--- loncom/interface/createaccount.pm 2008/08/13 08:17:58 1.24 +++ loncom/interface/createaccount.pm 2018/09/11 18:55:57 1.72.4.1 @@ -1,9 +1,10 @@ # The LearningOnline Network # Allow visitors to create a user account with the username being either an -# institutional log-in ID (institutional authentication required - localauth -# or kerberos) or an e-mail address. +# institutional log-in ID (institutional authentication required - localauth, +# kerberos, or SSO) or an e-mail address. Requests to use an e-mail address as +# username may be processed automatically, or may be queued for approval. # -# $Id: createaccount.pm,v 1.24 2008/08/13 08:17:58 bisitz Exp $ +# $Id: createaccount.pm,v 1.72.4.1 2018/09/11 18:55:57 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -39,7 +40,6 @@ use Apache::lonhtmlcommon; use Apache::lonlocal; use Apache::lonauth; use Apache::resetpw; -use Authen::Captcha; use DynaLoader; # for Crypt::DES version use Crypt::DES; use LONCAPA qw(:DEFAULT :match); @@ -55,13 +55,34 @@ sub handler { my $domain; - my $sso_username = $r->subprocess_env->get('REDIRECT_SSOUserUnknown'); - my $sso_domain = $r->subprocess_env->get('REDIRECT_SSOUserDomain'); + my $sso_username = $r->subprocess_env->get('SSOUserUnknown'); + my $sso_domain = $r->subprocess_env->get('SSOUserDomain'); + + &Apache::loncommon::get_unprocessed_cgi($ENV{'QUERY_STRING'}, + ['token','courseid','domain','type']); + &Apache::lonacc::get_posted_cgi($r); + &Apache::lonlocal::get_language_handle($r); if ($sso_username ne '' && $sso_domain ne '') { $domain = $sso_domain; - } else { - $domain = &Apache::lonnet::default_login_domain(); + } else { + ($domain, undef) = Apache::lonnet::is_course($env{'form.courseid'}); + unless ($domain) { + if ($env{'form.phase'} =~ /^username_(activation|validation)$/) { + if (($env{'form.udom'} =~ /^$match_domain$/) && + (&Apache::lonnet::domain($env{'form.udom'}) ne '')) { + $domain = $env{'form.udom'}; + } else { + $domain = &Apache::lonnet::default_login_domain(); + } + } elsif (($env{'form.phase'} eq '') && + ($env{'form.domain'} =~ /^$match_domain$/) && + (&Apache::lonnet::domain($env{'form.domain'}) ne '')) { + $domain = $env{'form.domain'}; + } else { + $domain = &Apache::lonnet::default_login_domain(); + } + } } my $domdesc = &Apache::lonnet::domain($domain,'description'); my $contact_name = &mt('LON-CAPA helpdesk'); @@ -74,26 +95,21 @@ sub handler { my $include = $r->dir_config('lonIncludes'); my $start_page; - &Apache::loncommon::get_unprocessed_cgi($ENV{'QUERY_STRING'},['token','courseid']); - &Apache::lonacc::get_posted_cgi($r); - &Apache::lonlocal::get_language_handle($r); - my $handle = &Apache::lonnet::check_for_valid_session($r); - if ($handle ne '') { + if (($handle ne '') && ($handle !~ /^publicuser_\d+$/)) { $start_page = &Apache::loncommon::start_page('Already logged in'); my $end_page = &Apache::loncommon::end_page(); $r->print($start_page."\n".'

'.&mt('You are already logged in').'

'. - '

'.&mt('Please either [_1]continue the current session[_2] or [_3]logout[_4].','','','',''). + '

'.&mt('Please either [_1]continue the current session[_2] or [_3]log out[_4].', + '','','',''). '

'.&mt('Login problems?').'

