--- loncom/auth/lonauth.pm 2013/08/13 13:29:09 1.121.2.4
+++ loncom/auth/lonauth.pm 2016/08/11 09:24:13 1.121.2.14
@@ -1,7 +1,7 @@
# The LearningOnline Network
# User Authentication Module
#
-# $Id: lonauth.pm,v 1.121.2.4 2013/08/13 13:29:09 raeburn Exp $
+# $Id: lonauth.pm,v 1.121.2.14 2016/08/11 09:24:13 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -103,16 +103,14 @@ sub success {
if ($destsymb =~ /___/) {
# FIXME Need to deal with encrypted symbs and urls as needed.
my ($map,$resid,$desturl)=split(/___/,$destsymb);
- unless ($desturl=~/^(adm|editupload|public)/) {
- $desturl = &Apache::lonnet::clutter($desturl);
- }
+ $desturl = &Apache::lonnet::clutter($desturl);
$desturl = &HTML::Entities::encode($desturl,'"<>&');
$destsymb = &HTML::Entities::encode($destsymb,'"<>&');
- $destination .= '&destinationurl='.$desturl.
+ $destination .= 'destinationurl='.$desturl.
'&destsymb='.$destsymb;
} else {
$destsymb = &HTML::Entities::encode($destsymb,'"<>&');
- $destination .= '&destinationurl='.$destsymb;
+ $destination .= 'destinationurl='.$destsymb;
}
}
if ($destination =~ m{^/adm/roles}) {
@@ -165,36 +163,61 @@ $maincall
$continuelink
$end_page
ENDSUCCESS
+ return;
}
# --------------------------------------------------------------- Failed login!
sub failed {
my ($r,$message,$form) = @_;
- my $start_page = &Apache::loncommon::start_page('Unsuccessful Login',undef);
- my $retry = '/adm/login?username='.$form->{'uname'}.
- '&domain='.$form->{'udom'};
+ (undef,undef,undef,my $clientmathml,my $clientunicode) =
+ &Apache::loncommon::decode_user_agent();
+ my $args = {};
+ if ($clientunicode && !$clientmathml) {
+ $args = {'browser.unicode' => 1};
+ }
+
+ my $start_page = &Apache::loncommon::start_page('Unsuccessful Login',undef,$args);
+ my $uname = &Apache::loncommon::cleanup_html($form->{'uname'});
+ my $udom = &Apache::loncommon::cleanup_html($form->{'udom'});
+ if (&Apache::lonnet::domain($udom,'description') eq '') {
+ undef($udom);
+ }
+ my $retry = '/adm/login';
+ if ($uname eq $form->{'uname'}) {
+ $retry .= '?username='.$uname;
+ }
+ if ($udom) {
+ $retry .= (($retry=~/\?/)?'&':'?').'domain='.$udom;
+ }
if (exists($form->{role})) {
- $retry .= '&role='.$form->{role};
+ my $role = &Apache::loncommon::cleanup_html($form->{role});
+ if ($role ne '') {
+ $retry .= (($retry=~/\?/)?'&':'?').'role='.$role;
+ }
}
if (exists($form->{symb})) {
- $retry .= '&symb='.$form->{symb};
+ my $symb = &Apache::loncommon::cleanup_html($form->{symb});
+ if ($symb ne '') {
+ $retry .= (($retry=~/\?/)?'&':'?').'symb='.$symb;
+ }
}
- my $end_page = &Apache::loncommon::end_page();
+ my $end_page = &Apache::loncommon::end_page();
&Apache::loncommon::content_type($r,'text/html');
$r->send_http_header;
- my $loginhelp = &loginhelpdisplay($form->{'udom'});
+ my @actions =
+ (&mt('Please [_1]log in again[_2].','',''));
+ my $loginhelp = &loginhelpdisplay($udom);
if ($loginhelp) {
- $loginhelp = ''.&mt('Login problems?').'
';
+ push(@actions, ''.&mt('Login problems?').'');
}
+ #FIXME: link to helpdesk might be added here
$r->print(
$start_page
- .''.&mt('Sorry ...').'
'
- .''.&mt($message).'
'
- .''.&mt('Please [_1]log in again[_2].','','')
- .'
'
- .$loginhelp
+ .''.&mt('Sorry ...').'
'
+ .&Apache::lonhtmlcommon::confirm_success(&mt($message),1).'
'
+ .&Apache::lonhtmlcommon::actionbox(\@actions)
.$end_page
);
}
@@ -205,9 +228,9 @@ sub reroute {
my ($r) = @_;
&Apache::loncommon::content_type($r,'text/html');
$r->send_http_header;
- my $msg=''.&mt('Sorry ...').'
'
+ my $msg=''.&mt('Sorry ...').'
