--- loncom/auth/lonlogin.pm	2022/02/24 15:51:28	1.195
+++ loncom/auth/lonlogin.pm	2023/11/21 19:52:18	1.207
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Login Screen
 #
-# $Id: lonlogin.pm,v 1.195 2022/02/24 15:51:28 raeburn Exp $
+# $Id: lonlogin.pm,v 1.207 2023/11/21 19:52:18 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -50,7 +50,7 @@ sub handler {
 	      $ENV{'REDIRECT_QUERY_STRING'}),
 	 ['interface','username','domain','firsturl','localpath','localres',
 	  'token','role','symb','iptoken','btoken','ltoken','ttoken','linkkey',
-          'saml','sso','retry']); 
+          'saml','sso','retry','display']); 
 
 # -- check if they are a migrating user
     if (defined($env{'form.token'})) {
@@ -68,6 +68,11 @@ sub handler {
             $env{'form.ltoken'} = $info{'ltoken'};
         } elsif ($info{'linkprot'}) {
             $env{'form.linkprot'} = $info{'linkprot'};
+            foreach my $item ('linkprotuser','linkprotexit','linkprotpbid','linkprotpburl') {
+                if ($info{$item} ne '') {
+                    $env{'form.'.$item} = $info{$item};
+                }
+            }
         } elsif ($info{'linkkey'} ne '') {
             $env{'form.linkkey'} = $info{'linkkey'};
         }
@@ -170,6 +175,19 @@ sub handler {
             if ($env{'form.symb'}) {
                 $info{'symb'} = $env{'form.symb'};
             }
+            if (($env{'form.firsturl'} eq '/adm/email') && ($env{'form.display'} ne '')) {
+                if ($env{'form.sso'}) {
+                    if ($env{'form.mailrecip'}) {
+                        $info{'display'} = &escape($env{'form.display'});
+                        $info{'mailrecip'} = &escape($env{'form.mailrecip'});
+                    }
+                } else {
+                    if (($env{'form.username'}) && ($env{'form.domain'})) {
+                        $info{'display'} = &escape($env{'form.display'});
+                        $info{'mailrecip'} = &escape($env{'form.username'}.':'.$env{'form.domain'});
+                    }
+                }
+            }
             my $balancer_token = &Apache::lonnet::tmpput(\%info,$found_server);
             unless (($balancer_token eq 'con_lost') || ($balancer_token eq 'refused') ||
                     ($balancer_token eq 'unknown_cmd') || ($balancer_token eq 'no_such_host')) {
@@ -181,6 +199,11 @@ sub handler {
                     $link_info{'ltoken'} = $env{'form.ltoken'};
                 } elsif ($env{'form.linkprot'}) {
                     $link_info{'linkprot'} = $env{'form.linkprot'};
+                    foreach my $item ('linkprotuser','linkprotexit','linkprotpbid','linkprotpburl') {
+                        if ($env{'form.'.$item} ne '') {
+                            $link_info{$item} = $env{'form.'.$item};
+                        }
+                    }
                 } elsif ($env{'form.linkkey'} ne '') {
                     $link_info{'linkkey'} = $env{'form.linkkey'};
                 }
@@ -218,6 +241,11 @@ sub handler {
         $balcookie = $info{'balcookie'};
         &Apache::lonnet::tmpdel($env{'form.btoken'});
         delete($env{'form.btoken'});
+        if (($env{'form.firsturl'} eq '/adm/email') &&
+            (exists($info{'display'})) && (exists($info{'mailrecip'}))) {
+            $env{'form.display'} = &unescape($info{'display'});
+            $env{'form.mailrecip'} = &unescape($info{'mailrecip'});
+        }
     }
 
 #
@@ -249,16 +277,48 @@ sub handler {
             $dest = &HTML::Entities::encode($env{'form.firsturl'},'\'"<>&');
