';
if ($othercontrol{$server}) {
$dom_in_effect = $othercontrol{$server};
my ($current,$forsaml);
@@ -6694,12 +7635,14 @@ sub print_usersessions {
$other_insts,$curroffloadnow,$curroffloadoth,$rowtotal);
} else {
$datatable .= '
'.
- &mt('Nothing to set here, as the cluster to which this domain belongs only contains one server.');
+ &mt('Nothing to set here, as the cluster to which this domain belongs only contains one server.').
+ '
'.
- &mt('Nothing to set here, as the cluster to which this domain belongs only contains one institution.');
+ &mt('Nothing to set here, as the cluster to which this domain belongs only contains one institution.').
+ '
';
} else {
my %lt = &usersession_titles();
my $numinrow = 5;
@@ -7415,7 +8358,7 @@ sub loadbalance_rule_row {
}
my $space;
if ($islast && $num == 1) {
- $space = '
';
+ $space = '
';
}
my $output =
'
'.$space.
@@ -7552,7 +8495,6 @@ sub tool_titles {
my %titles = &Apache::lonlocal::texthash (
aboutme => 'Personal web page',
blog => 'Blog',
- webdav => 'WebDAV',
portfolio => 'Portfolio',
timezone => 'Can set time zone',
official => 'Official courses (with institutional codes)',
@@ -7569,6 +8511,7 @@ sub courserequest_titles {
unofficial => 'Unofficial',
community => 'Communities',
textbook => 'Textbook',
+ lti => 'LTI Provider',
norequest => 'Not allowed',
approval => 'Approval by Dom. Coord.',
validate => 'With validation',
@@ -7682,7 +8625,7 @@ sub print_usercreation {
}
} else {
my @contexts = ('author','course','domain');
- my @authtypes = ('int','krb4','krb5','loc');
+ my @authtypes = ('int','krb4','krb5','loc','lti');
my %checked;
if (ref($settings) eq 'HASH') {
if (ref($settings->{'authtypes'}) eq 'HASH') {
@@ -8244,7 +9187,7 @@ sub noninst_users {
sub captcha_choice {
my ($context,$settings,$itemcount,$customcss,$rowstyle) = @_;
my ($keyentry,$currpub,$currpriv,%checked,$rowname,$pubtext,$privtext,
- $vertext,$currver);
+ $vertext,$currver);
my %lt = &captcha_phrases();
$keyentry = 'hidden';
my $colspan=2;
@@ -8426,6 +9369,7 @@ sub authtype_names {
krb4 => 'Kerberos 4',
krb5 => 'Kerberos 5',
loc => 'Local',
+ lti => 'LTI',
);
return %lt;
}
@@ -8494,12 +9438,13 @@ sub print_defaults {
'
'.$titles->{$item}.
'
';
if ($item eq 'auth_def') {
- my @authtypes = ('internal','krb4','krb5','localauth');
+ my @authtypes = ('internal','krb4','krb5','localauth','lti');
my %shortauth = (
internal => 'int',
krb4 => 'krb4',
krb5 => 'krb5',
- localauth => 'loc'
+ localauth => 'loc',
+ lti => 'lti',
);
my %authnames = &authtype_names();
foreach my $auth (@authtypes) {
@@ -8872,10 +9817,13 @@ sub legacy_scantronformat {
my ($url,$error);
my @statinfo = &Apache::lonnet::stat_file($newurl);
if ((!@statinfo) || ($statinfo[0] eq 'no_such_dir')) {
+ my $modified = [];
(my $result,$url) =
- &publishlogo($r,'copy',$legacyfile,$dom,$confname,'scantron',
- '','',$newfile);
- if ($result ne 'ok') {
+ &Apache::lonconfigsettings::publishlogo($r,'copy',$legacyfile,$dom,$confname,
+ 'scantron','','',$newfile,$modified);
+ if ($result eq 'ok') {
+ &update_modify_urls($r,$modified);
+ } else {
$error = &mt("An error occurred publishing the [_1] bubblesheet format file in RES space. Error was: [_2].",$newfile,$result);
}
}
@@ -9408,6 +10356,7 @@ $portal_js
ENDSCRIPT
}
+ return;
}
sub passwords_javascript {
@@ -9421,7 +10370,7 @@ sub passwords_javascript {
passmax => 'Warning: maximum password length must be a positive integer (or blank).',
passnum => 'Warning: number of previous passwords to save must be a positive integer (or blank).',
);
- } elsif ($prefix eq 'secrets') {
+ } elsif (($prefix eq 'ltisecrets') || ($prefix eq 'toolsecrets')) {
%intalert = &Apache::lonlocal::texthash (
passmin => 'Warning: minimum secret length must be a positive integer greater than 6.',
passmax => 'Warning: maximum secret length must be a positive integer (or blank).',
@@ -9731,7 +10680,7 @@ sub build_category_rows {
sub modifiable_userdata_row {
my ($context,$item,$settings,$numinrow,$rowcount,$usertypes,$fieldsref,$titlesref,
- $rowid,$customcss,$rowstyle) = @_;
+ $rowid,$customcss,$rowstyle,$itemdesc) = @_;
my ($role,$rolename,$statustype);
$role = $item;
if ($context eq 'cancreate') {
@@ -9752,6 +10701,8 @@ sub modifiable_userdata_row {
} else {
$rolename = $role;
}
+ } elsif ($context eq 'lti') {
+ $rolename = &mt('Institutional data used (if available)');
} else {
if ($role eq 'cr') {
$rolename = &mt('Custom role');
@@ -9789,42 +10740,41 @@ sub modifiable_userdata_row {
if ($rowid) {
$rowid = ' id="'.$rowid.'"';
}
-
$output = '
'.
