--- loncom/interface/domainprefs.pm 2021/09/27 03:26:24 1.387
+++ loncom/interface/domainprefs.pm 2021/11/22 22:19:58 1.390
@@ -1,7 +1,7 @@
# The LearningOnline Network with CAPA
# Handler to set domain-wide configuration settings
#
-# $Id: domainprefs.pm,v 1.387 2021/09/27 03:26:24 raeburn Exp $
+# $Id: domainprefs.pm,v 1.390 2021/11/22 22:19:58 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -3177,14 +3177,16 @@ sub lti_javascript {
return $togglejs;
}
my (%ordered,$total,%jstext);
- $total = 0;
+ $total = scalar(keys(%{$settings}));
foreach my $item (keys(%{$settings})) {
if (ref($settings->{$item}) eq 'HASH') {
my $num = $settings->{$item}{'order'};
+ if ($num eq '') {
+ $num = $total - 1;
+ }
$ordered{$num} = $item;
}
}
- $total = scalar(keys(%{$settings}));
my @jsarray = ();
foreach my $item (sort {$a <=> $b } (keys(%ordered))) {
push(@jsarray,$ordered{$item});
@@ -5937,6 +5939,9 @@ sub print_lti {
foreach my $item (keys(%{$settings})) {
if (ref($settings->{$item}) eq 'HASH') {
my $num = $settings->{$item}{'order'};
+ if ($num eq '') {
+ $num = scalar(keys(%{$settings}));
+ }
$ordered{$num} = $item;
}
}
@@ -7518,7 +7523,7 @@ sub print_wafproxy {
my $itemcount = 0;
my $datatable;
my %servers = &Apache::lonnet::internet_dom_servers($dom);
- my (%othercontrol,%otherdoms,%aliases,%values,$setdom,$showdom);
+ my (%othercontrol,%otherdoms,%aliases,%saml,%values,$setdom,$showdom);
my %lt = &wafproxy_titles();
foreach my $server (sort(keys(%servers))) {
my $serverhome = &Apache::lonnet::get_server_homeID($servers{$server});
@@ -7543,6 +7548,9 @@ sub print_wafproxy {
$showdom = 1;
}
}
+ if (ref($settings->{'saml'}) eq 'HASH') {
+ $saml{$dom} = $settings->{'saml'};
+ }
}
}
}
@@ -7562,6 +7570,9 @@ sub print_wafproxy {
my %config = &Apache::lonnet::get_dom('configuration',['wafproxy'],$domain);
if (ref($config{'wafproxy'}) eq 'HASH') {
$aliases{$domain} = $config{'wafproxy'}{'alias'};
+ if (exists($config{'wafproxy'}{'saml'})) {
+ $saml{$domain} = $config{'wafproxy'}{'saml'};
+ }
foreach my $item ('remoteip','ipheader','trusted','vpnint','vpnext') {
$values{$domain}{$item} = $config{'wafproxy'}{$item};
}
@@ -7580,14 +7591,22 @@ sub print_wafproxy {
''.&Apache::lonnet::hostname($server).'
| ';
if ($othercontrol{$server}) {
$dom_in_effect = $othercontrol{$server};
- my $current;
+ my ($current,$forsaml);
if (ref($aliases{$dom_in_effect}) eq 'HASH') {
$current = $aliases{$dom_in_effect}{$server};
}
+ if (ref($saml{$dom_in_effect}) eq 'HASH') {
+ if ($saml{$dom_in_effect}{$server}) {
+ $forsaml = 1;
+ }
+ }
$aliasrows .= ''.
&mt('Alias').': ';
if ($current) {
$aliasrows .= $current;
+ if ($forsaml) {
+ $aliasrows .= ' ('.&mt('also for Shibboleth').')';
+ }
} else {
$aliasrows .= &mt('None');
}
@@ -7596,16 +7615,30 @@ sub print_wafproxy {
''.$dom_in_effect.'').') | ';
} else {
$dom_in_effect = $dom;
- my $current;
+ my ($current,$samlon,$samloff);
+ $samloff = ' checked="checked"';
if (ref($aliases{$dom}) eq 'HASH') {
if ($aliases{$dom}{$server}) {
$current = $aliases{$dom}{$server};
}
}
+ if (ref($saml{$dom}) eq 'HASH') {
+ if ($saml{$dom}{$server}) {
+ $samlon = $samloff;
+ undef($samloff);
+ }
+ }
$aliasrows .= ''.
&mt('Alias').': '.
' | ';
+ 'value="'.$current.'" size="30" />'.
+ (' 'x2).''.
+ &mt('Alias used for Shibboleth').': '.
