); - $balcookie = $info{'balcookie'}; - &Apache::lonnet::tmpdel($env{'form.btoken'}); - delete($env{'form.btoken'}); - } - -# -# If browser sent an old cookie for which the session file had been removed -# check if configuration for user's domain has a portal URL set. If so -# switch user's log-in to the portal. -# - - if (($handle eq '') && ($userdom ne '')) { - my %domdefaults = &Apache::lonnet::get_domain_defaults($userdom); - if ($domdefaults{'portal_def'} =~ /^https?\:/) { - my $start_page = &Apache::loncommon::start_page('Switching Server ...',undef, - {'redirect' => [0,$domdefaults{'portal_def'}],}); - my $end_page = &Apache::loncommon::end_page(); - $r->print($start_page.$end_page); + $r->print( + $start_page + .'

'.&mt('You are already logged in!').'

' + .'

'.&mt('Please either [_1]continue the current session[_2] or [_3]log out[_4].', + '','','','').'

' + .$end_page + ); return OK; } } -# -------------------------------- Prevent users from attempting to login twice - if ($handle ne '') { - &Apache::lonnet::transfer_profile_to_env($lonidsdir,$handle); - my $start_page = - &Apache::loncommon::start_page('Already logged in'); - my $end_page = - &Apache::loncommon::end_page(); - my $dest = '/adm/roles'; - if ($env{'form.firsturl'} ne '') { - $dest = &HTML::Entities::encode($env{'form.firsturl'},'\'"<>&'); - } - $r->print( - $start_page - .'

'.&mt('You are already logged in!').'

' - .'

'.&mt('Please either [_1]continue the current session[_2] or [_3]log out[_4].', - '','','','').'

' - .$end_page - ); - return OK; - } - # ---------------------------------------------------- No valid token, continue # ---------------------------- Not possible to really login to domain "public" @@ -238,16 +122,16 @@ sub handler { $env{'form.interface'}=~s/\W//g; (undef,undef,undef,undef,undef,undef,my $clientmobile) = - &Apache::loncommon::decode_user_agent($r); + &Apache::loncommon::decode_user_agent(); my $iconpath= &Apache::loncommon::lonhttpdurl($r->dir_config('lonIconsURL')); + my $lonhost = $r->dir_config('lonHostID'); my $domain = &Apache::lonnet::default_login_domain(); - my $defdom = $domain; if ($lonhost ne '') { unless ($sessiondata{'sessionserver'}) { - my $redirect = &check_loginvia($domain,$lonhost,$lonidsdir,$balcookie); + my $redirect = &check_loginvia($domain,$lonhost); if ($redirect) { $r->print($redirect); return OK; @@ -256,7 +140,7 @@ sub handler { } if (($sessiondata{'domain'}) && - (&Apache::lonnet::domain($sessiondata{'domain'},'description'))) { + (&Apache::lonnet::domain($env{'form.domain'},'description'))) { $domain=$sessiondata{'domain'}; } elsif (($env{'form.domain'}) && (&Apache::lonnet::domain($env{'form.domain'},'description'))) { @@ -332,14 +216,23 @@ sub handler { # -------------------------------------------------------- Store away log token my $tokenextras; - my @names = ('role','symb','iptoken'); - foreach my $name (@names) { - if ($env{'form.'.$name} ne '') { - $tokenextras .= '&'.$name.'='.&escape($env{'form.'.$name}); + if ($env{'form.role'}) { + $tokenextras = '&role='.&escape($env{'form.role'}); + } + if ($env{'form.symb'}) { + if (!$tokenextras) { + $tokenextras = '&'; } + $tokenextras .= '&symb='.&escape($env{'form.symb'}); + } + if ($env{'form.iptoken'}) { + if (!$tokenextras) { + $tokenextras = '&&'; + } + $tokenextras .= '&iptoken='.&escape($env{'form.iptoken'}); } my $logtoken=Apache::lonnet::reply( - 'tmpput:'.$ukey.$lkey.'&'.&escape($firsturl).$tokenextras, + 'tmpput:'.$ukey.$lkey.'&'.$firsturl.$tokenextras, $lonhost); # -- If we cannot talk to ourselves, or hostID does not map to a hostname @@ -350,36 +243,22 @@ sub handler { &Apache::lonnet::logthis('No valid logtoken for log-in page -- unable to determine hostname for hostID: '.$lonhost.'. Check entry in hosts.tab'); } my $spares=''; - my (@sparehosts,%spareservers); - my $sparesref = &Apache::lonnet::this_host_spares($defdom); - if (ref($sparesref) eq 'HASH') { - foreach my $key (keys(%{$sparesref})) { - if (ref($sparesref->{$key}) eq 'ARRAY') { - my @sorted = sort { &Apache::lonnet::hostname($a) cmp - &Apache::lonnet::hostname($b); - } @{$sparesref->{$key}}; - if (@sorted) { - if ($key eq 'primary') { - unshift(@sparehosts,@sorted); - } elsif ($key eq 'default') { - push(@sparehosts,@sorted); - } - } - } - } - } - foreach my $hostid (@sparehosts) { + my $last; + foreach my $hostid (sort + { + &Apache::lonnet::hostname($a) cmp + &Apache::lonnet::hostname($b); + } + keys(%Apache::lonnet::spareid)) { next if ($hostid eq $lonhost); my $hostname = &Apache::lonnet::hostname($hostid); - next if (($hostname eq '') || ($spareservers{$hostname})); - $spareservers{$hostname} = 1; - my $protocol = $Apache::lonnet::protocol{$hostid}; - $protocol = 'http' if ($protocol ne 'https'); - $spares.='
'. $hostname.''. - ' '.&mt('(preferred)').''.$/; + ' '.&mt('(preferred)').''.$/; + $last=$hostname; } if ($spares) { $spares.= '
'; @@ -391,26 +270,23 @@ sub handler { &Apache::lonnet::hostname($b); } keys(%all_hostnames)) { - next if ($hostid eq $lonhost); + next if ($hostid eq $lonhost || $Apache::lonnet::spareid{$hostid}); my $hostname = &Apache::lonnet::hostname($hostid); - next if (($hostname eq '') || ($spareservers{$hostname})); - $spareservers{$hostname} = 1; - my $protocol = $Apache::lonnet::protocol{$hostid}; - $protocol = 'http' if ($protocol ne 'https'); - $spares.='
'. $hostname.''; + $last=$hostname; } $r->print( - '' - .'' - .'' + '<html>' + .'<head><title>' .&mt('The LearningOnline Network with CAPA') .'' .'' .'