'
'.$rolename.'
'.
'
';
my $rem;
my %checks;
if (ref($settings) eq 'HASH') {
- if (ref($settings->{$context}) eq 'HASH') {
+ my $hashref;
+ if ($context eq 'lti') {
+ if (ref($settings) eq 'HASH') {
+ $hashref = $settings->{'instdata'};
+ }
+ } elsif (ref($settings->{$context}) eq 'HASH') {
if (ref($settings->{$context}->{$role}) eq 'HASH') {
- my $hashref = $settings->{$context}->{$role};
- if ($role eq 'emailusername') {
- if ($statustype) {
- if (ref($settings->{$context}->{$role}->{$statustype}) eq 'HASH') {
- $hashref = $settings->{$context}->{$role}->{$statustype};
- if (ref($hashref) eq 'HASH') {
- foreach my $field (@fields) {
- if ($hashref->{$field}) {
- $checks{$field} = $hashref->{$field};
- }
- }
- }
- }
+ $hashref = $settings->{'lti_instdata'};
+ }
+ if ($role eq 'emailusername') {
+ if ($statustype) {
+ if (ref($settings->{$context}->{$role}->{$statustype}) eq 'HASH') {
+ $hashref = $settings->{$context}->{$role}->{$statustype};
}
- } else {
- if (ref($hashref) eq 'HASH') {
- foreach my $field (@fields) {
- if ($hashref->{$field}) {
- $checks{$field} = ' checked="checked" ';
- }
- }
+ }
+ }
+ }
+ if (ref($hashref) eq 'HASH') {
+ foreach my $field (@fields) {
+ if ($hashref->{$field}) {
+ if ($role eq 'emailusername') {
+ $checks{$field} = $hashref->{$field};
+ } else {
+ $checks{$field} = ' checked="checked" ';
}
}
}
}
}
-
my $total = scalar(@fields);
for (my $i=0; $i<$total; $i++) {
$rem = $i%($numinrow);
@@ -9838,7 +10788,7 @@ sub modifiable_userdata_row {
unless ($role eq 'emailusername') {
if (exists($checks{$fields[$i]})) {
$check = $checks{$fields[$i]};
- } else {
+ } elsif ($context ne 'lti') {
if ($role eq 'st') {
if (ref($settings) ne 'HASH') {
$check = ' checked="checked" ';
@@ -9848,6 +10798,7 @@ sub modifiable_userdata_row {
}
$output .= '
'.
