loncom/auth/lonrelaunch.pm - view

File: [LON-CAPA] / loncom / auth / lonrelaunch.pm
Revision 1.1: download - view: text, annotated - select for diffs
Sat Jun 18 02:10:18 2022 UTC (22 months, 3 weeks ago) by raeburn
Branches: MAIN
CVS tags: HEAD

- Bug 6907
  For LTI-protected deep links in which username is included in launch payload
  compare username in payload with username for any existing LON-CAPA session
  in current web browser and expire old session, if different user.

# The LearningOnline Network # Re-launch guidance for deep linked access with username mismatch # # $Id: lonrelaunch.pm,v 1.1 2022/06/18 02:10:18 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # # This file is part of the LearningOnline Network with CAPA (LON-CAPA). # # LON-CAPA is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # LON-CAPA is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with LON-CAPA; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # # /home/httpd/html/adm/gpl.txt # # http://www.lon-capa.org/ # package Apache::lonrelaunch; use strict; use lib '/home/httpd/lib/perl/'; use Apache::Constants qw(:common :http REDIRECT); use Apache::lonnet; use Apache::loncommon(); use Apache::lonlocal; use LONCAPA qw(:DEFAULT :match); use CGI::Cookie(); sub handler { my $r = shift; my %data; if ($r->args) { &Apache::loncommon::get_unprocessed_cgi($r->args,['rtoken']); if (exists($env{'form.rtoken'})) { %data = &Apache::lonnet::tmpget($env{'form.rtoken'}); my $delete = &Apache::lonnet::tmpdel($env{'form.rtoken'}); } } my $handle = &Apache::lonnet::check_for_valid_session($r); if ($handle ne '') { my $lonidsdir=$r->dir_config('lonIDsDir'); &Apache::lonnet::transfer_profile_to_env($lonidsdir,$handle); if (unlink("$lonidsdir/$handle.id")) { if (($env{'user.linkedenv'} =~ /^[a-f0-9]+_linked$/) && (-l "$lonidsdir/$env{'user.linkedenv'}.id") && (readlink("$lonidsdir/$env{'user.linkedenv'}.id") eq "$lonidsdir/$handle.id")) { unlink("$lonidsdir/$env{'user.linkedenv'}.id"); } } my %temp=('logout' => time); my $ip = &Apache::lonnet::get_requestor_ip(); &Apache::lonnet::put('email_status',\%temp); &Apache::lonnet::log($env{'user.domain'}, $env{'user.name'}, $env{'user.home'}, "Logout $ip"); #expire the cookies my %cookies=CGI::Cookie->parse($r->header_in('Cookie')); foreach my $name (keys(%cookies)) { next unless ($name =~ /^lon(|S|Link|Pub)ID$/); my $c = new CGI::Cookie(-name => $name, -value => '', -expires => '-10y',); $r->headers_out->add('Set-cookie' => $c); } } if (!$Apache::lonlocal::lh) { &Apache::lonlocal::get_language_handle($r); } &Apache::loncommon::content_type($r,'text/html'); $r->send_http_header; return OK if $r->header_only; if ((keys(%data)) && ($data{'origurl'} =~ m{^/tiny/$match_domain/\w+$})) { my $url = $data{'origurl'}; if (($data{'linkprot'} =~ m{^\w+(c|d):\Q$url\E$}) && ($data{'linkprotuser'} =~ m{^($match_username):($match_domain)$})) { my $brcrum = [{'href' => '','text' => 'Update session'},]; $url .= '?ltoken='.$env{'form.rtoken'}; $r->print(&Apache::loncommon::start_page('Updating session',undef, {'only_body' => 1, 'redirect' => [1,$url], 'bread_crumbs' => $brcrum,}). '<p>'.&mt('Updating old session information').'</p>'. &Apache::loncommon::end_page()); return OK; } } $r->print(&Apache::loncommon::start_page('Username mismatch',undef,{'only_body' => 1})); $r->print(&mt('Although your credentials were authenticated, the username you entered did not match what was expected [_1] from the link you followed',"($data{'linkprotuser'})")); $r->print(&Apache::loncommon::end_page()); return OK; } 1;