'.&mt('The LearningOnline Network with CAPA').'

' - .'broken icon' + .'' .'

'.&mt('This LON-CAPA server is temporarily not available for login.').'

'); if ($spares) { $r->print('

'.&mt('Please attempt to login to one of the following servers:') @@ -476,7 +352,11 @@ lextkey=this.document.client.elements.le initkeys(); this.document.server.elements.upass0.value - =getCrypted(this.document.client.elements.upass$now.value); + =crypted(this.document.client.elements.upass$now.value.substr(0,15)); +this.document.server.elements.upass1.value + =crypted(this.document.client.elements.upass$now.value.substr(15,15)); +this.document.server.elements.upass2.value + =crypted(this.document.client.elements.upass$now.value.substr(30,15)); this.document.client.elements.uname.value=''; this.document.client.elements.upass$now.value=''; @@ -497,70 +377,6 @@ function enableInput() { ENDSCRIPT - my ($lonhost_in_use,@hosts,%defaultdomconf,$saml_prefix,$saml_landing, - $samlssotext,$samlnonsso,$samlssoimg,$samlssoalt,$samlssourl,$samltooltip); - %defaultdomconf = &Apache::loncommon::get_domainconf($defdom); - @hosts = &Apache::lonnet::current_machine_ids(); - $lonhost_in_use = $lonhost; - if (@hosts > 1) { - foreach my $hostid (@hosts) { - if (&Apache::lonnet::host_domain($hostid) eq $defdom) { - $lonhost_in_use = $hostid; - last; - } - } - } - $saml_prefix = $defdom.'.login.saml_'; - if ($defaultdomconf{$saml_prefix.$lonhost_in_use}) { - $saml_landing = 1; - $samlssotext = $defaultdomconf{$saml_prefix.'text_'.$lonhost_in_use}; - $samlnonsso = $defaultdomconf{$saml_prefix.'notsso_'.$lonhost_in_use}; - $samlssoimg = $defaultdomconf{$saml_prefix.'img_'.$lonhost_in_use}; - $samlssoalt = $defaultdomconf{$saml_prefix.'alt_'.$lonhost_in_use}; - $samlssourl = $defaultdomconf{$saml_prefix.'url_'.$lonhost_in_use}; - $samltooltip = $defaultdomconf{$saml_prefix.'title_'.$lonhost_in_use}; - } - if ($saml_landing) { - if ($samlssotext eq '') { - $samlssotext = 'SSO Login'; - } - if ($samlnonsso eq '') { - $samlnonsso = 'Non-SSO Login'; - } - $js .= <<"ENDSAMLJS"; - - - -ENDSAMLJS - } - # --------------------------------------------------- Print login screen header my %add_entries = ( @@ -571,29 +387,6 @@ ENDSAMLJS alink => "$alink", onload => 'javascript:enableInput();',); - my ($headextra,$headextra_exempt); - $headextra = $defaultdomconf{$defdom.'.login.headtag_'.$lonhost_in_use}; - $headextra_exempt = $defaultdomconf{$domain.'.login.headtag_exempt_'.$lonhost_in_use}; - if ($headextra) { - my $omitextra; - if ($headextra_exempt ne '') { - my @exempt = split(',',$headextra_exempt); - my $ip = &Apache::lonnet::get_requestor_ip(); - if (grep(/^\Q$ip\E$/,@exempt)) { - $omitextra = 1; - } - } - unless ($omitextra) { - my $confname = $defdom.'-domainconfig'; - if ($headextra =~ m{^\Q/res/$defdom/$confname/login/headtag/$lonhost_in_use/\E}) { - my $extra = &Apache::lonnet::getfile(&Apache::lonnet::filelocation("",$headextra)); - unless ($extra eq '-1') { - $js .= "\n".$extra."\n"; - } - } - } - } - $r->print(&Apache::loncommon::start_page('The LearningOnline Network with CAPA Login',$js, { 'redirect' => [$expire,'/adm/roles'], 'add_entries' => \%add_entries, @@ -616,7 +409,6 @@ ENDSAMLJS 'helpdesk' => 'Contact Helpdesk', 'forgotpw' => 'Forgot password?', 'newuser' => 'New User?', - 'change' => 'Change?', ); # -------------------------------------------------- Change password field name @@ -645,6 +437,8 @@ ENDSAMLJS + + @@ -678,7 +472,7 @@ ENDSERVERFORM $mobileargs = 'autocapitalize="off" autocorrect="off"'; } my $loginform=(< +