'';
+ my $prefix = 'canmodify';
if ($role eq 'emailusername') {
unless ($checks{$fields[$i]} =~ /^(required|optional)$/) {
$checks{$fields[$i]} = 'omit';
@@ -9858,13 +10809,16 @@ sub modifiable_userdata_row {
$checked='checked="checked" ';
}
$output .= ''.(' ' x2);
}
$output .= ''.$fieldtitles{$fields[$i]}.'';
} else {
+ if ($context eq 'lti') {
+ $prefix = 'lti';
+ }
$output .= '';
}
@@ -9889,15 +10843,19 @@ sub insttypes_row {
my ($settings,$types,$usertypes,$dom,$numinrow,$othertitle,$context,$rowtotal,$onclick,
$customcss,$rowstyle) = @_;
my %lt = &Apache::lonlocal::texthash (
- cansearch => 'Users allowed to search',
+ cansearch => 'Users allowed to search',
statustocreate => 'Institutional affiliation(s) able to create own account (login/SSO)',
- lockablenames => 'User preference to lock name',
- selfassign => 'Self-reportable affiliations',
- overrides => "Override domain's helpdesk settings based on requester's affiliation",
+ lockablenames => 'User preference to lock name',
+ selfassign => 'Self-reportable affiliations',
+ overrides => "Override domain's helpdesk settings based on requester's affiliation",
+ webdav => 'WebDAV access available',
+ authorquota => 'Authoring Space quota (MB)',
);
- my $showdom;
+ my ($showdom,$defaultquota);
if ($context eq 'cansearch') {
$showdom = ' ('.$dom.')';
+ } elsif ($context eq 'authorquota') {
+ $defaultquota = 500;
}
my $class = 'LC_left_item';
if ($context eq 'statustocreate') {
@@ -9934,25 +10892,44 @@ sub insttypes_row {
}
$output .= '
';
}
- my $check = ' ';
- if (ref($settings) eq 'HASH') {
- if (ref($settings->{$context}) eq 'ARRAY') {
- if (grep(/^\Q$types->[$i]\E$/,@{$settings->{$context}})) {
- $check = ' checked="checked" ';
- }
- } elsif (ref($settings->{$context}) eq 'HASH') {
- if (ref($settings->{$context}->{$types->[$i]}) eq 'HASH') {
+ if ($context eq 'authorquota') {
+ my $currquota;
+ if ($settings->{$context}->{$types->[$i]} =~ /^\d+$/) {
+ $currquota = $settings->{$context}->{$types->[$i]};
+ } else {
+ $currquota = $defaultquota;
+ }
+ $output .= '
';
+ }
+ return $resulttext;
+}
+
+sub fetch_secrets {
+ my ($dom,$context,$domconfig,$currsec,$secchanges,$newsec,$newkeyset) = @_;
+ my %keyset;
+ %{$currsec} = ();
+ $newsec->{'private'}{'keys'} = [];
+ $newsec->{'encrypt'} = {};
+ $newsec->{'rules'} = {};
+ if ($context eq 'ltisec') {
+ $newsec->{'linkprot'} = {};
+ }
+ if (ref($domconfig->{$context}) eq 'HASH') {
+ %{$currsec} = %{$domconfig->{$context}};
+ if ($context eq 'ltisec') {
+ if (ref($currsec->{'linkprot'}) eq 'HASH') {
+ foreach my $id (keys(%{$currsec->{'linkprot'}})) {
+ unless ($id =~ /^\d+$/) {
+ delete($currsec->{'linkprot'}{$id});
+ }
+ }
}
- if ($env{'form.ltitools_add_msgtype'} eq 'basic-lti-launch-request') {
- $confhash{$newid}{'msgtype'} = $env{'form.ltitools_add_msgtype'};
+ }
+ if (ref($currsec->{'private'}) eq 'HASH') {
+ if (ref($currsec->{'private'}{'keys'}) eq 'ARRAY') {
+ $newsec->{'private'}{'keys'} = $currsec->{'private'}{'keys'};
+ map { $keyset{$_} = 1; } @{$currsec->{'private'}{'keys'}};
}
- if ($env{'form.ltitools_add_sigmethod'} eq 'HMAC-SHA256') {
- $confhash{$newid}{'sigmethod'} = $env{'form.ltitools_add_sigmethod'};
+ }
+ }
+ my @items= ('crs','dom');
+ if ($context eq 'ltisec') {
+ push(@items,'consumers');
+ }
+ foreach my $item (@items) {
+ my $formelement;
+ if (($context eq 'toolsec') || ($item eq 'consumers')) {
+ $formelement = 'form.'.$context.'_'.$item;
+ } else {
+ $formelement = 'form.'.$context.'_'.$item.'linkprot';
+ }
+ if ($env{$formelement}) {
+ $newsec->{'encrypt'}{$item} = 1;
+ if (ref($currsec->{'encrypt'}) eq 'HASH') {
+ unless ($currsec->{'encrypt'}{$item}) {
+ $secchanges->{'encrypt'} = 1;
+ }
} else {
- $confhash{$newid}{'sigmethod'} = 'HMAC-SHA1';
+ $secchanges->{'encrypt'} = 1;
}
- foreach my $item ('width','height','linktext','explanation') {
- $env{'form.ltitools_add_'.$item} =~ s/^\s+//;
- $env{'form.ltitools_add_'.$item} =~ s/\s+$//;
- if (($item eq 'width') || ($item eq 'height')) {
- if ($env{'form.ltitools_add_'.$item} =~ /^\d+$/) {