         }
         if (($env{'form.ltoken'}) || ($env{'form.linkprot'})) {
-            my $linkprot;
+            my ($linkprot,$linkprotuser,$linkprotexit,$linkprotpbid,$linkprotpburl);
             if ($env{'form.ltoken'}) {
                 my %info = &Apache::lonnet::tmpget($env{'form.ltoken'});
                 $linkprot = $info{'linkprot'};
-                my $delete = &Apache::lonnet::tmpdel($env{'form.ltoken'});
+                if ($info{'linkprotuser'} ne '') {
+                    $linkprotuser = $info{'linkprotuser'};
+                }
+                if ($info{'linkprotexit'} ne '') {
+                    $linkprotexit = $info{'linkprotexit'};
+                }
+                if ($info{'linkprotpbid'} ne '') {
+                    $linkprotpbid = $info{'linkprotpbid'};
+                }
+                if ($info{'linkprotpburl'} ne '') {
+                    $linkprotpburl = $info{'linkprotpburl'};
+                }
             } else {
                 $linkprot = $env{'form.linkprot'};
+                $linkprotuser = $env{'form.linkprotuser'};
+                $linkprotexit = $env{'form.linkprotexit'};
+                $linkprotpbid = $env{'form.linkprotpbid'};
+                $linkprotpburl = $env{'form.linkprotpburl'}; 
             }
             if ($linkprot) {
                 my ($linkprotector,$deeplink) = split(/:/,$linkprot,2);
+                if (($deeplink =~ m{^/tiny/$match_domain/\w+$}) &&
+                    ($linkprotuser ne '') && ($linkprotuser ne $env{'user.name'}.':'.$env{'user.domain'})) {
+                    my $ip = &Apache::lonnet::get_requestor_ip();
+                    my %linkprotinfo = (
+                                          origurl => $deeplink,
+                                          linkprot => $linkprot,
+                                          linkprotuser => $linkprotuser,
+                                          linkprotexit => $linkprotexit,
+                                          linkprotpbid => $linkprotpbid,
+                                          linkprotpburl => $linkprotpburl,
+                                       );
+                    if ($env{'form.ltoken'}) {
+                        my $delete = &Apache::lonnet::tmpdel($env{'form.ltoken'});
+                    }
+                    &Apache::migrateuser::logout($r,$ip,$handle,undef,undef,\%linkprotinfo);
+                    return OK;
+                }
                 if ($env{'user.linkprotector'}) {
                     my @protectors = split(/,/,$env{'user.linkprotector'});
                     unless (grep(/^\Q$linkprotector\E$/,@protectors)) {
@@ -304,6 +364,20 @@ sub handler {
                 }
             }
         }
+        if ($env{'form.ltoken'}) {
+            my $delete = &Apache::lonnet::tmpdel($env{'form.ltoken'});
+        }
+        if (($env{'form.firsturl'} eq '/adm/email') && ($env{'form.display'})) {
+            if ($env{'form.mailrecip'}) {
+                if ($env{'form.mailrecip'} eq "$env{'user.name'}:$env{'user.domain'}") {
+                    $dest .= (($dest=~/\?/)?'&amp;':'?') . 'display='.&escape($env{'form.display'}).
+                                                           '&amp;mailrecip='.&escape($env{'form.mailrecip'});
+                }
+            } elsif (($env{'form.username'} eq $env{'user.name'}) && ($env{'form.domain'} eq $env{'user.domain'})) {
+                $dest .= (($dest=~/\?/)?'&amp;':'?') . 'display='.&escape($env{'form.display'}).
