--- loncom/auth/lonauth.pm	2021/11/17 00:44:47	1.170
+++ loncom/auth/lonauth.pm	2022/02/27 01:43:13	1.172
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # User Authentication Module
 #
-# $Id: lonauth.pm,v 1.170 2021/11/17 00:44:47 raeburn Exp $
+# $Id: lonauth.pm,v 1.172 2022/02/27 01:43:13 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -300,7 +300,7 @@ ENDSUCCESS
 # --------------------------------------------------------------- Failed login!
 
 sub failed {
-    my ($r,$message,$form) = @_;
+    my ($r,$message,$form,$authhost) = @_;
     (undef,undef,undef,my $clientmathml,my $clientunicode) =
         &Apache::loncommon::decode_user_agent();
     my $args = {};
@@ -308,14 +308,19 @@ sub failed {
         $args = {'browser.unicode' => 1};
     }
 
+    my @actions;
     my $start_page = &Apache::loncommon::start_page('Unsuccessful Login',undef,$args);
     my $uname = &Apache::loncommon::cleanup_html($form->{'uname'});
     my $udom = &Apache::loncommon::cleanup_html($form->{'udom'});
     if (&Apache::lonnet::domain($udom,'description') eq '') {
         undef($udom);
     }
+    my $authtype;
+    if (($udom ne '') && ($uname ne '') && ($authhost eq 'no_host')) {
+        $authtype = &Apache::lonnet::queryauthenticate($uname,$udom);
+    }
     my $retry = '/adm/login';
-    if ($uname eq $form->{'uname'}) {
+    if (($uname eq $form->{'uname'}) && ($authtype !~ /^lti:/)) {
         $retry .= '?username='.$uname;
     }
     if ($udom) {
@@ -363,18 +368,28 @@ sub failed {
     my $end_page = &Apache::loncommon::end_page();
     &Apache::loncommon::content_type($r,'text/html');
     $r->send_http_header;
-    my @actions =
-         (&mt('Please [_1]log in again[_2].','<a href="'.$retry.'">','</a>'));
+    if ($authtype =~ /^lti:/) {
+        $message = &mt('Direct login is not supported with the username you entered.').
+                   '<br /><br />'.
+                   &mt('You likely need to launch LON-CAPA from within a course in a different Learning Management System.').
+                   '<br />'.
+                   &mt('You can also try to log in with a different username.');
+        @actions = 
+            (&mt('Try your [_1]log in again[_2].','<a href="'.$retry.'">','</a>'));
+    } else {
+        $message = &mt($message);
+        @actions =
+            (&mt('Please [_1]log in again[_2].','<a href="'.$retry.'">','</a>'));
+    }
     my $loginhelp = &loginhelpdisplay($udom);
     if ($loginhelp) {
         push(@actions, '<a href="'.$loginhelp.'">'.&mt('Login problems?').'</a>');
     }
     #FIXME: link to helpdesk might be added here
-
     $r->print(
        $start_page
       .'<h2>'.&mt('Sorry ...').'</h2>'
-      .&Apache::lonhtmlcommon::confirm_success(&mt($message),1).'<br /><br />'
+      .&Apache::lonhtmlcommon::confirm_success($message,1).'<br /><br />'
       .&Apache::lonhtmlcommon::actionbox(\@actions)
       .$end_page
     );
@@ -568,9 +583,33 @@ sub handler {
 # --------------------------------------------------------------------- Failed?
 
     if ($authhost eq 'no_host') {
-	&failed($r,'Username and/or password could not be authenticated.',
-		\%form);
-        return OK;
+        my $pwdverify;
+        if (&Apache::lonnet::homeserver($form{'uname'},$form{'udom'}) eq 'no_host') {
+            my %possunames = &alternate_unames_check($form{'uname'},$form{'udom'});
+            if (keys(%possunames) > 0) {
+                foreach my $rulematch (keys(%possunames)) {
+                    my $possuname = $possunames{$rulematch};
+                    if (($possuname ne '') && ($possuname =~ /^$match_username$/)) {
+                        $authhost=Apache::lonnet::authenticate($possuname,$upass,
+                                                               $form{'udom'},undef,
+                                                               $clientcancheckhost);
+                        if (($authhost eq 'no_host') || ($authhost eq 'no_account_on_host')) {
+                            next;
+                        } elsif (($authhost ne '') && (&Apache::lonnet::hostname($authhost) ne '')) {
+                            $pwdverify = 1;
+                            &Apache::lonnet::logthis("Authenticated user: $possuname was submitted as: $form{'uname'}"); 
+                            $form{'uname'} = $possuname;
+                            last;
+                        }
+                    }
+                }
+            }
+        }
+        unless ($pwdverify) {
+            &failed($r,'Username and/or password could not be authenticated.',
+                    \%form,$authhost);
+            return OK;
+        }
     } elsif ($authhost eq 'no_account_on_host') {
         if ($defaultauth) {
             my $domdesc = &Apache::lonnet::domain($form{'udom'},'description');
@@ -1071,6 +1110,20 @@ sub loginhelpdisplay {
     return;
 }
 
+sub alternate_unames_check {
+    my ($uname,$udom) = @_;
+    my %possunames;
+    my %domdefs = &Apache::lonnet::get_domain_defaults($udom);
+    if (ref($domdefs{'unamemap_rule'}) eq 'ARRAY') { 
+        if (@{$domdefs{'unamemap_rule'}} > 0) {
+            %possunames =
+                &Apache::lonnet::inst_rulecheck($udom,$uname,undef,
+                                                'unamemap',$domdefs{'unamemap_rule'});
+        }
+    }
+    return %possunames;
+}
+
 1;
 __END__