+ '';
}
$aliasrows .= '';
$aliasinfo{$dom_in_effect} .= $aliasrows;
@@ -11717,7 +11750,10 @@ sub modify_login {
$currsaml{$lonhost}{$item} = $env{'form.saml_'.$item.'_'.$lonhost};
}
} else {
- delete($currsaml{$lonhost});
+ if ($saml{$lonhost}) {
+ $changes{'saml'}{$lonhost} = 1;
+ delete($currsaml{$lonhost});
+ }
}
}
foreach my $posshost (keys(%currsaml)) {
@@ -14716,15 +14752,15 @@ sub modify_lti {
map { $deletions{$_} = 1; } @todelete;
}
my $maxnum = $env{'form.lti_maxnum'};
- for (my $i=0; $i<=$maxnum; $i++) {
+ for (my $i=0; $i<$maxnum; $i++) {
my $itemid = $env{'form.lti_id_'.$i};
$itemid =~ s/\D+//g;
if (ref($domconfig{$action}{$itemid}) eq 'HASH') {
if ($deletions{$itemid}) {
$changes{$itemid} = $domconfig{$action}{$itemid}{'consumer'};
} else {
- push(@items,$i);
- $itemids{$i} = $itemid;
+ push(@items,$i);
+ $itemids{$i} = $itemid;
}
}
}
@@ -14732,7 +14768,7 @@ sub modify_lti {
foreach my $idx (@items) {
my $itemid = $itemids{$idx};
next unless ($itemid);
- my $position = $env{'form.lti_pos_'.$idx};
+ my $position = $env{'form.lti_pos_'.$itemid};
$position =~ s/\D+//g;
if ($position ne '') {
$allpos[$position] = $itemid;
@@ -14995,7 +15031,7 @@ sub modify_lti {
if (ref($confhash{$itemid}) ne 'HASH') {
$resulttext .= ''.&mt('Deleted: [_1]',$changes{$itemid}).'';
} else {
- $resulttext .= ''.$confhash{$itemid}{'consumer'}.'';
+ $resulttext .= '- '.$confhash{$itemid}{'consumer'}.'
';
my $position = $pos + 1;
$resulttext .= '- '.&mt('Order: [_1]',$position).'
';
foreach my $item ('version','lifetime') {
@@ -20236,8 +20272,8 @@ sub modify_selfenrollment {
sub modify_wafproxy {
my ($dom,$action,$lastactref,%domconfig) = @_;
my %servers = &Apache::lonnet::internet_dom_servers($dom);
- my (%othercontrol,%canset,%values,%curralias,%currvalue,@warnings,%wafproxy,
- %changes,%expirecache);
+ my (%othercontrol,%canset,%values,%curralias,%currsaml,%currvalue,@warnings,
+ %wafproxy,%changes,%expirecache,%expiresaml);
foreach my $server (sort(keys(%servers))) {
my $serverhome = &Apache::lonnet::get_server_homeID($servers{$server});
if ($serverhome eq $server) {
@@ -20252,6 +20288,9 @@ sub modify_wafproxy {
if (ref($domconfig{'wafproxy'}{'alias'}) eq 'HASH') {
%curralias = %{$domconfig{'wafproxy'}{'alias'}};
}
+ if (ref($domconfig{'wafproxy'}{'saml'}) eq 'HASH') {
+ %currsaml = %{$domconfig{'wafproxy'}{'saml'}};
+ }
foreach my $item ('remoteip','ipheader','trusted','vpnint','vpnext','sslopt') {
$currvalue{$item} = $domconfig{'wafproxy'}{$item};
}
@@ -20259,6 +20298,7 @@ sub modify_wafproxy {
my $output;
if (keys(%canset)) {
%{$wafproxy{'alias'}} = ();
+ %{$wafproxy{'saml'}} = ();
foreach my $key (sort(keys(%canset))) {
if ($env{'form.wafproxy_'.$dom}) {
$wafproxy{'alias'}{$key} = $env{'form.wafproxy_alias_'.$key};
@@ -20266,11 +20306,21 @@ sub modify_wafproxy {
if ($wafproxy{'alias'}{$key} ne $curralias{$key}) {
$changes{'alias'} = 1;
}
+ if ($env{'form.wafproxy_alias_saml_'.$key}) {
+ $wafproxy{'saml'}{$key} = 1;
+ }
+ if ($wafproxy{'saml'}{$key} ne $currsaml{$key}) {
+ $changes{'saml'} = 1;
+ }
} else {
$wafproxy{'alias'}{$key} = '';
+ $wafproxy{'saml'}{$key} = '';
if ($curralias{$key}) {
$changes{'alias'} = 1;
}
+ if ($currsaml{$key}) {
+ $changes{'saml'} = 1;
+ }
}
if ($wafproxy{'alias'}{$key} eq '') {
if ($curralias{$key}) {
@@ -20278,11 +20328,20 @@ sub modify_wafproxy {
}
delete($wafproxy{'alias'}{$key});
}
+ if ($wafproxy{'saml'}{$key} eq '') {
+ if ($currsaml{$key}) {
+ $expiresaml{$key} = 1;
+ }
+ delete($wafproxy{'saml'}{$key});
+ }
}
unless (keys(%{$wafproxy{'alias'}})) {
delete($wafproxy{'alias'});
}
- # Localization for values in %warn occus in &mt() calls separately.