- $confhash{$newid}{'display'}{$item} = $env{'form.ltitools_add_'.$item};
+ } elsif (ref($currsec->{'encrypt'}) eq 'HASH') {
+ if ($currsec->{'encrypt'}{$item}) {
+ $secchanges->{'encrypt'} = 1;
+ }
+ }
+ }
+ my $secrets;
+ if ($context eq 'ltisec') {
+ $secrets = 'ltisecrets';
+ } else {
+ $secrets = 'toolsecrets';
+ }
+ unless (exists($currsec->{'rules'})) {
+ $currsec->{'rules'} = {};
+ }
+ &password_rule_changes($secrets,$newsec->{'rules'},$currsec->{'rules'},$secchanges);
+
+ my @ids=&Apache::lonnet::current_machine_ids();
+ my %servers = &Apache::lonnet::get_servers($dom,'library');
+
+ foreach my $hostid (keys(%servers)) {
+ if (($hostid ne '') && (grep(/^\Q$hostid\E$/,@ids))) {
+ my $keyitem = 'form.'.$context.'_privkey_'.$hostid;
+ if (exists($env{$keyitem})) {
+ $env{$keyitem} =~ s/(`)/'/g;
+ if ($keyset{$hostid}) {
+ if ($env{'form.'.$context.'_changeprivkey_'.$hostid}) {
+ if ($env{$keyitem} ne '') {
+ $secchanges->{'private'} = 1;
+ $newkeyset->{$hostid} = $env{$keyitem};
+ }
}
- } else {
- if ($env{'form.ltitools_add_'.$item} ne '') {
- $confhash{$newid}{'display'}{$item} = $env{'form.ltitools_add_'.$item};
+ } elsif ($env{$keyitem} ne '') {
+ unless (grep(/^\Q$hostid\E$/,@{$newsec->{'private'}{'keys'}})) {
+ push(@{$newsec->{'private'}{'keys'}},$hostid);
}
+ $secchanges->{'private'} = 1;
+ $newkeyset->{$hostid} = $env{$keyitem};
}
}
- if ($env{'form.ltitools_add_target'} eq 'window') {
- $confhash{$newid}{'display'}{'target'} = $env{'form.ltitools_add_target'};
- } elsif ($env{'form.ltitools_add_target'} eq 'tab') {
- $confhash{$newid}{'display'}{'target'} = $env{'form.ltitools_add_target'};
+ }
+ }
+}
+
+sub store_security {
+ my ($dom,$context,$secchanges,$newkeyset,$keystore) = @_;
+ return unless ((ref($secchanges) eq 'HASH') && (ref($newkeyset) eq 'HASH') &&
+ (ref($keystore) eq 'HASH'));
+ if (keys(%{$secchanges})) {
+ if ($secchanges->{'private'}) {
+ my $who = &escape($env{'user.name'}.':'.$env{'user.domain'});
+ foreach my $hostid (keys(%{$newkeyset})) {
+ my $storehash = {
+ key => $newkeyset->{$hostid},
+ who => $env{'user.name'}.':'.$env{'user.domain'},
+ };
+ $keystore->{$hostid} = &Apache::lonnet::store_dom($storehash,$context,'private',
+ $dom,$hostid);
+ }
+ }
+ }
+}
+
+sub lti_security_results {
+ my ($dom,$context,$secchanges,$newsec,$newkeyset,$keystore) = @_;
+ my $output;
+ my %domdefaults = &Apache::lonnet::get_domain_defaults($dom);
+ my $needs_update;
+ foreach my $item (keys(%{$secchanges})) {
+ if ($item eq 'encrypt') {
+ $needs_update = 1;
+ my %encrypted;
+ if ($context eq 'lti') {
+ %encrypted = (
+ crs => {
+ on => &mt('Encryption of stored link protection secrets defined in courses enabled'),
+ off => &mt('Encryption of stored link protection secrets defined in courses disabled'),
+ },
+ dom => {
+ on => &mt('Encryption of stored link protection secrets defined in domain enabled'),
+ off => &mt('Encryption of stored link protection secrets defined in domain disabled'),
+ },
+ consumers => {
+ on => &mt('Encryption of stored consumer secrets defined in domain enabled'),
+ off => &mt('Encryption of stored consumer secrets defined in domain disabled'),
+ },
+ );
} else {
- $confhash{$newid}{'display'}{'target'} = 'iframe';
+ %encrypted = (
+ crs => {
+ on => &mt('Encryption of stored external tool secrets defined in courses enabled'),
+ off => &mt('Encryption of stored external tool secrets defined in courses disabled'),
+ },
+ dom => {
+ on => &mt('Encryption of stored external tool secrets defined in domain enabled'),
+ off => &mt('Encryption of stored external tool secrets defined in domain disabled'),
+ },
+ );
}
- if ($env{'form.ltitools_add_image.filename'} ne '') {
- my ($imageurl,$error) =
- &process_ltitools_image($r,$dom,$confname,'ltitools_add_image',$newid,
- $configuserok,$switchserver,$author_ok);
- if ($imageurl) {
- $confhash{$newid}{'image'} = $imageurl;
+ my @types= ('crs','dom');
+ if ($context eq 'lti') {
+ foreach my $type (@types) {
+ undef($domdefaults{'linkprotenc_'.$type});
}
- if ($error) {
- &Apache::lonnet::logthis($error);
- $errors .= '
'.$error.'
