--- loncom/auth/lonlogin.pm	2022/02/24 15:51:28	1.195
+++ loncom/auth/lonlogin.pm	2022/06/30 21:04:13	1.201
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Login Screen
 #
-# $Id: lonlogin.pm,v 1.195 2022/02/24 15:51:28 raeburn Exp $
+# $Id: lonlogin.pm,v 1.201 2022/06/30 21:04:13 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -68,6 +68,11 @@ sub handler {
             $env{'form.ltoken'} = $info{'ltoken'};
         } elsif ($info{'linkprot'}) {
             $env{'form.linkprot'} = $info{'linkprot'};
+            foreach my $item ('linkprotuser','linkprotexit') {
+                if ($info{$item} ne '') {
+                    $env{'form.'.$item} = $info{$item};
+                }
+            }
         } elsif ($info{'linkkey'} ne '') {
             $env{'form.linkkey'} = $info{'linkkey'};
         }
@@ -181,6 +186,11 @@ sub handler {
                     $link_info{'ltoken'} = $env{'form.ltoken'};
                 } elsif ($env{'form.linkprot'}) {
                     $link_info{'linkprot'} = $env{'form.linkprot'};
+                    foreach my $item ('linkprotuser','linkprotexit') {
+                        if ($env{'form.'.$item} ne '') {
+                            $link_info{$item} = $env{'form.'.$item};
+                        }
+                    }
                 } elsif ($env{'form.linkkey'} ne '') {
                     $link_info{'linkkey'} = $env{'form.linkkey'};
                 }
@@ -249,16 +259,38 @@ sub handler {
             $dest = &HTML::Entities::encode($env{'form.firsturl'},'\'"<>&');
         }
         if (($env{'form.ltoken'}) || ($env{'form.linkprot'})) {
-            my $linkprot;
+            my ($linkprot,$linkprotuser,$linkprotexit);
             if ($env{'form.ltoken'}) {
                 my %info = &Apache::lonnet::tmpget($env{'form.ltoken'});
                 $linkprot = $info{'linkprot'};
-                my $delete = &Apache::lonnet::tmpdel($env{'form.ltoken'});
+                if ($info{'linkprotuser'} ne '') {
+                    $linkprotuser = $info{'linkprotuser'};
+                }
+                if ($info{'linkprotexit'} ne '') {
+                    $linkprotexit = $info{'linkprotexit'};
+                }
             } else {
                 $linkprot = $env{'form.linkprot'};
+                $linkprotuser = $env{'form.linkprotuser'};
+                $linkprotexit = $env{'form.linkprotexit'};
             }
             if ($linkprot) {
                 my ($linkprotector,$deeplink) = split(/:/,$linkprot,2);
+                if (($deeplink =~ m{^/tiny/$match_domain/\w+$}) &&
+                    ($linkprotuser ne '') && ($linkprotuser ne $env{'user.name'}.':'.$env{'user.domain'})) {
+                    my $ip = &Apache::lonnet::get_requestor_ip();
+                    my %linkprotinfo = (
+                                          origurl => $deeplink,
+                                          linkprot => $linkprot,
+                                          linkprotuser => $linkprotuser,
+                                          linkprotexit => $linkprotexit,
+                                       );    
+                    if ($env{'form.ltoken'}) {
+                        my $delete = &Apache::lonnet::tmpdel($env{'form.ltoken'});
+                    }
+                    &Apache::migrateuser::logout($r,$ip,$handle,undef,undef,\%linkprotinfo);
+                    return OK;
+                }
                 if ($env{'user.linkprotector'}) {
                     my @protectors = split(/,/,$env{'user.linkprotector'});
                     unless (grep(/^\Q$linkprotector\E$/,@protectors)) {
@@ -304,6 +336,9 @@ sub handler {