+                                                       '&amp;mailrecip='.&escape("$env{'user.name'}:$env{'form.domain'}");
+            }
+        }
 	$r->print(
                   $start_page
                  .'<p class="LC_warning">'.&mt('You are already logged in!').'</p>'
@@ -428,20 +502,41 @@ sub handler {
     if ($uextkey>2147483647) { $uextkey-=4294967296; }
 
 # -------------------------------------------------------- Store away log token
-    my ($tokenextras,$tokentype);
-    my @names = ('role','symb','iptoken','ltoken','linkprot','linkkey');
+    my ($tokenextras,$tokentype,$linkprot_for_login);
+    my @names = ('role','symb','iptoken','ltoken','linkprotuser','linkprotexit',
+                 'linkprot','linkkey','display','linkprotpbid','linkprotpburl');
     foreach my $name (@names) {
         if ($env{'form.'.$name} ne '') {
             if ($name eq 'ltoken') {
                 my %info = &Apache::lonnet::tmpget($env{'form.'.$name});
                 if ($info{'linkprot'}) {
+                    $linkprot_for_login = $info{'linkprot'};
                     $tokenextras .= '&linkprot='.&escape($info{'linkprot'});
+                    foreach my $item ('linkprotuser','linkprotexit','linkprotpbid','linkprotpburl') {
+                        if ($info{$item}) {
+                            $tokenextras .= '&'.$item.'='.&escape($info{$item});
+                        }
+                    }
                     $tokentype = 'link';
                     last;
                 }
+            } elsif ($env{'form.display'} && ($env{'form.firsturl'} eq '/adm/email')) {
+                if (($env{'form.mailrecip'}) ||
+                    ($env{'form.username'} =~ /^$match_username$/) && ($env{'form.domain'} =~ /^$match_domain$/)) {
+                    $tokenextras .= '&'.$name.'='.&escape($env{'form.display'});
+                    if ($env{'form.mailrecip'}) {
+                        $tokenextras .= '&mailrecip='.&escape($env{'form.mailrecip'});
+                    } else {
+                        $tokenextras .= '&mailrecip='.&escape($env{'form.username'}.':'.$env{'form.domain'});
+                    }
+                }
             } else {
                 $tokenextras .= '&'.$name.'='.&escape($env{'form.'.$name});
                 if (($name eq 'linkkey') || ($name eq 'linkprot')) {
+                    if ((($env{'form.retry'}) || ($env{'form.sso'})) && 
+                        (!$env{'form.ltoken'}) && ($name eq 'linkprot')) {
+                        $linkprot_for_login = $env{'form.linkprot'};
+                    }
                     $tokentype = 'link';
                 }
             }
@@ -619,7 +714,8 @@ function enableInput() {
 ENDSCRIPT
 
     my ($lonhost_in_use,@hosts,%defaultdomconf,$saml_prefix,$saml_landing,
-        $samlssotext,$samlnonsso,$samlssoimg,$samlssoalt,$samlssourl,$samltooltip);
+        $samlssotext,$samlnonsso,$samlssoimg,$samlssoalt,$samlssourl,$samltooltip,
+        $samlwindow);
     %defaultdomconf = &Apache::loncommon::get_domainconf($defdom);
     @hosts = &Apache::lonnet::current_machine_ids();
     $lonhost_in_use = $lonhost;
@@ -640,6 +736,7 @@ ENDSCRIPT
         $samlssoalt = $defaultdomconf{$saml_prefix.'alt_'.$lonhost_in_use};
         $samlssourl = $defaultdomconf{$saml_prefix.'url_'.$lonhost_in_use};
         $samltooltip = $defaultdomconf{$saml_prefix.'title_'.$lonhost_in_use};
+        $samlwindow = $defaultdomconf{$saml_prefix.'window_'.$lonhost_in_use};
     }
     if ($saml_landing) {
        if ($samlssotext eq '') {
@@ -827,6 +924,7 @@ HEADER
 
     my $stdauthformstyle = 'inline-block';
     my $ssoauthstyle = 'none';
+    my $sso_onclick;
     my $logintype;
     $r->print('<div style="float:left;margin-top:0;">');
     if ($saml_landing) {
@@ -837,6 +935,8 @@ HEADER
         if ($samlssourl  ne '') {
             $ssologin = $samlssourl;
         }
+        my $ssologin_for_js = &js_escape($ssologin);
+        my $querystr_for_js;
         if (($logtoken eq 'con_lost') || ($logtoken eq 'no_such_host')) {
             my $querystring;
             if ($env{'form.firsturl'} ne '') {
@@ -857,16 +957,44 @@ HEADER
             }
             if ($querystring ne '') {
                 $ssologin .= (($ssologin=~/\?/)?'&amp;':'?') . $querystring;
+                $querystr_for_js = &js_escape($querystring);
             }
         } elsif ($logtoken ne '') {
             $ssologin .= (($ssologin=~/\?/)?'&amp;':'?') . 'logtoken='.$logtoken;
+            $querystr_for_js = &js_escape('logtoken='.$logtoken);
         }
         my $ssohref;
+        if ($samlwindow) {
+            $sso_onclick = <<"ENDJS";
+if (document.getElementById('LC_sso_login_link')) {
+    var ssoelem = document.getElementById('LC_sso_login_link')
+    ssoelem.addEventListener('click',samlWinFunction,false);
+    var windows = {};
+    function samlWinFunction(evt) {
+        evt.preventDefault();
+        var url = '$ssologin_for_js';
+        var name = 'lcssowin';
+        var querystr = '$querystr_for_js';
+        if (querystr) {
+            url += '?'+querystr+'&lcssowin=1';
+        } else {
+            url += '?lcssowin=1';
+        }
+        if ((typeof windows[name] !== 'undefined') && (!windows[name].closed)) {
+            windows[name].close();
+        }
+        windows[name]=window.open(url,name,'width=350,height=600');
+        windows[name].focus();
+        return false;
+    }
+}
+ENDJS
+        }
         if ($samlssoimg ne '') {
-            $ssohref = '<a href="'.$ssologin.'" title="'.$samltooltip.'">'.
