--- loncom/interface/domainprefs.pm 2017/12/06 23:41:19 1.321
+++ loncom/interface/domainprefs.pm 2021/11/22 22:19:58 1.390
@@ -1,7 +1,7 @@
# The LearningOnline Network with CAPA
# Handler to set domain-wide configuration settings
#
-# $Id: domainprefs.pm,v 1.321 2017/12/06 23:41:19 raeburn Exp $
+# $Id: domainprefs.pm,v 1.390 2021/11/22 22:19:58 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -104,7 +104,7 @@ $datatable - HTML containing form eleme
In the case of course requests, radio buttons are displayed for each institutional
affiliate type (and also default, and _LC_adv) for each of the course types
-(official, unofficial, community, textbook, and placement).
+(official, unofficial, community, textbook, placement, and lti).
In each case the radio buttons allow the selection of one of four values:
0, approval, validate, autolimit=N (where N is blank, or a positive integer).
@@ -176,6 +176,7 @@ use Locale::Language;
use DateTime::TimeZone;
use DateTime::Locale;
use Time::HiRes qw( sleep );
+use Net::CIDR;
my $registered_cleanup;
my $modified_urls;
@@ -219,9 +220,10 @@ sub handler {
'serverstatuses','requestcourses','helpsettings',
'coursedefaults','usersessions','loadbalancing',
'requestauthor','selfenrollment','inststatus',
- 'ltitools','ssl','trust','lti'],$dom);
+ 'ltitools','ssl','trust','lti','privacy','passwords',
+ 'proctoring','wafproxy'],$dom);
my %encconfig =
- &Apache::lonnet::get_dom('encconfig',['ltitools','lti'],$dom);
+ &Apache::lonnet::get_dom('encconfig',['ltitools','lti','proctoring'],$dom,undef,1);
if (ref($domconfig{'ltitools'}) eq 'HASH') {
if (ref($encconfig{'ltitools'}) eq 'HASH') {
foreach my $id (keys(%{$domconfig{'ltitools'}})) {
@@ -246,12 +248,25 @@ sub handler {
}
}
}
- my @prefs_order = ('rolecolors','login','defaults','quotas','autoenroll',
- 'autoupdate','autocreate','directorysrch','contacts',
- 'usercreation','selfcreation','usermodification','scantron',
- 'requestcourses','requestauthor','coursecategories',
- 'serverstatuses','helpsettings','coursedefaults',
- 'ltitools','selfenrollment','usersessions','ssl','trust','lti');
+ if (ref($domconfig{'proctoring'}) eq 'HASH') {
+ if (ref($encconfig{'proctoring'}) eq 'HASH') {
+ foreach my $provider (keys(%{$domconfig{'proctoring'}})) {
+ if ((ref($domconfig{'proctoring'}{$provider}) eq 'HASH') &&
+ (ref($encconfig{'proctoring'}{$provider}) eq 'HASH')) {
+ foreach my $item ('key','secret') {
+ $domconfig{'proctoring'}{$provider}{$item} = $encconfig{'proctoring'}{$provider}{$item};
+ }
+ }
+ }
+ }
+ }
+ my @prefs_order = ('rolecolors','login','defaults','wafproxy','passwords','quotas',
+ 'autoenroll','autoupdate','autocreate','directorysrch',
+ 'contacts','privacy','usercreation','selfcreation',
+ 'usermodification','scantron','requestcourses','requestauthor',
+ 'coursecategories','serverstatuses','helpsettings','coursedefaults',
+ 'ltitools','proctoring','selfenrollment','usersessions','ssl',
+ 'trust','lti');
my %existing;
if (ref($domconfig{'loadbalancing'}) eq 'HASH') {
%existing = %{$domconfig{'loadbalancing'}};
@@ -282,7 +297,10 @@ sub handler {
{col1 => 'Log-in Help',
col2 => 'Value'},
{col1 => 'Custom HTML in document head',
- col2 => 'Value'}],
+ col2 => 'Value'},
+ {col1 => 'SSO',
+ col2 => 'Dual login: SSO and non-SSO options'},
+ ],
print => \&print_login,
modify => \&modify_login,
},
@@ -291,13 +309,36 @@ sub handler {
help => 'Domain_Configuration_LangTZAuth',
header => [{col1 => 'Setting',
col2 => 'Value'},
- {col1 => 'Internal Authentication',
- col2 => 'Value'},
{col1 => 'Institutional user types',
col2 => 'Name displayed'}],
print => \&print_defaults,
modify => \&modify_defaults,
},
+ 'wafproxy' =>
+ { text => 'Web Application Firewall/Reverse Proxy',
+ help => 'Domain_Configuration_WAF_Proxy',
+ header => [{col1 => 'Domain(s)',
+ col2 => 'Servers and WAF/Reverse Proxy alias(es)',
+ },
+ {col1 => 'Domain(s)',
+ col2 => 'WAF Configuration',}],
+ print => \&print_wafproxy,
+ modify => \&modify_wafproxy,
+ },
+ 'passwords' =>
+ { text => 'Passwords (Internal authentication)',
+ help => 'Domain_Configuration_Passwords',
+ header => [{col1 => 'Resetting Forgotten Password',
+ col2 => 'Settings'},
+ {col1 => 'Encryption of Stored Passwords (Internal Auth)',
+ col2 => 'Settings'},
+ {col1 => 'Rules for LON-CAPA Passwords',
+ col2 => 'Settings'},
+ {col1 => 'Course Owner Changing Student Passwords',
+ col2 => 'Settings'}],
+ print => \&print_passwords,
+ modify => \&modify_passwords,
+ },
'quotas' =>
{ text => 'Blogs, personal web pages, webDAV/quotas, portfolios',
help => 'Domain_Configuration_Quotas',
@@ -352,6 +393,8 @@ sub handler {
col2 => 'Value',},
{col1 => 'Recipient(s) for notifications',
col2 => 'Value',},
+ {col1 => 'Nightly status check e-mail',
+ col2 => 'Settings',},
{col1 => 'Ask helpdesk form settings',
col2 => 'Value',},],
print => \&print_contacts,
@@ -392,11 +435,12 @@ sub handler {
modify => \&modify_usermodification,
},
'scantron' =>
- { text => 'Bubblesheet format file',
+ { text => 'Bubblesheet format',
help => 'Domain_Configuration_Scantron_Format',
- header => [ {col1 => 'Item',
- col2 => '',
- }],
+ header => [ {col1 => 'Bubblesheet format file',
+ col2 => ''},
+ {col1 => 'Bubblesheet data upload formats',
+ col2 => 'Settings'}],
print => \&print_scantron,
modify => \&modify_scantron,
},
@@ -482,10 +526,16 @@ sub handler {
modify => \&modify_selfenrollment,
},
'privacy' =>
- {text => 'User Privacy',
+ {text => 'Availability of User Information',
help => 'Domain_Configuration_User_Privacy',
- header => [{col1 => 'Setting',
- col2 => 'Value',}],
+ header => [{col1 => 'Role assigned in different domain',
+ col2 => 'Approval options'},
+ {col1 => 'Role assigned in different domain to user of type',
+ col2 => 'User information available in that domain'},
+ {col1 => "Role assigned in user's domain",
+ col2 => 'Information viewable by privileged user'},
+ {col1 => "Role assigned in user's domain",
+ col2 => 'Information viewable by unprivileged user'}],
print => \&print_privacy,
modify => \&modify_privacy,
},
@@ -520,6 +570,14 @@ sub handler {
print => \&print_ltitools,
modify => \&modify_ltitools,
},
+ 'proctoring' =>
+ {text => 'Remote Proctoring Integration',
+ help => 'Domain_Configuration_Proctoring',
+ header => [{col1 => 'Name',
+ col2 => 'Configuration'}],
+ print => \&print_proctoring,
+ modify => \&modify_proctoring,
+ },
'ssl' =>
{text => 'LON-CAPA Network (SSL)',
help => 'Domain_Configuration_Network_SSL',
@@ -577,7 +635,10 @@ sub handler {
{col1 => 'Log-in Help',
col2 => 'Value'},
{col1 => 'Custom HTML in document head',
- col2 => 'Value'}],
+ col2 => 'Value'},
+ {col1 => 'SSO',
+ col2 => 'Dual login: SSO and non-SSO options'},
+ ],
print => \&print_login,
modify => \&modify_login,
};
@@ -625,6 +686,9 @@ END
if (grep(/^contacts$/,@actions)) {
$js .= &contacts_javascript();
}
+ if (grep(/^scantron$/,@actions)) {
+ $js .= &scantron_javascript();
+ }
&Apache::lonconfigsettings::display_settings($r,$dom,$phase,$context,\@prefs_order,\%prefs,\%domconfig,$confname,$js);
} else {
# check if domconfig user exists for the domain.
@@ -747,12 +811,20 @@ sub process_changes {
$output = &modify_loadbalancing($dom,%domconfig);
} elsif ($action eq 'ltitools') {
$output = &modify_ltitools($r,$dom,$action,$lastactref,%domconfig);
+ } elsif ($action eq 'proctoring') {
+ $output = &modify_proctoring($r,$dom,$action,$lastactref,%domconfig);
} elsif ($action eq 'ssl') {
$output = &modify_ssl($dom,$lastactref,%domconfig);
} elsif ($action eq 'trust') {
$output = &modify_trust($dom,$lastactref,%domconfig);
} elsif ($action eq 'lti') {
$output = &modify_lti($r,$dom,$action,$lastactref,%domconfig);
+ } elsif ($action eq 'privacy') {
+ $output = &modify_privacy($dom,%domconfig);
+ } elsif ($action eq 'passwords') {
+ $output = &modify_passwords($r,$dom,$confname,$lastactref,%domconfig);
+ } elsif ($action eq 'wafproxy') {
+ $output = &modify_wafproxy($dom,$action,$lastactref,%domconfig);
}
return $output;
}
@@ -765,6 +837,8 @@ sub print_config_box {
$output = &coursecategories_javascript($settings);
} elsif ($action eq 'defaults') {
$output = &defaults_javascript($settings);
+ } elsif ($action eq 'passwords') {
+ $output = &passwords_javascript();
} elsif ($action eq 'helpsettings') {
my (%privs,%levelscurrent);
my %full=();
@@ -781,6 +855,18 @@ sub print_config_box {
$output =
&Apache::lonuserutils::custom_roledefs_js($context,$crstype,$formname,\%full,
\@templateroles);
+ } elsif ($action eq 'ltitools') {
+ $output .= <itools_javascript($settings);
+ } elsif ($action eq 'lti') {
+ $output .= <i_javascript($settings);
+ } elsif ($action eq 'proctoring') {
+ $output .= &proctoring_javascript($settings);
+ } elsif ($action eq 'wafproxy') {
+ $output .= &wafproxy_javascript($dom);
+ } elsif ($action eq 'autoupdate') {
+ $output .= &autoupdate_javascript();
+ } elsif ($action eq 'login') {
+ $output .= &saml_javascript();
}
$output .=
'
@@ -797,20 +883,24 @@ sub print_config_box {
if ($numheaders > 1) {
my $colspan = '';
my $rightcolspan = '';
+ my $leftnobr = '';
if (($action eq 'rolecolors') || ($action eq 'defaults') ||
($action eq 'directorysrch') ||
- (($action eq 'login') && ($numheaders < 4))) {
+ (($action eq 'login') && ($numheaders < 5))) {
$colspan = ' colspan="2"';
}
if ($action eq 'usersessions') {
$rightcolspan = ' colspan="3"';
}
+ if ($action eq 'passwords') {
+ $leftnobr = ' LC_nobreak';
+ }
$output .= '
- '.&mt($item->{'header'}->[0]->{'col1'}).'
+ '.&mt($item->{'header'}->[0]->{'col1'}).'
'.&mt($item->{'header'}->[0]->{'col2'}).'
