--- loncom/auth/lonauth.pm 2023/01/23 00:38:50 1.121.2.24.2.6
+++ loncom/auth/lonauth.pm 2023/07/05 17:33:03 1.121.2.24.2.7
@@ -1,7 +1,7 @@
# The LearningOnline Network
# User Authentication Module
#
-# $Id: lonauth.pm,v 1.121.2.24.2.6 2023/01/23 00:38:50 raeburn Exp $
+# $Id: lonauth.pm,v 1.121.2.24.2.7 2023/07/05 17:33:03 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -36,6 +36,7 @@ use Apache::loncommon();
use Apache::lonnet;
use Apache::lonmenu();
use Apache::createaccount;
+use Apache::ltiauth;
use Fcntl qw(:flock);
use Apache::lonlocal;
use Apache::File();
@@ -46,7 +47,7 @@ use CGI::Cookie();
# ------------------------------------------------------------ Successful login
sub success {
my ($r, $username, $domain, $authhost, $lowerurl, $extra_env,
- $form,$cid,$expirepub,$write_to_opener) = @_;
+ $form,$skipcritical,$cid,$expirepub,$write_to_opener) = @_;
# ------------------------------------------------------------ Get cookie ready
my $cookie =
@@ -66,10 +67,12 @@ sub success {
# ------------------------------------------------- Check for critical messages
- my @what=&Apache::lonnet::dump('critical',$domain,$username);
- if ($what[0]) {
- if (($what[0] ne 'con_lost') && ($what[0]!~/^error\:/)) {
- $lowerurl='/adm/email?critical=display';
+ unless ($skipcritical) {
+ my @what=&Apache::lonnet::dump('critical',$domain,$username);
+ if ($what[0]) {
+ if (($what[0] ne 'con_lost') && ($what[0]!~/^error\:/)) {
+ $lowerurl='/adm/email?critical=display';
+ }
}
}
@@ -96,7 +99,35 @@ sub success {
}
# -------------------------------------------------------- Menu script and info
my $destination = $lowerurl;
-
+ if ($env{'request.lti.login'}) {
+ if (($env{'request.lti.reqcrs'}) && ($env{'request.lti.reqrole'} eq 'cc')) {
+ &Apache::loncommon::content_type($r,'text/html');
+ if ($securecookie) {
+ $r->headers_out->add('Set-cookie' => $securecookie);
+ }
+ if ($defaultcookie) {
+ $r->headers_out->add('Set-cookie' => $defaultcookie);
+ }
+ $r->send_http_header;
+ if (ref($form) eq 'HASH') {
+ $form->{'lti.login'} = $env{'request.lti.login'};
+ $form->{'lti.reqcrs'} = $env{'request.lti.reqcrs'};
+ $form->{'lti.reqrole'} = $env{'request.lti.reqrole'};
+ $form->{'lti.sourcecrs'} = $env{'request.lti.sourcecrs'};
+ }
+ &Apache::ltiauth::lti_reqcrs($r,$domain,$form,$username,$domain);
+ return;
+ }
+ if ($env{'request.lti.selfenrollrole'}) {
+ if (&Apache::ltiauth::lti_enroll($username,$domain,
+ $env{'request.lti.selfenrollrole'}) eq 'ok') {
+ $form->{'role'} = $env{'request.lti.selfenrollrole'};
+ &Apache::lonnet::delenv('request.lti.selfenrollrole');
+ } else {
+ &Apache::ltiauth::invalid_request($r,24);
+ }
+ }
+ }
if (defined($form->{role})) {
my $envkey = 'user.role.'.$form->{role};
my $now=time;
@@ -161,7 +192,7 @@ sub success {
my %info;
if ($env{'request.linkprot'}) {
$info{'linkprot'} = $env{'request.linkprot'};
- foreach my $item ('linkprotuser','linkprotexit') {
+ foreach my $item ('linkprotuser','linkprotexit','linkprotpbid','linkprotpburl') {
if ($form->{$item}) {
$info{$item} = $form->{$item};
}
@@ -177,7 +208,7 @@ sub success {
$destination .= (($destination =~ /\?/) ? '&' : '?') . 'ttoken='.$token;
}
}
- if ($env{'request.deeplink.login'}) {
+ if (($env{'request.deeplink.login'}) || ($env{'request.lti.login'})) {
if ($env{'environment.remote'} eq 'on') {
&Apache::lonnet::appenv({'environment.remote' => 'off'});
}
@@ -223,7 +254,7 @@ sub success {
}
$r->send_http_header;
- if ($env{'request.linkprot'}) {
+ if (($env{'request.linkprot'}) || ($env{'request.lti.login'})) {
$r->print(<$continuelink
@@ -272,14 +303,19 @@ sub failed {
}
}
+ my @actions;
my $start_page = &Apache::loncommon::start_page('Unsuccessful Login',undef,$args);
