--- loncom/interface/lonuserutils.pm	2019/05/06 19:28:17	1.199
+++ loncom/interface/lonuserutils.pm	2022/02/14 01:15:24	1.210
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # Utility functions for managing LON-CAPA user accounts
 #
-# $Id: lonuserutils.pm,v 1.199 2019/05/06 19:28:17 raeburn Exp $
+# $Id: lonuserutils.pm,v 1.210 2022/02/14 01:15:24 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -532,7 +532,7 @@ END
 END
     } else {
         my ($numrules,$intargjs) =
-            &passwd_validation_js('vf.elements[current.argfield].value',$domain);
+            &Apache::loncommon::passwd_validation_js('vf.elements[current.argfield].value',$domain);
         $auth_checks .= (<<END);
     foundatype=1;
     if (current.argfield == null || current.argfield == '') {
@@ -543,13 +543,15 @@ END
             case 'krb':
                 alertmsg = '$alert{'krb'}';
                 break;
-            case 'loc':
             case 'int':
                 alertmsg = '$alert{'ipass'}';
                 break;
             case 'fsys':
                 alertmsg = '$alert{'ipass'}';
                 break;
+            case 'loc':
+                alertmsg = '';
+                break;
             case 'lti':
             default:
                 alertmsg = '';
@@ -651,135 +653,6 @@ END
     return $result;
 }
 
-sub passwd_validation_js {
-    my ($currpasswdval,$domain) = @_;
-    my %passwdconf = &Apache::lonnet::get_passwdconf($domain);
-    my ($min,$max,@chars,$numrules,$intargjs,%alert);
-    $numrules = 0;
-    if (ref($passwdconf{'chars'}) eq 'ARRAY') {
-        if ($passwdconf{'min'} =~ /^\d+$/) {
-            $min = $passwdconf{'min'};
-            $numrules ++;
-        }
-        if ($passwdconf{'max'} =~ /^\d+$/) {
-            $max = $passwdconf{'max'};
-            $numrules ++;
-        }
-        @chars = @{$passwdconf{'chars'}};
-        if (@chars) {
-            $numrules ++;
-        }
-    } else {
-        $min = 7;
-        $numrules ++;
-    }
-    if (($min ne '') || ($max ne '') || (@chars > 0)) {
-        my $alertmsg = &mt('Initial password did not satisfy requirement(s):').'\n\n';
-        if ($min) {
-            $alert{'min'} = &mt('minimum [quant,_1,character]',$min).'\n';
-        }
-        if ($max) {
-            $alert{'max'} = &mt('maximum [quant,_1,character]',$max).'\n';
-        }
-        my (@charalerts,@charrules);
-        if (@chars) {
-            if (grep(/^uc$/,@chars)) {
-                push(@charalerts,&mt('contain at least one upper case letter'));
-                push(@charrules,'uc');
-            }
-            if (grep(/^lc$/,@chars)) {
-                push(@charalerts,&mt('contain at least one lower case letter'));
-                push(@charrules,'lc');
-            }
-            if (grep(/^num$/,@chars)) {
-                push(@charalerts,&mt('contain at least one number'));
-                push(@charrules,'num');
-            }
-            if (grep(/^spec$/,@chars)) {
-                push(@charalerts,&mt('contain at least one non-alphanumeric'));
-                push(@charrules,'spec');
-            }
-        }
-        $intargjs = qq|            var rulesmsg = '';\n|.
-                    qq|            var currpwval = $currpasswdval;\n|;
-            if ($min) {
-                $intargjs .= qq|
-            if (currpwval.length < $min) {
-                rulesmsg += ' - $alert{min}';
-            }
-|;
-            }
-            if ($max) {
-                $intargjs .= qq|
-            if (currpwval.length > $max) {
-                rulesmsg += ' - $alert{max}';
-            }
-|;
-            }
-            if (@chars > 0) {
-                my $charrulestr = '"'.join('","',@charrules).'"';
-                my $charalertstr = '"'.join('","',@charalerts).'"';
-                $intargjs .= qq|            var brokerules = new Array();\n|.
-                             qq|            var charrules = new Array($charrulestr);\n|.