';
$rowtotal ++;
@@ -818,12 +908,16 @@ sub print_config_box {
($action eq 'usermodification') || ($action eq 'defaults') || ($action eq 'coursedefaults') ||
($action eq 'selfenrollment') || ($action eq 'usersessions') || ($action eq 'ssl') ||
($action eq 'directorysrch') || ($action eq 'trust') || ($action eq 'helpsettings') ||
- ($action eq 'contacts')) {
+ ($action eq 'contacts') || ($action eq 'privacy') || ($action eq 'wafproxy')) {
$output .= $item->{'print'}->('top',$dom,$settings,\$rowtotal);
+ } elsif ($action eq 'passwords') {
+ $output .= $item->{'print'}->('top',$dom,$confname,$settings,\$rowtotal);
} elsif ($action eq 'coursecategories') {
$output .= $item->{'print'}->('top',$dom,$item,$settings,\$rowtotal);
+ } elsif ($action eq 'scantron') {
+ $output .= $item->{'print'}->($r,'top',$dom,$confname,$settings,\$rowtotal);
} elsif ($action eq 'login') {
- if ($numheaders == 4) {
+ if ($numheaders == 5) {
$colspan = ' colspan="2"';
$output .= &print_login('service',$dom,$confname,$phase,$settings,\$rowtotal);
} else {
@@ -849,12 +943,15 @@ sub print_config_box {
if (($action eq 'autoupdate') || ($action eq 'usercreation') ||
($action eq 'selfcreation') || ($action eq 'selfenrollment') ||
($action eq 'usersessions') || ($action eq 'coursecategories') ||
- ($action eq 'trust') || ($action eq 'contacts') || ($action eq 'defaults')) {
+ ($action eq 'trust') || ($action eq 'contacts') ||
+ ($action eq 'privacy') || ($action eq 'passwords')) {
if ($action eq 'coursecategories') {
$output .= &print_coursecategories('middle',$dom,$item,$settings,\$rowtotal);
$colspan = ' colspan="2"';
} elsif ($action eq 'trust') {
$output .= $item->{'print'}->('shared',$dom,$settings,\$rowtotal);
+ } elsif ($action eq 'passwords') {
+ $output .= $item->{'print'}->('middle',$dom,$confname,$settings,\$rowtotal);
} else {
$output .= $item->{'print'}->('middle',$dom,$settings,\$rowtotal);
}
@@ -900,6 +997,33 @@ sub print_config_box {
'."\n";
if ($action eq 'coursecategories') {
$output .= &print_coursecategories('bottom',$dom,$item,$settings,\$rowtotal);
+ } elsif (($action eq 'contacts') || ($action eq 'privacy') || ($action eq 'passwords')) {
+ if ($action eq 'passwords') {
+ $output .= $item->{'print'}->('lower',$dom,$confname,$settings,\$rowtotal);
+ } else {
+ $output .= $item->{'print'}->('lower',$dom,$settings,\$rowtotal);
+ }
+ $output .= '
+
+
+
+
+
+
+
+
+ '.&mt($item->{'header'}->[3]->{'col1'}).'
+ '.&mt($item->{'header'}->[3]->{'col2'}).' '."\n";
+ if ($action eq 'passwords') {
+ $output .= $item->{'print'}->('bottom',$dom,$confname,$settings,\$rowtotal);
+ } else {
+ $output .= $item->{'print'}->('bottom',$dom,$settings,\$rowtotal);
+ }
+ $output .= '
+
+
+
+ ';
} else {
$output .= $item->{'print'}->('bottom',$dom,$settings,\$rowtotal);
}
@@ -907,8 +1031,10 @@ sub print_config_box {
$rowtotal ++;
} elsif (($action eq 'usermodification') || ($action eq 'coursedefaults') ||
($action eq 'defaults') || ($action eq 'directorysrch') ||
- ($action eq 'helpsettings')) {
+ ($action eq 'helpsettings') || ($action eq 'wafproxy')) {
$output .= $item->{'print'}->('bottom',$dom,$settings,\$rowtotal);
+ } elsif ($action eq 'scantron') {
+ $output .= $item->{'print'}->($r,'bottom',$dom,$confname,$settings,\$rowtotal);
} elsif ($action eq 'ssl') {
$output .= $item->{'print'}->('connto',$dom,$settings,\$rowtotal).'
@@ -932,7 +1058,7 @@ sub print_config_box {
'.&mt($item->{'header'}->[3]->{'col2'}).' '.
$item->{'print'}->('bottom',$dom,$settings,\$rowtotal);
} elsif ($action eq 'login') {
- if ($numheaders == 4) {
+ if ($numheaders == 5) {
$output .= &print_login('page',$dom,$confname,$phase,$settings,\$rowtotal).'
@@ -956,7 +1082,7 @@ sub print_config_box {
';
- if ($numheaders == 4) {
+ if ($numheaders == 5) {
$output .= '
'.&mt($item->{'header'}->[3]->{'col1'}).'
'.&mt($item->{'header'}->[3]->{'col2'}).'
@@ -968,7 +1094,27 @@ sub print_config_box {
';
}
$rowtotal ++;
- $output .= &print_login('headtag',$dom,$confname,$phase,$settings,\$rowtotal);
+ $output .= &print_login('headtag',$dom,$confname,$phase,$settings,\$rowtotal).'
+
+
+
+
+
+
+ ';
+ if ($numheaders == 5) {
+ $output .= '
+ '.&mt($item->{'header'}->[4]->{'col1'}).'
+ '.&mt($item->{'header'}->[4]->{'col2'}).'
+ ';
+ } else {
+ $output .= '
+ '.&mt($item->{'header'}->[3]->{'col1'}).'
+ '.&mt($item->{'header'}->[3]->{'col2'}).'
+ ';
+ }
+ $rowtotal ++;
+ $output .= &print_login('saml',$dom,$confname,$phase,$settings,\$rowtotal);
} elsif ($action eq 'requestcourses') {
$output .= &print_requestmail($dom,$action,$settings,\$rowtotal);
$rowtotal ++;
@@ -1088,10 +1234,9 @@ sub print_config_box {
$output .= &print_quotas($dom,$settings,\$rowtotal,$action);
} elsif (($action eq 'autoenroll') || ($action eq 'autocreate') ||
($action eq 'serverstatuses') || ($action eq 'loadbalancing') ||
- ($action eq 'ltitools') || ($action eq 'lti')) {
+ ($action eq 'ltitools') || ($action eq 'lti') ||
+ ($action eq 'proctoring')) {
$output .= $item->{'print'}->($dom,$settings,\$rowtotal);
- } elsif ($action eq 'scantron') {
- $output .= &print_scantronformat($r,$dom,$confname,$settings,\$rowtotal);
}
}
$output .= '
@@ -1104,9 +1249,12 @@ sub print_config_box {
sub print_login {
my ($caller,$dom,$confname,$phase,$settings,$rowtotal) = @_;
- my ($css_class,$datatable);
+ my ($css_class,$datatable,$switchserver,%lt);
my %choices = &login_choices();
-
+ if (($caller eq 'help') || ($caller eq 'headtag') || ($caller eq 'saml')) {
+ %lt = &login_file_options();
+ $switchserver = &check_switchserver($dom,$confname);
+ }
if ($caller eq 'service') {
my %servers = &Apache::lonnet::internet_dom_servers($dom);
my $choice = $choices{'disallowlogin'};
@@ -1300,18 +1448,10 @@ sub print_login {
$datatable .= &display_color_options($dom,$confname,$phase,'login',$itemcount,\%choices,\%is_custom,\%defaults,\%designs,\@images,\@bgs,\@links,\%alt_text,$rowtotal,\@logintext);
$datatable .= '
';
} elsif ($caller eq 'help') {
- my ($defaulturl,$defaulttype,%url,%type,%lt,%langchoices);
- my $switchserver = &check_switchserver($dom,$confname);
+ my ($defaulturl,$defaulttype,%url,%type,%langchoices);
my $itemcount = 1;
$defaulturl = '/adm/loginproblems.html';
$defaulttype = 'default';
- %lt = &Apache::lonlocal::texthash (
- del => 'Delete?',
- rep => 'Replace:',
- upl => 'Upload:',
- default => 'Default',
- custom => 'Custom',
- );
%langchoices = &Apache::lonlocal::texthash(&get_languages_hash());
my @currlangs;
if (ref($settings) eq 'HASH') {
@@ -1408,14 +1548,6 @@ sub print_login {
}
}
}
- my %lt = &Apache::lonlocal::texthash(
- del => 'Delete?',
- rep => 'Replace:',
- upl => 'Upload:',
- curr => 'View contents',
- none => 'None',
- );
- my $switchserver = &check_switchserver($dom,$confname);
foreach my $lonhost (sort(keys(%domservers))) {
my $exempt = &check_exempt_addresses($currexempt{$lonhost});
$datatable .= ''.$domservers{$lonhost}.' ';
@@ -1436,7 +1568,89 @@ sub print_login {
} else {
$datatable .= ' ';
}
- $datatable .= ' ';
+ $datatable .= ' ';
+ }
+ $datatable .= '';
+ } elsif ($caller eq 'saml') {
+ my %domservers = &Apache::lonnet::get_servers($dom);
+ $datatable .= ''.
+ ' ';
}
@@ -1475,10 +1689,24 @@ sub login_choices {
headtag => "Custom markup",
action => "Action",
current => "Current",
+ samllanding => "Dual login?",
+ samloptions => "Options",
);
return %choices;
}
+sub login_file_options {
+ return &Apache::lonlocal::texthash(
+ del => 'Delete?',
+ rep => 'Replace:',
+ upl => 'Upload:',
+ curr => 'View contents',
+ default => 'Default',
+ custom => 'Custom',
+ none => 'None',
+ );
+}
+
sub print_rolecolors {
my ($phase,$role,$dom,$confname,$settings,$rowtotal) = @_;
my %choices = &color_font_choices();
@@ -1596,7 +1824,7 @@ sub display_color_options {
my $datatable = ''.
''.$choices->{'font'}.' ';
if (!$is_custom->{'font'}) {
- $datatable .= ''.&mt('Default in use:').' '.$defaults->{'font'}.' ';
+ $datatable .= ''.&mt('Default in use:').' '.$defaults->{'font'}.' ';
} else {
$datatable .= ' ';
}
@@ -1605,12 +1833,12 @@ sub display_color_options {
$datatable .= ''.
' '.
- ' ';
+ ' ';
unless ($role eq 'login') {
$datatable .= ''.
''.$choices->{'fontmenu'}.' ';
if (!$is_custom->{'fontmenu'}) {
- $datatable .= ''.&mt('Default in use:').' '.$defaults->{'fontmenu'}.' ';
+ $datatable .= ''.&mt('Default in use:').' '.$defaults->{'fontmenu'}.' ';
} else {
$datatable .= ' ';
}
@@ -1620,7 +1848,7 @@ sub display_color_options {
' '.
- ' ';
+ ' ';
}
my $switchserver = &check_switchserver($dom,$confname);
foreach my $img (@{$images}) {
@@ -1738,7 +1966,7 @@ sub display_color_options {
my $bgs_def;
foreach my $item (@{$bgs}) {
if (!$is_custom->{$item}) {
- $bgs_def .= ''.$choices->{$item}.' '.$defaults->{'bgs'}{$item}.' ';
+ $bgs_def .= ''.$choices->{$item}.' '.$defaults->{'bgs'}{$item}.' ';
}
}
if ($bgs_def) {
@@ -1766,7 +1994,7 @@ sub display_color_options {
my $links_def;
foreach my $item (@{$links}) {
if (!$is_custom->{$item}) {
- $links_def .= ''.$choices->{$item}.''.$defaults->{'links'}{$item}.' ';
+ $links_def .= ''.$choices->{$item}.''.$defaults->{'links'}{$item}.' ';
}
}
if ($links_def) {
@@ -1852,17 +2080,15 @@ sub image_changes {
my ($is_custom,$alt_text,$img_import,$showfile,$fullsize,$role,$img,$imgfile,$logincolors) = @_;
my $output;
if ($img eq 'login') {
- # suppress image for Log-in header
+ $output = ''.$logincolors; # suppress image for Log-in header
} elsif (!$is_custom) {
if ($img ne 'domlogo') {
- $output .= &mt('Default image:').' ';
+ $output = &mt('Default image:').' ';
} else {
- $output .= &mt('Default in use:').' ';
+ $output = &mt('Default in use:').' ';
}
}
- if ($img eq 'login') { # suppress image for Log-in header
- $output .= ' '.$logincolors;
- } else {
+ if ($img ne 'login') {
if ($img_import) {
$output .= ' ';
}
@@ -1893,7 +2119,7 @@ sub print_quotas {
my $typecount = 0;
my ($css_class,%titles);
if ($context eq 'requestcourses') {
- @usertools = ('official','unofficial','community','textbook','placement');
+ @usertools = ('official','unofficial','community','textbook','placement','lti');
@options =('norequest','approval','validate','autolimit');
%validations = &Apache::lonnet::auto_courserequest_checks($dom);
%titles = &courserequest_titles();
@@ -2357,7 +2583,7 @@ sub print_studentcode {
my ($settings,$rowtotal) = @_;
my $rownum = 0;
my ($output,%current);
- my @crstypes = ('official','unofficial','community','textbook','placement');
+ my @crstypes = ('official','unofficial','community','textbook','placement','lti');
if (ref($settings) eq 'HASH') {
if (ref($settings->{'uniquecode'}) eq 'HASH') {
foreach my $type (@crstypes) {
@@ -2484,7 +2710,7 @@ sub print_textbookcourses {
$datatable .= ''.$vpos.' ';
}
$datatable .= ' '."\n".