my $uname = &Apache::loncommon::cleanup_html($form->{'uname'});
my $udom = &Apache::loncommon::cleanup_html($form->{'udom'});
if (&Apache::lonnet::domain($udom,'description') eq '') {
undef($udom);
}
+ my $authtype;
+ if (($udom ne '') && ($uname ne '') && ($authhost eq 'no_host')) {
+ $authtype = &Apache::lonnet::queryauthenticate($uname,$udom);
+ }
my $retry = '/adm/login';
- if ($uname eq $form->{'uname'}) {
+ if (($uname eq $form->{'uname'}) && ($authtype !~ /^lti:/)) {
$retry .= '?username='.$uname;
}
if ($udom) {
@@ -318,7 +354,7 @@ sub failed {
my %info = (
'linkprot' => $form->{'linkprot'},
);
- foreach my $item ('linkprotuser','linkprotexit') {
+ foreach my $item ('linkprotuser','linkprotexit','linkprotpbid','linkprotpburl') {
if ($form->{$item} ne '') {
$info{$item} = $form->{$item};
}
@@ -335,18 +371,28 @@ sub failed {
my $end_page = &Apache::loncommon::end_page();
&Apache::loncommon::content_type($r,'text/html');
$r->send_http_header;
- my @actions =
- (&mt('Please [_1]log in again[_2].','',''));
+ if ($authtype =~ /^lti:/) {
+ $message = &mt('Direct login is not supported with the username you entered.').
+ '
'.
+ &mt('You likely need to launch LON-CAPA from within a course in a different Learning Management System.').
+ '
'.
+ &mt('You can also try to log in with a different username.');
+ @actions =
+ (&mt('Try your [_1]log in again[_2].','',''));
+ } else {
+ $message = &mt($message);
+ @actions =
+ (&mt('Please [_1]log in again[_2].','',''));
+ }
my $loginhelp = &loginhelpdisplay($udom);
if ($loginhelp) {
push(@actions, ''.&mt('Login problems?').'');
}
#FIXME: link to helpdesk might be added here
-
$r->print(
$start_page
.''.&mt('Sorry ...').'
'
- .&Apache::lonhtmlcommon::confirm_success(&mt($message),1).'
'
+ .&Apache::lonhtmlcommon::confirm_success($message,1).'
'
.&Apache::lonhtmlcommon::actionbox(\@actions)
.$end_page
);
@@ -576,7 +622,7 @@ sub handler {
}
unless ($pwdverify) {
&failed($r,'Username and/or password could not be authenticated.',
- \%form);
+ \%form,$authhost);
return OK;
}
} elsif ($authhost eq 'no_account_on_host') {
@@ -753,7 +799,7 @@ sub handler {
}
if ($form{'linkprot'}) {
$env{'request.linkprot'} = $form{'linkprot'};
- foreach my $item ('linkprotuser','linkprotexit') {
+ foreach my $item ('linkprotuser','linkprotexit','linkprotpbid','linkprotpburl') {
if ($form{$item}) {
$env{'request.'.$item} = $form{$item};
}
@@ -794,7 +840,7 @@ sub handler {
}
if ($form{'linkprot'}) {
$env{'request.linkprot'} = $form{'linkprot'};
- foreach my $item ('linkprotuser','linkprotexit') {
+ foreach my $item ('linkprotuser','linkprotexit','linkprotpbid','linkprotpburl') {
if ($form{$item}) {
$env{'request.'.$item} = $form{$item};
}
@@ -903,6 +949,12 @@ sub handler {
if ($form{'linkprotexit'}) {
$extra_env->{'request.linkprotexit'} = $form{'linkprotexit'};
}
+ if ($form{'linkprotpbid'}) {
+ $extra_env->{'request.linkprotpbid'} = $form{'linkprotpbid'};
+ }
+ if ($form{'linkprotpburl'}) {
+ $extra_env->{'request.linkprotpburl'} = $form{'linkprotpburl'};
+ }
} elsif ($form{'linkkey'} ne '') {
if (ref($extra_env) eq 'HASH') {
%{$extra_env} = ( %{$extra_env}, 'request.linkkey' => $form{'linkkey'} );
@@ -991,7 +1043,7 @@ sub set_retry_token {
my ($form,$lonhost,$querystr) = @_;
if (ref($form) eq 'HASH') {
my ($firsturl,$token,$extras,@names);
- @names = ('role','symb','linkprotuser','linkprotexit','linkprot','linkkey','iptoken');
+ @names = ('role','symb','linkprotuser','linkprotexit','linkprot','linkkey','iptoken','linkprotpbid','linkprotpburl');
foreach my $name (@names) {
if ($form->{$name} ne '') {
$extras .= '&'.$name.'='.&escape($form->{$name});