--- loncom/auth/lonauth.pm 2021/10/26 15:52:54 1.168
+++ loncom/auth/lonauth.pm 2021/11/24 20:15:15 1.171
@@ -1,7 +1,7 @@
# The LearningOnline Network
# User Authentication Module
#
-# $Id: lonauth.pm,v 1.168 2021/10/26 15:52:54 raeburn Exp $
+# $Id: lonauth.pm,v 1.171 2021/11/24 20:15:15 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -42,11 +42,12 @@ use Apache::lonlocal;
use Apache::File();
use HTML::Entities;
use Digest::MD5;
+use CGI::Cookie();
# ------------------------------------------------------------ Successful login
sub success {
my ($r, $username, $domain, $authhost, $lowerurl, $extra_env,
- $form,$skipcritical,$cid) = @_;
+ $form,$skipcritical,$cid,$expirepub) = @_;
# ------------------------------------------------------------ Get cookie ready
my $cookie =
@@ -178,6 +179,22 @@ sub success {
$destination .= 'source=login';
}
+ if (($env{'request.deeplink.login'} eq $lowerurl) &&
+ (($env{'request.linkprot'}) || ($env{'request.linkkey'} ne ''))) {
+ my %info;
+ if ($env{'request.linkprot'}) {
+ $info{'linkprot'} = $env{'request.linkprot'};
+ } elsif ($env{'request.linkkey'} ne '') {
+ $info{'linkkey'} = $env{'request.linkkey'};
+ }
+ $info{'origurl'} = $lowerurl;
+ my $token = &Apache::lonnet::tmpput(\%info,$r->dir_config('lonHostID'),'link');
+ unless (($token eq 'con_lost') || ($token eq 'refused') ||
+ ($token eq 'unknown_cmd') || ($token eq 'no_such_host')) {
+ $destination .= (($destination =~ /\?/) ? '&' : '?') . 'ttoken='.$token;
+ }
+ }
+
my $windowname = 'loncapaclient';
if ($env{'request.lti.login'}) {
$windowname .= 'lti';
@@ -217,6 +234,12 @@ sub success {
if ($defaultcookie) {
$r->headers_out->add('Set-cookie' => $defaultcookie);
}
+ if ($expirepub) {
+ my $c = new CGI::Cookie(-name => 'lonPubID',
+ -value => '',
+ -expires => '-10y',);
+ $r->headers_out->add('Set-cookie' => $c);
+ }
$r->send_http_header;
my ($start_page,$js,$pagebody,$end_page);
@@ -277,7 +300,7 @@ ENDSUCCESS
# --------------------------------------------------------------- Failed login!
sub failed {
- my ($r,$message,$form) = @_;
+ my ($r,$message,$form,$authhost) = @_;
(undef,undef,undef,my $clientmathml,my $clientunicode) =
&Apache::loncommon::decode_user_agent();
my $args = {};
@@ -285,14 +308,19 @@ sub failed {
$args = {'browser.unicode' => 1};
}
+ my @actions;
my $start_page = &Apache::loncommon::start_page('Unsuccessful Login',undef,$args);
my $uname = &Apache::loncommon::cleanup_html($form->{'uname'});
my $udom = &Apache::loncommon::cleanup_html($form->{'udom'});
if (&Apache::lonnet::domain($udom,'description') eq '') {
undef($udom);
}
+ my $authtype;
+ if (($udom ne '') && ($uname ne '') && ($authhost eq 'no_host')) {
+ $authtype = &Apache::lonnet::queryauthenticate($uname,$udom);
+ }
my $retry = '/adm/login';
- if ($uname eq $form->{'uname'}) {
+ if (($uname eq $form->{'uname'}) && ($authtype !~ /^lti:/)) {
$retry .= '?username='.$uname;
}
if ($udom) {
@@ -329,7 +357,7 @@ sub failed {
}
if (exists($form->{linkprot})) {
my $ltoken = &Apache::lonnet::tmpput({linkprot => $form->{'linkprot'}},
- $r->dir_config('lonHostID'));
+ $r->dir_config('lonHostID'),'retry');
if ($ltoken) {
$retry .= (($retry =~ /\?/) ? '&' : '?').'ltoken='.$ltoken;
}
@@ -340,18 +368,28 @@ sub failed {
my $end_page = &Apache::loncommon::end_page();
&Apache::loncommon::content_type($r,'text/html');
$r->send_http_header;
- my @actions =
- (&mt('Please [_1]log in again[_2].','',''));
+ if ($authtype =~ /^lti:/) {
+ $message = &mt('Direct login is not supported with the username you entered.').
+ '
'.
+ &mt('You likely need to launch LON-CAPA from within a course in a different Learning Management System.').
+ '
'.
+ &mt('You can also try to log in with a different username.');
+ @actions =
+ (&mt('Try your [_1]log in again[_2].','',''));
+ } else {
+ $message = &mt($message);
+ @actions =
+ (&mt('Please [_1]log in again[_2].','',''));
+ }
my $loginhelp = &loginhelpdisplay($udom);
if ($loginhelp) {
push(@actions, ''.&mt('Login problems?').'');
}
#FIXME: link to helpdesk might be added here
-
$r->print(
$start_page
.''.&mt('Sorry ...').'