- ' '.&mt('Add').' '."\n".
+ ' '.&mt('Add').''."\n".
''.
''.&mt('Subject:').' '."\n".
(' 'x2).
@@ -2501,13 +2727,13 @@ sub print_textbookcourses {
} else {
$datatable .= ' ';
}
+ $datatable .= ''."\n";
}
- $datatable .= ''."\n".
- ''.&mt('LON-CAPA course:').' '.
+ $datatable .= ''.&mt('LON-CAPA course:').' '.
&Apache::loncommon::select_dom_form($env{'request.role.domain'},$type.'_addbook_cdom').
' '.
&Apache::loncommon::selectcourse_link
- ('display',$type.'_addbook_cnum',$type.'_addbook_cdom',undef,undef,undef,'Course');
+ ('display',$type.'_addbook_cnum',$type.'_addbook_cdom',undef,undef,undef,'Course').
' '."\n".
''."\n";
$itemcount ++;
@@ -2712,6 +2938,134 @@ function toggleLTITools(form,setting,ite
}
}
}
+ if (setting == 'user') {
+ divid = 'ltitools_'+setting+'_div_'+item;
+ var checkid = 'ltitools_'+setting+'_field_'+item;
+ if (document.getElementById(divid)) {
+ if (document.getElementById(checkid)) {
+ if (document.getElementById(checkid).checked) {
+ document.getElementById(divid).style.display = 'inline-block';
+ } else {
+ document.getElementById(divid).style.display = 'none';
+ }
+ }
+ }
+ }
+ return;
+}
+// ]]>
+
+
+ENDSCRIPT
+}
+
+sub wafproxy_javascript {
+ my ($dom) = @_;
+ return <<"ENDSCRIPT";
+
+
+ENDSCRIPT
+}
+
+
sub lti_javascript {
my ($settings) = @_;
my $togglejs = <i_toggle_js();
@@ -2727,14 +3177,16 @@ sub lti_javascript {
return $togglejs;
}
my (%ordered,$total,%jstext);
- $total = 0;
+ $total = scalar(keys(%{$settings}));
foreach my $item (keys(%{$settings})) {
if (ref($settings->{$item}) eq 'HASH') {
my $num = $settings->{$item}{'order'};
+ if ($num eq '') {
+ $num = $total - 1;
+ }
$ordered{$num} = $item;
}
}
- $total = scalar(keys(%{$settings}));
my @jsarray = ();
foreach my $item (sort {$a <=> $b } (keys(%ordered))) {
push(@jsarray,$ordered{$item});
@@ -2793,32 +3245,76 @@ ENDSCRIPT
}
sub lti_toggle_js {
+ my %lcauthparmtext = &Apache::lonlocal::texthash (
+ localauth => 'Local auth argument',
+ krb => 'Kerberos domain',
+ );
return <<"ENDSCRIPT";
+
+ENDSCRIPT
+}
+
+sub autoupdate_javascript {
+ return <<"ENDSCRIPT";
+
+
+ENDSCRIPT
+}
+
+sub saml_javascript {
+ return <<"ENDSCRIPT";
+
+
+ENDSCRIPT
+
+}
+
sub print_scantronformat {
my ($r,$dom,$confname,$settings,$rowtotal) = @_;
my $itemcount = 1;
@@ -7528,8 +10055,8 @@ sub print_scantronformat {
if ($configuserok eq 'ok') {
if ($author_ok eq 'ok') {
my %legacyfile = (
- default => $Apache::lonnet::perlvar{'lonTabDir'}.'/default_scantronformat.tab',
- custom => $Apache::lonnet::perlvar{'lonTabDir'}.'/scantronformat.tab',
+ default => $Apache::lonnet::perlvar{'lonTabDir'}.'/default_scantronformat.tab',
+ custom => $Apache::lonnet::perlvar{'lonTabDir'}.'/scantronformat.tab',
);
my %md5chk;
foreach my $type (keys(%legacyfile)) {
@@ -7538,7 +10065,7 @@ sub print_scantronformat {
}
if ($md5chk{'default'} ne $md5chk{'custom'}) {
foreach my $type (keys(%legacyfile)) {
- ($scantronurls{$type},my $error) =
+ ($scantronurls{$type},my $error) =
&legacy_scantronformat($r,$dom,$confname,
$type,$legacyfile{$type},
$scantronurls{$type},
@@ -7549,13 +10076,13 @@ sub print_scantronformat {
}
if (keys(%error) == 0) {
$is_custom = 1;
- $confhash{'scantron'}{'scantronformat'} =
+ $confhash{'scantron'}{'scantronformat'} =
$scantronurls{'custom'};
- my $putresult =
+ my $putresult =
&Apache::lonnet::put_dom('configuration',
\%confhash,$dom);
if ($putresult ne 'ok') {
- $error{'custom'} =
+ $error{'custom'} =
''.
&mt('An error occurred updating the domain configuration: [_1]',$putresult).' ';
}
@@ -7675,6 +10202,129 @@ sub legacy_scantronformat {
return ($url,$error);
}
+sub print_scantronconfig {
+ my ($dom,$settings,$rowtotal) = @_;
+ my $itemcount = 2;
+ my $is_checked = ' checked="checked"';
+ my %optionson = (
+ hdr => ' checked="checked"',
+ pad => ' checked="checked"',
+ rem => ' checked="checked"',
+ );
+ my %optionsoff = (
+ hdr => '',
+ pad => '',
+ rem => '',
+ );
+ my $currcsvsty = 'none';
+ my ($datatable,%csvfields,%checked,%onclick,%csvoptions);
+ my @fields = &scantroncsv_fields();
+ my %titles = &scantronconfig_titles();
+ if (ref($settings) eq 'HASH') {
+ if (ref($settings->{config}) eq 'HASH') {
+ if ($settings->{config}->{dat}) {
+ $checked{'dat'} = $is_checked;
+ }
+ if (ref($settings->{config}->{csv}) eq 'HASH') {
+ if (ref($settings->{config}->{csv}->{fields}) eq 'HASH') {
+ %csvfields = %{$settings->{config}->{csv}->{fields}};
+ if (keys(%csvfields) > 0) {
+ $checked{'csv'} = $is_checked;
+ $currcsvsty = 'block';
+ }
+ }
+ if (ref($settings->{config}->{csv}->{options}) eq 'HASH') {
+ %csvoptions = %{$settings->{config}->{csv}->{options}};
+ foreach my $option (keys(%optionson)) {
+ unless ($csvoptions{$option}) {
+ $optionsoff{$option} = $optionson{$option};
+ $optionson{$option} = '';
+ }
+ }
+ }
+ }
+ } else {
+ $checked{'dat'} = $is_checked;
+ }
+ } else {
+ $checked{'dat'} = $is_checked;
+ }
+ $onclick{'csv'} = ' onclick="toggleScantron(this.form);"';
+ my $css_class = $itemcount%2? ' class="LC_odd_row"':'';
+ $datatable = ''.&mt('Supported formats').' '.
+ '';
+ foreach my $item ('dat','csv') {
+ my $id;
+ if ($item eq 'csv') {
+ $id = 'id="scantronconfcsv" ';
+ }
+ $datatable .= ' '.
+ $titles{$item}.' '.(' 'x3);
+ if ($item eq 'csv') {
+ $datatable .= ''.
+ ''.&mt('CSV Column Mapping').' '.
+ ''.&mt('Field').' '.&mt('Location').' '."\n";
+ foreach my $col (@fields) {
+ my $selnone;
+ if ($csvfields{$col} eq '') {
+ $selnone = ' selected="selected"';
+ }
+ $datatable .= ''.$titles{$col}.' '.
+ ''.
+ ' ';
+ for (my $i=0; $i<20; $i++) {
+ my $shown = $i+1;
+ my $sel;
+ unless ($selnone) {
+ if (exists($csvfields{$col})) {
+ if ($csvfields{$col} == $i) {
+ $sel = ' selected="selected"';
+ }
+ }
+ }
+ $datatable .= ''.$shown.' ';
+ }
+ $datatable .= ' ';
+ }
+ $datatable .= '
'.
+ ''.
+ ''.&mt('CSV Options').' ';
+ foreach my $option ('hdr','pad','rem') {
+ $datatable .= ''.$titles{$option}.':'.
+ ' '.
+ &mt('Yes').' '.(' 'x2)."\n".
+ ' '.&mt('No').' ';
+ }
+ $datatable .= ' ';
+ $itemcount ++;
+ }
+ }
+ $datatable .= ' ';
+ $$rowtotal ++;
+ return $datatable;
+}
+
+sub scantronconfig_titles {
+ return &Apache::lonlocal::texthash(
+ dat => 'Standard format (.dat)',
+ csv => 'Comma separated values (.csv)',
+ hdr => 'Remove first line in file (contains column titles)',
+ pad => 'Prepend 0s to PaperID',
+ rem => 'Remove leading spaces (except Question Response columns)',
+ CODE => 'CODE',
+ ID => 'Student ID',
+ PaperID => 'Paper ID',
+ FirstName => 'First Name',
+ LastName => 'Last Name',
+ FirstQuestion => 'First Question Response',
+ Section => 'Section',
+ );
+}
+
+sub scantroncsv_fields {
+ return ('PaperID','LastName','FirstName','ID','Section','CODE','FirstQuestion');
+}
+
sub print_coursecategories {
my ($position,$dom,$hdritem,$settings,$rowtotal) = @_;
my $datatable;
@@ -7717,7 +10367,7 @@ sub print_coursecategories {
' '.$lt{$type}.' ';
}
- $datatable .= '';
+ $datatable .= '';
$itemcount ++;
}
$$rowtotal += $itemcount;
@@ -7803,7 +10453,7 @@ sub print_coursecategories {
$can_catcomm_dom.' value="dom" />'.$level{'dom'}.' '.
' '.$level{'comm'}.' '.
- ''.
+ ' '.
''.$title{'togglecatsplace'}.' '.
''.
' {'header'}->[1]->{'col2'}.' '
+ $datatable .= ' '.$hdritem->{'header'}->[1]->{'col2'}.' '
.&initialize_categories($itemcount);
}
$$rowtotal += $itemcount;
@@ -8008,7 +10658,7 @@ sub print_serverstatuses {
''.
' '.
