--- loncom/auth/lonacc.pm 2020/10/01 10:42:56 1.159.2.13 +++ loncom/auth/lonacc.pm 2020/10/06 17:39:04 1.159.2.14 @@ -1,7 +1,7 @@ # The LearningOnline Network # Cookie Based Access Handler # -# $Id: lonacc.pm,v 1.159.2.13 2020/10/01 10:42:56 raeburn Exp $ +# $Id: lonacc.pm,v 1.159.2.14 2020/10/06 17:39:04 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -780,19 +780,29 @@ sub handler { unless (&Apache::lonnet::symbverify($symb,$requrl,\$encstate)) { $invalidsymb = 1; # - # If $env{'request.enc'} is true, but no encryption for $symb retrieved - # by original lonnet::symbread() call, call again to check for an instance - # of $requrl in the course which has encryption, and set that as the symb. - # If there is no such symb, or symbverify() fails for the new symb proceed - # to report invalid symb. + # If $env{'request.enc'} inconsistent with encryption expected for $symb + # retrieved by lonnet::symbread(), call again to check for an instance of + # $requrl in the course for which expected encryption matches request.enc. + # If symb for different instance passes lonnet::symbverify(), use that as + # the symb for $requrl and call &Apache::lonnet::allowed() for that symb. + # Report invalid symb if there is no other symb. Redirect to /adm/ambiguous + # if multiple possible symbs consistent with request.enc available for $requrl. # - if ($env{'request.enc'} && !$encstate) { + if (($env{'request.enc'} && !$encstate) || (!$env{'request.enc'} && $encstate)) { my %possibles; my $nocache = 1; + my $oldsymb = $symb; $symb = &Apache::lonnet::symbread($requrl,'','','',\%possibles,$nocache); - if ($symb) { + if (($symb) && ($symb ne $oldsymb)) { if (&Apache::lonnet::symbverify($symb,$requrl)) { - $invalidsymb = ''; + my $access=&Apache::lonnet::allowed('bre',$requrl,$symb); + if ($access eq 'B') { + $env{'request.symb'} = $symb; + &Apache::blockedaccess::setup_handler($r); + return OK; + } elsif (($access eq '2') || ($access eq 'F')) { + $invalidsymb = ''; + } } } elsif (keys(%possibles) > 1) { $r->internal_redirect('/adm/ambiguous');