                 }
             }
         }
+        if ($env{'form.ltoken'}) {
+            my $delete = &Apache::lonnet::tmpdel($env{'form.ltoken'});
+        }
 	$r->print(
                   $start_page
                  .'<p class="LC_warning">'.&mt('You are already logged in!').'</p>'
@@ -428,20 +463,30 @@ sub handler {
     if ($uextkey>2147483647) { $uextkey-=4294967296; }
 
 # -------------------------------------------------------- Store away log token
-    my ($tokenextras,$tokentype);
-    my @names = ('role','symb','iptoken','ltoken','linkprot','linkkey');
+    my ($tokenextras,$tokentype,$linkprot_for_login);
+    my @names = ('role','symb','iptoken','ltoken','linkprotuser','linkprotexit','linkprot','linkkey');
     foreach my $name (@names) {
         if ($env{'form.'.$name} ne '') {
             if ($name eq 'ltoken') {
                 my %info = &Apache::lonnet::tmpget($env{'form.'.$name});
                 if ($info{'linkprot'}) {
+                    $linkprot_for_login = $info{'linkprot'};
                     $tokenextras .= '&linkprot='.&escape($info{'linkprot'});
+                    foreach my $item ('linkprotuser','linkprotexit') {
+                        if ($info{$item}) {
+                            $tokenextras .= '&'.$item.'='.&escape($info{$item});
+                        }
+                    }
                     $tokentype = 'link';
                     last;
                 }
             } else {
                 $tokenextras .= '&'.$name.'='.&escape($env{'form.'.$name});
                 if (($name eq 'linkkey') || ($name eq 'linkprot')) {
+                    if ((($env{'form.retry'}) || ($env{'form.sso'})) && 
+                        (!$env{'form.ltoken'}) && ($name eq 'linkprot')) {
+                        $linkprot_for_login = $env{'form.linkprot'};
+                    }
                     $tokentype = 'link';
                 }
             }
@@ -898,6 +943,35 @@ ENDSAML
             delete($env{'form.ltoken'});
         }
     }
+    my $in_frame_js;
+    if ($linkprot_for_login) {
+        my ($linkprotector,$linkproturi) = split(/:/,$linkprot_for_login,2);
+        if (($linkprotector =~ /^\d+(c|d)$/) && ($linkproturi =~ m{^/+tiny/+$LONCAPA::match_domain/+\w+$})) {
+            my $set_target;
+            if (($env{'form.retry'}) || ($env{'form.sso'})) {
+                if ($linkproturi eq $env{'form.firsturl'}) {
+                    $set_target = "    document.server.target = '_self';";
+                }
+            } else {
+                $set_target = <<ENDTARG;
+    var linkproturi = '$linkproturi';
+    var path = document.location.pathname.replace( new RegExp('^/adm/launch'),'');
+    if (linkproturi == path) {
+        document.server.target = '_self';
+    }
+ENDTARG
+            }
+            $in_frame_js = <<ENDJS;
+<script type="text/javascript">
+// <![CDATA[
+if ((window.self !== window.top) && (document.server.target != '_self')) {
+    $set_target
+}
+// ]]>
+</script>
+ENDJS
+        }
+    }
 
     $r->print(<<ENDLOGIN);
 <div style="display:$stdauthformstyle;" id="LC_standard_login">
@@ -998,6 +1072,7 @@ $versionrow
     <br style="clear:both;" />
  </div>
 
+$in_frame_js
 <script type="text/javascript">
 // <![CDATA[
 // the if prevents the script error if the browser can not handle this
@@ -1090,31 +1165,60 @@ sub redirect_page {
         $path = '/'.$path;
     }
     my $url = $protocol.'://'.$hostname.$path;
-    if ($env{'form.firsturl'} ne '') {
+    my $args = {};
+    if ($env{'form.firsturl'} =~ m{^/tiny/$match_domain/\w+$}) {
+        $url = $protocol.'://'.$hostname.$env{'form.firsturl'};