- ''."\n";
+ ' '."\n";
}
$$rowtotal += $rownum;
return $datatable;
@@ -8023,35 +10673,7 @@ sub serverstatus_pages {
sub defaults_javascript {
my ($settings) = @_;
- my $intauthcheck = &mt('Warning: disallowing login for an authenticated user if the stored cost is less than the default will require a password reset by/for the user.');
- my $intauthcost = &mt('Warning: bcrypt encryption cost for internal authentication must be an integer.');
- &js_escape(\$intauthcheck);
- &js_escape(\$intauthcost);
- my $intauthjs = <<"ENDSCRIPT";
-
-function warnIntAuth(field) {
- if (field.name == 'intauth_check') {
- if (field.value == '2') {
- alert('$intauthcheck');
- }
- }
- if (field.name == 'intauth_cost') {
- field.value.replace(/\s/g,'');
- if (field.value != '') {
- var regexdigit=/^\\d+\$/;
- if (!regexdigit.test(field.value)) {
- alert('$intauthcost');
- }
- }
- }
- return;
-}
-
-ENDSCRIPT
-
- if (ref($settings) ne 'HASH') {
- return &Apache::lonhtmlcommon::scripttag($intauthjs);
- }
+ return unless (ref($settings) eq 'HASH');
if ((ref($settings->{'inststatusorder'}) eq 'ARRAY') && (ref($settings->{'inststatustypes'}) eq 'HASH')) {
my $maxnum = scalar(@{$settings->{'inststatusorder'}});
if ($maxnum eq '') {
@@ -8105,15 +10727,100 @@ $jstext
return;
}
-$intauthjs
-
// ]]>
ENDSCRIPT
+ }
+ return;
+}
+
+sub passwords_javascript {
+ my %intalert = &Apache::lonlocal::texthash (
+ authcheck => 'Warning: disallowing login for an authenticated user if the stored cost is less than the default will require a password reset by/for the user.',
+ authcost => 'Warning: bcrypt encryption cost for internal authentication must be an integer.',
+ passmin => 'Warning: minimum password length must be a positive integer greater than 6.',
+ passmax => 'Warning: maximum password length must be a positive integer (or blank).',
+ passexp => 'Warning: days before password expiration must be a positive integer (or blank).',
+ passnum => 'Warning: number of previous passwords to save must be a positive integer (or blank).',
+ );
+ &js_escape(\%intalert);
+ my $defmin = $Apache::lonnet::passwdmin;
+ my $intauthjs = <<"ENDSCRIPT";
+
+function warnIntAuth(field) {
+ if (field.name == 'intauth_check') {
+ if (field.value == '2') {
+ alert('$intalert{authcheck}');
+ }
+ }
+ if (field.name == 'intauth_cost') {
+ field.value.replace(/\s/g,'');
+ if (field.value != '') {
+ var regexdigit=/^\\d+\$/;
+ if (!regexdigit.test(field.value)) {
+ alert('$intalert{authcost}');
+ }
+ }
+ }
+ return;
+}
+
+function warnIntPass(field) {
+ field.value.replace(/^\s+/,'');
+ field.value.replace(/\s+\$/,'');
+ var regexdigit=/^\\d+\$/;
+ if (field.name == 'passwords_min') {
+ if (field.value == '') {
+ alert('$intalert{passmin}');
+ field.value = '$defmin';
+ } else {
+ if (!regexdigit.test(field.value)) {
+ alert('$intalert{passmin}');
+ field.value = '$defmin';
+ }
+ var minval = parseInt(field.value,10);
+ if (minval < $defmin) {
+ alert('$intalert{passmin}');
+ field.value = '$defmin';
+ }
+ }
} else {
- return &Apache::lonhtmlcommon::scripttag($intauthjs);
+ if (field.value == '0') {
+ field.value = '';
+ }
+ if (field.value != '') {
+ if (field.name == 'passwords_expire') {
+ var regexpposnum=/^\\d+(|\\.\\d*)\$/;
+ if (!regexpposnum.test(field.value)) {
+ alert('$intalert{passexp}');
+ field.value = '';
+ } else {
+ var expval = parseFloat(field.value);
+ if (expval == 0) {
+ alert('$intalert{passexp}');
+ field.value = '';
+ }
+ }
+ } else {
+ if (!regexdigit.test(field.value)) {
+ if (field.name == 'passwords_max') {
+ alert('$intalert{passmax}');
+ } else {
+ if (field.name == 'passwords_numsaved') {
+ alert('$intalert{passnum}');
+ }
+ }
+ field.value = '';
+ }
+ }
+ }
}
+ return;
+}
+
+ENDSCRIPT
+ return &Apache::lonhtmlcommon::scripttag($intauthjs);
}
sub coursecategories_javascript {
@@ -8231,25 +10938,28 @@ ENDSCRIPT
sub initialize_categories {
my ($itemcount) = @_;
my ($datatable,$css_class,$chgstr);
- my %default_names = (
+ my %default_names = &Apache::lonlocal::texthash (
instcode => 'Official courses (with institutional codes)',
communities => 'Communities',
placement => 'Placement Tests',
);
- my $select0 = ' selected="selected"';
- my $select1 = '';
+ my %selnum = (
+ instcode => '0',
+ communities => '1',
+ placement => '2',
+ );
+ my %selected;
foreach my $default ('instcode','communities','placement') {
$css_class = $itemcount%2?' class="LC_odd_row"':'';
- $chgstr = ' onchange="javascript:reorderCats(this.form,'."'',$default"."_pos','0'".');"';
- if (($default eq 'communities') || ($default eq 'placement')) {
- $select1 = $select0;
- $select0 = '';
- }
+ $chgstr = ' onchange="javascript:reorderCats(this.form,'."'','$default"."_pos','0'".');"';
+ map { $selected{$selnum{$_}} = '' } keys(%selnum);
+ $selected{$selnum{$default}} = ' selected="selected"';
$datatable .= ''
- .''
- .'1 '
- .'2 '
- .'3 '
+ .''
+ .'1 '
+ .'2 '
+ .'3 '
+ .'4 '
.$default_names{$default}
.' '
.' '
@@ -8264,9 +10974,11 @@ sub initialize_categories {
.''
.'1 '
.'2 '
- .'3 '
- .&mt('Add category').' '.&mt('Name:')
- .' ';
+ .'3 '
+ .'4 '
+ .&mt('Add category').''.&mt('Name:')
+ .' '
+ .' ';
return $datatable;
}
@@ -8321,7 +11033,7 @@ sub build_category_rows {
pop(@{$path});
}
} else {
- $text .= &mt('Add subcategory:').' '.&mt('Add subcategory:').' ';
+ $text .= ''.&mt('Add subcategory:').' ';
}
}
}
@@ -8354,7 +11066,7 @@ sub build_category_rows {
sub modifiable_userdata_row {
my ($context,$item,$settings,$numinrow,$rowcount,$usertypes,$fieldsref,$titlesref,
- $rowid,$customcss,$rowstyle) = @_;
+ $rowid,$customcss,$rowstyle,$itemdesc) = @_;
my ($role,$rolename,$statustype);
$role = $item;
if ($context eq 'cancreate') {
@@ -8375,6 +11087,10 @@ sub modifiable_userdata_row {
} else {
$rolename = $role;
}
+ } elsif ($context eq 'lti') {
+ $rolename = &mt('Institutional data used (if available)');
+ } elsif ($context eq 'privacy') {
+ $rolename = $itemdesc;
} else {
if ($role eq 'cr') {
$rolename = &mt('Custom role');
@@ -8417,30 +11133,39 @@ sub modifiable_userdata_row {
'';
my $rem;
my %checks;
+ my %current;
if (ref($settings) eq 'HASH') {
- if (ref($settings->{$context}) eq 'HASH') {
+ my $hashref;
+ if ($context eq 'lti') {
+ if (ref($settings) eq 'HASH') {
+ $hashref = $settings->{'instdata'};
+ }
+ } elsif ($context eq 'privacy') {
+ my ($key,$inner) = split(/_/,$role);
+ if (ref($settings) eq 'HASH') {
+ if (ref($settings->{$key}) eq 'HASH') {
+ $hashref = $settings->{$key}->{$inner};
+ }
+ }
+ } elsif (ref($settings->{$context}) eq 'HASH') {
if (ref($settings->{$context}->{$role}) eq 'HASH') {
- my $hashref = $settings->{$context}->{$role};
- if ($role eq 'emailusername') {
- if ($statustype) {
- if (ref($settings->{$context}->{$role}->{$statustype}) eq 'HASH') {
- $hashref = $settings->{$context}->{$role}->{$statustype};
- if (ref($hashref) eq 'HASH') {
- foreach my $field (@fields) {
- if ($hashref->{$field}) {
- $checks{$field} = $hashref->{$field};
- }
- }
- }
- }
+ $hashref = $settings->{'lti_instdata'};
+ }
+ if ($role eq 'emailusername') {
+ if ($statustype) {
+ if (ref($settings->{$context}->{$role}->{$statustype}) eq 'HASH') {
+ $hashref = $settings->{$context}->{$role}->{$statustype};
}
- } else {
- if (ref($hashref) eq 'HASH') {
- foreach my $field (@fields) {
- if ($hashref->{$field}) {
- $checks{$field} = ' checked="checked" ';
- }
- }
+ }
+ }
+ }
+ if (ref($hashref) eq 'HASH') {
+ foreach my $field (@fields) {
+ if ($hashref->{$field}) {
+ if ($role eq 'emailusername') {
+ $checks{$field} = $hashref->{$field};
+ } else {
+ $checks{$field} = ' checked="checked" ';
}
}
}
@@ -8459,8 +11184,26 @@ sub modifiable_userdata_row {
my $check = ' ';
unless ($role eq 'emailusername') {
if (exists($checks{$fields[$i]})) {
- $check = $checks{$fields[$i]}
- } else {
+ $check = $checks{$fields[$i]};
+ } elsif ($context eq 'privacy') {
+ if ($role =~ /^priv_(domain|course)$/) {
+ if (ref($settings) ne 'HASH') {
+ $check = ' checked="checked" ';
+ }
+ } elsif ($role =~ /^priv_(author|community)$/) {
+ if (ref($settings) ne 'HASH') {
+ unless ($fields[$i] eq 'id') {
+ $check = ' checked="checked" ';
+ }
+ }
+ } elsif ($role =~ /^(unpriv|othdom)_/) {
+ if (ref($settings) ne 'HASH') {
+ if (($fields[$i] eq 'lastname') || ($fields[$i] eq 'firstname')) {
+ $check = ' checked="checked" ';
+ }
+ }
+ }
+ } elsif ($context ne 'lti') {
if ($role eq 'st') {
if (ref($settings) ne 'HASH') {
$check = ' checked="checked" ';
@@ -8470,6 +11213,7 @@ sub modifiable_userdata_row {
}
$output .= ''.
'';
+ my $prefix = 'canmodify';
if ($role eq 'emailusername') {
unless ($checks{$fields[$i]} =~ /^(required|optional)$/) {
$checks{$fields[$i]} = 'omit';
@@ -8480,13 +11224,18 @@ sub modifiable_userdata_row {
$checked='checked="checked" ';
}
$output .= ''.
- ' '.
+ ' '.
&mt($option).' '.(' ' x2);
}
$output .= ''.$fieldtitles{$fields[$i]}.' ';
} else {
+ if ($context eq 'lti') {
+ $prefix = 'lti';
+ } elsif ($context eq 'privacy') {
+ $prefix = 'privacy';
+ }
$output .= ''.
- ' '.$fieldtitles{$fields[$i]}.