'
- .&Apache::lonhtmlcommon::confirm_success(&mt($message),1).'
'
+ .&Apache::lonhtmlcommon::confirm_success($message,1).'
'
.&Apache::lonhtmlcommon::actionbox(\@actions)
.$end_page
);
@@ -398,44 +436,71 @@ sub handler {
my $end_page =
&Apache::loncommon::end_page();
my $dest = '/adm/roles';
- if ($env{'form.firsturl'} ne '') {
- $dest = $env{'form.firsturl'};
- if (($dest =~ m{^/tiny/$match_domain/\w+$}) && ($env{'request.course.id'})) {
- my $cnum = $env{'course.'.$env{'request.course.id'}.'.num'};
- my $cdom = $env{'course.'.$env{'request.course.id'}.'.domain'};
- my $symb = &Apache::loncommon::symb_from_tinyurl($dest,$cnum,$cdom);
- if ($symb) {
- my $buffer;
- if ($r->header_in('Content-length') > 0) {
- $r->read($buffer,$r->header_in('Content-length'),0);
- }
- my %form;
- foreach my $pair (split(/&/,$buffer)) {
- my ($name,$value) = split(/=/,$pair);
- $value =~ tr/+/ /;
- $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C",hex($1))/eg;
- $form{$name}=$value;
+ my %form = &get_form_items($r);
+ if ($form{'logtoken'}) {
+ my $tmpinfo = &Apache::lonnet::reply('tmpget:'.$form{'logtoken'},
+ $form{'serverid'});
+ unless (($tmpinfo=~/^error/) || ($tmpinfo eq 'con_lost') ||
+ ($tmpinfo eq 'no_such_host')) {
+ my ($des_key,$firsturl,@rest)=split(/&/,$tmpinfo);
+ $firsturl = &unescape($firsturl);
+ my %info;
+ foreach my $item (@rest) {
+ my ($key,$value) = split(/=/,$item);
+ $info{$key} = &unescape($value);
+ }
+ if ($firsturl ne '') {
+ $info{'firsturl'} = $firsturl;
+ $dest = $firsturl;
+ my $relogin;
+ if ($dest =~ m{^/tiny/$match_domain/\w+$}) {
+ if ($env{'request.course.id'}) {
+ my $cnum = $env{'course.'.$env{'request.course.id'}.'.num'};
+ my $cdom = $env{'course.'.$env{'request.course.id'}.'.domain'};
+ my $symb = &Apache::loncommon::symb_from_tinyurl($dest,$cnum,$cdom);
+ if ($symb) {
+ unless (&set_deeplink_login(%info) eq 'ok') {
+ $relogin = 1;
+ }
+ }
+ }
+ if ($relogin) {
+ $r->print(
+ $start_page
+ .''.&mt('You are already logged in!').'
'
+ .''.&mt('Please [_1]log out[_2] first, and then try your access again',
+ '','')
+ .'
'
+ .$end_page);
+ } else {
+ if (($info{'linkprot'}) || ($info{'linkkey'} ne '')) {
+ my $token = &Apache::lonnet::tmpput(\%info,$r->dir_config('lonHostID'),'link');
+ unless (($token eq 'con_lost') || ($token eq 'refused') ||
+ ($token eq 'unknown_cmd') || ($token eq 'no_such_host')) {
+ $dest .= (($dest =~ /\?/) ? '&' : '?') . 'ttoken='.$token;
+ }
+ }
+ $r->print(
+ $start_page
+ .''.&mt('You are already logged in!').'
'
+ .''.&mt('Please either [_1]continue the current session[_2] or [_3]log out[_4] first, and then try your access again',
+ '','',
+ '','')
+ .'
'
+ .$end_page);
+ }
+ return OK;
}
- &set_deeplink_login(%form);
- } else {
- $r->print(
- $start_page
- .''.&mt('You are already logged in!').'
'
- .''.&mt('Please [_1]log out[_2] first, and then try your access again',
- '','')
- .'
'
- .$end_page);
- return OK;
}
}
}
$r->print(
- $start_page
- .''.&mt('You are already logged in!').'
'
- .''.&mt('Please either [_1]continue the current session[_2] or [_3]log out[_4].'
- ,'','','','')
- .'
'
- .$end_page
+ $start_page
+ .''.&mt('You are already logged in!').'
'
+ .''.&mt('Please either [_1]continue the current session[_2] or [_3]log out[_4].'
+ ,'','','','')
+ .'
