--- loncom/auth/lonauth.pm 2012/02/09 22:01:34 1.101.8.9.2.2 +++ loncom/auth/lonauth.pm 2010/09/15 18:28:45 1.101.10.1 @@ -1,7 +1,7 @@ # The LearningOnline Network # User Authentication Module # -# $Id: lonauth.pm,v 1.101.8.9.2.2 2012/02/09 22:01:34 raeburn Exp $ +# $Id: lonauth.pm,v 1.101.10.1 2010/09/15 18:28:45 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -40,7 +40,6 @@ use Apache::lonmenu(); use Apache::createaccount; use Fcntl qw(:flock); use Apache::lonlocal; -use Apache::File(); use HTML::Entities; # ------------------------------------------------------------ Successful login @@ -82,13 +81,9 @@ sub success { my $now=time; my $then=$env{'user.login.time'}; my $refresh=$env{'user.refresh.time'}; - my $update=$env{'user.update.time'}; - if (!$update) { - $update = $then; - } if (exists($env{$envkey})) { my ($role,$where,$trolecode,$tstart,$tend,$tremark,$tstatus); - &Apache::lonnet::role_status($envkey,$update,$refresh,$now,\$role,\$where, + &Apache::lonnet::role_status($envkey,$then,$refresh,$now,\$role,\$where, \$trolecode,\$tstatus,\$tstart,\$tend); if ($tstatus eq 'is') { $destination .= ($destination =~ /\?/) ? '&' : '?'; @@ -115,10 +110,6 @@ sub success { $destination .= '&destinationurl='.$destsymb; } } - if ($destination =~ m{^/adm/roles}) { - $destination .= ($destination =~ /\?/) ? '&' : '?'; - $destination .= 'source=login'; - } my $windowinfo=&Apache::lonmenu::open($env{'browser.os'}); my $startupremote=&Apache::lonmenu::startupremote($destination); @@ -145,16 +136,16 @@ sub success { my %lt=&Apache::lonlocal::texthash( 'wel' => 'Welcome', + 'mes' => 'Welcome to the LearningOnline Network with CAPA. Please wait while your session is being set up.', 'pro' => 'Login problems?', 'log' => 'loginproblems.html', ); - my $welcome = &mt('Welcome to the Learning[_1]Online[_2] Network with CAPA. Please wait while your session is being set up.','',''); $r->print(<$lt{'wel'} -$welcome

+$lt{'mes'}

$lt{'pro'}

$remoteinfo $maincall @@ -218,33 +209,23 @@ sub handler { # -------------------------------- Prevent users from attempting to login twice my $handle = &Apache::lonnet::check_for_valid_session($r); if ($handle ne '') { - my $lonidsdir=$r->dir_config('lonIDsDir'); - if ($handle=~/^publicuser\_/) { -# For "public user" - remove it, we apparently really want to login - unlink($r->dir_config('lonIDsDir')."/$handle.id"); - } else { # Indeed, a valid token is found - &Apache::lonnet::transfer_profile_to_env($lonidsdir,$handle); - &Apache::loncommon::content_type($r,'text/html'); - $r->send_http_header; - my $start_page = - &Apache::loncommon::start_page('Already logged in'); - my $end_page = - &Apache::loncommon::end_page(); - my $dest = '/adm/roles'; - if ($env{'form.firsturl'} ne '') { - $dest = $env{'form.firsturl'}; - } - $r->print( - $start_page - .'

'.&mt('You are already logged in!').'

' - .'

'.&mt('Please either [_1]continue the current session[_2] or [_3]log out[_4].' - ,'','','','') - .'

' - .$end_page - ); - return OK; - } + &Apache::loncommon::content_type($r,'text/html'); + $r->send_http_header; + my $start_page = + &Apache::loncommon::start_page('Already logged in'); + my $end_page = + &Apache::loncommon::end_page(); + $r->print( + $start_page + .'

'.&mt('You are already logged in!').'

' + .'

'.&mt('Please either [_1]continue the current session[_2] or [_3]log out[_4].' + ,'','','','') + .'

' + .'

'.&mt('Login problems?').'