+ unless (keys(%{$wafproxy{'saml'}})) {
+ delete($wafproxy{'saml'});
+ }
+ # Localization for values in %warn occurs in &mt() calls separately.
my %warn = (
trusted => 'trusted IP range(s)',
vpnint => 'internal IP range(s) for VPN sessions(s)',
@@ -20350,6 +20409,9 @@ sub modify_wafproxy {
} else {
if (keys(%curralias)) {
$changes{'alias'} = 1;
+ }
+ if (keys(%currsaml)) {
+ $changes{'saml'} = 1;
}
if (keys(%currvalue)) {
foreach my $key (keys(%currvalue)) {
@@ -20402,6 +20464,23 @@ sub modify_wafproxy {
$lastactref->{'proxyalias'} = \%updates;
}
}
+ if ((exists($wafproxy{'saml'})) || (keys(%expiresaml))) {
+ my %samlupdates = %expiresaml;
+ foreach my $key (keys(%expiresaml)) {
+ &Apache::lonnet::devalidate_cache_new('proxysaml',$key);
+ }
+ if (ref($wafproxy{'saml'}) eq 'HASH') {
+ my $cachetime = 24*60*60;
+ foreach my $key (keys(%{$wafproxy{'saml'}})) {
+ $samlupdates{$key} = 1;
+ &Apache::lonnet::do_cache_new('proxysaml',$key,$wafproxy{'saml'}{$key},
+ $cachetime);
+ }
+ }
+ if (ref($lastactref) eq 'HASH') {
+ $lastactref->{'proxysaml'} = \%samlupdates;
+ }
+ }
$output = &mt('Changes were made to Web Application Firewall/Reverse Proxy').'';
foreach my $item ('alias','remoteip','ipheader','trusted','vpnint','vpnext','sslopt') {
if ($changes{$item}) {
@@ -20425,6 +20504,19 @@ sub modify_wafproxy {
unless ($numaliased) {
$output .= '- '.&mt('Aliases deleted for hostnames').'
';
}
+ } elsif ($item eq 'saml') {
+ my $shown;
+ if (ref($wafproxy{'saml'}) eq 'HASH') {
+ if (keys(%{$wafproxy{'saml'}})) {
+ $shown = join(', ',sort(keys(%{$wafproxy{'saml'}})));
+ }
+ }
+ if ($shown) {
+ $output .= '- '.&mt('Alias used by Shibboleth for: [_1]',
+ $shown).'
';
+ } else {
+ $output .= '- '.&mt('No alias used for Shibboleth').'
';
+ }
} else {
if ($item eq 'remoteip') {
my %ip_methods = &remoteip_methods();
@@ -21437,8 +21529,13 @@ sub modify_loadbalancing {
}
}
if ($changes{'curr'}{$balancer}{'cookie'}) {
- $resulttext .= '- '.&mt('Load Balancer: [_1] -- cookie use enabled',
- $balancer).'
';
+ if ($currcookies{$balancer}) {
+ $resulttext .= '- '.&mt('Load Balancer: [_1] -- cookie use disabled',
+ $balancer).'
';
+ } else {
+ $resulttext .= '- '.&mt('Load Balancer: [_1] -- cookie use enabled',
+ $balancer).'
';
+ }
}
}
}
@@ -22218,7 +22315,7 @@ sub devalidate_remote_domconfs {
my %thismachine;
map { $thismachine{$_} = 1; } &Apache::lonnet::current_machine_ids();
my @posscached = ('domainconfig','domdefaults','ltitools','usersessions',
- 'directorysrch','passwdconf','cats','proxyalias');
+ 'directorysrch','passwdconf','cats','proxyalias','proxysaml');
my %cache_by_lonhost;
if (exists($cachekeys->{'samllanding'})) {
if (ref($cachekeys->{'samllanding'}) eq 'HASH') {
@@ -22244,7 +22341,7 @@ sub devalidate_remote_domconfs {
my @cached;
foreach my $name (@posscached) {
if ($cachekeys->{$name}) {
- if ($name eq 'proxyalias') {
+ if (($name eq 'proxyalias') || ($name eq 'proxysaml')) {
if (ref($cachekeys->{$name}) eq 'HASH') {
foreach my $key (keys(%{$cachekeys->{$name}})) {
push(@cached,&escape($name).':'.&escape($key));