+            $ssohref = '<a href="'.$ssologin.'" title="'.$samltooltip.'" id="LC_sso_login_link">'.
                        '<img src="'.$samlssoimg.'" alt="'.$samlssoalt.'" id="lcssobutton" /></a>';
         } else {
-            $ssohref = '<a href="'.$ssologin.'">'.$samlssotext.'</a>';
+            $ssohref = '<a href="'.$ssologin.'" id="LC_sso_login_link">'.$samlssotext.'</a>';
         }
         if (($env{'form.saml'} eq 'no') ||
             (($env{'form.username'} ne '') && ($env{'form.domain'} ne ''))) {
@@ -898,6 +1026,46 @@ ENDSAML
             delete($env{'form.ltoken'});
         }
     }
+    my $in_frame_js;
+    if ($linkprot_for_login) {
+        my ($linkprotector,$linkproturi) = split(/:/,$linkprot_for_login,2);
+        if (($linkprotector =~ /^\d+(c|d)$/) && ($linkproturi =~ m{^/+tiny/+$LONCAPA::match_domain/+\w+$})) {
+            my $set_target;
+            if (($env{'form.retry'}) || ($env{'form.sso'})) {
+                if ($linkproturi eq $env{'form.firsturl'}) {
+                    $set_target = "    document.server.target = '_self';";
+                }
+            } else {
+                $set_target = <<ENDTARG;
+    var linkproturi = '$linkproturi';
+    var path = document.location.pathname.replace( new RegExp('^/adm/launch'),'');
+    if (linkproturi == path) {
+        document.server.target = '_self';
+    }
+ENDTARG
+            }
+            $in_frame_js = <<ENDJS;
+<script type="text/javascript">
+// <![CDATA[
+if ((window.self !== window.top) && (document.server.target != '_self')) {
+    $set_target
+    $sso_onclick
+}
+// ]]>
+</script>
+ENDJS
+        }
+    } elsif ($samlwindow) {
+        $in_frame_js = <<ENDJS;
+<script type="text/javascript">
+// <![CDATA[
+if ((window.self !== window.top) && (document.server.target != '_self')) {
+    $sso_onclick
+}
+// ]]>
+</script>
+ENDJS
+    }
 
     $r->print(<<ENDLOGIN);
 <div style="display:$stdauthformstyle;" id="LC_standard_login">
@@ -998,6 +1166,7 @@ $versionrow
     <br style="clear:both;" />
  </div>
 
+$in_frame_js
 <script type="text/javascript">
 // <![CDATA[
 // the if prevents the script error if the browser can not handle this
@@ -1090,31 +1259,60 @@ sub redirect_page {
         $path = '/'.$path;
     }
     my $url = $protocol.'://'.$hostname.$path;
-    if ($env{'form.firsturl'} ne '') {
+    my $args = {};
+    if ($env{'form.firsturl'} =~ m{^/tiny/$match_domain/\w+$}) {
+        $url = $protocol.'://'.$hostname.$env{'form.firsturl'};
+        if (($env{'form.ltoken'}) || ($env{'form.linkprot'} ne '') ||
+            ($env{'form.linkkey'} ne '')) {
+            my %link_info;
+            if ($env{'form.ltoken'}) {
+                %link_info = &Apache::lonnet::tmpget($env{'form.ltoken'});
+                &Apache::lonnet::tmpdel($env{'form.ltoken'});
+                $args->{'only_body'} = 1;
+            } elsif ($env{'form.linkprot'}) {
+                $link_info{'linkprot'} = $env{'form.linkprot'};
+                foreach my $item ('linkprotuser','linkprotexit','linkprotpbid','linkprotpburl') {