'.$end_page); return OK; } my ($js,$courseid,$title); - if (defined($env{'form.courseid'})) { - $courseid = &validate_course($env{'form.courseid'}); - } + $courseid = Apache::lonnet::is_course($env{'form.courseid'}); if ($courseid ne '') { $js = &catreturn_js(); $title = 'Self-enroll in a LON-CAPA course'; @@ -105,45 +121,43 @@ sub handler { if ($env{'form.udom'} ne '') { $domain = $env{'form.udom'}; } + + my %domconfig = + &Apache::lonnet::get_dom('configuration',['usercreation'],$domain); + my ($cancreate,$statustocreate,$emailusername) = + &get_creation_controls($domain,$domconfig{'usercreation'}); + my ($result,$output) = &username_validation($r,$env{'form.uname'},$domain,$domdesc, $contact_name,$contact_email,$courseid, - $lonhost); - if ($result eq 'existingaccount') { + $lonhost,$statustocreate); + if ($result eq 'redirect') { + $r->internal_redirect('/adm/switchserver'); + return OK; + } elsif ($result eq 'existingaccount') { $r->print($output); &print_footer($r); return OK; } else { - $start_page = - &Apache::loncommon::start_page($title,$js, - {'no_inline_link' => 1,}); + $start_page = &Apache::loncommon::start_page($title,$js); &print_header($r,$start_page,$courseid); $r->print($output); &print_footer($r); return OK; } } - $start_page = - &Apache::loncommon::start_page($title,$js, - {'no_inline_link' => 1,}); - my @cancreate; - my %domconfig = &Apache::lonnet::get_dom('configuration',['usercreation'],$domain); - if (ref($domconfig{'usercreation'}) eq 'HASH') { - if (ref($domconfig{'usercreation'}{'cancreate'}) eq 'HASH') { - if (ref($domconfig{'usercreation'}{'cancreate'}{'selfcreate'}) eq 'ARRAY') { - @cancreate = @{$domconfig{'usercreation'}{'cancreate'}{'selfcreate'}}; - } elsif (($domconfig{'usercreation'}{'cancreate'}{'selfcreate'} ne 'none') && - ($domconfig{'usercreation'}{'cancreate'}{'selfcreate'} ne '')) { - @cancreate = ($domconfig{'usercreation'}{'cancreate'}{'selfcreate'}); - } - } - } + $start_page = &Apache::loncommon::start_page($title,$js); - if (@cancreate == 0) { + my %domconfig = + &Apache::lonnet::get_dom('configuration',['usercreation'],$domain); + my ($cancreate,$statustocreate,$emailusername) = + &get_creation_controls($domain,$domconfig{'usercreation'}); + if (@{$cancreate} == 0) { &print_header($r,$start_page,$courseid); my $output = '

'.&mt('Account creation unavailable').'

'. ''. - &mt('Creation of a new user account using an e-mail address or an institutional log-in ID as username is not permitted at this institution ([_1]).',$domdesc).'

'; + &mt('Creation of a new user account using an e-mail address or an institutional log-in ID as username is not permitted at this institution ([_1]).',$domdesc). + '

'; $r->print($output); &print_footer($r); return OK; @@ -153,12 +167,41 @@ sub handler { &print_header($r,$start_page,$courseid); my ($msg,$sso_logout); $sso_logout = &sso_logout_frag($r,$domain); - if (grep(/^sso$/,@cancreate)) { + if (grep(/^sso$/,@{$cancreate})) { $msg = '

'.&mt('Account creation').'

'. &mt("Although your username and password were authenticated by your institution's Single Sign On system, you do not currently have a LON-CAPA account at this institution.").'
'; - + my $shibenv; + if (($r->dir_config('lonOtherAuthen') eq 'yes') && + ($r->dir_config('lonOtherAuthenType') eq 'Shibboleth')) { + if (ref($domconfig{'usercreation'}) eq 'HASH') { + if (ref($domconfig{'usercreation'}{'cancreate'}) eq 'HASH') { + if (ref($domconfig{'usercreation'}{'cancreate'}{'shibenv'}) eq 'HASH') { + my @possfields = ('firstname','middlename','lastname','generation', + 'permanentemail','id'); + my ($othertitle,$usertypes,$types) = &Apache::loncommon::sorted_inst_types($domain); + $shibenv= {}; + foreach my $key (keys(%{$domconfig{'usercreation'}{'cancreate'}{'shibenv'}})) { + if ($key eq 'inststatus') { + if (ref($usertypes) eq 'HASH') { + if ($domconfig{'usercreation'}{'cancreate'}{'shibenv'}{$key} ne '') { + if (exists($usertypes->{$domconfig{'usercreation'}{'cancreate'}{'shibenv'}{$key}})) { + $shibenv->{$key} = $domconfig{'usercreation'}{'cancreate'}{'shibenv'}{$key}; + } + } + } + } elsif (grep(/^\Q$key\E/,@possfields)) { + if ($domconfig{'usercreation'}{'cancreate'}{'shibenv'}{$key} ne '') { + $shibenv->{$key} = $domconfig{'usercreation'}{'cancreate'}{'shibenv'}{$key}; + } + } + } + } + } + } + } $msg .= &username_check($sso_username,$domain,$domdesc,$courseid, - $lonhost,$contact_email,$contact_name,$sso_logout); + $lonhost,$contact_email,$contact_name, + $sso_logout,$statustocreate,$shibenv); } else { $msg = '

'.&mt('Account creation unavailable').'