';
+ push(@types,'consumers');
+ undef($domdefaults{'ltienc_consumers'});
+ } elsif ($context eq 'ltitools') {
+ foreach my $type (@types) {
+ undef($domdefaults{'toolenc_'.$type});
}
}
- my @fields = &Apache::loncommon::get_env_multiple('form.ltitools_add_fields');
- foreach my $field (@fields) {
- if ($possfield{$field}) {
- if ($field eq 'roles') {
- foreach my $role (@courseroles) {
- my $choice = $env{'form.ltitools_add_roles_'.$role};
- if (($choice ne '') && ($posslti{$choice})) {
- $confhash{$newid}{'roles'}{$role} = $choice;
- if ($role eq 'cc') {
- $confhash{$newid}{'roles'}{'co'} = $choice;
- }
+ foreach my $type (@types) {
+ my $shown = $encrypted{$type}{'off'};
+ if (ref($newsec->{$item}) eq 'HASH') {
+ if ($newsec->{$item}{$type}) {
+ if ($context eq 'lti') {
+ if ($type eq 'consumers') {
+ $domdefaults{'ltienc_consumers'} = 1;
+ } else {
+ $domdefaults{'linkprotenc_'.$type} = 1;
}
+ } elsif ($context eq 'ltitools') {
+ $domdefaults{'toolenc_'.$type} = 1;
}
- } else {
- $confhash{$newid}{'fields'}{$field} = 1;
+ $shown = $encrypted{$type}{'on'};
}
}
+ $output .= '
'.$shown.'
';
+ }
+ } elsif ($item eq 'rules') {
+ my %titles = &Apache::lonlocal::texthash(
+ min => 'Minimum password length',
+ max => 'Maximum password length',
+ chars => 'Required characters',
+ );
+ foreach my $rule ('min','max') {
+ if ($newsec->{rules}{$rule} eq '') {
+ if ($rule eq 'min') {
+ $output .= '
'.&mt('[_1] not set.',$titles{$rule});
+ ' '.&mt('Default of [_1] will be used',
+ $Apache::lonnet::passwdmin).'
';
+ } else {
+ $output .= '
'.&mt('[_1] set to none',$titles{$rule}).'
';
+ }
+ } else {
+ $output .= '
'.&mt('[_1] set to [_2]',$titles{$rule},$newsec->{rules}{$rule}).'
';
+ }
+ }
+ if (ref($newsec->{'rules'}{'chars'}) eq 'ARRAY') {
+ if (@{$newsec->{'rules'}{'chars'}} > 0) {
+ my %rulenames = &Apache::lonlocal::texthash(
+ uc => 'At least one upper case letter',
+ lc => 'At least one lower case letter',
+ num => 'At least one number',
+ spec => 'At least one non-alphanumeric',
+ );
+ my $needed = '
';
+ if (ref($confhash{$itemid}{'makeuser'}) eq 'ARRAY') {
+ if (@{$confhash{$itemid}{'makeuser'}} > 0) {
+ $resulttext .= '
'.&mt('Following roles may create user accounts: [_1]',
+ join(', ',@{$confhash{$itemid}{'makeuser'}})).' ';
+ if ($confhash{$itemid}{'lcauth'} eq 'lti') {
+ $resulttext .= &mt('New users will only be able to authenticate via LTI').'
';
+ if (ref($confhash{$itemid}{'instdata'}) eq 'ARRAY') {
+ if (@{$confhash{$itemid}{'instdata'}} > 0) {
+ $resulttext .= '
'.&mt('Institutional data will be used when creating a new user for: [_1]',
+ join(', ',map { $fieldtitles{$_}; } @{$confhash{$itemid}{'instdata'}})).'
';
+ } else {
+ $resulttext .= '
'.&mt('No institutional data used when creating a new user.').'