' + .$end_page + ); + return OK; } # ---------------------------------------------------- No valid token, continue @@ -285,8 +266,7 @@ sub handler { my $tmpinfo=Apache::lonnet::reply('tmpget:'.$form{'logtoken'}, $form{'serverid'}); - if (($tmpinfo=~/^error/) || ($tmpinfo eq 'con_lost') || - ($tmpinfo eq 'no_such_host')) { + if (($tmpinfo=~/^error/) || ($tmpinfo eq 'con_lost')) { &failed($r,'Information needed to verify your login information is missing, inaccessible or expired.',\%form); return OK; } else { @@ -340,27 +320,30 @@ sub handler { } # ---------------------------------------------------------------- Authenticate - + my @cancreate; my %domconfig = &Apache::lonnet::get_dom('configuration',['usercreation'],$form{'udom'}); - my $domdesc = &Apache::lonnet::domain($form{'udom'},'description'); - my ($cancreate,$statustocreate) = - &Apache::createaccount::get_creation_controls($form{'udom'},$domconfig{'usercreation'}); - my $defaultauth; - if (ref($cancreate) eq 'ARRAY') { - if (grep(/^login$/,@{$cancreate})) { - $defaultauth = 1; + if (ref($domconfig{'usercreation'}) eq 'HASH') { + if (ref($domconfig{'usercreation'}{'cancreate'}) eq 'HASH') { + if (ref($domconfig{'usercreation'}{'cancreate'}{'selfcreate'}) eq 'ARRAY') { + @cancreate = @{$domconfig{'usercreation'}{'cancreate'}{'selfcreate'}}; + } elsif (($domconfig{'usercreation'}{'cancreate'}{'selfcreate'} ne 'none') && + ($domconfig{'usercreation'}{'cancreate'}{'selfcreate'} ne '')) { + @cancreate = ($domconfig{'usercreation'}{'cancreate'}{'selfcreate'}); + } } } - my $clientcancheckhost = 1; + my $defaultauth; + if (grep(/^login$/,@cancreate)) { + $defaultauth = 1; + } my $uname = $form{'uname'}; my $authhost=Apache::lonnet::authenticate($uname,$upass, - $form{'udom'},$defaultauth, - $clientcancheckhost); + $form{'udom'},$defaultauth); # --------------------------------------------------------------------- Failed? if ($authhost eq 'no_host') { - my $lc_uname = lc($uname); + my $lc_uname = lc($form{'uname'}); if ($uname eq $lc_uname) { &failed($r,'Username and/or password could not be authenticated.', \%form); @@ -373,14 +356,14 @@ sub handler { \%form); return OK; } elsif ($authhost eq 'no_account_on_host') { - &create_account($r,\%form,$cancreate,$lc_uname,$contact_name,$domdesc); + &create_account($r,\%form,\@cancreate,$lc_uname,$contact_name); return OK; } else { - $form{'uname'} = $lc_uname; + $form{'uname'} = $lc_uname; } } } elsif ($authhost eq 'no_account_on_host') { - &create_account($r,\%form,$cancreate,$uname,$contact_name,$domdesc); + &create_account($r,\%form,\@cancreate,$uname); return OK; } @@ -412,151 +395,33 @@ sub handler { } if ($r->dir_config("lonBalancer") eq 'yes') { - my $otherserver = &Apache::lonnet::spareserver(30000,undef,1,$form{'udom'}); - if (!$otherserver) { - ($otherserver) = &Apache::lonnet::choose_server($form{'udom'}); - } - if ($otherserver) { - &success($r,$form{'uname'},$form{'udom'},$authhost,'noredirect',undef, - \%form); - $r->internal_redirect('/adm/switchserver?otherserver='.$otherserver.'&origurl='.$firsturl); - } else { - $r->print(&noswitch()); - } - return OK; + &success($r,$form{'uname'},$form{'udom'},$authhost,'noredirect',undef, + \%form); + $r->internal_redirect('/adm/switchserver'); } else { - if (!&check_can_host($r,\%form,$authhost,$domdesc)) { - my ($otherserver) = &Apache::lonnet::choose_server($form{'udom'}); - if ($otherserver) { - &success($r,$form{'uname'},$form{'udom'},$authhost,'noredirect',undef, - \%form); - $r->internal_redirect('/adm/switchserver?otherserver='.$otherserver.'&origurl='.$firsturl); - } else { - $r->print(&noswitch()); - } - return OK; - } -# ------------------------------------------------------- Do the load balancing - -# ---------------------------------------------------------- Determine own load - my $loadlim = $r->dir_config('lonLoadLim'); - my $loadavg; - { - my $loadfile=Apache::File->new('/proc/loadavg'); - $loadavg=<$loadfile>; - } - $loadavg =~ s/\s.*//g; - my $loadpercent=sprintf("%.1f",100*$loadavg/$loadlim); - my $userloadpercent=&Apache::lonnet::userload(); - -# ---------------------------------------------------------- Are we overloaded? - if ((($userloadpercent>100.0)||($loadpercent>100.0))) { - my $unloaded=Apache::lonnet::spareserver($loadpercent,$userloadpercent,1,$form{'udom'}); - if (!$unloaded) { - ($unloaded) = &Apache::lonnet::choose_server($form{'udom'}); - } - if ($unloaded) { - &success($r,$form{'uname'},$form{'udom'},$authhost,'noredirect', - undef,\%form); - $r->internal_redirect('/adm/switchserver?otherserver='.$unloaded.'&origurl='.$firsturl); - return OK; - } - } - &success($r,$form{'uname'},$form{'udom'},$authhost,$firsturl,undef, - \%form); - return OK; + &success($r,$form{'uname'},$form{'udom'},$authhost,$firsturl,undef, + \%form); } -} - -sub check_can_host { - my ($r,$form,$authhost,$domdesc) = @_; - return unless (ref($form) eq 'HASH'); - my $canhost = 1; - my $lonhost = $r->dir_config('lonHostID'); - my $udom = $form->{'udom'}; - my @intdoms; - my $internet_names = &Apache::lonnet::get_internet_names($lonhost); - if (ref($internet_names) eq 'ARRAY') { - @intdoms = @{$internet_names}; - } - my $uprimary_id = &Apache::lonnet::domain($udom,'primary'); - my $uint_dom = &Apache::lonnet::internet_dom($uprimary_id); - unless ($uint_dom ne '' && grep(/^\Q$uint_dom\E$/,@intdoms)) { - my $machine_dom = &Apache::lonnet::host_domain($lonhost); - my $hostname = &Apache::lonnet::hostname($lonhost); - my $serverhomeID = &Apache::lonnet::get_server_homeID($hostname); - my $serverhomedom = &Apache::lonnet::host_domain($serverhomeID); - my %defdomdefaults = &Apache::lonnet::get_domain_defaults($serverhomedom); - my %udomdefaults = &Apache::lonnet::get_domain_defaults($udom); - my $loncaparev; - if ($authhost eq 'no_account_on_host') { - $loncaparev = &Apache::lonnet::get_server_loncaparev($machine_dom); - } else { - $loncaparev = &Apache::lonnet::get_server_loncaparev($machine_dom,$lonhost); - } - $canhost = &Apache::lonnet::can_host_session($udom,$lonhost,$loncaparev, - $udomdefaults{'remotesessions'}, - $defdomdefaults{'hostedsessions'}); - } - unless ($canhost) { - if ($authhost eq 'no_account_on_host') { - my $checkloginvia = 1; - my ($login_host,$hostname) = - &Apache::lonnet::choose_server($udom,$checkloginvia); - &Apache::loncommon::content_type($r,'text/html'); - $r->send_http_header; - if ($login_host ne '') { - my $protocol = $Apache::lonnet::protocol{$login_host}; - $protocol = 'http' if ($protocol ne 'https'); - my $newurl = $protocol.'://'.$hostname.'/adm/createaccount'; - $r->print(&Apache::loncommon::start_page('Create a user account in LON-CAPA'). - '

