--- loncom/auth/lonshibauth.pm 2021/10/10 23:59:19 1.10 +++ loncom/auth/lonshibauth.pm 2021/10/26 15:52:54 1.11 @@ -1,7 +1,7 @@ # The LearningOnline Network # Redirect Shibboleth authentication to designated URL (/adm/sso). # -# $Id: lonshibauth.pm,v 1.10 2021/10/10 23:59:19 raeburn Exp $ +# $Id: lonshibauth.pm,v 1.11 2021/10/26 15:52:54 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -68,8 +68,10 @@ package Apache::lonshibauth; use strict; use lib '/home/httpd/lib/perl/'; use Apache::lonnet; +use Apache::loncommon; +use Apache::lonacc; use Apache::Constants qw(:common REDIRECT); -use LONCAPA qw(:DEFAULT); +use LONCAPA qw(:DEFAULT :match); sub handler { my $r = shift; @@ -77,8 +79,7 @@ sub handler { if (&Apache::lonnet::get_saml_landing()) { $target = '/adm/login'; } - my $uri = $r->uri; - if (($r->user eq '') && ($uri ne $target) && ($uri ne '/adm/sso')) { + if (($r->user eq '') && ($r->uri ne $target) && ($r->uri ne '/adm/sso')) { my $lonhost = $Apache::lonnet::perlvar{'lonHostID'}; my $hostname = &Apache::lonnet::hostname($lonhost); if (!$hostname) { $hostname = $r->hostname(); } @@ -90,19 +91,29 @@ sub handler { $hostname = $alias; } my $dest = $protocol.'://'.$hostname.$target; - if ($r->args ne '') { - $dest .= (($dest=~/\?/)?'&':'?').$r->args; - } - unless (($uri eq '/adm/roles') || ($uri eq '/adm/logout')) { - if ($target eq '/adm/login') { - unless ($ENV{'QUERY_STRING'} =~ /firsturl=/) { - $dest.=(($dest=~/\?/)?'&':'?').'firsturl='.$uri; - } - } else { - unless ($ENV{'QUERY_STRING'} =~ /origurl=/) { + if ($target eq '/adm/login') { + my $querystring = &set_token($r,$lonhost); + if ($querystring ne '') { + $dest .= '?'.$querystring; + } + } else { + my $uri = $r->uri; + if ($r->args ne '') { + $dest .= (($dest=~/\?/)?'&':'?').$r->args; + } + unless (($uri eq '/adm/roles') || ($uri eq '/adm/logout')) { + unless ($r->args =~ /origurl=/) { $dest.=(($dest=~/\?/)?'&':'?').'origurl='.$uri; } } + if ($uri =~ m{^/tiny/$match_domain/\w+$}) { + unless (($r->args =~ /ltoken=/) || ($r->args =~ /linkkey=/)) { + &Apache::lonacc::get_posted_cgi($r,['linkkey']); + if ($env{'form.linkkey'} ne '') { + $dest.=(($dest=~/\?/)?'&':'?').'linkkey='.$env{'form.linkkey'}; + } + } + } } $r->header_out(Location => $dest); return REDIRECT; @@ -111,5 +122,53 @@ sub handler { } } +sub set_token { + my ($r,$lonhost) = @_; + my ($firsturl,$querystring,$ssotoken,@names,%token); + @names = ('role','symb','ltoken','linkkey'); + map { $token{$_} = 1; } @names; + unless (($r->uri eq '/adm/roles') || ($r->uri eq '/adm/logout')) { + $firsturl = $r->uri; + } + if ($r->args ne '') { + &Apache::loncommon::get_unprocessed_cgi($r->args); + } + if ($r->uri =~ m{^/tiny/$match_domain/\w+$}) { + unless (($env{'form.ltoken'}) || ($env{'form.linkkey'})) { + &Apache::lonacc::get_posted_cgi($r,['linkkey']); + } + } + my $extras; + foreach my $name (@names) { + if ($env{'form.'.$name} ne '') { + if ($name eq 'ltoken') { + my %info = &Apache::lonnet::tmpget($env{'form.ltoken'}); + if ($info{'linkprot'}) { + $extras .= '&linkprot='.&escape($info{'linkprot'}); + last; + } + } else { + $extras .= '&'.$name.'='.&escape($env{'form.'.$name}); + } + } + } + if (($firsturl ne '') || ($extras ne '')) { + $extras .= ':sso'; + $ssotoken = &Apache::lonnet::reply('tmpput:'.&escape($firsturl). + $extras,$lonhost); + $querystring = 'sso='.$ssotoken; + } + if ($r->args ne '') { + foreach my $key (sort(keys(%env))) { + if ($key =~ /^form\.(.+)$/) { + my $name = $1; + next if ($token{$name}); + $querystring .= '&'.$name.'='.$env{$key}; + } + } + } + return $querystring; +} + 1; __END__