';
}
}
- }
- if (ref($confhash{$itemid}{'fields'}) eq 'HASH') {
- my $fieldlist;
- foreach my $field (@allfields) {
- if ($confhash{$itemid}{'fields'}{$field}) {
- $fieldlist .= (' 'x2).$lt{$field}.',';
+ foreach my $item ('topmenu','inlinemenu') {
+ $resulttext .= '
';
@@ -13000,57 +14622,51 @@ sub modify_ltitools {
return $resulttext;
}
-sub process_ltitools_image {
- my ($r,$dom,$confname,$caller,$itemid,$configuserok,$switchserver,$author_ok) = @_;
- my $filename = $env{'form.'.$caller.'.filename'};
- my ($error,$url);
- my ($width,$height) = (21,21);
- if ($configuserok eq 'ok') {
- if ($switchserver) {
- $error = &mt('Upload of Tool Provider (LTI) icon is not permitted to this server: [_1]',
- $switchserver);
- } elsif ($author_ok eq 'ok') {
- my ($result,$imageurl,$madethumb) =
- &publishlogo($r,'upload',$caller,$dom,$confname,
- "ltitools/$itemid/icon",$width,$height);
- if ($result eq 'ok') {
- if ($madethumb) {
- my ($path,$imagefile) = ($imageurl =~ m{^(.+)/([^/]+)$});
- my $imagethumb = "$path/tn-".$imagefile;
- $url = $imagethumb;
- } else {
- $url = $imageurl;
- }
- } else {
- $error = &mt("Upload of [_1] failed because an error occurred publishing the file in RES space. Error was: [_2].",$filename,$result);
+sub get_priv_creds {
+ my ($dom,$home,$encchg,$encrypt,$storedsec) = @_;
+ my ($needenc,$cipher,$privnum);
+ my %domdefs = &Apache::lonnet::get_domain_defaults($dom);
+ if (($encchg) && (ref($encrypt) eq 'HASH')) {
+ $needenc = $encrypt->{'consumers'}
+ } else {
+ $needenc = $domdefs{'ltienc_consumers'};
+ }
+ if ($needenc) {
+ if (($storedsec eq 'ok') || ((ref($domdefs{'ltiprivhosts'}) eq 'ARRAY') &&
+ (grep(/^\Q$home\E$/,@{$domdefs{'ltiprivhosts'}})))) {
+ my %privhash = &Apache::lonnet::restore_dom('lti','private',$dom,$home,1);
+ my $privkey = $privhash{'key'};
+ $privnum = $privhash{'version'};
+ if (($privnum) && ($privkey ne '')) {
+ $cipher = Crypt::CBC->new({'key' => $privkey,
+ 'cipher' => 'DES'});
}
- } else {
- $error = &mt("Upload of [_1] failed because an author role could not be assigned to a Domain Configuration user ([_2]) in domain: [_3]. Error was: [_4].",$filename,$confname,$dom,$author_ok);
}
- } else {
- $error = &mt("Upload of [_1] failed because a Domain Configuration user ([_2]) could not be created in domain: [_3]. Error was: [_4].",$filename,$confname,$dom,$configuserok);
}
- return ($url,$error);
+ return ($cipher,$privnum);
}
-sub get_ltitools_id {
- my ($cdom,$title) = @_;
- # get lock on ltitools db
+sub get_lti_id {
+ my ($domain,$consumer,$dbname) = @_;
+ unless (($dbname eq 'lti') || ($dbname eq 'suggested')) {
+ return ('','invalid db');
+ }
+ # get lock on db
my $lockhash = {
lock => $env{'user.name'}.
':'.$env{'user.domain'},
};
my $tries = 0;
- my $gotlock = &Apache::lonnet::newput_dom('ltitools',$lockhash,$cdom);
+ my $gotlock = &Apache::lonnet::newput_dom($dbname,$lockhash,$domain);
my ($id,$error);
while (($gotlock ne 'ok') && ($tries<10)) {
$tries ++;
sleep (0.1);
- $gotlock = &Apache::lonnet::newput_dom('ltitools',$lockhash,$cdom);
+ $gotlock = &Apache::lonnet::newput_dom($dbname,$lockhash,$domain);
}
if ($gotlock eq 'ok') {
- my %currids = &Apache::lonnet::dump_dom('ltitools',$cdom);
+ my %currids = &Apache::lonnet::dump_dom($dbname,$domain);
if ($currids{'lock'}) {
delete($currids{'lock'});
if (keys(%currids)) {
@@ -13062,269 +14678,20 @@ sub get_ltitools_id {
$id = 1;
}
if ($id) {
- unless (&Apache::lonnet::newput_dom('ltitools',{ $id => $title },$cdom) eq 'ok') {
+ unless (&Apache::lonnet::newput_dom($dbname,{ $id => $consumer },$domain) eq 'ok') {
$error = 'nostore';
}
} else {
$error = 'nonumber';
}
}
- my $dellockoutcome = &Apache::lonnet::del_dom('ltitools',['lock'],$cdom);
+ my $dellockoutcome = &Apache::lonnet::del_dom($dbname,['lock'],$domain);
} else {
$error = 'nolock';
}
return ($id,$error);
}
-sub modify_lti {
- my ($r,$dom,$action,$lastactref,%domconfig) = @_;
