[BACK]Return to lonrelaunch.pm CVS log [TXT] [DIR] Up to [LON-CAPA] / loncom / auth
File:  [LON-CAPA] / loncom / auth / lonrelaunch.pm
Revision 1.1: download - view: text, annotated - select for diffs
Sat Jun 18 02:10:18 2022 UTC (22 months, 4 weeks ago) by raeburn
Branches: MAIN
CVS tags: HEAD
- Bug 6907
  For LTI-protected deep links in which username is included in launch payload
  compare username in payload with username for any existing LON-CAPA session
  in current web browser and expire old session, if different user.

    1: # The LearningOnline Network
    2: # Re-launch guidance for deep linked access with username mismatch
    3: #
    4: # $Id: lonrelaunch.pm,v 1.1 2022/06/18 02:10:18 raeburn Exp $
    5: #
    6: # Copyright Michigan State University Board of Trustees
    7: #
    8: # This file is part of the LearningOnline Network with CAPA (LON-CAPA).
    9: #
   10: # LON-CAPA is free software; you can redistribute it and/or modify
   11: # it under the terms of the GNU General Public License as published by
   12: # the Free Software Foundation; either version 2 of the License, or
   13: # (at your option) any later version.
   14: #
   15: # LON-CAPA is distributed in the hope that it will be useful,
   16: # but WITHOUT ANY WARRANTY; without even the implied warranty of
   17: # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   18: # GNU General Public License for more details.
   19: #
   20: # You should have received a copy of the GNU General Public License
   21: # along with LON-CAPA; if not, write to the Free Software
   22: # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
   23: #
   24: # /home/httpd/html/adm/gpl.txt
   25: #
   26: # http://www.lon-capa.org/
   27: #
   28: 
   29: package Apache::lonrelaunch;
   30: 
   31: use strict;
   32: use lib '/home/httpd/lib/perl/';
   33: use Apache::Constants qw(:common :http REDIRECT);
   34: use Apache::lonnet;
   35: use Apache::loncommon();
   36: use Apache::lonlocal;
   37: use LONCAPA qw(:DEFAULT :match);
   38: use CGI::Cookie();
   39: 
   40: sub handler {
   41:     my $r = shift;
   42: 
   43:     my %data;
   44:     if ($r->args) {
   45:         &Apache::loncommon::get_unprocessed_cgi($r->args,['rtoken']);
   46:         if (exists($env{'form.rtoken'})) {
   47:             %data = &Apache::lonnet::tmpget($env{'form.rtoken'});
   48:             my $delete = &Apache::lonnet::tmpdel($env{'form.rtoken'});
   49:         }
   50:     }
   51:     my $handle = &Apache::lonnet::check_for_valid_session($r);
   52:     if ($handle ne '') {
   53:         my $lonidsdir=$r->dir_config('lonIDsDir');
   54:         &Apache::lonnet::transfer_profile_to_env($lonidsdir,$handle);
   55:         if (unlink("$lonidsdir/$handle.id")) {
   56:             if (($env{'user.linkedenv'} =~ /^[a-f0-9]+_linked$/) &&
   57:                 (-l "$lonidsdir/$env{'user.linkedenv'}.id") &&
   58:                 (readlink("$lonidsdir/$env{'user.linkedenv'}.id") eq "$lonidsdir/$handle.id")) {
   59:                 unlink("$lonidsdir/$env{'user.linkedenv'}.id");
   60:             }
   61:         }
   62:         my %temp=('logout' => time);
   63:         my $ip = &Apache::lonnet::get_requestor_ip();
   64:         &Apache::lonnet::put('email_status',\%temp);
   65:         &Apache::lonnet::log($env{'user.domain'},
   66:                              $env{'user.name'},
   67:                              $env{'user.home'},
   68:                              "Logout $ip");
   69:         #expire the cookies
   70:         my %cookies=CGI::Cookie->parse($r->header_in('Cookie'));
   71:         foreach my $name (keys(%cookies)) {
   72:             next unless ($name =~ /^lon(|S|Link|Pub)ID$/);
   73:             my $c = new CGI::Cookie(-name    => $name,
   74:                                     -value   => '',
   75:                                     -expires => '-10y',);
   76:             $r->headers_out->add('Set-cookie' => $c);
   77:         }
   78:     }
   79:     if (!$Apache::lonlocal::lh) {
   80:         &Apache::lonlocal::get_language_handle($r);
   81:     }
   82:     &Apache::loncommon::content_type($r,'text/html');
   83:     $r->send_http_header;
   84:     return OK if $r->header_only;
   85: 
   86:     if ((keys(%data)) && ($data{'origurl'} =~ m{^/tiny/$match_domain/\w+$})) {
   87:         my $url = $data{'origurl'};
   88:         if (($data{'linkprot'} =~ m{^\w+(c|d):\Q$url\E$}) &&
   89:             ($data{'linkprotuser'} =~ m{^($match_username):($match_domain)$})) {
   90:             my $brcrum = [{'href' => '','text' => 'Update session'},];
   91:             $url .= '?ltoken='.$env{'form.rtoken'};
   92:             $r->print(&Apache::loncommon::start_page('Updating session',undef,
   93:                                                      {'only_body'    => 1,
   94:                                                       'redirect'     => [1,$url],
   95:                                                       'bread_crumbs' => $brcrum,}).
   96:                       '<p>'.&mt('Updating old session information').'</p>'.
   97:                       &Apache::loncommon::end_page());
   98:             return OK;
   99:         }
  100:     }
  101:     $r->print(&Apache::loncommon::start_page('Username mismatch',undef,{'only_body' => 1}));
  102:     $r->print(&mt('Although your credentials were authenticated, the username you entered did not match what was expected [_1] from the link you followed',"($data{'linkprotuser'})"));
  103:     $r->print(&Apache::loncommon::end_page());
  104:     return OK;
  105: }
  106: 
  107: 1;
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>