:
@@ -692,82 +486,15 @@ ENDSERVERFORM LFORM if ($showbanner) { - my $alttext = &Apache::loncommon::designparm('login.alttext_img',$domain); - if ($alttext eq '') { - $alttext = 'The Learning Online Network with CAPA'; - } $r->print(<
- $alttext + The Learning Online Network with CAPA
HEADER } - - my $stdauthformstyle = 'inline-block'; - my $ssoauthstyle = 'none'; - my $logintype; - $r->print('
'); - if ($saml_landing) { - $ssoauthstyle = 'inline-block'; - $stdauthformstyle = 'none'; - $logintype = $samlssotext; - my $ssologin = '/adm/sso'; - if ($samlssourl ne '') { - $ssologin = $samlssourl; - } - if (($logtoken eq 'con_lost') || ($logtoken eq 'no_such_host')) { - my $querystring; - if ($env{'form.firsturl'} ne '') { - $querystring = 'origurl='; - if ($env{'form.firsturl'} =~ /[^\x00-\xFF]/) { - $querystring .= &uri_escape_utf8($env{'form.firsturl'}); - } else { - $querystring .= &uri_escape($env{'form.firsturl'}); - } - $querystring = &HTML::Entities::encode($querystring,"'"); - } - if ($querystring ne '') { - $ssologin .= (($ssologin=~/\?/)?'&':'?') . $querystring; - } - } elsif ($logtoken ne '') { - $ssologin .= (($ssologin=~/\?/)?'&':'?') . 'logtoken='.$logtoken; - } - my $ssohref; - if ($samlssoimg ne '') { - $ssohref = ''. - ''.$samlssoalt.''; - } else { - $ssohref = ''.$samlssotext.''; - } - if (($env{'form.saml'} eq 'no') || - (($env{'form.username'} ne '') && ($env{'form.domain'} ne ''))) { - $ssoauthstyle = 'none'; - $stdauthformstyle = 'inline-block'; - $logintype = $samlnonsso; - } - $r->print(< -Log-in type: -$logintype
-$lt{'change'} -

-
-
-$ssohref -$noscript_warning -
-
-$loginhelp -$contactblock -$coursecatalog -
-
-ENDSAML - } - - $r->print(< + $r->print(<
$logintitle $loginform @@ -783,11 +510,10 @@ ENDSAML
-ENDLOGIN - $r->print('
'."\n"); +
+ENDTOP if ($showmainlogo) { - my $alttext = &Apache::loncommon::designparm('login.alttext_logo',$domain); - $r->print(' '."\n"); + $r->print(' '."\n"); } $r->print(< [0,$url,'',1]}); + {'redirect' => [0,$url],}); my $end_page = &Apache::loncommon::end_page(); return $start_page.$end_page; } @@ -1041,19 +729,5 @@ sub newuser_link { return ''.$linkname.''; } -sub decode_token { - my ($info) = @_; - my ($firsturl,@rest)=split(/\&/,$info); - my %form; - if ($firsturl ne '') { - $form{'firsturl'} = &unescape($firsturl); - } - foreach my $item (@rest) { - my ($key,$value) = split(/=/,$item); - $form{$key} = &unescape($value); - } - return %form; -} - 1; __END__