--- loncom/auth/lonlogin.pm	2022/01/15 20:21:06	1.194
+++ loncom/auth/lonlogin.pm	2022/06/26 04:03:47	1.200
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Login Screen
 #
-# $Id: lonlogin.pm,v 1.194 2022/01/15 20:21:06 raeburn Exp $
+# $Id: lonlogin.pm,v 1.200 2022/06/26 04:03:47 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -68,6 +68,9 @@ sub handler {
             $env{'form.ltoken'} = $info{'ltoken'};
         } elsif ($info{'linkprot'}) {
             $env{'form.linkprot'} = $info{'linkprot'};
+            if ($info{'linkprotuser'} ne '') {
+                $env{'form.linkprotuser'} = $info{'linkprotuser'};
+            }
         } elsif ($info{'linkkey'} ne '') {
             $env{'form.linkkey'} = $info{'linkkey'};
         }
@@ -181,6 +184,9 @@ sub handler {
                     $link_info{'ltoken'} = $env{'form.ltoken'};
                 } elsif ($env{'form.linkprot'}) {
                     $link_info{'linkprot'} = $env{'form.linkprot'};
+                    if ($env{'form.linkprotuser'} ne '') {
+                        $link_info{'linkprotuser'} = $env{'form.linkprotuser'};
+                    }
                 } elsif ($env{'form.linkkey'} ne '') {
                     $link_info{'linkkey'} = $env{'form.linkkey'};
                 }
@@ -249,16 +255,33 @@ sub handler {
             $dest = &HTML::Entities::encode($env{'form.firsturl'},'\'"<>&');
         }
         if (($env{'form.ltoken'}) || ($env{'form.linkprot'})) {
-            my $linkprot;
+            my ($linkprot,$linkprotuser);
             if ($env{'form.ltoken'}) {
                 my %info = &Apache::lonnet::tmpget($env{'form.ltoken'});
                 $linkprot = $info{'linkprot'};
-                my $delete = &Apache::lonnet::tmpdel($env{'form.ltoken'});
+                if ($info{'linkprotuser'} ne '') {
+                    $linkprotuser = $info{'linkprotuser'};
+                } 
             } else {
                 $linkprot = $env{'form.linkprot'};
+                $linkprotuser = $env{'form.linkprotuser'};
             }
             if ($linkprot) {
                 my ($linkprotector,$deeplink) = split(/:/,$linkprot,2);
+                if (($deeplink =~ m{^/tiny/$match_domain/\w+$}) &&
+                    ($linkprotuser ne '') && ($linkprotuser ne $env{'user.name'}.':'.$env{'user.domain'})) {
+                    my $ip = &Apache::lonnet::get_requestor_ip();
+                    my %linkprotinfo = (
+                                          origurl => $deeplink,
+                                          linkprot => $linkprot,
+                                          linkprotuser => $linkprotuser,
+                                       );    
+                    if ($env{'form.ltoken'}) {
+                        my $delete = &Apache::lonnet::tmpdel($env{'form.ltoken'});
+                    }
+                    &Apache::migrateuser::logout($r,$ip,$handle,undef,undef,\%linkprotinfo);
+                    return OK;
+                }
                 if ($env{'user.linkprotector'}) {
                     my @protectors = split(/,/,$env{'user.linkprotector'});
                     unless (grep(/^\Q$linkprotector\E$/,@protectors)) {
@@ -304,6 +327,9 @@ sub handler {
                 }
             }
         }
+        if ($env{'form.ltoken'}) {
+            my $delete = &Apache::lonnet::tmpdel($env{'form.ltoken'});
+        }
 	$r->print(
                   $start_page
                  .'<p class="LC_warning">'.&mt('You are already logged in!').'</p>'
@@ -428,20 +454,28 @@ sub handler {
     if ($uextkey>2147483647) { $uextkey-=4294967296; }
 
