--- loncom/auth/lonacc.pm 2021/10/26 15:52:54 1.199
+++ loncom/auth/lonacc.pm 2021/11/03 01:04:02 1.200
@@ -1,7 +1,7 @@
# The LearningOnline Network
# Cookie Based Access Handler
#
-# $Id: lonacc.pm,v 1.199 2021/10/26 15:52:54 raeburn Exp $
+# $Id: lonacc.pm,v 1.200 2021/11/03 01:04:02 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -305,7 +305,8 @@ sub sso_login {
my $query = $r->args;
my %form;
if ($query) {
- my @items = ('role','symb','iptoken','origurl','ltoken','linkkey','logtoken');
+ my @items = ('role','symb','iptoken','origurl','ttoken',
+ 'ltoken','linkkey','logtoken','sso');
&Apache::loncommon::get_unprocessed_cgi($query,\@items);
foreach my $item (@items) {
if (defined($env{'form.'.$item})) {
@@ -324,26 +325,97 @@ sub sso_login {
}
my ($linkprot,$linkkey);
- if ($form{'logtoken'}) {
+
+#
+# If Shibboleth auth is in use, and a dual SSO and non-SSO login page
+# is in use, then the query string will contain the logtoken item with
+# a value set to the name of a .tmp file in /home/httpd/perl/tmp
+# containing the url to display after authentication, and also,
+# optionally, role and symb, or linkprot or linkkey (deep-link access).
+#
+# If Shibboleth auth is in use, but a dual log-in page is not in use,
+# and the originally requested URL was /tiny/$domain/$id (i.e.,
+# for deeplinking), then the query string will contain the sso item
+# with a value set to the name of a .tmp file in /home/httpd/perl/tmp
+# containing the url to display after authentication, and also,
+# optionally, linkprot or linkkey (deep-link access).
+#
+# Otherwise the query string may contain role and symb, or if the
+# originally requested URL was /tiny/$domain/$id (i.e. for deeplinking)
+# then the query string may contain a ttoken item with a value set
+# to the name of a .tmp file in /home/httpd/perl/tmp containing either
+# linkprot or linkkey (deep-link access).
+#
+# If deep-linked, i.e., the originally requested URL was /tiny/$domain/$id
+# the linkkey may have originally been sent in POSTed data, which will
+# have been processed in lontrans.pm
+#
+
+ if ($form{'ttoken'}) {
+ my %info = &Apache::lonnet::tmpget($form{'ttoken'});
+ &Apache::lonnet::tmpdel($form{'ttoken'});
+ if ($info{'origurl'}) {
+ $form{'origurl'} = $info{'origurl'};
+ }
+ if ($info{'linkprot'}) {
+ $linkprot = $info{'linkprot'};
+ } elsif ($info{'linkkey'} ne '') {
+ $linkkey = $info{'linkkey'};
+ }
+ } elsif ($form{'logtoken'}) {
my ($firsturl,@rest);
my $lonhost = $r->dir_config('lonHostID');
my $tmpinfo = &Apache::lonnet::reply('tmpget:'.$form{'logtoken'},$lonhost);
my $delete = &Apache::lonnet::tmpdel($form{'logtoken'});
- (undef,$firsturl,@rest) = split(/&/,$tmpinfo);
- foreach my $item (@rest) {
- my ($key,$value) = split(/=/,$item);
- $form{$key} = &unescape($value);
+ unless (($tmpinfo=~/^error/) || ($tmpinfo eq 'con_lost') ||
+ ($tmpinfo eq 'no_such_host')) {
+ (undef,$firsturl,@rest) = split(/&/,$tmpinfo);
+ if ($firsturl ne '') {
+ $firsturl = &unescape($firsturl);
+ }
+ foreach my $item (@rest) {
+ my ($key,$value) = split(/=/,$item);
+ $form{$key} = &unescape($value);
+ }
+ if ($firsturl =~ m{^/tiny/$match_domain/\w+$}) {
+ $form{'origurl'} = $firsturl;
+ }
+ if ($form{'linkprot'}) {
+ $linkprot = $form{'linkprot'};
+ } elsif ($form{'linkkey'} ne '') {
+ $linkkey = $form{'linkkey'};
+ }
+ if ($form{'iptoken'}) {
+ %sessiondata = &Apache::lonnet::tmpget($form{'iptoken'});
+ my $delete = &Apache::lonnet::tmpdel($form{'iptoken'});
+ }
}
- if ($firsturl =~ m{^/tiny/$match_domain/\w+$}) {
- $form{'origurl'} = $firsturl;
+ } elsif ($form{'sso'}) {
+ my $lonhost = $r->dir_config('lonHostID');
+ my $info = &Apache::lonnet::reply('tmpget:'.$form{'sso'},$lonhost);
+ &Apache::lonnet::tmpdel($form{'sso'});
+ unless (($info=~/^error/) || ($info eq 'con_lost') ||
+ ($info eq 'no_such_host')) {
+ my ($firsturl,@rest)=split(/\&/,$info);
+ if ($firsturl ne '') {
+ $form{'origurl'} = &unescape($firsturl);
+ }
+ foreach my $item (@rest) {
+ my ($key,$value) = split(/=/,$item);
+ $form{$key} = &unescape($value);
+ }
+ if ($form{'linkprot'}) {
+ $linkprot = $form{'linkprot'};
+ } elsif ($form{'linkkey'} ne '') {
+ $linkkey = $form{'linkkey'};
+ }
}
- }
- if ($form{'ltoken'}) {
+ } elsif ($form{'ltoken'}) {
my %link_info = &Apache::lonnet::tmpget($form{'ltoken'});
$linkprot = $link_info{'linkprot'};
my $delete = &Apache::lonnet::tmpdel($form{'ltoken'});
- }
- if ($form{'linkkey'} ne '') {
+ delete($form{'ltoken'});
+ } elsif ($form{'linkkey'} ne '') {
$linkkey = $form{'linkkey'};
}
@@ -432,6 +504,8 @@ sub sso_login {
foreach my $item ('role','symb','iptoken','origurl') {
if (exists($form{$item})) {
$info{$item} = $form{$item};
+ } elsif ($sessiondata{$item} ne '') {
+ $info{$item} = $sessiondata{$item};
}
}
unless (($info{'symb'}) || ($info{'origurl'})) {
@@ -488,6 +562,8 @@ sub sso_login {
$r->subprocess_env->set('SSOUserUnknown' => $user);
$r->subprocess_env->set('SSOUserDomain' => $domain);
if (grep(/^sso$/,@cancreate)) {
+#FIXME - need to preserve origurl, role and symb, or linkprot or linkkey for use after account
+# creation
$r->set_handlers('PerlHandler'=> [\&Apache::createaccount::handler]);
$r->handler('perl-script');
} else {
500 Internal Server Error
Internal Server Error
The server encountered an internal error or
misconfiguration and was unable to complete
your request.
Please contact the server administrator at
root@localhost to inform them of the time this error occurred,
and the actions you performed just before this error.
More information about this error may be available
in the server error log.