+                    if ($env{'form.'.$item}) {
+                        $link_info{$item} = $env{'form.'.$item};
+                    }
+                }
+                $args->{'only_body'} = 1;
+            } elsif ($env{'form.linkkey'} ne '') {
+                $link_info{'linkkey'} = $env{'form.linkkey'};
+            }
+            my $token = &Apache::lonnet::tmpput(\%link_info,$desthost,'link');
+            unless (($token eq 'con_lost') || ($token eq 'refused') ||
+                    ($token eq 'unknown_cmd') || ($token eq 'no_such_host')) {
+                $url .= '?ltoken='.$token;
+            }
+        }
+    } else {
         my $querystring;
-        if ($env{'form.firsturl'} =~ /[^\x00-\xFF]/) {
-            $querystring = &uri_escape_utf8($env{'form.firsturl'});
-        } else {
-            $querystring = &uri_escape($env{'form.firsturl'});
+        if ($env{'form.firsturl'} ne '') {
+            if ($env{'form.firsturl'} =~ /[^\x00-\xFF]/) {
+                $querystring = &uri_escape_utf8($env{'form.firsturl'});
+            } else {
+                $querystring = &uri_escape($env{'form.firsturl'});
+            }
+            $querystring = &HTML::Entities::encode($querystring,"'");
+            $querystring = '?firsturl='.$querystring;
         }
-        $querystring = &HTML::Entities::encode($querystring,"'");
-        $url .='?firsturl='.$querystring;
-    }
-    if (($env{'form.ltoken'}) || ($env{'form.linkkey'} ne '')) {
-        my %link_info;
         if ($env{'form.ltoken'}) {
-            $link_info{'ltoken'} = $env{'form.ltoken'};
-        } elsif ($env{'form.linkkey'} ne '') {
-            $link_info{'linkkey'} = $env{'form.linkkey'};
-        }
-        my $token = &Apache::lonnet::tmpput(\%link_info,$desthost,'link');
-        unless (($token eq 'con_lost') || ($token eq 'refused') ||
-                ($token eq 'unknown_cmd') || ($token eq 'no_such_host')) {
-            $url .= (($url=~/\?/)?'&amp;':'?') . 'ttoken='.$token;
+            my %link_info = &Apache::lonnet::tmpget($env{'form.ltoken'});
+            &Apache::lonnet::tmpdel($env{'form.ltoken'});
+            my $token = &Apache::lonnet::tmpput(\%link_info,$desthost,'link');
+            unless (($token eq 'con_lost') || ($token eq 'refused') || ($token =~ /^error:/) ||
+                    ($token eq 'unknown_cmd') || ($token eq 'no_such_host')) {
+                unless (($path eq '/adm/roles') || ($path eq '/adm/login')) {
+                    $url = $protocol.'://'.$hostname.'/adm/roles';
+                }
+                $querystring .= (($querystring =~/^\?/)?'&amp;':'?') . 'ttoken='.$token;
+            }
         }
+        $url .= $querystring;
     }
-    my $start_page = &Apache::loncommon::start_page('Switching Server ...',undef,
-                                                    {'redirect' => [0,$url],});
+    $args->{'redirect'} = [0,$url,'','',1];
+    my $start_page = &Apache::loncommon::start_page('Switching Server ...',undef,$args);
     my $end_page   = &Apache::loncommon::end_page();
     return $start_page.$end_page;
 }