--- loncom/auth/lonshibauth.pm 2021/10/07 19:24:25 1.9 +++ loncom/auth/lonshibauth.pm 2021/11/03 01:04:02 1.12 @@ -1,7 +1,7 @@ # The LearningOnline Network # Redirect Shibboleth authentication to designated URL (/adm/sso). # -# $Id: lonshibauth.pm,v 1.9 2021/10/07 19:24:25 raeburn Exp $ +# $Id: lonshibauth.pm,v 1.12 2021/11/03 01:04:02 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -68,8 +68,10 @@ package Apache::lonshibauth; use strict; use lib '/home/httpd/lib/perl/'; use Apache::lonnet; +use Apache::loncommon; +use Apache::lonacc; use Apache::Constants qw(:common REDIRECT); -use LONCAPA qw(:DEFAULT); +use LONCAPA qw(:DEFAULT :match); sub handler { my $r = shift; @@ -77,8 +79,7 @@ sub handler { if (&Apache::lonnet::get_saml_landing()) { $target = '/adm/login'; } - my $uri = $r->uri; - if (($r->user eq '') && ($uri ne $target) && ($uri ne '/adm/sso')) { + if (($r->user eq '') && ($r->uri ne $target) && ($r->uri ne '/adm/sso')) { my $lonhost = $Apache::lonnet::perlvar{'lonHostID'}; my $hostname = &Apache::lonnet::hostname($lonhost); if (!$hostname) { $hostname = $r->hostname(); } @@ -90,18 +91,26 @@ sub handler { $hostname = $alias; } my $dest = $protocol.'://'.$hostname.$target; - $r->subprocess_env; - if ($ENV{'QUERY_STRING'} ne '') { - $dest .= '?'.$ENV{'QUERY_STRING'}; - } - unless (($uri eq '/adm/roles') || ($uri eq '/adm/logout')) { - if ($target eq '/adm/login') { - unless ($ENV{'QUERY_STRING'} =~ /firsturl=/) { - $dest.=(($dest=~/\?/)?'&':'?').'firsturl='.$uri; + if ($target eq '/adm/login') { + my $querystring = &set_token($r,$lonhost); + if ($querystring ne '') { + $dest .= '?'.$querystring; + } + } else { + my $uri = $r->uri; + if ($uri =~ m{^/tiny/$match_domain/\w+$}) { + my $querystring = &set_token($r,$lonhost); + if ($querystring ne '') { + $dest .= '?'.$querystring; } } else { - unless ($ENV{'QUERY_STRING'} =~ /origurl=/) { - $dest.=(($dest=~/\?/)?'&':'?').'origurl='.$uri; + if ($r->args ne '') { + $dest .= (($dest=~/\?/)?'&':'?').$r->args; + } + unless (($uri eq '/adm/roles') || ($uri eq '/adm/logout')) { + unless ($r->args =~ /origurl=/) { + $dest.=(($dest=~/\?/)?'&':'?').'origurl='.$uri; + } } } } @@ -112,5 +121,64 @@ sub handler { } } +sub set_token { + my ($r,$lonhost) = @_; + my ($firsturl,$querystring,$ssotoken,@names,%token); + @names = ('role','symb','ltoken','linkkey'); + map { $token{$_} = 1; } @names; + unless (($r->uri eq '/adm/roles') || ($r->uri eq '/adm/logout')) { + $firsturl = $r->uri; + } + if ($r->args ne '') { + &Apache::loncommon::get_unprocessed_cgi($r->args); + } + if ($r->uri =~ m{^/tiny/$match_domain/\w+$}) { + if ($env{'form.ttoken'}) { + my %info = &Apache::lonnet::tmpget($env{'form.ttoken'}); + &Apache::lonnet::tmpdel($env{'form.ttoken'}); + if ($info{'ltoken'}) { + $env{'form.ltoken'} = $info{'ltoken'}; + } elsif ($info{'linkkey'} ne '') { + $env{'form.linkkey'} = $info{'linkkey'}; + } + } else { + unless (($env{'form.ltoken'}) || ($env{'form.linkkey'})) { + &Apache::lonacc::get_posted_cgi($r,['linkkey']); + } + } + } + my $extras; + foreach my $name (@names) { + if ($env{'form.'.$name} ne '') { + if ($name eq 'ltoken') { + my %info = &Apache::lonnet::tmpget($env{'form.ltoken'}); + &Apache::lonnet::tmpdel($env{'form.ltoken'}); + if ($info{'linkprot'}) { + $extras .= '&linkprot='.&escape($info{'linkprot'}); + last; + } + } else { + $extras .= '&'.$name.'='.&escape($env{'form.'.$name}); + } + } + } + if (($firsturl ne '') || ($extras ne '')) { + $extras .= ':sso'; + $ssotoken = &Apache::lonnet::reply('tmpput:'.&escape($firsturl). + $extras,$lonhost); + $querystring = 'sso='.$ssotoken; + } + if ($r->args ne '') { + foreach my $key (sort(keys(%env))) { + if ($key =~ /^form\.(.+)$/) { + my $name = $1; + next if (($token{$name}) || ($name eq 'ttoken')); + $querystring .= '&'.$name.'='.$env{$key}; + } + } + } + return $querystring; +} + 1; __END__