- my %domdefaults = &Apache::lonnet::get_domain_defaults($dom,1);
- my (%encconfig,$errors,$resulttext);
-
- my (%currltisec,%secchanges,%newltisec,%newltienc,%keyset,%newkeyset);
- $newltisec{'private'}{'keys'} = [];
- $newltisec{'encrypt'} = {};
- $newltisec{'rules'} = {};
- $newltisec{'linkprot'} = {};
- if (ref($domconfig{'ltisec'}) eq 'HASH') {
- %currltisec = %{$domconfig{'ltisec'}};
- if (ref($currltisec{'linkprot'}) eq 'HASH') {
- foreach my $id (keys(%{$currltisec{'linkprot'}})) {
- unless ($id =~ /^\d+$/) {
- delete($currltisec{'linkprot'}{$id});
- }
- }
- }
- if (ref($currltisec{'private'}) eq 'HASH') {
- if (ref($currltisec{'private'}{'keys'}) eq 'ARRAY') {
- $newltisec{'private'}{'keys'} = $currltisec{'private'}{'keys'};
- map { $keyset{$_} = 1; } @{$currltisec{'private'}{'keys'}};
- }
- }
- }
- foreach my $item ('crs','dom') {
- my $formelement = 'form.ltisec_'.$item.'linkprot';
- if ($env{$formelement}) {
- $newltisec{'encrypt'}{$item} = 1;
- if (ref($currltisec{'encrypt'}) eq 'HASH') {
- unless ($currltisec{'encrypt'}{$item}) {
- $secchanges{'encrypt'} = 1;
- }
- } else {
- $secchanges{'encrypt'} = 1;
- }
- } elsif (ref($currltisec{'encrypt'}) eq 'HASH') {
- if ($currltisec{'encrypt'}{$item}) {
- $secchanges{'encrypt'} = 1;
- }
- }
- }
- unless (exists($currltisec{'rules'})) {
- $currltisec{'rules'} = {};
- }
- &password_rule_changes('secrets',$newltisec{'rules'},$currltisec{'rules'},\%secchanges);
-
- my @ids=&Apache::lonnet::current_machine_ids();
- my %servers = &Apache::lonnet::get_servers($dom,'library');
-
- foreach my $hostid (keys(%servers)) {
- if (($hostid ne '') && (grep(/^\Q$hostid\E$/,@ids))) {
- my $newkey;
- my $keyitem = 'form.ltisec_privkey_'.$hostid;
- if (exists($env{$keyitem})) {
- $env{$keyitem} =~ s/(`)/'/g;
- if ($keyset{$hostid}) {
- if ($env{'form.ltisec_changeprivkey_'.$hostid}) {
- if ($env{$keyitem} ne '') {
- $secchanges{'private'} = 1;
- $newkeyset{$hostid} = $env{$keyitem};
- }
- }
- } elsif ($env{$keyitem} ne '') {
- unless (grep(/^\Q$hostid\E$/,@{$newltisec{'private'}{'keys'}})) {
- push(@{$newltisec{'private'}{'keys'}},$hostid);
- }
- $secchanges{'private'} = 1;
- $newkeyset{$hostid} = $env{$keyitem};
- }
- }
- }
- }
-
- my (%linkprotchg,$linkprotoutput,$is_home);
- my $proterror = &Apache::courseprefs::process_linkprot($dom,'',$currltisec{'linkprot'},
- \%linkprotchg,'domain');
- my $home = &Apache::lonnet::domain($dom,'primary');
- unless (($home eq 'no_host') || ($home eq '')) {
- my @ids=&Apache::lonnet::current_machine_ids();
- foreach my $id (@ids) { if ($id eq $home) { $is_home=1; } }
- }
-
- if (keys(%linkprotchg)) {
- $secchanges{'linkprot'} = 1;
- my %oldlinkprot;
- if (ref($currltisec{'linkprot'}) eq 'HASH') {
- %oldlinkprot = %{$currltisec{'linkprot'}};
- }
- foreach my $id (keys(%linkprotchg)) {
- if (ref($linkprotchg{$id}) eq 'HASH') {
- foreach my $inner (keys(%{$linkprotchg{$id}})) {
- if (($inner eq 'secret') || ($inner eq 'key')) {
- if ($is_home) {
- $newltienc{$id}{$inner} = $linkprotchg{$id}{$inner};
- }
- }
- }
- } else {
- $newltisec{'linkprot'}{$id} = $linkprotchg{$id};
- }
- }
- $linkprotoutput = &Apache::courseprefs::store_linkprot($dom,'','domain',\%linkprotchg,\%oldlinkprot);
- if (keys(%linkprotchg)) {
- %{$newltisec{'linkprot'}} = %linkprotchg;
- }
- }
- if (ref($currltisec{'linkprot'}) eq 'HASH') {
- foreach my $id (%{$currltisec{'linkprot'}}) {
- next if ($id !~ /^\d+$/);
- unless (exists($linkprotchg{$id})) {
- if (ref($currltisec{'linkprot'}{$id}) eq 'HASH') {
- foreach my $inner (keys(%{$currltisec{'linkprot'}{$id}})) {
- if (($inner eq 'secret') || ($inner eq 'key')) {
- if ($is_home) {
- $newltienc{$id}{$inner} = $currltisec{'linkprot'}{$id}{$inner};
- }
- } else {
- $newltisec{'linkprot'}{$id}{$inner} = $currltisec{'linkprot'}{$id}{$inner};
- }
- }
- } else {
- $newltisec{'linkprot'}{$id} = $currltisec{'linkprot'}{$id};
- }
- }
- }
- }
- if ($proterror) {
- $errors .= '
'.$proterror.'