-                             qq|            var charalerts = new Array($charalertstr);\n|;
-                my %rules;
-                map { $rules{$_} = 1; } @chars;
-                if ($rules{'uc'}) {
-                    $intargjs .= qq|
-            var ucRegExp = /[A-Z]/;
-            if (!ucRegExp.test(currpwval)) {
-                brokerules.push('uc');
-            }
-|;
-                }
-                if ($rules{'lc'}) {
-                    $intargjs .= qq|
-            var lcRegExp = /[a-z]/;
-            if (!lcRegExp.test(currpwval)) {
-                brokerules.push('lc');
-            }
-|;
-                }
-                if ($rules{'num'}) {
-                     $intargjs .= qq|
-            var numRegExp = /[0-9]/;
-            if (!numRegExp.test(currpwval)) {
-                brokerules.push('num');
-            }
-|;
-                }
-                if ($rules{'spec'}) {
-                     $intargjs .= q|
-            var specRegExp = /[!"#$%&'()*+,\-.\/:;<=>?@[\\\]^_`{\|}~]/;
-            if (!specRegExp.test(currpwval)) {
-                brokerules.push('spec');
-            }
-|;
-                }
-                $intargjs .= qq|
-            if (brokerules.length > 0) {
-                for (var i=0; i<brokerules.length; i++) {
-                    for (var j=0; j<charrules.length; j++) {
-                        if (brokerules[i] == charrules[j]) {
-                            rulesmsg += ' - '+charalerts[j]+'\\n';
-                            break;
-                        }
-                    }
-                }
-            }
-|;
-            }
-            $intargjs .= qq|
-            if (rulesmsg != '') {
-                rulesmsg = '$alertmsg'+rulesmsg;
-                alert(rulesmsg);
-                return false;
-            }
-|;
-    }
-    return ($numrules,$intargjs);
-}
-
 ###############################################################
 ###############################################################
 sub upload_manager_javascript_forward_associate {
@@ -1707,10 +1580,11 @@ sub my_custom_roles {
     my %rolehash=&Apache::lonnet::dump('roles',$udom,$uname);
     foreach my $key (keys(%rolehash)) {
         if ($key=~/^rolesdef\_(\w+)$/) {
+            my $role = $1;
             if ($crstype eq 'Community') {
                 next if ($rolehash{$key} =~ /bre\&S/); 
             }
-            $returnhash{$1}=$1;
+            $returnhash{$role}=$role;
         }
     }
     return %returnhash;
@@ -2433,7 +2307,6 @@ sub build_user_record {
 
 sub courses_selector {
     my ($cdom,$formname) = @_;
-    my %coursecodes = ();
     my %codes = ();
     my @codetitles = ();
     my %cat_titles = ();
@@ -2446,14 +2319,15 @@ sub courses_selector {
     my $jscript = '';
 
     my $totcodes = 0;
-    $totcodes =
-        &Apache::courseclassifier::retrieve_instcodes(\%coursecodes,
-                                                      $cdom,$totcodes);
-    if ($totcodes > 0) {
-        $format_reply =
-             &Apache::lonnet::auto_instcode_format($caller,$cdom,\%coursecodes,
-                                \%codes,\@codetitles,\%cat_titles,\%cat_order);
-        if ($format_reply eq 'ok') {
+    my $instcats = &Apache::lonnet::get_dom_instcats($cdom);
+    if (ref($instcats) eq 'HASH') {
+        if ((ref($instcats->{'codetitles'}) eq 'ARRAY') && (ref($instcats->{'codes'}) eq 'HASH') &&
+            (ref($instcats->{'cat_titles'}) eq 'HASH') && (ref($instcats->{'cat_order'}) eq 'HASH')) {
+            %codes = %{$instcats->{'codes'}};
+            @codetitles = @{$instcats->{'codetitles'}};
+            %cat_titles = %{$instcats->{'cat_titles'}};
+            %cat_order = %{$instcats->{'cat_order'}};
+            $totcodes = scalar(keys(%codes));
             my $numtypes = @codetitles;
             &Apache::courseclassifier::build_code_selections(\%codes,\@codetitles,\%cat_titles,\%cat_order,\%idlist,\%idnums,\%idlist_titles);
             my ($scripttext,$longtitles) = &Apache::courseclassifier::javascript_definitions(\@codetitles,\%idlist,\%idlist_titles,\%idnums,\%cat_titles);
@@ -3667,6 +3541,8 @@ END
         setSections(formname,'$crstype');
         if (seccheck == 'ok') {
             opener.document.$callingform.newsecs.value = formname.sections.value;
+        } else {
+            return;
         }
 END
     } else {
@@ -4377,6 +4253,7 @@ sub upfile_drop_add {
     }
     my $amode  = '';
     my $genpwd = '';
+    my @genpwdfail;
     if ($env{'form.login'} eq 'krb') {
