--- loncom/auth/migrateuser.pm 2013/06/06 12:39:06 1.17
+++ loncom/auth/migrateuser.pm 2013/09/29 00:49:24 1.18
@@ -1,7 +1,7 @@
# The LearningOnline Network
# Starts a user off based of an existing token.
#
-# $Id: migrateuser.pm,v 1.17 2013/06/06 12:39:06 raeburn Exp $
+# $Id: migrateuser.pm,v 1.18 2013/09/29 00:49:24 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -34,6 +34,7 @@ use Apache::Constants qw(:common :http :
use Apache::lonauth;
use Apache::lonnet;
use Apache::lonlocal;
+use Apache::lonlogin();
sub goto_login {
my ($r) = @_;
@@ -52,16 +53,126 @@ sub goto_login {
sub sso_check {
my ($data) = @_;
my %extra_env;
- if ($data->{'sso.login'}) {
- $extra_env{'request.sso.login'} = $data->{'sso.login'};
- }
- if ($data->{'sso.reloginserver'}) {
- $extra_env{'request.sso.reloginserver'} =
- $data->{'sso.reloginserver'};
+ if (ref($data) eq 'HASH') {
+ if ($data->{'sso.login'}) {
+ $extra_env{'request.sso.login'} = $data->{'sso.login'};
+ }
+ if ($data->{'sso.reloginserver'}) {
+ $extra_env{'request.sso.reloginserver'} =
+ $data->{'sso.reloginserver'};
+ }
}
return \%extra_env;
}
+sub ip_changed {
+ my ($r,$udom,$camefrom,$dataref) = @_;
+ &Apache::loncommon::content_type($r,'text/html');
+ $r->send_http_header;
+ if (ref($dataref) eq 'HASH') {
+ my $title = 'LON-CAPA Session redirected';
+ my $message = &mt('Your internet address has changed since you logged in.');
+ my $camefrom = &Apache::lonnet::hostname($dataref->{'server'});
+ my $frombalancer = $dataref->{'balancer'};
+ my $rule_in_effect;
+ if ($frombalancer) {
+ my $balancerdom = &Apache::lonnet::host_domain($dataref->{'server'});
+ my ($result,$cached)=&Apache::lonnet::is_cached_new('loadbalancing',$balancerdom);
+ unless (defined($cached)) {
+ my $cachetime = 60*60*24;
+ my %domconfig =
+ &Apache::lonnet::get_dom('configuration',['loadbalancing'],$balancerdom);
+ if (ref($domconfig{'loadbalancing'}) eq 'HASH') {
+ $result = &Apache::lonnet::do_cache_new('loadbalancing',$balancerdom,
+ $domconfig{'loadbalancing'},$cachetime);
+ }
+ }
+ if (ref($result) eq 'HASH') {
+ (undef,my $currtargets,my $currrules) =
+ &Apache::lonnet::check_balancer_result($result,$dataref->{'server'});
+ if (ref($currrules) eq 'HASH') {
+ if ($dataref->{'sso.login'}) {
+ if ($currrules->{'_LC_ipchangesso'} ne '') {
+ $rule_in_effect = $currrules->{'_LC_ipchangesso'};
+ }
+ } else {
+ if ($currrules->{'_LC_ipchange'} ne '') {
+ $rule_in_effect = $currrules->{'_LC_ipchange'};
+ }
+ }
+ }
+ }
+ }
+ my $url;
+ my $lonhost= $r->dir_config('lonHostID');
+ my $switchto = $lonhost;
+ if ($rule_in_effect eq 'balancer') {
+ my $hosthere;
+ if ($dataref->{'role'}) {
+ my ($adom,$aname);
+ if ($dataref->{'role'} =~ m{^au\./($match_domain)/$}) {
+ $adom = $1;
+ $aname = $dataref->{'username'};
+ } elsif ($dataref->{'role'} =~ m{^(?:ca|aa)\./($match_domain)/($match_username)$}) {
+ $adom = $1;
+ $aname = $2;
+ }
+ if ($adom ne '' && $aname ne '') {
+ my $ahome = &Apache::lonnet::homeserver($aname,$adom);
+ unless ($ahome eq 'no_host') {
+ my @ids=&Apache::lonnet::current_machine_ids();
+ if ($ahome && grep(/^\Q$ahome\E$/,@ids)) {
+ $hosthere = 1;
+ }
+ }
+ }
+ }
+ unless ($hosthere) {
+ my $hostname = &Apache::lonnet::hostname($dataref->{'server'});
+ if ($hostname) {
+ $switchto = $dataref->{'server'};
+ my $protocol = $Apache::lonnet::protocol{$switchto};
+ $protocol = 'http' if ($protocol ne 'https');
+ $url = $protocol.'://'.$hostname;
+ $message .= '
'.
+ &mt('As a result, your LON-CAPA session is being redirected to the server where you originally logged in.');
+ }
+ }
+ }
+ if ($dataref->{'sso.login'}) {
+ $url .= '/adm/roles?';
+ } else {
+ $url .= '/adm/login?';
+ $message .= '
'.&mt('You will need to provide your password one more time');
+ }
+ my %info= (
+ 'domain' => $dataref->{'domain'},
+ 'username' => $dataref->{'username'},
+ 'role' => $dataref->{'role'},
+ 'sessionserver' => $lonhost,
+ );
+ if ($dataref->{'origurl'}) {
+ $info{'origurl'} = $dataref->{'origurl'};
+ }
+ if ($dataref->{'symb'}) {
+ $info{'symb'} = $dataref->{'symb'};
+ }
+ my $iptoken = &Apache::lonnet::tmpput(\%info,$switchto);
+ unless ($iptoken eq 'conlost') {
+ $url .= 'iptoken='.$iptoken;
+ }
+ $r->print(&Apache::loncommon::start_page($title,undef,
+ {'redirect' =>
+ [2,$url],}).
+ ''.&mt('One moment please...').'
'.
+ ''.$message.'
'.
+ &Apache::loncommon::end_page());
+ } else {
+ return &goto_login($r);
+ }
+ return OK;
+}
+
sub handler {
my ($r) = @_;
@@ -78,9 +189,11 @@ sub handler {
return &goto_login($r);
}
- if ($data{'ip'} ne $ENV{'REMOTE_ADDR'} || !defined($data{'username'}) ||
- !defined($data{'domain'}) ) {
- return &goto_login($r);
+ if (!defined($data{'username'}) || !defined($data{'domain'})) {
+ return &goto_login($r);
+ }
+ if ($data{'ip'} ne $ENV{'REMOTE_ADDR'}) {
+ return &ip_changed($r,$data{'domain'},$data{'server'},\%data);
}
&Apache::lonnet::logthis("Allowing access for $data{'username'}:$data{'domain'} to $data{'role'}");