'. ''.&mt("Although your username and password were authenticated by your institution's Single Sign On system, you do not currently have a LON-CAPA account at this institution, and you are not permitted to create one.").'

'.&mt('Please contact the [_1] ([_2]) for assistance.',$contact_name,$contact_email).'
'. @@ -169,13 +212,18 @@ sub handler { return OK; } - my ($output,$nostart,$noend); + my ($output,$nostart,$noend,$redirect); my $token = $env{'form.token'}; if ($token) { - ($output,$nostart,$noend) = + my $usertype = &get_usertype($domain); + ($output,$nostart,$noend,$redirect) = &process_mailtoken($r,$token,$contact_name,$contact_email,$domain, - $domdesc,$lonhost,$include,$start_page); - if ($nostart) { + $domdesc,$lonhost,$include,$start_page,$cancreate, + $domconfig{'usercreation'},$usertype); + if ($redirect) { + $r->internal_redirect('/adm/switchserver'); + return OK; + } elsif ($nostart) { if ($noend) { return OK; } else { @@ -194,8 +242,11 @@ sub handler { if ($env{'form.phase'} eq 'username_activation') { (my $result,$output,$nostart) = &username_activation($r,$env{'form.uname'},$domain,$domdesc, - $lonhost,$courseid); - if ($result eq 'ok') { + $courseid); + if ($result eq 'redirect') { + $r->internal_redirect('/adm/switchserver'); + return OK; + } elsif ($result eq 'ok') { if ($nostart) { return OK; } @@ -208,7 +259,7 @@ sub handler { (my $result,$output) = &username_validation($r,$env{'form.uname'},$domain,$domdesc, $contact_name,$contact_email,$courseid, - $lonhost); + $lonhost,$statustocreate); if ($result eq 'existingaccount') { $r->print($output); &print_footer($r); @@ -218,23 +269,29 @@ sub handler { } } elsif ($env{'form.create_with_email'}) { &print_header($r,$start_page,$courseid); - $output = &process_email_request($env{'form.useremail'},$domain,$domdesc, - $contact_name,$contact_email,\@cancreate, + my $usertype = &get_usertype($domain); + $output = &process_email_request($env{'form.uname'},$domain,$domdesc, + $contact_name,$contact_email,$cancreate, $lonhost,$domconfig{'usercreation'}, - $courseid); + $emailusername,$courseid,$usertype); } elsif (!$token) { &print_header($r,$start_page,$courseid); my $now=time; - if (grep(/^login$/,@cancreate)) { - my $jsh=Apache::File->new($include."/londes.js"); - $r->print(<$jsh>); - $r->print(&javascript_setforms($now)); + if ((grep(/^login$/,@{$cancreate})) && (!grep(/^email$/,@{$cancreate}))) { + if (open(my $jsh,"<","$include/londes.js")) { + while(my $line = <$jsh>) { + $r->print($line); + } + close($jsh); + $r->print(&javascript_setforms($now)); + } } - if (grep(/^email$/,@cancreate)) { + if (grep(/^email$/,@{$cancreate})) { $r->print(&javascript_validmail()); } - $output = &print_username_form($domain,$domdesc,\@cancreate,$now,$lonhost, - $courseid); + my $usertype = &get_usertype($domain); + $output = &print_username_form($r,$domain,$domdesc,$cancreate,$now,$lonhost, + $include,$courseid,$emailusername,$usertype); } $r->print($output); &print_footer($r); @@ -262,18 +319,34 @@ sub print_footer { $r->print('
'. &Apache::lonhtmlcommon::echo_form_input(['backto','logtoken', 'token','serverid','uname','upass','phase','create_with_email', - 'code','useremail','crypt','cfirstname','clastname', + 'code','crypt','cfirstname','clastname','g-recaptcha-response', + 'recaptcha_challenge_field','recaptcha_response_field', 'cmiddlename','cgeneration','cpermanentemail','cid']). '