+        if (($env{'form.ltoken'}) || ($env{'form.linkprot'} ne '') ||
+            ($env{'form.linkkey'} ne '')) {
+            my %link_info;
+            if ($env{'form.ltoken'}) {
+                %link_info = &Apache::lonnet::tmpget($env{'form.ltoken'});
+                &Apache::lonnet::tmpdel($env{'form.ltoken'});
+                $args->{'only_body'} = 1;
+            } elsif ($env{'form.linkprot'}) {
+                $link_info{'linkprot'} = $env{'form.linkprot'};
+                foreach my $item ('linkprotuser','linkprotexit') {
+                    if ($env{'form.'.$item}) {
+                        $link_info{$item} = $env{'form.'.$item};
+                    }
+                }
+                $args->{'only_body'} = 1;
+            } elsif ($env{'form.linkkey'} ne '') {
+                $link_info{'linkkey'} = $env{'form.linkkey'};
+            }
+            my $token = &Apache::lonnet::tmpput(\%link_info,$desthost,'link');
+            unless (($token eq 'con_lost') || ($token eq 'refused') ||
+                    ($token eq 'unknown_cmd') || ($token eq 'no_such_host')) {
+                $url .= '?ltoken='.$token;
+            }
+        }
+    } else {
         my $querystring;
-        if ($env{'form.firsturl'} =~ /[^\x00-\xFF]/) {
-            $querystring = &uri_escape_utf8($env{'form.firsturl'});
-        } else {
-            $querystring = &uri_escape($env{'form.firsturl'});
+        if ($env{'form.firsturl'} ne '') {
+            if ($env{'form.firsturl'} =~ /[^\x00-\xFF]/) {
+                $querystring = &uri_escape_utf8($env{'form.firsturl'});
+            } else {
+                $querystring = &uri_escape($env{'form.firsturl'});
+            }
+            $querystring = &HTML::Entities::encode($querystring,"'");
+            $querystring = '?firsturl='.$querystring;
         }
-        $querystring = &HTML::Entities::encode($querystring,"'");
-        $url .='?firsturl='.$querystring;
-    }
-    if (($env{'form.ltoken'}) || ($env{'form.linkkey'} ne '')) {
-        my %link_info;
         if ($env{'form.ltoken'}) {
-            $link_info{'ltoken'} = $env{'form.ltoken'};
-        } elsif ($env{'form.linkkey'} ne '') {
-            $link_info{'linkkey'} = $env{'form.linkkey'};
-        }
-        my $token = &Apache::lonnet::tmpput(\%link_info,$desthost,'link');
-        unless (($token eq 'con_lost') || ($token eq 'refused') ||
-                ($token eq 'unknown_cmd') || ($token eq 'no_such_host')) {
-            $url .= (($url=~/\?/)?'&amp;':'?') . 'ttoken='.$token;
+            my %link_info = &Apache::lonnet::tmpget($env{'form.ltoken'});
+            &Apache::lonnet::tmpdel($env{'form.ltoken'});
+            my $token = &Apache::lonnet::tmpput(\%link_info,$desthost,'link');
+            unless (($token eq 'con_lost') || ($token eq 'refused') || ($token =~ /^error:/) ||
+                    ($token eq 'unknown_cmd') || ($token eq 'no_such_host')) {
+                unless (($path eq '/adm/roles') || ($path eq '/adm/login')) {
+                    $url = $protocol.'://'.$hostname.'/adm/roles';
+                }
+                $querystring .= (($querystring =~/^\?/)?'&amp;':'?') . 'ttoken='.$token;
+            }
         }
+        $url .= $querystring;
     }
-    my $start_page = &Apache::loncommon::start_page('Switching Server ...',undef,
-                                                    {'redirect' => [0,$url],});
+    $args->{'redirect'} = [0,$url];
+    my $start_page = &Apache::loncommon::start_page('Switching Server ...',undef,$args);
     my $end_page   = &Apache::loncommon::end_page();
     return $start_page.$end_page;
 }