' ';
}
@@ -8588,7 +11337,7 @@ sub insttypes_row {
}
$output .= ' ';
} else {
- if (($rem == 0) && (@{$types} > 0)) {
+ if ($rem == 0) {
$output .= '';
}
if ($colsleft > 1) {
@@ -8688,12 +11437,14 @@ sub usertype_update_row {
sub modify_login {
my ($r,$dom,$confname,$lastactref,%domconfig) = @_;
my ($resulttext,$errors,$colchgtext,%changes,%colchanges,%newfile,%newurl,
- %curr_loginvia,%loginhash,@currlangs,@newlangs,$addedfile,%title,@offon);
+ %curr_loginvia,%loginhash,@currlangs,@newlangs,$addedfile,%title,@offon,
+ %currsaml,%saml,%samltext,%samlimg,%samlalt,%samlurl,%samltitle,%samlnotsso);
%title = ( coursecatalog => 'Display course catalog',
adminmail => 'Display administrator E-mail address',
helpdesk => 'Display "Contact Helpdesk" link',
newuser => 'Link for visitors to create a user account',
- loginheader => 'Log-in box header');
+ loginheader => 'Log-in box header',
+ saml => 'Dual SSO and non-SSO login');
@offon = ('off','on');
if (ref($domconfig{login}) eq 'HASH') {
if (ref($domconfig{login}{loginvia}) eq 'HASH') {
@@ -8701,6 +11452,20 @@ sub modify_login {
$curr_loginvia{$lonhost} = $domconfig{login}{loginvia}{$lonhost};
}
}
+ if (ref($domconfig{login}{'saml'}) eq 'HASH') {
+ foreach my $lonhost (keys(%{$domconfig{login}{'saml'}})) {
+ if (ref($domconfig{login}{'saml'}{$lonhost}) eq 'HASH') {
+ $currsaml{$lonhost} = $domconfig{login}{'saml'}{$lonhost};
+ $saml{$lonhost} = 1;
+ $samltext{$lonhost} = $domconfig{login}{'saml'}{$lonhost}{'text'};
+ $samlurl{$lonhost} = $domconfig{login}{'saml'}{$lonhost}{'url'};
+ $samlalt{$lonhost} = $domconfig{login}{'saml'}{$lonhost}{'alt'};
+ $samlimg{$lonhost} = $domconfig{login}{'saml'}{$lonhost}{'img'};
+ $samltitle{$lonhost} = $domconfig{login}{'saml'}{$lonhost}{'title'};
+ $samlnotsso{$lonhost} = $domconfig{login}{'saml'}{$lonhost}{'notsso'};
+ }
+ }
+ }
}
($errors,%colchanges) = &modify_colors($r,$dom,$confname,['login'],
\%domconfig,\%loginhash);
@@ -8947,6 +11712,89 @@ sub modify_login {
$errors .= ''.$error.' ';
}
}
+ my @delsamlimg = &Apache::loncommon::get_env_multiple('form.saml_img_del');
+ my @newsamlimgs;
+ foreach my $lonhost (keys(%domservers)) {
+ if ($env{'form.saml_'.$lonhost}) {
+ if ($env{'form.saml_img_'.$lonhost.'.filename'}) {
+ push(@newsamlimgs,$lonhost);
+ }
+ foreach my $item ('text','alt','url','title','notsso') {
+ $env{'form.saml_'.$item.'_'.$lonhost} =~ s/^\s+|\s+$//g;
+ }
+ if ($saml{$lonhost}) {
+ if (grep(/^\Q$lonhost\E$/,@delsamlimg)) {
+#FIXME Need to obsolete published image
+ delete($currsaml{$lonhost}{'img'});
+ $changes{'saml'}{$lonhost} = 1;
+ }
+ if ($env{'form.saml_alt_'.$lonhost} ne $samlalt{$lonhost}) {
+ $changes{'saml'}{$lonhost} = 1;
+ }
+ if ($env{'form.saml_text_'.$lonhost} ne $samltext{$lonhost}) {
+ $changes{'saml'}{$lonhost} = 1;
+ }
+ if ($env{'form.saml_url_'.$lonhost} ne $samlurl{$lonhost}) {
+ $changes{'saml'}{$lonhost} = 1;
+ }
+ if ($env{'form.saml_title_'.$lonhost} ne $samltitle{$lonhost}) {
+ $changes{'saml'}{$lonhost} = 1;
+ }
+ if ($env{'form.saml_notsso_'.$lonhost} ne $samlnotsso{$lonhost}) {
+ $changes{'saml'}{$lonhost} = 1;
+ }
+ } else {
+ $changes{'saml'}{$lonhost} = 1;
+ }
+ foreach my $item ('text','alt','url','title','notsso') {
+ $currsaml{$lonhost}{$item} = $env{'form.saml_'.$item.'_'.$lonhost};
+ }
+ } else {
+ if ($saml{$lonhost}) {
+ $changes{'saml'}{$lonhost} = 1;
+ delete($currsaml{$lonhost});
+ }
+ }
+ }
+ foreach my $posshost (keys(%currsaml)) {
+ unless (exists($domservers{$posshost})) {
+ delete($currsaml{$posshost});
+ }
+ }
+ %{$loginhash{'login'}{'saml'}} = %currsaml;
+ if (@newsamlimgs) {
+ my $error;
+ my ($configuserok,$author_ok,$switchserver) = &config_check($dom,$confname,$servadm);
+ if ($configuserok eq 'ok') {
+ if ($switchserver) {
+ $error = &mt("Upload of SSO Button Image is not permitted to this server: [_1].",$switchserver);
+ } elsif ($author_ok eq 'ok') {
+ foreach my $lonhost (@newsamlimgs) {
+ my $formelem = 'saml_img_'.$lonhost;
+ my ($result,$imgurl) = &publishlogo($r,'upload',$formelem,$dom,$confname,
+ "login/saml/$lonhost",'','',
+ $env{'form.saml_img_'.$lonhost.'.filename'});
+ if ($result eq 'ok') {
+ $currsaml{$lonhost}{'img'} = $imgurl;
+ $loginhash{'login'}{'saml'}{$lonhost}{'img'} = $imgurl;
+ $changes{'saml'}{$lonhost} = 1;
+ } else {
+ my $puberror = &mt("Upload of SSO button image failed for [_1] because an error occurred publishing the file in RES space. Error was: [_2].",
+ $lonhost,$result);
+ $errors .= ''.$puberror.' ';
+ }
+ }
+ } else {
+ $error = &mt("Upload of SSO button image file(s) failed because an author role could not be assigned to a Domain Configuration user ([_1]) in domain: [_2]. Error was: [_3].",$confname,$dom,$author_ok);
+ }
+ } else {
+ $error = &mt("Upload of SSO button image file(s) failed because a Domain Configuration user ([_1]) could not be created in domain: [_2]. Error was: [_3].",$confname,$dom,$configuserok);
+ }
+ if ($error) {
+ &Apache::lonnet::logthis($error);
+ $errors .= ''.$error.' ';
+ }
+ }
&process_captcha('login',\%changes,$loginhash{'login'},$domconfig{'login'});
my $defaulthelpfile = '/adm/loginproblems.html';
@@ -8987,6 +11835,31 @@ sub modify_login {
}
if (keys(%changes) > 0 || $colchgtext) {
&Apache::loncommon::devalidate_domconfig_cache($dom);
+ if (exists($changes{'saml'})) {
+ my $hostid_in_use;
+ my @hosts = &Apache::lonnet::current_machine_ids();
+ if (@hosts > 1) {
+ foreach my $hostid (@hosts) {
+ if (&Apache::lonnet::host_domain($hostid) eq $dom) {
+ $hostid_in_use = $hostid;
+ last;
+ }
+ }
+ } else {
+ $hostid_in_use = $r->dir_config('lonHostID');
+ }
+ if (($hostid_in_use) &&
+ (&Apache::lonnet::host_domain($hostid_in_use) eq $dom)) {
+ &Apache::lonnet::devalidate_cache_new('samllanding',$hostid_in_use);
+ }
+ if (ref($lastactref) eq 'HASH') {
+ if (ref($changes{'saml'}) eq 'HASH') {
+ my %updates;
+ map { $updates{$_} = 1; } keys(%{$changes{'saml'}});
+ $lastactref->{'samllanding'} = \%updates;
+ }
+ }
+ }
if (ref($lastactref) eq 'HASH') {
$lastactref->{'domainconfig'} = 1;
}
@@ -9066,6 +11939,38 @@ sub modify_login {
}
}
}
+ } elsif ($item eq 'saml') {
+ if (ref($changes{$item}) eq 'HASH') {
+ my %notlt = (
+ text => 'Text for log-in by SSO',
+ img => 'SSO button image',
+ alt => 'Alt text for button image',
+ url => 'SSO URL',
+ title => 'Tooltip for SSO link',
+ notsso => 'Text for non-SSO log-in',
+ );
+ foreach my $lonhost (sort(keys(%{$changes{$item}}))) {
+ if (ref($currsaml{$lonhost}) eq 'HASH') {
+ $resulttext .= ''.&mt("$title{$item} in use for [_1]","$lonhost ").
+ '';
+ foreach my $key ('text','img','alt','url','title','notsso') {
+ if ($currsaml{$lonhost}{$key} eq '') {
+ $resulttext .= ''.&mt("$notlt{$key} not in use").' ';
+ } else {
+ my $value = "'$currsaml{$lonhost}{$key}'";
+ if ($key eq 'img') {
+ $value = ' ';
+ }
+ $resulttext .= ''.&mt("$notlt{$key} set to: [_1]",
+ $value).' ';
+ }
+ }
+ $resulttext .= ' ';
+ } else {
+ $resulttext .= ''.&mt("$title{$item} not in use for [_1]",$lonhost).' ';
+ }
+ }
+ }
} elsif ($item eq 'captcha') {
if (ref($loginhash{'login'}) eq 'HASH') {
my $chgtxt;
@@ -9571,7 +12476,7 @@ sub check_configuser {
my ($configuserok,%currroles);
if ($uhome eq 'no_host') {
srand( time() ^ ($$ + ($$ << 15)) ); # Seed rand.
- my $configpass = &LONCAPA::Enrollment::create_password();
+ my $configpass = &LONCAPA::Enrollment::create_password($dom);
$configuserok =
&Apache::lonnet::modifyuser($dom,$confname,'','internal',
$configpass,'','','','','',undef,$servadm);
@@ -9896,7 +12801,7 @@ sub modify_quotas {
$context = $action;
}
if ($context eq 'requestcourses') {
- @usertools = ('official','unofficial','community','textbook','placement');
+ @usertools = ('official','unofficial','community','textbook','placement','lti');
@options =('norequest','approval','validate','autolimit');
%validations = &Apache::lonnet::auto_courserequest_checks($dom);
%titles = &courserequest_titles();
@@ -9945,7 +12850,7 @@ sub modify_quotas {
my @approvalnotify = &Apache::loncommon::get_env_multiple('form.'.$context.'notifyapproval');
@approvalnotify = sort(@approvalnotify);
$confhash{'notify'}{'approval'} = join(',',@approvalnotify);
- my @crstypes = ('official','unofficial','community','textbook','placement');
+ my @crstypes = ('official','unofficial','community','textbook','placement','lti');
my @hasuniquecode = &Apache::loncommon::get_env_multiple('form.uniquecode');
foreach my $type (@hasuniquecode) {
if (grep(/^\Q$type\E$/,@crstypes)) {
@@ -10644,8 +13549,11 @@ sub modify_ltitools {
$allpos[$position] = $newid;
}
$changes{$newid} = 1;
- foreach my $item ('title','url','key','secret') {
+ foreach my $item ('title','url','key','secret','lifetime') {
$env{'form.ltitools_add_'.$item} =~ s/(`)/'/g;
+ if ($item eq 'lifetime') {
+ $env{'form.ltitools_add_'.$item} =~ s/[^\d.]//g;
+ }
if ($env{'form.ltitools_add_'.$item}) {
if (($item eq 'key') || ($item eq 'secret')) {
$encconfig{$newid}{$item} = $env{'form.ltitools_add_'.$item};
@@ -10660,6 +13568,11 @@ sub modify_ltitools {
if ($env{'form.ltitools_add_msgtype'} eq 'basic-lti-launch-request') {
$confhash{$newid}{'msgtype'} = $env{'form.ltitools_add_msgtype'};
}
+ if ($env{'form.ltitools_add_sigmethod'} eq 'HMAC-SHA256') {
+ $confhash{$newid}{'sigmethod'} = $env{'form.ltitools_add_sigmethod'};
+ } else {
+ $confhash{$newid}{'sigmethod'} = 'HMAC-SHA1';
+ }
foreach my $item ('width','height','linktext','explanation') {
$env{'form.ltitools_add_'.$item} =~ s/^\s+//;
$env{'form.ltitools_add_'.$item} =~ s/\s+$//;
@@ -10722,6 +13635,13 @@ sub modify_ltitools {
}
}
}
+ if (ref($confhash{$newid}{'fields'}) eq 'HASH') {
+ if ($confhash{$newid}{'fields'}{'user'}) {
+ if ($env{'form.ltitools_userincdom_add'}) {
+ $confhash{$newid}{'incdom'} = 1;
+ }
+ }
+ }
my @courseconfig = &Apache::loncommon::get_env_multiple('form.ltitools_courseconfig');
foreach my $item (@courseconfig) {
$confhash{$newid}{'crsconf'}{$item} = 1;
@@ -10768,7 +13688,7 @@ sub modify_ltitools {
} else {
my $newpos = $env{'form.ltitools_'.$itemid};
$newpos =~ s/\D+//g;
- foreach my $item ('title','url') {
+ foreach my $item ('title','url','lifetime') {
$confhash{$itemid}{$item} = $env{'form.ltitools_'.$item.'_'.$i};
if ($domconfig{$action}{$itemid}{$item} ne $confhash{$itemid}{$item}) {
$changes{$itemid} = 1;
