--- loncom/auth/lonwebdavacc.pm 2015/05/29 18:42:01 1.4 +++ loncom/auth/lonwebdavacc.pm 2020/12/18 15:23:03 1.7 @@ -1,7 +1,7 @@ # The LearningOnline Network # Authorization Handler for webDAV access to Authoring Space. # -# $Id: lonwebdavacc.pm,v 1.4 2015/05/29 18:42:01 raeburn Exp $ +# $Id: lonwebdavacc.pm,v 1.7 2020/12/18 15:23:03 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -47,17 +47,10 @@ and is used to control access for the fo This module is only called following successful authentication. -Unless lonOtherAuthen has been set, so Single Sign On can be used, -successful authentication will have created a session file and +Successful authentication will have created a session file and transferred the contents to the user's environment. -In the case of SSO, there is no existing user environment, but -$r->user will have been set to the user's username, following -successful authentication. For SSO, the webDAV session file -and environment are set up by a call to -Apache::lonwebdavauth::init_webdav_env(). - -Note: because Apache Basic Auth is used for authentication (unless SSO) +Note: because Apache Basic Auth is used for authentication webDAV access is only available for servers running Apache with SSL. This is part of the LearningOnline Network with CAPA project @@ -75,14 +68,17 @@ Checks if $env{'user.environment'} is de =item * -If no %env, this was SSO authentication so call to &sso_login() to -create session, and return cookie. +If no %env, calls Apache::lonnet::check_for_valid_session() +to retrieve a valid sessionID (webDAV client needs to support +cookies for session retrieval to be successful). If a session is +found Apache::lonnet::transfer_profile_to_env() is called +to populate %env. =item * Checks if requested URL (of form /webdav/authordomain/authorname) is valid and whether authenticated user has an active author or co-author -role in the corresonding Author Space. +role in the corresponding Authoring Space. =back @@ -96,7 +92,7 @@ role in the corresonding Author Space. =item * -Called if no user.environment exists in %env. +Not currently used. =item * @@ -137,13 +133,10 @@ sub handler { my $author = "$aname:$adom"; unless ($env{'user.environment'}) { my $handle = &Apache::lonnet::check_for_valid_session($r,'lonDAV'); - if ($handle eq '') { - $handle = &sso_login($r,$sessiondir,$now,$timetolive,$author); - if ($handle eq '') { - return FORBIDDEN; - } - } else { + if ($handle ne '') { &Apache::lonnet::transfer_profile_to_env($sessiondir,$handle); + } else { + return FORBIDDEN; } } my $uhome=&Apache::lonnet::homeserver($env{'user.name'},$env{'user.domain'}); @@ -164,7 +157,7 @@ sub handler { } } else { if (($env{"user.role.ca./$adom/$aname"}) || - (env{"user.role.aa./$adom/$aname"})) { + ($env{"user.role.aa./$adom/$aname"})) { $allowed = 1; } } @@ -241,8 +234,9 @@ sub sso_login { if (&Apache::lonnet::usertools_access($uname,$udom,'webdav')) { my ($webdav) = ($r->uri =~ m{^(/webdav/$match_domain/$match_username/)}); + my $ip = &Apache::lonnet::get_requestor_ip(); &Apache::lonnet::log($udom,$uname,$uhome, - "SSO log-in to $webdav from $ENV{'REMOTE_ADDR'}"); + "SSO log-in to $webdav from $ip"); my $cookie = "lonDAV=$handle; path=/webdav/; secure; HttpOnly;"; $r->header_out('Set-cookie' => $cookie); $r->send_http_header;