         $amode='krb';
         $amode.=$env{'form.krbver'};
@@ -4385,6 +4262,8 @@ sub upfile_drop_add {
         $amode='internal';
         if ((defined($env{'form.intarg'})) && ($env{'form.intarg'})) {
             $genpwd=$env{'form.intarg'};
+            @genpwdfail =
+                &Apache::loncommon::check_passwd_rules($domain,$genpwd);
         }
     } elsif ($env{'form.login'} eq 'loc') {
         $amode='localauth';
@@ -4465,7 +4344,6 @@ sub upfile_drop_add {
                                                   \@statuses,\@poss_roles);
                 &gather_userinfo($context,'view',\%userlist,$indexhash,\%info,
                              \%cstr_roles,$permission);
-
             }
         }
     }
@@ -4543,7 +4421,8 @@ sub upfile_drop_add {
         my $newuserdom = $env{'request.role.domain'};
         map { $cancreate{$_} = &can_create_user($newuserdom,$context,$_); } keys(%longtypes);
         # Get new users list
-        my (%existinguser,%userinfo,%disallow,%rulematch,%inst_results,%alerts,%checkuname);
+        my (%existinguser,%userinfo,%disallow,%rulematch,%inst_results,%alerts,%checkuname,
+            %showpasswdrules,$haspasswdmap);
         my $counter = -1;
         my (%willtrust,%trustchecked);
         foreach my $line (@userdata) {
@@ -4694,12 +4573,44 @@ sub upfile_drop_add {
                         }
                     }
                     # determine user password
-                    my $password = $genpwd;
+                    my $password;
+                    my $passwdfromfile;
                     if (defined($fields{'ipwd'})) {
                         if ($entries{$fields{'ipwd'}}) {
                             $password=$entries{$fields{'ipwd'}};
+                            $passwdfromfile = 1;
+                            if ($env{'form.login'} eq 'int') {
+                                my $uhome=&Apache::lonnet::homeserver($username,$userdomain);
+                                if (($uhome eq 'no_host') || ($changeauth)) {
+                                    my @brokepwdrules =
+                                        &Apache::loncommon::check_passwd_rules($domain,$password);
+                                    if (@brokepwdrules) {
+                                        $disallow{$counter} = &mt('[_1]: Password included in file for this user did not meet requirements.',
+                                                                  '<b>'.$username.'</b>');
+                                        map { $showpasswdrules{$_} = 1; } @brokepwdrules;
+                                        next;
+                                    }
+                                }
+                            }
                         }
                     }
+                    unless ($passwdfromfile) {
+                        if ($env{'form.login'} eq 'int') {
+                            if (@genpwdfail) {
+                                my $uhome=&Apache::lonnet::homeserver($username,$userdomain);
+                                if (($uhome eq 'no_host') || ($changeauth)) {
+                                    $disallow{$counter} = &mt('[_1]: No specific password in file for this user; default password did not meet requirements',
+                                                              '<b>'.$username.'</b>');
+                                    unless ($haspasswdmap) {
+                                        map { $showpasswdrules{$_} = 1; } @genpwdfail;
+                                        $haspasswdmap = 1;
+                                    }
+                                }
+                                next;
+                            }
+                        }
+                        $password = $genpwd;
+                    }
                     # determine user role
                     my $role = '';
                     if (defined($fields{'role'})) {
@@ -4970,6 +4881,16 @@ sub upfile_drop_add {
                     my (%userres,%authres,%roleres,%idres);
                     my $singlesec = '';
                     if ($role eq 'st') {
+                        if (($context eq 'domain') && ($changeauth eq 'Yes') && (!$newuser)) {
+                            if ((&Apache::lonnet::allowed('mau',$userdomain)) &&
+                                (&Apache::lonnet::homeserver($username,$userdomain) ne 'no_host')) {
+                                if ((($amode =~ /^krb4|krb5|internal$/) && $password ne '') ||