@@ -10786,6 +13706,18 @@ sub modify_ltitools {
if ($env{'form.ltitools_msgtype_'.$i} eq 'basic-lti-launch-request') {
$confhash{$itemid}{'msgtype'} = $env{'form.ltitools_msgtype_'.$i};
}
+ if ($env{'form.ltitools_sigmethod_'.$i} eq 'HMAC-SHA256') {
+ $confhash{$itemid}{'sigmethod'} = $env{'form.ltitools_sigmethod_'.$i};
+ } else {
+ $confhash{$itemid}{'sigmethod'} = 'HMAC-SHA1';
+ }
+ if ($domconfig{$action}{$itemid}{'sigmethod'} eq '') {
+ if ($confhash{$itemid}{'sigmethod'} ne 'HMAC-SHA1') {
+ $changes{$itemid} = 1;
+ }
+ } elsif ($domconfig{$action}{$itemid}{'sigmethod'} ne $confhash{$itemid}{'sigmethod'}) {
+ $changes{$itemid} = 1;
+ }
foreach my $size ('width','height') {
$env{'form.ltitools_'.$size.'_'.$i} =~ s/^\s+//;
$env{'form.ltitools_'.$size.'_'.$i} =~ s/\s+$//;
@@ -10840,7 +13772,7 @@ sub modify_ltitools {
if ($env{'form.ltitools_'.$extra.'_'.$i}) {
$confhash{$itemid}{$extra} = 1;
if ($env{'form.ltitools_'.$extra.'valid_'.$i} ne '') {
- my $lifetime = $env{'form.ltitools_'.$extra.'valid_add'};
+ my $lifetime = $env{'form.ltitools_'.$extra.'valid_'.$i};
$lifetime =~ s/^\s+|\s+$//g;
if ($lifetime =~ /^\d+\.?\d*$/) {
$confhash{$itemid}{$extra.'valid'} = $lifetime;
@@ -10899,6 +13831,16 @@ sub modify_ltitools {
}
}
}
+ if (ref($confhash{$itemid}{'fields'}) eq 'HASH') {
+ if ($confhash{$itemid}{'fields'}{'user'}) {
+ if ($env{'form.ltitools_userincdom_'.$i}) {
+ $confhash{$itemid}{'incdom'} = 1;
+ }
+ if ($domconfig{$action}{$itemid}{'incdom'} ne $confhash{$itemid}{'incdom'}) {
+ $changes{$itemid} = 1;
+ }
+ }
+ }
$allpos[$newpos] = $itemid;
}
if ($imgdeletions{$itemid}) {
@@ -10997,7 +13939,7 @@ sub modify_ltitools {
my %ltienchash = (
$action => { %encconfig }
);
- &Apache::lonnet::put_dom('encconfig',\%ltienchash,$dom);
+ &Apache::lonnet::put_dom('encconfig',\%ltienchash,$dom,undef,1);
if (keys(%changes) > 0) {
my $cachetime = 24*60*60;
my %ltiall = %confhash;
@@ -11032,7 +13974,7 @@ sub modify_ltitools {
$resulttext .= '';
if ($changes{'unauth'} || $changes{'auth'}) {
@@ -15060,7 +19701,6 @@ sub modify_coursedefaults {
$defaultshash{'coursedefaults'}{$setting}{$type} = $newdef;
}
if ($currdef ne $newdef) {
- my $staticdef;
if ($item eq 'anonsurvey_threshold') {
unless (($currdef eq '') && ($newdef == $staticdefaults{$item})) {
$changes{$item} = 1;
@@ -15076,11 +19716,12 @@ sub modify_coursedefaults {
my $texengine;
if ($env{'form.texengine'} =~ /^(MathJax|mimetex|tth)$/) {
$texengine = $env{'form.texengine'};
- if ($defaultshash{'coursedefaults'}{'texengine'} eq '') {
- unless ($texengine eq 'MathJax') {
+ my $currdef = $domconfig{'coursedefaults'}{'texengine'};
+ if ($currdef eq '') {
+ unless ($texengine eq $Apache::lonnet::deftex) {
$changes{'texengine'} = 1;
}
- } elsif ($defaultshash{'coursedefaults'}{'texengine'} ne $texengine) {
+ } elsif ($currdef ne $texengine) {
$changes{'texengine'} = 1;
}
}
@@ -15628,6 +20269,333 @@ sub modify_selfenrollment {
return $resulttext;
}
+sub modify_wafproxy {
+ my ($dom,$action,$lastactref,%domconfig) = @_;
+ my %servers = &Apache::lonnet::internet_dom_servers($dom);
+ my (%othercontrol,%canset,%values,%curralias,%currsaml,%currvalue,@warnings,
+ %wafproxy,%changes,%expirecache,%expiresaml);
+ foreach my $server (sort(keys(%servers))) {
+ my $serverhome = &Apache::lonnet::get_server_homeID($servers{$server});
+ if ($serverhome eq $server) {
+ my $serverdom = &Apache::lonnet::host_domain($server);
+ if ($serverdom eq $dom) {
+ $canset{$server} = 1;
+ }
+ }
+ }
+ if (ref($domconfig{'wafproxy'}) eq 'HASH') {
+ %{$values{$dom}} = ();
+ if (ref($domconfig{'wafproxy'}{'alias'}) eq 'HASH') {
+ %curralias = %{$domconfig{'wafproxy'}{'alias'}};
+ }
+ if (ref($domconfig{'wafproxy'}{'saml'}) eq 'HASH') {
+ %currsaml = %{$domconfig{'wafproxy'}{'saml'}};
+ }
+ foreach my $item ('remoteip','ipheader','trusted','vpnint','vpnext','sslopt') {
+ $currvalue{$item} = $domconfig{'wafproxy'}{$item};
+ }
+ }
+ my $output;
+ if (keys(%canset)) {
+ %{$wafproxy{'alias'}} = ();
+ %{$wafproxy{'saml'}} = ();
+ foreach my $key (sort(keys(%canset))) {
+ if ($env{'form.wafproxy_'.$dom}) {
+ $wafproxy{'alias'}{$key} = $env{'form.wafproxy_alias_'.$key};
+ $wafproxy{'alias'}{$key} =~ s/^\s+|\s+$//g;
+ if ($wafproxy{'alias'}{$key} ne $curralias{$key}) {
+ $changes{'alias'} = 1;
+ }
+ if ($env{'form.wafproxy_alias_saml_'.$key}) {
+ $wafproxy{'saml'}{$key} = 1;
+ }
+ if ($wafproxy{'saml'}{$key} ne $currsaml{$key}) {
+ $changes{'saml'} = 1;
+ }
+ } else {
+ $wafproxy{'alias'}{$key} = '';
+ $wafproxy{'saml'}{$key} = '';
+ if ($curralias{$key}) {
+ $changes{'alias'} = 1;
+ }
+ if ($currsaml{$key}) {
+ $changes{'saml'} = 1;
+ }
+ }
+ if ($wafproxy{'alias'}{$key} eq '') {
+ if ($curralias{$key}) {
+ $expirecache{$key} = 1;
+ }
+ delete($wafproxy{'alias'}{$key});
+ }
+ if ($wafproxy{'saml'}{$key} eq '') {
+ if ($currsaml{$key}) {
+ $expiresaml{$key} = 1;
+ }
+ delete($wafproxy{'saml'}{$key});
+ }
+ }
+ unless (keys(%{$wafproxy{'alias'}})) {
+ delete($wafproxy{'alias'});
+ }
+ unless (keys(%{$wafproxy{'saml'}})) {
+ delete($wafproxy{'saml'});
+ }
+ # Localization for values in %warn occurs in &mt() calls separately.
+ my %warn = (
+ trusted => 'trusted IP range(s)',
+ vpnint => 'internal IP range(s) for VPN sessions(s)',
+ vpnext => 'IP range(s) for backend WAF connections',
+ );
+ foreach my $item ('remoteip','ipheader','trusted','vpnint','vpnext','sslopt') {
+ my $possible = $env{'form.wafproxy_'.$item};
+ $possible =~ s/^\s+|\s+$//g;
+ if ($possible ne '') {
+ if ($item eq 'remoteip') {
+ if ($possible =~ /^[mhn]$/) {
+ $wafproxy{$item} = $possible;
+ }
+ } elsif ($item eq 'ipheader') {
+ if ($wafproxy{'remoteip'} eq 'h') {
+ $wafproxy{$item} = $possible;
+ }
+ } elsif ($item eq 'sslopt') {
+ if ($possible =~ /^0|1$/) {
+ $wafproxy{$item} = $possible;
+ }
+ } else {
+ my (@ok,$count);
+ if (($item eq 'vpnint') || ($item eq 'vpnext')) {
+ unless ($env{'form.wafproxy_vpnaccess'}) {
+ $possible = '';
+ }
+ } elsif ($item eq 'trusted') {
+ unless ($wafproxy{'remoteip'} eq 'h') {
+ $possible = '';
+ }
+ }
+ unless ($possible eq '') {
+ $possible =~ s/[\r\n]+/\s/g;
+ $possible =~ s/\s*-\s*/-/g;
+ $possible =~ s/\s+/,/g;
+ }
+ $count = 0;
+ if ($possible ne '') {
+ foreach my $poss (split(/\,/,$possible)) {
+ $count ++;
+ if (&validate_ip_pattern($poss)) {
+ push(@ok,$poss);
+ }
+ }
+ if (@ok) {
+ $wafproxy{$item} = join(',',@ok);
+ }
+ my $diff = $count - scalar(@ok);
+ if ($diff) {
+ push(@warnings,''.
+ &mt('[quant,_1,IP] invalid and excluded from saved value for [_2]',
+ $diff,$warn{$item}).
+ ' ');
+ }
+ }
+ }
+ if ($wafproxy{$item} ne $currvalue{$item}) {
+ $changes{$item} = 1;
+ }
+ } elsif ($currvalue{$item}) {
+ $changes{$item} = 1;
+ }
+ }
+ } else {
+ if (keys(%curralias)) {
+ $changes{'alias'} = 1;
+ }
+ if (keys(%currsaml)) {
+ $changes{'saml'} = 1;
+ }
+ if (keys(%currvalue)) {
+ foreach my $key (keys(%currvalue)) {
+ $changes{$key} = 1;
+ }
+ }
+ }
+ if (keys(%changes)) {
+ my %defaultshash = (
+ wafproxy => \%wafproxy,
+ );
+ my $putresult = &Apache::lonnet::put_dom('configuration',\%defaultshash,
+ $dom);
+ if ($putresult eq 'ok') {
+ my $cachetime = 24*60*60;
+ my (%domdefaults,$updatedomdefs);
+ foreach my $item ('ipheader','trusted','vpnint','vpnext','sslopt') {
+ if ($changes{$item}) {
+ unless ($updatedomdefs) {
+ %domdefaults = &Apache::lonnet::get_domain_defaults($dom);
+ $updatedomdefs = 1;
+ }
+ if ($wafproxy{$item}) {
+ $domdefaults{'waf_'.$item} = $wafproxy{$item};
+ } elsif (exists($domdefaults{'waf_'.$item})) {
+ delete($domdefaults{'waf_'.$item});
+ }
+ }
+ }
+ if ($updatedomdefs) {
+ &Apache::lonnet::do_cache_new('domdefaults',$dom,\%domdefaults,$cachetime);
+ if (ref($lastactref) eq 'HASH') {
+ $lastactref->{'domdefaults'} = 1;
+ }
+ }
+ if ((exists($wafproxy{'alias'})) || (keys(%expirecache))) {
+ my %updates = %expirecache;
+ foreach my $key (keys(%expirecache)) {
+ &Apache::lonnet::devalidate_cache_new('proxyalias',$key);
+ }
+ if (ref($wafproxy{'alias'}) eq 'HASH') {
+ my $cachetime = 24*60*60;
+ foreach my $key (keys(%{$wafproxy{'alias'}})) {
+ $updates{$key} = 1;
+ &Apache::lonnet::do_cache_new('proxyalias',$key,$wafproxy{'alias'}{$key},
+ $cachetime);
+ }
+ }
+ if (ref($lastactref) eq 'HASH') {
+ $lastactref->{'proxyalias'} = \%updates;
+ }
+ }
+ if ((exists($wafproxy{'saml'})) || (keys(%expiresaml))) {
+ my %samlupdates = %expiresaml;
+ foreach my $key (keys(%expiresaml)) {
+ &Apache::lonnet::devalidate_cache_new('proxysaml',$key);
+ }
+ if (ref($wafproxy{'saml'}) eq 'HASH') {
+ my $cachetime = 24*60*60;
+ foreach my $key (keys(%{$wafproxy{'saml'}})) {
+ $samlupdates{$key} = 1;
+ &Apache::lonnet::do_cache_new('proxysaml',$key,$wafproxy{'saml'}{$key},
+ $cachetime);
+ }
+ }
+ if (ref($lastactref) eq 'HASH') {
+ $lastactref->{'proxysaml'} = \%samlupdates;
+ }
+ }
+ $output = &mt('Changes were made to Web Application Firewall/Reverse Proxy').'';
+ foreach my $item ('alias','remoteip','ipheader','trusted','vpnint','vpnext','sslopt') {
+ if ($changes{$item}) {
+ if ($item eq 'alias') {
+ my $numaliased = 0;
+ if (ref($wafproxy{'alias'}) eq 'HASH') {
+ my $shown;
+ if (keys(%{$wafproxy{'alias'}})) {
+ foreach my $server (sort(keys(%{$wafproxy{'alias'}}))) {
+ $shown .= ''.&mt('[_1] aliased by [_2]',
+ &Apache::lonnet::hostname($server),
+ $wafproxy{'alias'}{$server}).' ';
+ $numaliased ++;
+ }
+ if ($numaliased) {
+ $output .= ''.&mt('Aliases for hostnames set to: [_1]',
+ '').' ';
+ }
+ }
+ }
+ unless ($numaliased) {
+ $output .= ''.&mt('Aliases deleted for hostnames').' ';
+ }
+ } elsif ($item eq 'saml') {
+ my $shown;
+ if (ref($wafproxy{'saml'}) eq 'HASH') {
+ if (keys(%{$wafproxy{'saml'}})) {
+ $shown = join(', ',sort(keys(%{$wafproxy{'saml'}})));
+ }
+ }
+ if ($shown) {
+ $output .= ''.&mt('Alias used by Shibboleth for: [_1]',
+ $shown).' ';
+ } else {
+ $output .= ''.&mt('No alias used for Shibboleth').' ';
+ }
+ } else {
+ if ($item eq 'remoteip') {
+ my %ip_methods = &remoteip_methods();
+ if ($wafproxy{$item} =~ /^[mh]$/) {
+ $output .= ''.&mt("Method for determining user's IP set to: [_1]",
+ $ip_methods{$wafproxy{$item}}).' ';
+ } else {
+ if (($env{'form.wafproxy_'.$dom}) && (ref($wafproxy{'alias'}) eq 'HASH')) {
+ $output .= ''.&mt("No method in use to get user's real IP (will report IP used by WAF).").