'.&mt('Account creation').'

'. - &mt('You do not currently have a LON-CAPA account at this institution.').'
'. - '

'.&mt('You will be able to create one by logging into a LON-CAPA server within the [_1] domain.',$domdesc).'

'. - '

'.&mt('[_1]Log in[_2]','',''). - &Apache::loncommon::end_page()); - } else { - $r->print(&Apache::loncommon::start_page('Access to LON-CAPA unavailable'). - '

'.&mt('Account creation unavailable').'

'. - &mt('You do not currently have a LON-CAPA account at this institution.').'
'. - '

'.&mt('Currently a LON-CAPA server is not available within the [_1] domain for you to log-in to, to create an account.',$domdesc).'

'. - &Apache::loncommon::end_page()); - } - } else { - &success($r,$form->{'uname'},$udom,$authhost,'noredirect',undef, - $form); - my ($otherserver) = &Apache::lonnet::choose_server($udom); - $r->internal_redirect('/adm/switchserver?otherserver='.$otherserver); - } - } - return $canhost; -} - -sub noswitch { - my $result = &Apache::loncommon::start_page('Access to LON-CAPA unavailable'). - '

'.&mt('Session unavailable').'

'. - &mt('This LON-CAPA server is unable to host your session.').'
'. - '

'.&mt('Currently no other LON-CAPA server is available to host your session either.').'

'. - &Apache::loncommon::end_page(); - return $result; + return OK; } sub create_account { - my ($r,$form,$cancreate,$uname,$contact_name,$domdesc) = @_; + my ($r,$form,$cancreate,$uname,$contact_name) = @_; return unless((ref($form) eq 'HASH') && (ref($cancreate) eq 'ARRAY')); my %domconfig = &Apache::lonnet::get_dom('configuration',['usercreation'],$form->{'udom'}); - if (&check_can_host($r,$form,'no_account_on_host',$domdesc)) { + if (grep(/^login$/,@{$cancreate})) { my $start_page = &Apache::loncommon::start_page('Create a user account in LON-CAPA', '',{'no_inline_link' => 1,}); + my $domdesc = &Apache::lonnet::domain($form->{'udom'},'description'); my $lonhost = $r->dir_config('lonHostID'); my $origmail = $Apache::lonnet::perlvar{'lonSupportEMail'}; my $contacts = &Apache::loncommon::build_recipient_list(undef,'helpdeskmail', $form->{'udom'},$origmail); my ($contact_email) = split(',',$contacts); - my $output = + my $output = &Apache::createaccount::username_check($uname,$form->{'udom'}, $domdesc,'',$lonhost, $contact_email,$contact_name);