+                                     ($amode eq 'localauth')) {
+                                    $authresult =
+                                        &Apache::lonnet::modifyuserauth($userdomain,$username,$amode,$password);
+                                }
+                            }
+                        }
                         my $sec;
                         if (ref($userinfo{$i}{'sections'}) eq 'ARRAY') {
                             if (@secs > 0) {
@@ -5011,16 +4932,16 @@ sub upfile_drop_add {
                                     }
                                 }
                             }
-                            if (!$multiple) {
-                                ($userresult,$authresult,$roleresult,$idresult) = 
-                                    &modifyuserrole($context,$setting,
-                                                    $changeauth,$cid,$userdomain,$username, 
-                                                    $id,$amode,$password,$fname,
-                                                    $mname,$lname,$gen,$singlesec,
-                                                    $env{'form.forceid'},$desiredhost,
-                                                    $email,$role,$enddate,$startdate,
-                                                    $checkid,$inststatus);
-                            }
+                        }
+                        if (!$multiple) {
+                            ($userresult,$authresult,$roleresult,$idresult) = 
+                                &modifyuserrole($context,$setting,
+                                                $changeauth,$cid,$userdomain,$username, 
+                                                $id,$amode,$password,$fname,
+                                                $mname,$lname,$gen,$singlesec,
+                                                $env{'form.forceid'},$desiredhost,
+                                                $email,$role,$enddate,$startdate,
+                                                $checkid,$inststatus);
                         }
                     }
                     if ($multiple) {
@@ -5061,6 +4982,7 @@ sub upfile_drop_add {
                           $counts{'auth'})."</p>\n");
         }
         $r->print(&print_namespacing_alerts($domain,\%alerts,\%curr_rules));
+        $r->print(&passwdrule_alerts($domain,\%showpasswdrules));
         #####################################
         # Display list of students to drop  #
         #####################################
@@ -5130,6 +5052,42 @@ sub print_namespacing_alerts {
     }
 }
 
+sub passwdrule_alerts {
+    my ($domain,$passwdrules) = @_;
+    my $warning;
+    if (ref($passwdrules) eq 'HASH') {
+        my %showrules = %{$passwdrules};
+        if (keys(%showrules)) {
+            my %passwdconf = &Apache::lonnet::get_passwdconf($domain);
+            $warning = '<b>'.&mt('Password requirement(s) unmet for one or more users:').'</b><ul>';
+            if ($showrules{'min'}) {
+                my $min = $passwdconf{'min'};
+                if ($min eq '') {
+                    $min = $Apache::lonnet::passwdmin;
+                }
+                $warning .= '<li>'.&mt('minimum [quant,_1,character]',$min).'</li>';
+            }
+            if ($showrules{'max'}) {
+                $warning .= '<li>'.&mt('maximum [quant,_1,character]',$passwdconf{'max'}).'</li>';
+            }
+            if ($showrules{'uc'}) {
+                $warning .= '<li>'.&mt('contain at least one upper case letter').'</li>';
+            }
+            if ($showrules{'lc'}) {
+                $warning .= '<li>'.&mt('contain at least one lower case letter').'</li>';
+            }
+            if ($showrules{'num'}) {
+                $warning .= '<li>'.&mt('contain at least one number').'</li>';
+            }
+            if ($showrules{'spec'}) {
+                $warning .= '<li>'.&mt('contain at least one non-alphanumeric').'</li>';
+            }
+            $warning .= '</ul>';
+        }
+    }
+    return $warning;
+}
+
 sub user_change_result {
     my ($r,$userresult,$authresult,$roleresult,$idresult,$counts,$flushc,
         $username,$userdomain,$userchg) = @_;
@@ -6446,7 +6404,7 @@ sub verify_authen {
         $finish = "document.$formname.submit();";
     }
     my ($numrules,$intargjs) =
-        &passwd_validation_js('argpicked',$domain);
+        &Apache::loncommon::passwd_validation_js('argpicked',$domain);
     my $outcome = <<"ENDSCRIPT";
 
 function auth_check() {