 # -------------------------------------------------------- Store away log token
-    my ($tokenextras,$tokentype);
-    my @names = ('role','symb','iptoken','ltoken','linkprot','linkkey');
+    my ($tokenextras,$tokentype,$linkprot_for_login);
+    my @names = ('role','symb','iptoken','ltoken','linkprotuser','linkprot','linkkey');
     foreach my $name (@names) {
         if ($env{'form.'.$name} ne '') {
             if ($name eq 'ltoken') {
                 my %info = &Apache::lonnet::tmpget($env{'form.'.$name});
                 if ($info{'linkprot'}) {
+                    $linkprot_for_login = $info{'linkprot'};
                     $tokenextras .= '&linkprot='.&escape($info{'linkprot'});
+                    if ($info{'linkprotuser'}) {
+                        $tokenextras .= '&linkprotuser='.&escape($info{'linkprotuser'});
+                    }
                     $tokentype = 'link';
                     last;
                 }
             } else {
                 $tokenextras .= '&'.$name.'='.&escape($env{'form.'.$name});
                 if (($name eq 'linkkey') || ($name eq 'linkprot')) {
+                    if ((($env{'form.retry'}) || ($env{'form.sso'})) && 
+                        (!$env{'form.ltoken'}) && ($name eq 'linkprot')) {
+                        $linkprot_for_login = $env{'form.linkprot'};
+                    }
                     $tokentype = 'link';
                 }
             }
@@ -659,6 +693,7 @@ function toggleLClogin() {
             if (document.getElementById('LC_login_text')) {
                 document.getElementById('LC_login_text').innerHTML = '$samlnonsso';
             }
+            if ( document.client.uname ) { document.client.uname.focus(); }
             if (document.getElementById('LC_SSO_login')) {
                 document.getElementById('LC_SSO_login').style.display = 'none';
             }
@@ -897,6 +932,35 @@ ENDSAML
             delete($env{'form.ltoken'});
         }
     }
+    my $in_frame_js;
+    if ($linkprot_for_login) {
+        my ($linkprotector,$linkproturi) = split(/:/,$linkprot_for_login,2);
+        if (($linkprotector =~ /^\d+(c|d)$/) && ($linkproturi =~ m{^/+tiny/+$LONCAPA::match_domain/+\w+$})) {
+            my $set_target;
+            if (($env{'form.retry'}) || ($env{'form.sso'})) {
+                if ($linkproturi eq $env{'form.firsturl'}) {
+                    $set_target = "    document.server.target = '_self';";
+                }
+            } else {
+                $set_target = <<ENDTARG;
+    var linkproturi = '$linkproturi';
+    var path = document.location.pathname.replace( new RegExp('^/adm/launch'),'');
+    if (linkproturi == path) {
+        document.server.target = '_self';
+    }
+ENDTARG
+            }
+            $in_frame_js = <<ENDJS;
+<script type="text/javascript">
+// <![CDATA[
+if ((window.self !== window.top) && (document.server.target != '_self')) {
+    $set_target
+}
+// ]]>
+</script>
+ENDJS
+        }
+    }
 
     $r->print(<<ENDLOGIN);
 <div style="display:$stdauthformstyle;" id="LC_standard_login">
@@ -997,6 +1061,7 @@ $versionrow
     <br style="clear:both;" />
  </div>
 
+$in_frame_js
 <script type="text/javascript">
 // <![CDATA[
 // the if prevents the script error if the browser can not handle this
@@ -1089,31 +1154,58 @@ sub redirect_page {
         $path = '/'.$path;
     }
     my $url = $protocol.'://'.$hostname.$path;
-    if ($env{'form.firsturl'} ne '') {
+    my $args = {};
+    if ($env{'form.firsturl'} =~ m{^/tiny/$match_domain/\w+$}) {
+        $url = $protocol.'://'.$hostname.$env{'form.firsturl'};