'
.&mt('Please [_1]log in again[_2].');
- &Apache::loncommon::simple_error_page($r,'Rerouting',$msg);
+ &Apache::loncommon::simple_error_page($r,'Rerouting',$msg,{'no_auto_mt_msg' => 1});
}
# ---------------------------------------------------------------- Main handler
@@ -269,7 +292,7 @@ sub handler {
$value =~ tr/+/ /;
$value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C",hex($1))/eg;
$form{$name}=$value;
- }
+ }
if ((!$form{'uname'}) || (!$form{'upass0'}) || (!$form{'udom'})) {
&failed($r,'Username, password and domain need to be specified.',
@@ -313,40 +336,27 @@ sub handler {
return OK;
}
- my ($key,$firsturl,$rolestr,$symbstr)=split(/&/,$tmpinfo);
+ my ($key,$firsturl,$rolestr,$symbstr,$iptokenstr)=split(/&/,$tmpinfo);
if ($rolestr) {
$rolestr = &unescape($rolestr);
}
if ($symbstr) {
$symbstr= &unescape($symbstr);
}
+ if ($iptokenstr) {
+ $iptokenstr = &unescape($iptokenstr);
+ }
if ($rolestr =~ /^role=/) {
(undef,$form{'role'}) = split('=',$rolestr);
}
if ($symbstr =~ /^symb=/) {
(undef,$form{'symb'}) = split('=',$symbstr);
}
-
- my $keybin=pack("H16",$key);
-
- my $cipher;
- if ($Crypt::DES::VERSION>=2.03) {
- $cipher=new Crypt::DES $keybin;
+ if ($iptokenstr =~ /^iptoken=/) {
+ (undef,$form{'iptoken'}) = split('=',$iptokenstr);
}
- else {
- $cipher=new DES $keybin;
- }
- my $upass='';
- for (my $i=0;$i<=2;$i++) {
- my $chunk=
- $cipher->decrypt(unpack("a8",pack("H16",substr($form{'upass'.$i},0,16))));
- $chunk.=
- $cipher->decrypt(unpack("a8",pack("H16",substr($form{'upass'.$i},16,16))));
-
- $chunk=substr($chunk,1,ord(substr($chunk,0,1)));
- $upass.=$chunk;
- }
+ my $upass = &Apache::loncommon::des_decrypt($key,$form{'upass0'});
# ---------------------------------------------------------------- Authenticate
@@ -407,6 +417,17 @@ sub handler {
($firsturl=~/^\/adm\/(logout|remote)/)) {
$firsturl='/adm/roles';
}
+
+ my $hosthere;
+ if ($form{'iptoken'}) {
+ my %sessiondata = &Apache::lonnet::tmpget($form{'iptoken'});
+ my $delete = &Apache::lonnet::tmpdel($form{'iptoken'});
+ if (($sessiondata{'domain'} eq $form{'udom'}) &&
+ ($sessiondata{'username'} eq $form{'uname'})) {
+ $hosthere = 1;
+ }
+ }
+
# --------------------------------- Are we attempting to login as somebody else?
if ($form{'suname'}) {
# ------------ see if the original user has enough privileges to pull this stunt
@@ -430,8 +451,12 @@ sub handler {
}
}
- my ($is_balancer,$otherserver) =
- &Apache::lonnet::check_loadbalancing($form{'uname'},$form{'udom'});
+ my ($is_balancer,$otherserver);
+
+ unless ($hosthere) {
+ ($is_balancer,$otherserver) =
+ &Apache::lonnet::check_loadbalancing($form{'uname'},$form{'udom'});
+ }
if ($is_balancer) {
if (!$otherserver) {
@@ -440,7 +465,17 @@ sub handler {
if ($otherserver) {
&success($r,$form{'uname'},$form{'udom'},$authhost,'noredirect',undef,
\%form);
- $r->internal_redirect('/adm/switchserver?otherserver='.$otherserver.'&origurl='.$firsturl);
+ my $switchto = '/adm/switchserver?otherserver='.$otherserver;
+ if (($firsturl) && ($firsturl ne '/adm/switchserver') && ($firsturl ne '/adm/roles')) {
+ $switchto .= '&origurl='.$firsturl;
+ }
+ if ($form{'role'}) {
+ $switchto .= '&role='.$form{'role'};
+ }
+ if ($form{'symb'}) {
+ $switchto .= '&symb='.$form{'symb'};
+ }
+ $r->internal_redirect($switchto);
} else {
$r->print(&noswitch());
}
@@ -451,7 +486,17 @@ sub handler {
if ($otherserver) {
&success($r,$form{'uname'},$form{'udom'},$authhost,'noredirect',undef,
\%form);
- $r->internal_redirect('/adm/switchserver?otherserver='.$otherserver.'&origurl='.$firsturl);
+ my $switchto = '/adm/switchserver?otherserver='.$otherserver;
+ if (($firsturl) && ($firsturl ne '/adm/switchserver') && ($firsturl ne '/adm/roles')) {
+ $switchto .= '&origurl='.$firsturl;
+ }
+ if ($form{'role'}) {
+ $switchto .= '&role='.$form{'role'};
+ }
+ if ($form{'symb'}) {
+ $switchto .= '&symb='.$form{'symb'};
+ }
+ $r->internal_redirect($switchto);
} else {
$r->print(&noswitch());
}