+ ' ';
+ } else {
+ $output .= ''.&mt('WAF/Reverse Proxy not in use').' ';
+ }
+ }
+ } elsif ($item eq 'ipheader') {
+ if ($wafproxy{$item}) {
+ $output .= ''.&mt('Request header with remote IP set to: [_1]',
+ $wafproxy{$item}).' ';
+ } else {
+ $output .= ''.&mt('Request header with remote IP deleted').' ';
+ }
+ } elsif ($item eq 'trusted') {
+ if ($wafproxy{$item}) {
+ $output .= ''.&mt('Trusted IP range(s) set to: [_1]',
+ $wafproxy{$item}).' ';
+ } else {
+ $output .= ''.&mt('Trusted IP range(s) deleted').' ';
+ }
+ } elsif ($item eq 'vpnint') {
+ if ($wafproxy{$item}) {
+ $output .= ''.&mt('Internal IP Range(s) for VPN sessions set to: [_1]',
+ $wafproxy{$item}).' ';
+ } else {
+ $output .= ''.&mt('Internal IP Range(s) for VPN sessions deleted').' ';
+ }
+ } elsif ($item eq 'vpnext') {
+ if ($wafproxy{$item}) {
+ $output .= ''.&mt('IP Range(s) for backend WAF connections set to: [_1]',
+ $wafproxy{$item}).' ';
+ } else {
+ $output .= ''.&mt('IP Range(s) for backend WAF connections deleted').' ';
+ }
+ } elsif ($item eq 'sslopt') {
+ if ($wafproxy{$item}) {
+ $output .= ''.&mt('WAF/Reverse Proxy expected to forward requests to https on LON-CAPA node, regardless of original protocol in web browser (http or https).').' ';
+ } else {
+ $output .= ''.&mt('WAF/Reverse Proxy expected to preserve original protocol in web browser (either http or https) when forwarding to LON-CAPA node.').' ';
+ }
+ }
+ }
+ }
+ }
+ } else {
+ $output = ''.
+ &mt('An error occurred: [_1]',$putresult).' ';
+ }
+ } elsif (keys(%canset)) {
+ $output = &mt('No changes made to Web Application Firewall/Reverse Proxy settings');
+ }
+ if (@warnings) {
+ $output .= ' '.&mt('Warnings:').''.
+ join("\n",@warnings).' ';
+ }
+ return $output;
+}
+
+sub validate_ip_pattern {
+ my ($pattern) = @_;
+ if ($pattern =~ /^([^-]+)\-([^-]+)$/) {
+ my ($start,$end) = ($1,$2);
+ if ((&Net::CIDR::cidrvalidate($start)) && (&Net::CIDR::cidrvalidate($end))) {
+ return 1;
+ }
+ } elsif (&Net::CIDR::cidrvalidate($pattern)) {
+ return 1;
+ }
+ return
+}
+
sub modify_usersessions {
my ($dom,$lastactref,%domconfig) = @_;
my @hostingtypes = ('version','excludedomain','includedomain');
@@ -15795,6 +20763,7 @@ sub modify_usersessions {
}
}
$defaultshash{'usersessions'}{'offloadnow'} = {};
+ $defaultshash{'usersessions'}{'offloadoth'} = {};
my @offloadnow = &Apache::loncommon::get_env_multiple('form.offloadnow');
my @okoffload;
if (@offloadnow) {
@@ -15811,6 +20780,22 @@ sub modify_usersessions {
}
}
}
+ my @offloadoth = &Apache::loncommon::get_env_multiple('form.offloadoth');
+ my @okoffloadoth;
+ if (@offloadoth) {
+ foreach my $server (@offloadoth) {
+ if (&Apache::lonnet::hostname($server) ne '') {
+ unless (grep(/^\Q$server\E$/,@okoffloadoth)) {
+ push(@okoffloadoth,$server);
+ }
+ }
+ }
+ if (@okoffloadoth) {
+ foreach my $lonhost (@okoffloadoth) {
+ $defaultshash{'usersessions'}{'offloadoth'}{$lonhost} = 1;
+ }
+ }
+ }
if (ref($domconfig{'usersessions'}) eq 'HASH') {
if (ref($domconfig{'usersessions'}{'spares'}) eq 'HASH') {
if (ref($changes{'spares'}) eq 'HASH') {
@@ -15821,26 +20806,38 @@ sub modify_usersessions {
} else {
$savespares = 1;
}
- if (ref($domconfig{'usersessions'}{'offloadnow'}) eq 'HASH') {
- foreach my $lonhost (keys(%{$domconfig{'usersessions'}{'offloadnow'}})) {
- unless ($defaultshash{'usersessions'}{'offloadnow'}{$lonhost}) {
- $changes{'offloadnow'} = 1;
- last;
- }
- }
- unless ($changes{'offloadnow'}) {
- foreach my $lonhost (keys(%{$defaultshash{'usersessions'}{'offloadnow'}})) {
- unless ($domconfig{'usersessions'}{'offloadnow'}{$lonhost}) {
- $changes{'offloadnow'} = 1;
+ foreach my $offload ('offloadnow','offloadoth') {
+ if (ref($domconfig{'usersessions'}{$offload}) eq 'HASH') {
+ foreach my $lonhost (keys(%{$domconfig{'usersessions'}{$offload}})) {
+ unless ($defaultshash{'usersessions'}{$offload}{$lonhost}) {
+ $changes{$offload} = 1;
last;
}
}
- }
- } elsif (@okoffload) {
+ unless ($changes{$offload}) {
+ foreach my $lonhost (keys(%{$defaultshash{'usersessions'}{$offload}})) {
+ unless ($domconfig{'usersessions'}{$offload}{$lonhost}) {
+ $changes{$offload} = 1;
+ last;
+ }
+ }
+ }
+ } else {
+ if (($offload eq 'offloadnow') && (@okoffload)) {
+ $changes{'offloadnow'} = 1;
+ }
+ if (($offload eq 'offloadoth') && (@okoffloadoth)) {
+ $changes{'offloadoth'} = 1;
+ }
+ }
+ }
+ } else {
+ if (@okoffload) {
$changes{'offloadnow'} = 1;
}
- } elsif (@okoffload) {
- $changes{'offloadnow'} = 1;
+ if (@okoffloadoth) {
+ $changes{'offloadoth'} = 1;
+ }
}
my $nochgmsg = &mt('No changes made to settings for user session hosting/offloading.');
if ((keys(%changes) > 0) || ($savespares)) {
@@ -15857,6 +20854,9 @@ sub modify_usersessions {
if (ref($defaultshash{'usersessions'}{'offloadnow'}) eq 'HASH') {
$domdefaults{'offloadnow'} = $defaultshash{'usersessions'}{'offloadnow'};
}
+ if (ref($defaultshash{'usersessions'}{'offloadoth'}) eq 'HASH') {
+ $domdefaults{'offloadoth'} = $defaultshash{'usersessions'}{'offloadoth'};
+ }
}
my $cachetime = 24*60*60;
&Apache::lonnet::do_cache_new('domdefaults',$dom,\%domdefaults,$cachetime);
@@ -15897,14 +20897,18 @@ sub modify_usersessions {
} else {
foreach my $type (@{$types{$prefix}}) {
if (defined($changes{$prefix}{$type})) {
- my $newvalue;
+ my ($newvalue,$notinuse);
if (ref($defaultshash{'usersessions'}) eq 'HASH') {
if (ref($defaultshash{'usersessions'}{$prefix})) {
if ($type eq 'version') {
$newvalue = $defaultshash{'usersessions'}{$prefix}{$type};
- } elsif (ref($defaultshash{'usersessions'}{$prefix}{$type}) eq 'ARRAY') {
- if (@{$defaultshash{'usersessions'}{$prefix}{$type}} > 0) {
- $newvalue = join(', ',@{$defaultshash{'usersessions'}{$prefix}{$type}});
+ } else {
+ if (ref($defaultshash{'usersessions'}{$prefix}{$type}) eq 'ARRAY') {
+ if (@{$defaultshash{'usersessions'}{$prefix}{$type}} > 0) {
+ $newvalue = join(', ',@{$defaultshash{'usersessions'}{$prefix}{$type}});
+ }
+ } else {
+ $notinuse = 1;
}
}
}
@@ -15912,12 +20916,14 @@ sub modify_usersessions {
if ($newvalue eq '') {
if ($type eq 'version') {
$resulttext .= ''.&mt('[_1] set to: off',$lt{$type}).' ';
+ } elsif ($notinuse) {
+ $resulttext .= ''.&mt('[_1] set to: not in use',$lt{$type}).' ';
} else {
$resulttext .= ''.&mt('[_1] set to: none',$lt{$type}).' ';
}
} else {
if ($type eq 'version') {
- $newvalue .= ' '.&mt('(or later)');
+ $newvalue .= ' '.&mt('(or later)');
}
$resulttext .= ''.&mt('[_1] set to: [_2].',$lt{$type},$newvalue).' ';
}
@@ -15930,16 +20936,31 @@ sub modify_usersessions {
if ($changes{'offloadnow'}) {
if (ref($defaultshash{'usersessions'}{'offloadnow'}) eq 'HASH') {
if (keys(%{$defaultshash{'usersessions'}{'offloadnow'}}) > 0) {
- $resulttext .= ''.&mt('Switch active users on next access, for server(s):').'';
+ $resulttext .= ''.&mt('Switch any active user on next access, for server(s):').'';
foreach my $lonhost (sort(keys(%{$defaultshash{'usersessions'}{'offloadnow'}}))) {
$resulttext .= ''.$lonhost.' ';
}
$resulttext .= ' ';
} else {
- $resulttext .= ' '.&mt('No servers now set to switch active users on next access.');
+ $resulttext .= ' '.&mt('No servers now set to switch any active user on next access.');
+ }
+ } else {
+ $resulttext .= ' '.&mt('No servers now set to switch any active user on next access.').' ';
+ }
+ }
+ if ($changes{'offloadoth'}) {
+ if (ref($defaultshash{'usersessions'}{'offloadoth'}) eq 'HASH') {
+ if (keys(%{$defaultshash{'usersessions'}{'offloadoth'}}) > 0) {
+ $resulttext .= ''.&mt('Switch other institutions on next access, for server(s):').'';
+ foreach my $lonhost (sort(keys(%{$defaultshash{'usersessions'}{'offloadoth'}}))) {
+ $resulttext .= ''.$lonhost.' ';
+ }
+ $resulttext .= ' ';
+ } else {
+ $resulttext .= ' '.&mt('No servers now set to switch other institutions on next access.');
}
} else {
- $resulttext .= ' '.&mt('No servers now set to switch active users on next access.').' ';
+ $resulttext .= ''.&mt('No servers now set to switch other institutions on next access.').' ';
}
}
$resulttext .= ' ';
@@ -15985,12 +21006,17 @@ sub modify_ssl {
if ($env{'form.'.$prefix.'_'.$type} =~ /^(no|req)$/) {
$value = $env{'form.'.$prefix.'_'.$type};
}
- if (ref($domconfig{$action}{$prefix}) eq 'HASH') {
- if ($domconfig{$action}{$prefix}{$type} ne '') {
- if ($value ne $domconfig{$action}{$prefix}{$type}) {
+ if (ref($domconfig{$action}) eq 'HASH') {
+ if (ref($domconfig{$action}{$prefix}) eq 'HASH') {
+ if ($domconfig{$action}{$prefix}{$type} ne '') {
+ if ($value ne $domconfig{$action}{$prefix}{$type}) {
+ $changes{$prefix}{$type} = 1;
+ }
+ $defaultshash{$action}{$prefix}{$type} = $value;
+ } else {
+ $defaultshash{$action}{$prefix}{$type} = $value;
$changes{$prefix}{$type} = 1;
}
- $defaultshash{$action}{$prefix}{$type} = $value;
} else {