+        if (($env{'form.ltoken'}) || ($env{'form.linkprot'} ne '') ||
+            ($env{'form.linkkey'} ne '')) {
+            my %link_info;
+            if ($env{'form.ltoken'}) {
+                %link_info = &Apache::lonnet::tmpget($env{'form.ltoken'});
+                &Apache::lonnet::tmpdel($env{'form.ltoken'});
+                $args->{'only_body'} = 1;
+            } elsif ($env{'form.linkprot'}) {
+                $link_info{'linkprot'} = $env{'form.linkprot'};
+                if ($env{'form.linkprotuser'}) {
+                    $link_info{'linkprotuser'} = $env{'form.linkprotuser'};
+                }
+                $args->{'only_body'} = 1;
+            } elsif ($env{'form.linkkey'} ne '') {
+                $link_info{'linkkey'} = $env{'form.linkkey'};
+            }
+            my $token = &Apache::lonnet::tmpput(\%link_info,$desthost,'link');
+            unless (($token eq 'con_lost') || ($token eq 'refused') ||
+                    ($token eq 'unknown_cmd') || ($token eq 'no_such_host')) {
+                $url .= '?ltoken='.$token;
+            }
+        }
+    } else {
         my $querystring;
-        if ($env{'form.firsturl'} =~ /[^\x00-\xFF]/) {
-            $querystring = &uri_escape_utf8($env{'form.firsturl'});
-        } else {
-            $querystring = &uri_escape($env{'form.firsturl'});
+        if ($env{'form.firsturl'} ne '') {
+            if ($env{'form.firsturl'} =~ /[^\x00-\xFF]/) {
+                $querystring = &uri_escape_utf8($env{'form.firsturl'});
+            } else {
+                $querystring = &uri_escape($env{'form.firsturl'});
+            }
+            $querystring = &HTML::Entities::encode($querystring,"'");
+            $querystring = '?firsturl='.$querystring;
         }
-        $querystring = &HTML::Entities::encode($querystring,"'");
-        $url .='?firsturl='.$querystring;
-    }
-    if (($env{'form.ltoken'}) || ($env{'form.linkkey'} ne '')) {
-        my %link_info;
         if ($env{'form.ltoken'}) {
-            $link_info{'ltoken'} = $env{'form.ltoken'};
-        } elsif ($env{'form.linkkey'} ne '') {
-            $link_info{'linkkey'} = $env{'form.linkkey'};
-        }
-        my $token = &Apache::lonnet::tmpput(\%link_info,$desthost,'link');
-        unless (($token eq 'con_lost') || ($token eq 'refused') ||
-                ($token eq 'unknown_cmd') || ($token eq 'no_such_host')) {
-            $url .= (($url=~/\?/)?'&amp;':'?') . 'ttoken='.$token;
+            my %link_info = &Apache::lonnet::tmpget($env{'form.ltoken'});
+            &Apache::lonnet::tmpdel($env{'form.ltoken'});
+            my $token = &Apache::lonnet::tmpput(\%link_info,$desthost,'link');
+            unless (($token eq 'con_lost') || ($token eq 'refused') || ($token =~ /^error:/) ||
+                    ($token eq 'unknown_cmd') || ($token eq 'no_such_host')) {
+                unless (($path eq '/adm/roles') || ($path eq '/adm/login')) {
+                    $url = $protocol.'://'.$hostname.'/adm/roles';
+                }
+                $querystring .= (($querystring =~/^\?/)?'&amp;':'?') . 'ttoken='.$token;
+            }
         }
+        $url .= $querystring;
     }
-    my $start_page = &Apache::loncommon::start_page('Switching Server ...',undef,
-                                                    {'redirect' => [0,$url],});
+    $args->{'redirect'} = [0,$url];
+    my $start_page = &Apache::loncommon::start_page('Switching Server ...',undef,$args);
     my $end_page   = &Apache::loncommon::end_page();
     return $start_page.$end_page;
 }
