--- loncom/auth/lonacc.pm 2021/10/26 15:52:54 1.199 +++ loncom/auth/lonacc.pm 2021/11/03 01:04:02 1.200 @@ -1,7 +1,7 @@ # The LearningOnline Network # Cookie Based Access Handler # -# $Id: lonacc.pm,v 1.199 2021/10/26 15:52:54 raeburn Exp $ +# $Id: lonacc.pm,v 1.200 2021/11/03 01:04:02 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -305,7 +305,8 @@ sub sso_login { my $query = $r->args; my %form; if ($query) { - my @items = ('role','symb','iptoken','origurl','ltoken','linkkey','logtoken'); + my @items = ('role','symb','iptoken','origurl','ttoken', + 'ltoken','linkkey','logtoken','sso'); &Apache::loncommon::get_unprocessed_cgi($query,\@items); foreach my $item (@items) { if (defined($env{'form.'.$item})) { @@ -324,26 +325,97 @@ sub sso_login { } my ($linkprot,$linkkey); - if ($form{'logtoken'}) { + +# +# If Shibboleth auth is in use, and a dual SSO and non-SSO login page +# is in use, then the query string will contain the logtoken item with +# a value set to the name of a .tmp file in /home/httpd/perl/tmp +# containing the url to display after authentication, and also, +# optionally, role and symb, or linkprot or linkkey (deep-link access). +# +# If Shibboleth auth is in use, but a dual log-in page is not in use, +# and the originally requested URL was /tiny/$domain/$id (i.e., +# for deeplinking), then the query string will contain the sso item +# with a value set to the name of a .tmp file in /home/httpd/perl/tmp +# containing the url to display after authentication, and also, +# optionally, linkprot or linkkey (deep-link access). +# +# Otherwise the query string may contain role and symb, or if the +# originally requested URL was /tiny/$domain/$id (i.e. for deeplinking) +# then the query string may contain a ttoken item with a value set +# to the name of a .tmp file in /home/httpd/perl/tmp containing either +# linkprot or linkkey (deep-link access). +# +# If deep-linked, i.e., the originally requested URL was /tiny/$domain/$id +# the linkkey may have originally been sent in POSTed data, which will +# have been processed in lontrans.pm +# + + if ($form{'ttoken'}) { + my %info = &Apache::lonnet::tmpget($form{'ttoken'}); + &Apache::lonnet::tmpdel($form{'ttoken'}); + if ($info{'origurl'}) { + $form{'origurl'} = $info{'origurl'}; + } + if ($info{'linkprot'}) { + $linkprot = $info{'linkprot'}; + } elsif ($info{'linkkey'} ne '') { + $linkkey = $info{'linkkey'}; + } + } elsif ($form{'logtoken'}) { my ($firsturl,@rest); my $lonhost = $r->dir_config('lonHostID'); my $tmpinfo = &Apache::lonnet::reply('tmpget:'.$form{'logtoken'},$lonhost); my $delete = &Apache::lonnet::tmpdel($form{'logtoken'}); - (undef,$firsturl,@rest) = split(/&/,$tmpinfo); - foreach my $item (@rest) { - my ($key,$value) = split(/=/,$item); - $form{$key} = &unescape($value); + unless (($tmpinfo=~/^error/) || ($tmpinfo eq 'con_lost') || + ($tmpinfo eq 'no_such_host')) { + (undef,$firsturl,@rest) = split(/&/,$tmpinfo); + if ($firsturl ne '') { + $firsturl = &unescape($firsturl); + } + foreach my $item (@rest) { + my ($key,$value) = split(/=/,$item); + $form{$key} = &unescape($value); + } + if ($firsturl =~ m{^/tiny/$match_domain/\w+$}) { + $form{'origurl'} = $firsturl; + } + if ($form{'linkprot'}) { + $linkprot = $form{'linkprot'}; + } elsif ($form{'linkkey'} ne '') { + $linkkey = $form{'linkkey'}; + } + if ($form{'iptoken'}) { + %sessiondata = &Apache::lonnet::tmpget($form{'iptoken'}); + my $delete = &Apache::lonnet::tmpdel($form{'iptoken'}); + } } - if ($firsturl =~ m{^/tiny/$match_domain/\w+$}) { - $form{'origurl'} = $firsturl; + } elsif ($form{'sso'}) { + my $lonhost = $r->dir_config('lonHostID'); + my $info = &Apache::lonnet::reply('tmpget:'.$form{'sso'},$lonhost); + &Apache::lonnet::tmpdel($form{'sso'}); + unless (($info=~/^error/) || ($info eq 'con_lost') || + ($info eq 'no_such_host')) { + my ($firsturl,@rest)=split(/\&/,$info); + if ($firsturl ne '') { + $form{'origurl'} = &unescape($firsturl); + } + foreach my $item (@rest) { + my ($key,$value) = split(/=/,$item); + $form{$key} = &unescape($value); + } + if ($form{'linkprot'}) { + $linkprot = $form{'linkprot'}; + } elsif ($form{'linkkey'} ne '') { + $linkkey = $form{'linkkey'}; + } } - } - if ($form{'ltoken'}) { + } elsif ($form{'ltoken'}) { my %link_info = &Apache::lonnet::tmpget($form{'ltoken'}); $linkprot = $link_info{'linkprot'}; my $delete = &Apache::lonnet::tmpdel($form{'ltoken'}); - } - if ($form{'linkkey'} ne '') { + delete($form{'ltoken'}); + } elsif ($form{'linkkey'} ne '') { $linkkey = $form{'linkkey'}; } @@ -432,6 +504,8 @@ sub sso_login { foreach my $item ('role','symb','iptoken','origurl') { if (exists($form{$item})) { $info{$item} = $form{$item}; + } elsif ($sessiondata{$item} ne '') { + $info{$item} = $sessiondata{$item}; } } unless (($info{'symb'}) || ($info{'origurl'})) { @@ -488,6 +562,8 @@ sub sso_login { $r->subprocess_env->set('SSOUserUnknown' => $user); $r->subprocess_env->set('SSOUserDomain' => $domain); if (grep(/^sso$/,@cancreate)) { +#FIXME - need to preserve origurl, role and symb, or linkprot or linkkey for use after account +# creation $r->set_handlers('PerlHandler'=> [\&Apache::createaccount::handler]); $r->handler('perl-script'); } else {