$defaultshash{$action}{$prefix}{$type} = $value;
$changes{$prefix}{$type} = 1;
@@ -16060,6 +21086,17 @@ sub modify_ssl {
}
}
}
+ if (keys(%changes)) {
+ foreach my $prefix (keys(%changes)) {
+ if (ref($changes{$prefix}) eq 'HASH') {
+ if (scalar(keys(%{$changes{$prefix}})) == 0) {
+ delete($changes{$prefix});
+ }
+ } else {
+ delete($changes{$prefix});
+ }
+ }
+ }
my $nochgmsg = &mt('No changes made to LON-CAPA SSL settings');
if (keys(%changes) > 0) {
my $putresult = &Apache::lonnet::put_dom('configuration',\%defaultshash,
@@ -16070,10 +21107,10 @@ sub modify_ssl {
$domdefaults{'replication'} = $defaultshash{$action}{'replication'};
}
if (ref($defaultshash{$action}{'connto'}) eq 'HASH') {
- $domdefaults{'connto'} = $domconfig{$action}{'connto'};
+ $domdefaults{'connto'} = $defaultshash{$action}{'connto'};
}
if (ref($defaultshash{$action}{'connfrom'}) eq 'HASH') {
- $domdefaults{'connfrom'} = $domconfig{$action}{'connfrom'};
+ $domdefaults{'connfrom'} = $defaultshash{$action}{'connfrom'};
}
}
my $cachetime = 24*60*60;
@@ -16089,18 +21126,24 @@ sub modify_ssl {
$resulttext .= ' '.$titles{$prefix}.'';
foreach my $type (@{$types{$prefix}}) {
if (defined($changes{$prefix}{$type})) {
- my $newvalue;
+ my ($newvalue,$notinuse);
if (ref($defaultshash{$action}) eq 'HASH') {
if (ref($defaultshash{$action}{$prefix})) {
if (($prefix eq 'connto') || ($prefix eq 'connfrom')) {
$newvalue = $titles{$defaultshash{$action}{$prefix}{$type}};
- } elsif (ref($defaultshash{$action}{$prefix}{$type}) eq 'ARRAY') {
- if (@{$defaultshash{$action}{$prefix}{$type}} > 0) {
- $newvalue = join(', ',@{$defaultshash{$action}{$prefix}{$type}});
+ } else {
+ if (ref($defaultshash{$action}{$prefix}{$type}) eq 'ARRAY') {
+ if (@{$defaultshash{$action}{$prefix}{$type}} > 0) {
+ $newvalue = join(', ',@{$defaultshash{$action}{$prefix}{$type}});
+ }
+ } else {
+ $notinuse = 1;
}
}
}
- if ($newvalue eq '') {
+ if ($notinuse) {
+ $resulttext .= ''.&mt('[_1] set to: not in use',$titles{$type}).' ';
+ } elsif ($newvalue eq '') {
$resulttext .= ''.&mt('[_1] set to: none',$titles{$type}).' ';
} else {
$resulttext .= ''.&mt('[_1] set to: [_2].',$titles{$type},$newvalue).' ';
@@ -16214,17 +21257,21 @@ sub modify_trust {
$resulttext .= ''.$lt{$prefix}.'';
foreach my $type (@types) {
if (defined($changes{$prefix}{$type})) {
- my $newvalue;
+ my ($newvalue,$notinuse);
if (ref($defaultshash{'trust'}) eq 'HASH') {
if (ref($defaultshash{'trust'}{$prefix})) {
if (ref($defaultshash{'trust'}{$prefix}{$type}) eq 'ARRAY') {
if (@{$defaultshash{'trust'}{$prefix}{$type}} > 0) {
$newvalue = join(', ',@{$defaultshash{'trust'}{$prefix}{$type}});
}
+ } else {
+ $notinuse = 1;
}
}
}
- if ($newvalue eq '') {
+ if ($notinuse) {
+ $resulttext .= ''.&mt('[_1] set to: not in use',$lt{$type}).' ';
+ } elsif ($newvalue eq '') {
$resulttext .= ''.&mt('[_1] set to: none',$lt{$type}).' ';
} else {
$resulttext .= ''.&mt('[_1] set to: [_2].',$lt{$type},$newvalue).' ';
@@ -16259,12 +21306,12 @@ sub modify_loadbalancing {
my @sparestypes = ('primary','default');
my %typetitles = &sparestype_titles();
my $resulttext;
- my (%currbalancer,%currtargets,%currrules,%existing);
+ my (%currbalancer,%currtargets,%currrules,%existing,%currcookies);
if (ref($domconfig{'loadbalancing'}) eq 'HASH') {
%existing = %{$domconfig{'loadbalancing'}};
}
&get_loadbalancers_config(\%servers,\%existing,\%currbalancer,
- \%currtargets,\%currrules);
+ \%currtargets,\%currrules,\%currcookies);
my ($saveloadbalancing,%defaultshash,%changes);
my ($alltypes,$othertypes,$titles) =
&loadbalancing_titles($dom,$intdom,$usertypes,$types);
@@ -16316,6 +21363,18 @@ sub modify_loadbalancing {
}
$defaultshash{'loadbalancing'}{$balancer}{'targets'}{$sparetype} = \@offloadto;
}
+ if ($env{'form.loadbalancing_cookie_'.$i}) {
+ $defaultshash{'loadbalancing'}{$balancer}{'cookie'} = 1;
+ if (exists($currbalancer{$balancer})) {
+ unless ($currcookies{$balancer}) {
+ $changes{'curr'}{$balancer}{'cookie'} = 1;
+ }
+ }
+ } elsif (exists($currbalancer{$balancer})) {
+ if ($currcookies{$balancer}) {
+ $changes{'curr'}{$balancer}{'cookie'} = 1;
+ }
+ }
if (ref($currtargets{$balancer}) eq 'HASH') {
foreach my $sparetype (@sparestypes) {
if (ref($currtargets{$balancer}{$sparetype}) eq 'ARRAY') {
@@ -16469,24 +21528,33 @@ sub modify_loadbalancing {
}
}
}
- if (keys(%toupdate)) {
- my %thismachine;
- my $updatedhere;
- my $cachetime = 60*60*24;
- map { $thismachine{$_} = 1; } &Apache::lonnet::current_machine_ids();
- foreach my $lonhost (keys(%toupdate)) {
- if ($thismachine{$lonhost}) {
- unless ($updatedhere) {
- &Apache::lonnet::do_cache_new('loadbalancing',$dom,
- $defaultshash{'loadbalancing'},
- $cachetime);
- $updatedhere = 1;
- }
- } else {
- my $cachekey = &escape('loadbalancing').':'.&escape($dom);
- &Apache::lonnet::remote_devalidate_cache($lonhost,[$cachekey]);
- }
+ if ($changes{'curr'}{$balancer}{'cookie'}) {
+ if ($currcookies{$balancer}) {
+ $resulttext .= ''.&mt('Load Balancer: [_1] -- cookie use disabled',
+ $balancer).' ';
+ } else {
+ $resulttext .= ''.&mt('Load Balancer: [_1] -- cookie use enabled',
+ $balancer).' ';
+ }
+ }
+ }
+ }
+ if (keys(%toupdate)) {
+ my %thismachine;
+ my $updatedhere;
+ my $cachetime = 60*60*24;
+ map { $thismachine{$_} = 1; } &Apache::lonnet::current_machine_ids();
+ foreach my $lonhost (keys(%toupdate)) {
+ if ($thismachine{$lonhost}) {
+ unless ($updatedhere) {
+ &Apache::lonnet::do_cache_new('loadbalancing',$dom,
+ $defaultshash{'loadbalancing'},
+ $cachetime);
+ $updatedhere = 1;
}
+ } else {
+ my $cachekey = &escape('loadbalancing').':'.&escape($dom);
+ &Apache::lonnet::remote_devalidate_cache($lonhost,[$cachekey]);
}
}
}
@@ -16698,12 +21766,12 @@ sub lonbalance_targets_js {
}
push(@alltypes,'default','_LC_adv','_LC_author','_LC_internetdom','_LC_external');
$allinsttypes = join("','",@alltypes);
- my (%currbalancer,%currtargets,%currrules,%existing);
+ my (%currbalancer,%currtargets,%currrules,%existing,%currcookies);
if (ref($settings) eq 'HASH') {
%existing = %{$settings};
}
&get_loadbalancers_config($servers,\%existing,\%currbalancer,
- \%currtargets,\%currrules);
+ \%currtargets,\%currrules,\%currcookies);
my $balancers = join("','",sort(keys(%currbalancer)));
return <<"END";
@@ -16983,6 +22051,7 @@ function balancerChange(balnum,baltotal,
END
}
+
sub new_spares_js {
my @sparestypes = ('primary','default');
my $types = join("','",@sparestypes);
@@ -17056,7 +22125,7 @@ function updateNewSpares(formname,lonhos
function checkNewSpares(lonhost,type) {
var newSpare = document.getElementById('newspare_'+type+'_'+lonhost);
var chosen = newSpare.options[newSpare.selectedIndex].value;
- if (chosen != '') {
+ if (chosen != '') {
var othertype;
var othernewSpare;
if (type == 'primary') {
@@ -17190,7 +22259,7 @@ function toggleDisplay(domForm,caller) {
var dispval = 'block';
var selfcreateRegExp = /^cancreate_emailverified/;
if (caller == 'emailoptions') {
- optionsElement = domForm.cancreate_email;
+ optionsElement = domForm.cancreate_email;
}
if (caller == 'studentsubmission') {
optionsElement = domForm.postsubmit;
@@ -17245,16 +22314,48 @@ sub devalidate_remote_domconfs {
my %servers = &Apache::lonnet::internet_dom_servers($dom);
my %thismachine;
map { $thismachine{$_} = 1; } &Apache::lonnet::current_machine_ids();
- my @posscached = ('domainconfig','domdefaults','ltitools','usersessions','directorysrch');
+ my @posscached = ('domainconfig','domdefaults','ltitools','usersessions',
+ 'directorysrch','passwdconf','cats','proxyalias','proxysaml');
+ my %cache_by_lonhost;
+ if (exists($cachekeys->{'samllanding'})) {
+ if (ref($cachekeys->{'samllanding'}) eq 'HASH') {
+ my %landing = %{$cachekeys->{'samllanding'}};
+ my %domservers = &Apache::lonnet::get_servers($dom);
+ if (keys(%domservers)) {
+ foreach my $server (keys(%domservers)) {
+ my @cached;
+ next if ($thismachine{$server});
+ if ($landing{$server}) {
+ push(@cached,&escape('samllanding').':'.&escape($server));
+ }
+ if (@cached) {
+ $cache_by_lonhost{$server} = \@cached;
+ }
+ }
+ }
+ }
+ }
if (keys(%servers)) {
foreach my $server (keys(%servers)) {
next if ($thismachine{$server});
my @cached;
foreach my $name (@posscached) {
if ($cachekeys->{$name}) {
- push(@cached,&escape($name).':'.&escape($dom));
+ if (($name eq 'proxyalias') || ($name eq 'proxysaml')) {
+ if (ref($cachekeys->{$name}) eq 'HASH') {
+ foreach my $key (keys(%{$cachekeys->{$name}})) {
+ push(@cached,&escape($name).':'.&escape($key));
+ }
+ }
+ } else {
+ push(@cached,&escape($name).':'.&escape($dom));
+ }
}
}
+ if ((exists($cache_by_lonhost{$server})) &&
+ (ref($cache_by_lonhost{$server}) eq 'ARRAY')) {
+ push(@cached,@{$cache_by_lonhost{$server}});
+ }
if (@cached) {
&Apache::lonnet::remote_devalidate_cache($server,\@cached);
}