'
+ .$end_page
);
return OK;
}
@@ -443,19 +508,7 @@ sub handler {
# ---------------------------------------------------- No valid token, continue
-
- my $buffer;
- if ($r->header_in('Content-length') > 0) {
- $r->read($buffer,$r->header_in('Content-length'),0);
- }
- my %form;
- foreach my $pair (split(/&/,$buffer)) {
- my ($name,$value) = split(/=/,$pair);
- $value =~ tr/+/ /;
- $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C",hex($1))/eg;
- $form{$name}=$value;
- }
-
+ my %form = &get_form_items($r);
if ((!$form{'uname'}) || (!$form{'upass0'}) || (!$form{'udom'})) {
&failed($r,'Username, password and domain need to be specified.',
\%form);
@@ -499,7 +552,8 @@ sub handler {
return OK;
}
- my ($key,$firsturl,@rest)=split(/&/,$tmpinfo);
+ my ($des_key,$firsturl,@rest)=split(/&/,$tmpinfo);
+ $firsturl = &unescape($firsturl);
foreach my $item (@rest) {
my ($key,$value) = split(/=/,$item);
$form{$key} = &unescape($value);
@@ -508,7 +562,7 @@ sub handler {
$form{'firsturl'} = $firsturl;
}
my $upass = $ENV{HTTPS} ? $form{'upass0'}
- : &Apache::loncommon::des_decrypt($key,$form{'upass0'});
+ : &Apache::loncommon::des_decrypt($des_key,$form{'upass0'});
# ---------------------------------------------------------------- Authenticate
@@ -530,7 +584,7 @@ sub handler {
if ($authhost eq 'no_host') {
&failed($r,'Username and/or password could not be authenticated.',
- \%form);
+ \%form,$authhost);
return OK;
} elsif ($authhost eq 'no_account_on_host') {
if ($defaultauth) {
@@ -570,9 +624,9 @@ sub handler {
$firsturl='/adm/roles';
}
- my $hosthere;
+ my ($hosthere,%sessiondata);
if ($form{'iptoken'}) {
- my %sessiondata = &Apache::lonnet::tmpget($form{'iptoken'});
+ %sessiondata = &Apache::lonnet::tmpget($form{'iptoken'});
my $delete = &Apache::lonnet::tmpdel($form{'iptoken'});
if (($sessiondata{'domain'} eq $form{'udom'}) &&
($sessiondata{'username'} eq $form{'uname'})) {
@@ -616,7 +670,7 @@ sub handler {
unless ($suprim eq $uprim) {
unless ($suintdom eq $uintdom) {
&Apache::lonnet::logthis('Attempted switch user '
- .'to user with different "internet domain".');
+ .'to user with different "internet domain".');
$noprivswitch = 1;
}
}
@@ -778,6 +832,18 @@ sub handler {
$form{'noloadbalance'} = $hosthere;
}
my $extra_env;
+ if (($hosthere) && ($sessiondata{'sessionserver'} ne '')) {
+ if ($sessiondata{'origurl'} ne '') {
+ $firsturl = $sessiondata{'origurl'};
+ $form{'firsturl'} = $sessiondata{'origurl'};
+ my @names = ('role','symb','linkprot','linkkey');
+ foreach my $item (@names) {
+ if ($sessiondata{$item} ne '') {
+ $form{$item} = $sessiondata{$item};
+ }
+ }
+ }
+ }
if ($form{'linkprot'}) {
my ($linkprotector,$uri) = split(/:/,$form{'linkprot'},2);
if ($linkprotector) {
@@ -817,14 +883,31 @@ sub handler {
}
}
+sub get_form_items {
+ my ($r) = @_;
+ my $buffer;
+ if ($r->header_in('Content-length') > 0) {
+ $r->read($buffer,$r->header_in('Content-length'),0);
+ }
+ my %form;
+ foreach my $pair (split(/&/,$buffer)) {
+ my ($name,$value) = split(/=/,$pair);
+ $value =~ tr/+/ /;
+ $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C",hex($1))/eg;
+ $form{$name}=$value;
+ }
+ return %form;
+}
+
sub set_deeplink_login {
my (%form) = @_;
+ my $disallow;
if ($form{'firsturl'} =~ m{^/tiny/($match_domain)/\w+$}) {
my $cdom = $1;
my ($cnum,$symb) = &Apache::loncommon::symb_from_tinyurl($form{'firsturl'},'',$cdom);
if ($symb) {
if ($env{'request.course.id'} eq $cdom.'_'.$cnum) {
- my ($disallow,$deeplink);
+ my $deeplink;
if ($symb =~ /\.(page|sequence)$/) {
my $mapname = &Apache::lonnet::deversion((&Apache::lonnet::decode_symb($symb))[2]);
my $navmap = Apache::lonnavmaps::navmap->new();
@@ -857,14 +940,17 @@ sub set_deeplink_login {
}
}
}
- return;
+ if ($disallow) {
+ return;
+ }
+ return 'ok';
}
sub set_retry_token {
my ($form,$lonhost,$querystr) = @_;
if (ref($form) eq 'HASH') {
my ($firsturl,$token,$extras,@names);
- @names = ('role','symb','linkprot','linkkey');
+ @names = ('role','symb','linkprot','linkkey','iptoken');
foreach my $name (@names) {
if ($form->{$name} ne '') {
$extras .= '&'.$name.'='.&escape($form->{$name});