--- loncom/auth/lonauth.pm 2022/05/21 05:16:43 1.173
+++ loncom/auth/lonauth.pm 2022/06/18 02:10:18 1.174
@@ -1,7 +1,7 @@
# The LearningOnline Network
# User Authentication Module
#
-# $Id: lonauth.pm,v 1.173 2022/05/21 05:16:43 raeburn Exp $
+# $Id: lonauth.pm,v 1.174 2022/06/18 02:10:18 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -308,6 +308,11 @@ sub failed {
if ($clientunicode && !$clientmathml) {
$args = {'browser.unicode' => 1};
}
+ if ($form->{firsturl} =~ m{^/tiny/$match_domain/\w+$}) {
+ if ($form->{linkprot}) {
+ $args->{only_body} = 1;
+ }
+ }
my @actions;
my $start_page = &Apache::loncommon::start_page('Unsuccessful Login',undef,$args);
@@ -357,7 +362,13 @@ sub failed {
}
}
if (exists($form->{linkprot})) {
- my $ltoken = &Apache::lonnet::tmpput({linkprot => $form->{'linkprot'}},
+ my %info = (
+ 'linkprot' => $form->{'linkprot'},
+ );
+ if ($form->{linkprotuser} ne '') {
+ $info{'linkprotuser'} = $form->{linkprotuser};
+ }
+ my $ltoken = &Apache::lonnet::tmpput(\%info,
$r->dir_config('lonHostID'),'retry');
if ($ltoken) {
$retry .= (($retry =~ /\?/) ? '&' : '?').'ltoken='.$ltoken;
@@ -475,6 +486,19 @@ sub handler {
.$end_page);
} else {
if (($info{'linkprot'}) || ($info{'linkkey'} ne '')) {
+ if (($info{'linkprot'}) && ($info{'linkprotuser'} ne '')) {
+ unless ($info{'linkprotuser'} eq $env{'user.name'}.':'.$env{'user.domain'}) {
+ $r->print(
+ $start_page
+ .''.&mt('You are already logged in, but as a different user from the one expected for the link you followed from another system').'
'
+ .''.&mt('Please [_1]log out[_2] first, and then try following the link again from the other system',
+ '','')
+
+ .'
'
+ .$end_page);
+ return OK;
+ }
+ }
my $token = &Apache::lonnet::tmpput(\%info,$r->dir_config('lonHostID'),'link');
unless (($token eq 'con_lost') || ($token eq 'refused') ||
($token eq 'unknown_cmd') || ($token eq 'no_such_host')) {
@@ -730,6 +754,18 @@ sub handler {
}
}
+ if ($form{'firsturl'} =~ m{^/tiny/$match_domain/\w+$}) {
+ if (($form{'linkprot'}) && ($form{'linkprotuser'} ne '')) {
+ unless($form{'linkprotuser'} eq $form{'uname'}.':'.$form{'udom'}) {
+ delete($form{'udom'});
+ delete($form{'uname'});
+ &failed($r,'Username and/or domain are different to that expected for the link you followed from another system',
+ \%form,$authhost);
+ return OK;
+ }
+ }
+ }
+
my ($is_balancer,$otherserver);
unless ($hosthere) {
@@ -975,7 +1011,7 @@ sub set_retry_token {
my ($form,$lonhost,$querystr) = @_;
if (ref($form) eq 'HASH') {
my ($firsturl,$token,$extras,@names);
- @names = ('role','symb','linkprot','linkkey','iptoken');
+ @names = ('role','symb','linkprotuser','linkprot','linkkey','iptoken');
foreach my $name (@names) {
if ($form->{$name} ne '') {
$extras .= '&'.$name.'='.&escape($form->{$name});