--- loncom/auth/lonacc.pm	2022/06/18 02:10:18	1.203
+++ loncom/auth/lonacc.pm	2022/09/17 23:38:50	1.207
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Cookie Based Access Handler
 #
-# $Id: lonacc.pm,v 1.203 2022/06/18 02:10:18 raeburn Exp $
+# $Id: lonacc.pm,v 1.207 2022/09/17 23:38:50 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -315,7 +315,7 @@ sub sso_login {
     my %form;
     if ($query) {
         my @items = ('role','symb','iptoken','origurl','ttoken',
-                     'ltoken','linkkey','logtoken','sso');
+                     'ltoken','linkkey','logtoken','sso','lcssowin');
         &Apache::loncommon::get_unprocessed_cgi($query,\@items);
         foreach my $item (@items) {
             if (defined($env{'form.'.$item})) {
@@ -333,7 +333,7 @@ sub sso_login {
         }
     }
 
-    my ($linkprot,$linkprotuser,$linkkey,$deeplinkurl);
+    my ($linkprot,$linkprotuser,$linkprotexit,$linkkey,$deeplinkurl);
 
 #
 # If Shibboleth auth is in use, and a dual SSO and non-SSO login page
@@ -372,6 +372,7 @@ sub sso_login {
         if ($info{'linkprot'}) {
             $linkprot = $info{'linkprot'};
             $linkprotuser = $info{'linkprotuser'};
+            $linkprotexit = $info{'linkprotexit'};
         } elsif ($info{'linkkey'} ne '') {
             $linkkey = $info{'linkkey'};
         }
@@ -393,10 +394,13 @@ sub sso_login {
             if ($firsturl =~ m{^/tiny/$match_domain/\w+$}) {
                 $form{'origurl'} = $firsturl;
                 $deeplinkurl = $firsturl;
+            } elsif ($firsturl eq '/adm/email') {
+                $form{'origurl'} = $firsturl;
             }
             if ($form{'linkprot'}) {
                 $linkprot = $form{'linkprot'};
                 $linkprotuser = $form{'linkprotuser'};
+                $linkprotexit = $form{'linkprotexit'};
             } elsif ($form{'linkkey'} ne '') {
                 $linkkey = $form{'linkkey'};
             }
@@ -425,6 +429,7 @@ sub sso_login {
             if ($form{'linkprot'}) {
                 $linkprot = $form{'linkprot'};
                 $linkprotuser = $form{'linkprotuser'};
+                $linkprotexit = $form{'linkprotexit'};
             } elsif ($form{'linkkey'} ne '') {
                 $linkkey = $form{'linkkey'};
             }
@@ -432,8 +437,13 @@ sub sso_login {
     } elsif ($form{'ltoken'}) {
         my %link_info = &Apache::lonnet::tmpget($form{'ltoken'});
         $linkprot = $link_info{'linkprot'};
-        if (($linkprot) && ($link_info{'linkprotuser'} ne '')) {
-            $linkprotuser = $link_info{'linkprotuser'};    
+        if ($linkprot) {
+            if ($link_info{'linkprotuser'} ne '') {
+                $linkprotuser = $link_info{'linkprotuser'};
+            }
+            if ($link_info{'linkprotexit'} ne '') {
+                $linkprotexit = $link_info{'linkprotexit'};
+            }
         }
         my $delete = &Apache::lonnet::tmpdel($form{'ltoken'});
         delete($form{'ltoken'});
@@ -455,7 +465,11 @@ sub sso_login {
                            origurl => $deeplinkurl,
                            linkprot => $linkprot,
                            linkprotuser => $linkprotuser,
+                           linkprotexit => $linkprotexit,
                        );
+            if ($env{'form.lcssowin'}) {
+                $data{'lcssowin'} = $env{'form.lcssowin'};
+            }
             my $token = &Apache::lonnet::tmpput(\%data,$r->dir_config('lonHostID'),'link');
             unless (($token eq 'con_lost') || ($token eq 'refused') || ($token =~ /^error:/) ||
                     ($token eq 'unknown_cmd') || ($token eq 'no_such_host')) {
@@ -521,10 +535,19 @@ sub sso_login {
                     if ($linkprotuser ne '') {
                         $env{'request.linkprotuser'} = $linkprotuser;
                     }
+                    if ($linkprotexit ne '') {
+                        $env{'request.linkprotexit'} = $linkprotexit;
+                    }
                 } elsif ($linkkey ne '') {
                     $env{'request.linkkey'} = $linkkey;
                 }
             }
+            if (($r->uri eq '/adm/sso') && ($form{'origurl'} eq '/adm/email')) {
+                if ($form{'display'} && ($env{'form.mailrecip'} eq $user.':'.$domain)) {
+                    $env{'request.display'} = $form{'display'};
+                    $env{'request.mailrecip'} = $env{'form.mailrecip'};
+                }
+            }
             $env{'request.sso.login'} = 1;
             if (defined($r->dir_config("lonSSOReloginServer"))) {
                 $env{'request.sso.reloginserver'} =
@@ -534,6 +557,9 @@ sub sso_login {
             if ($otherserver ne '') {