';
- }
-
- my ($putresult,%keystore);
- if (keys(%secchanges)) {
- my %ltienchash;
- my %ltihash = (
- 'ltisec' => { %newltisec }
- );
- $putresult = &Apache::lonnet::put_dom('configuration',\%ltihash,$dom);
- if ($putresult eq 'ok') {
- if ($secchanges{'private'}) {
- my $who = &escape($env{'user.name'}.':'.$env{'user.domain'});
- foreach my $hostid (keys(%newkeyset)) {
- my $storehash = {
- key => $newkeyset{$hostid},
- who => $env{'user.name'}.':'.$env{'user.domain'},
- };
- $keystore{$hostid} = &Apache::lonnet::store_dom($storehash,'lti','private',
- $dom,$hostid);
- }
- }
- if (ref($lastactref) eq 'HASH') {
- if (($secchanges{'encrypt'}) || ($secchanges{'private'})) {
- $lastactref->{'domdefaults'} = 1;
- }
- }
- if (($secchanges{'linkprot'}) && ($is_home)) {
- my %ltienchash = (
- 'linkprot' => { %newltienc }
- );
- &Apache::lonnet::put_dom('encconfig',\%ltienchash,$dom,undef,1);
- }
- }
- } else {
- return &mt('No changes made.');
- }
- if ($putresult eq 'ok') {
- $resulttext = &mt('Changes made:').'
';
- foreach my $item (keys(%secchanges)) {
- if ($item eq 'encrypt') {
- my %encrypted = (
- crs => {
- on => &mt('Encryption of stored link protection secrets defined in courses enabled'),
- off => &mt('Encryption of stored link protection secrets defined in courses disabled'),
- },
- dom => {
- on => &mt('Encryption of stored link protection secrets defined in domain enabled'),
- off => &mt('Encryption of stored link protection secrets defined in domain disabled'),
- },
- );
- foreach my $type ('crs','dom') {
- my $shown = $encrypted{$type}{'off'};
- if (ref($newltisec{$item}) eq 'HASH') {
- if ($newltisec{$item}{$type}) {
- $shown = $encrypted{$type}{'on'};
- }
- }
- $resulttext .= '
'.$shown.'
';
- }
- } elsif ($item eq 'rules') {
- my %titles = &Apache::lonlocal::texthash(
- min => 'Minimum password length',
- max => 'Maximum password length',
- chars => 'Required characters',
- );
- foreach my $rule ('min','max') {
- if ($newltisec{rules}{$rule} eq '') {
- if ($rule eq 'min') {
- $resulttext .= '
'.&mt('[_1] not set.',$titles{$rule});
- ' '.&mt('Default of [_1] will be used',
- $Apache::lonnet::passwdmin).'
';
- } else {
- $resulttext .= '
'.&mt('[_1] set to none',$titles{$rule}).'
';
- }
- } else {
- $resulttext .= '
'.&mt('[_1] set to [_2]',$titles{$rule},$newltisec{rules}{$rule}).'
';
- }
- }
- if (ref($newltisec{'rules'}{'chars'}) eq 'ARRAY') {
- if (@{$newltisec{'rules'}{'chars'}} > 0) {
- my %rulenames = &Apache::lonlocal::texthash(
- uc => 'At least one upper case letter',
- lc => 'At least one lower case letter',
- num => 'At least one number',
- spec => 'At least one non-alphanumeric',
- );
- my $needed = '