--- loncom/auth/lonacc.pm	2021/08/06 12:39:59	1.193
+++ loncom/auth/lonacc.pm	2021/10/26 15:52:54	1.199
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Cookie Based Access Handler
 #
-# $Id: lonacc.pm,v 1.193 2021/08/06 12:39:59 raeburn Exp $
+# $Id: lonacc.pm,v 1.199 2021/10/26 15:52:54 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -305,7 +305,7 @@ sub sso_login {
     my $query = $r->args;
     my %form;
     if ($query) {
-        my @items = ('role','symb','iptoken','origurl');
+        my @items = ('role','symb','iptoken','origurl','ltoken','linkkey','logtoken');
         &Apache::loncommon::get_unprocessed_cgi($query,\@items);
         foreach my $item (@items) {
             if (defined($env{'form.'.$item})) {
@@ -323,6 +323,30 @@ sub sso_login {
         }
     }
 
+    my ($linkprot,$linkkey);
+    if ($form{'logtoken'}) {
+        my ($firsturl,@rest);
+        my $lonhost = $r->dir_config('lonHostID');
+        my $tmpinfo = &Apache::lonnet::reply('tmpget:'.$form{'logtoken'},$lonhost);
+        my $delete = &Apache::lonnet::tmpdel($form{'logtoken'});
+        (undef,$firsturl,@rest) = split(/&/,$tmpinfo);
+        foreach my $item (@rest) {
+            my ($key,$value) = split(/=/,$item);
+            $form{$key} = &unescape($value);
+        }
+        if ($firsturl =~ m{^/tiny/$match_domain/\w+$}) {
+            $form{'origurl'} = $firsturl;
+        }
+    }
+    if ($form{'ltoken'}) {
+        my %link_info = &Apache::lonnet::tmpget($form{'ltoken'});
+        $linkprot = $link_info{'linkprot'};
+        my $delete = &Apache::lonnet::tmpdel($form{'ltoken'});
+    }
+    if ($form{'linkkey'} ne '') {
+        $linkkey = $form{'linkkey'};
+    }
+
     my $domain = $r->dir_config('lonSSOUserDomain');
     if ($domain eq '') {
         $domain = $r->dir_config('lonDefDomain');
@@ -372,6 +396,18 @@ sub sso_login {
                     $env{'form.origurl'} = $r->uri;
                 }
             }
+            if (($r->uri eq '/adm/sso') && ($form{'origurl'} =~ m{^/+tiny/+$match_domain/+\w+$})) {
+                $env{'request.deeplink.login'} = $form{'origurl'};
+            } elsif ($r->uri =~ m{^/+tiny/+$match_domain/+\w+$}) {
+                $env{'request.deeplink.login'} = $r->uri;
+            }
+            if ($env{'request.deeplink.login'}) {
+                if ($linkprot) {
+                    $env{'request.linkprot'} = $linkprot;
+                } elsif ($linkkey ne '') {
+                    $env{'request.linkkey'} = $linkkey;
+                }
+            }
             $env{'request.sso.login'} = 1;
             if (defined($r->dir_config("lonSSOReloginServer"))) {
                 $env{'request.sso.reloginserver'} =
@@ -403,6 +439,18 @@ sub sso_login {
                     $info{'origurl'} = $r->uri; 
                 }
             }
+            if (($r->uri eq '/adm/sso') && ($form{'origurl'} =~ m{^/+tiny/+$match_domain/+\w+$})) {
+                $info{'deeplink.login'} = $form{'origurl'};
+            } elsif ($r->uri =~ m{^/+tiny/+$match_domain/+\w+$}) {
+                $info{'deeplink.login'} = $r->uri;
+            }
+            if ($info{'deeplink.login'}) {
+                if ($linkprot) {
+                    $info{'linkprot'} = $linkprot;
+                } elsif ($linkkey ne '') {
+                    $info{'linkkey'} = $linkkey;
+                }
+            }
             if ($r->dir_config("ssodirecturl") == 1) {
                 $info{'origurl'} = $r->uri;
             }
@@ -479,7 +527,7 @@ sub handler {
     if ($handle eq '') {
         unless ((($requrl eq '/adm/switchserver') && (!$r->is_initial_req())) ||
                 ($requrl =~ m{^/public/$match_domain/$match_courseid/syllabus}) ||
-                ($requrl =~ m{^/adm/help/}) ||
+                ($requrl =~ m{^/adm/help/}) || ($requrl eq '/adm/sso') ||
                 ($requrl =~ m{^/res/$match_domain/$match_username/})) {
 	    $r->log_reason("Cookie not valid", $r->filename);
         }
@@ -592,7 +640,7 @@ sub handler {
                 if (($found_server) && ($balancer_cookie =~ /^\Q$env{'user.domain'}\E_\Q$env{'user.name'}\E_/)) {
                     $otherserver = $found_server;
                 }
-                unless ($requrl eq '/adm/switchserver') { 
+                unless ($requrl eq '/adm/switchserver') {
                     $r->set_handlers('PerlResponseHandler'=>
                                      [\&Apache::switchserver::handler]);
                 }
@@ -754,7 +802,7 @@ sub handler {
                         }
                     }
                 } elsif (($handle =~ /^publicuser_\d+$/) && (&Apache::lonnet::is_portfolio_url($requrl))) {
-                    my $clientip = &Apache::lonnet::get_requestor_ip($r); 
+                    my $clientip = &Apache::lonnet::get_requestor_ip($r);
                     if (&Apache::lonnet::allowed('bre',$requrl,undef,undef,$clientip) ne 'F') {
                         $env{'user.error.msg'}="$requrl:bre:1:1:Access Denied";
                         return HTTP_NOT_ACCEPTABLE;
@@ -823,7 +871,7 @@ sub handler {
                                 my ($map,$mid,$murl)=&Apache::lonnet::decode_symb($symb);
                                 if ($map =~ /\.page$/) {
                                     my $mapsymb = &Apache::lonnet::symbread($map);
-                                    ($map,$mid,$murl)=&Apache::lonnet::decode_symb($mapsymb); 
+                                    ($map,$mid,$murl)=&Apache::lonnet::decode_symb($mapsymb);
                                 }
                                 &Apache::lonnet::symblist($map,$murl => [$murl,$mid],
                                                           'last_known' =>[$murl,$mid]);