                 $redirecturl .= '?otherserver='.$otherserver;
             }
+            if ($form{'lcssowin'}) {
+                $redirecturl .= (($redirecturl=~/\?/)?'&':'?') . 'lcssowin=1';
+            }
 	    $r->internal_redirect($redirecturl);
 	    $r->set_handlers('PerlHandler'=> undef);
 	} else {
@@ -546,7 +572,7 @@ sub sso_login {
 		      'server'    => $r->dir_config('lonHostID'),
 		      'sso.login' => 1
 		      );
-            foreach my $item ('role','symb','iptoken','origurl') {
+            foreach my $item ('role','symb','iptoken','origurl','lcssowin') {
                 if (exists($form{$item})) {
                     $info{$item} = $form{$item};
                 } elsif ($sessiondata{$item} ne '') {
@@ -566,10 +592,22 @@ sub sso_login {
             if ($info{'deeplink.login'}) {
                 if ($linkprot) {
                     $info{'linkprot'} = $linkprot;
+                    if ($linkprotuser ne '') {
+                        $info{'linkprotuser'} = $linkprotuser;
+                    }
+                    if ($linkprotexit ne '') {
+                        $info{'linkprotexit'} = $linkprotexit;
+                    }
                 } elsif ($linkkey ne '') {
                     $info{'linkkey'} = $linkkey;
                 }
             }
+            if (($r->uri eq '/adm/sso') && ($form{'origurl'} eq '/adm/email')) {
+                if ($form{'display'} && ($form{'mailrecip'} eq $user.':'.$domain)) {
+                    $info{'display'} = &escape($form{'display'});
+                    $info{'mailrecip'} = &escape($form{'mailrecip'});
+                }
+            }
             if ($r->dir_config("ssodirecturl") == 1) {
                 $info{'origurl'} = $r->uri;
             }
@@ -606,7 +644,7 @@ sub sso_login {
             $r->subprocess_env->set('SSOUserDomain' => $domain);
             if (grep(/^sso$/,@cancreate)) {
 #FIXME - need to preserve origurl, role and symb, or linkprot or linkkey for use after account
-# creation
+# creation. If lcssowin is 1, createaccount needs to close pop-up and display in main window.
                 $r->set_handlers('PerlHandler'=> [\&Apache::createaccount::handler]);
                 $r->handler('perl-script');
             } else {
@@ -777,14 +815,33 @@ sub handler {
                 &Apache::loncommon::get_unprocessed_cgi($r->args,['ttoken']);
                 if (defined($env{'form.ttoken'})) {
                     my %info = &Apache::lonnet::tmpget($env{'form.ttoken'});
-                    if (($info{'linkprotuser'} ne '') && ($info{'origurl'} ne '')) {
-                        if (($info{'linkprot'}) && ($info{'origurl'} eq $requrl) &&
+                    if (($info{'origurl'} ne '') && ($info{'origurl'} eq $requrl)) {
+                        my %data;
+                        if (($info{'linkprotuser'} ne '') && ($info{'linkprot'}) &&
                             ($info{'linkprotuser'} ne $env{'user.name'}.':'.$env{'user.domain'})) {
-                            my %data = (
+                            %data = (
                                 origurl => $requrl,
                                 linkprot => $info{'linkprot'},
                                 linkprotuser => $info{'linkprotuser'},
+                                linkprotexit => $info{'linkprotexit'},
                             );
+                        } elsif ($info{'ltoken'} ne '') {
+                            my %ltoken_info = &Apache::lonnet::tmpget($info{'ltoken'});
+                            if (($ltoken_info{'linkprotuser'} ne '') && ($ltoken_info{'linkprot'}) &&
+                                ($ltoken_info{'linkprotuser'} ne $env{'user.name'}.':'.$env{'user.domain'})) {
+                                %data = (
+                                    origurl => $requrl,
+                                    linkprot => $ltoken_info{'linkprot'},
+                                    linkprotuser => $ltoken_info{'linkprotuser'},
+                                    linkprotexit => $ltoken_info{'linkprotexit'},
+                                );
+                            }
+                        }
+                        if (keys(%data)) {
+                            my $delete = &Apache::lonnet::tmpdel($env{'form.ttoken'});
+                            if ($info{'ltoken'} ne '') {
+                                my $delete = &Apache::lonnet::tmpdel($info{'ltoken'});
+                            }
                             my $token =
                                 &Apache::lonnet::tmpput(\%data,$r->dir_config('lonHostID'),'retry');
                             unless (($token eq 'con_lost') || ($token eq 'refused') || ($token =~ /^error:/) ||