'); } $r->print(&Apache::loncommon::end_page()); } +sub get_usertype { + my ($domain) = @_; + my $usertype = 'default'; + my ($othertitle,$usertypes,$types) = &Apache::loncommon::sorted_inst_types($domain); + if (ref($types) eq 'ARRAY') { + push(@{$types},'default'); + my $posstype = $env{'form.type'}; + $posstype =~ s/^\s+|\s$//g; + if (grep(/^\Q$posstype\E$/,@{$types})) { + $usertype = $posstype; + } + } + return $usertype; +} + sub selfenroll_crumbs { my ($r,$courseid,$desc) = @_; &Apache::lonhtmlcommon::add_breadcrumb ({href=>"javascript:ToCatalog('backupcrumbs','')", - text=>"Course Catalog"}); + text=>"Course/Community Catalog"}); if ($env{'form.coursenum'} ne '') { &Apache::lonhtmlcommon::add_breadcrumb ({href=>"javascript:ToCatalog('backupcrumbs','details')", @@ -281,7 +354,7 @@ sub selfenroll_crumbs { } my $last_crumb; if ($desc ne '') { - $last_crumb = &mt('Self-enroll in [_1]',''.$desc.''); + $last_crumb = &mt("Self-enroll in [_1]","'$desc'"); } else { $last_crumb = &mt('Self-enroll'); } @@ -292,139 +365,224 @@ sub selfenroll_crumbs { return; } -sub validate_course { - my ($courseid) = @_; - my ($cdom,$cnum) = ($courseid =~ /^($match_domain)_($match_courseid)$/); - if (($cdom ne '') && ($cnum ne '')) { - if (&Apache::lonnet::is_course($cdom,$cnum)) { - return ($courseid); +sub javascript_setforms { + my ($now,$emailusername,$captcha,$usertype,$recaptchaversion) = @_; + my ($setuserinfo,@required,$requiredchk); + if (ref($emailusername) eq 'HASH') { + if (ref($emailusername->{$usertype}) eq 'HASH') { + foreach my $key (sort(keys(%{$emailusername->{$usertype}}))) { + if ($emailusername->{$usertype}{$key} eq 'required') { + push(@required,$key); + } + $setuserinfo .= ' server.elements.'.$key.'.value=client.elements.'.$key.'.value;'."\n"; + } + $setuserinfo .= ' server.elements.type.value=client.elements.type.value;'."\n"; + } + if ($captcha eq 'original') { + $setuserinfo .= ' server.elements.code.value=client.elements.code.value;'."\n". + ' server.elements.crypt.value=client.elements.crypt.value;'."\n"; + } elsif ($captcha eq 'recaptcha') { + if ($recaptchaversion ne '2') { + $setuserinfo .= + ' server.elements.recaptcha_challenge_field.value=client.elements.recaptcha_challenge_field.value;'."\n". + ' server.elements.recaptcha_response_field.value=client.elements.recaptcha_response_field.value;'."\n"; + } } } - return; -} + if (@required) { + my $missprompt = &mt('One or more required fields are currently blank.'); + &js_escape(\$missprompt); + my $reqstr = join("','",@required); + $requiredchk = <<"ENDCHK"; + var requiredfields = new Array('$reqstr'); + missing = 0; + for (var i=0; i 0) { + alert("$missprompt"); + return false; + } -sub javascript_setforms { - my ($now) = @_; +ENDCHK + } my $js = < - function send() { - this.document.server.elements.uname.value = this.document.client.elements.uname.value; - uextkey=this.document.client.elements.uextkey.value; - lextkey=this.document.client.elements.lextkey.value; - initkeys(); - - this.document.server.elements.upass.value - = crypted(this.document.client.elements.upass$now.value); - - this.document.client.elements.uname.value=''; - this.document.client.elements.upass$now.value=''; - - this.document.server.submit(); + + +// ]]> + ENDSCRIPT + if (($captcha eq 'recaptcha') && ($recaptchaversion eq '2')) { + $js .= "\n".''."\n"; + } return $js; } sub javascript_checkpass { - my ($now) = @_; + my ($now,$context) = @_; my $nopass = &mt('You must enter a password.'); - my $mismatchpass = &mt('The passwords you entered did not match.').'\\n'. + my $mismatchpass = &mt('The passwords you entered did not match.')."\n". &mt('Please try again.'); + &js_escape(\$nopass); + &js_escape(\$mismatchpass); my $js = <<"ENDSCRIPT"; - ENDSCRIPT return $js; } sub javascript_validmail { - my %lt = &Apache::lonlocal::texthash ( + my %js_lt = &Apache::lonlocal::texthash ( email => 'The e-mail address you entered', notv => 'is not a valid e-mail address', ); my $output = "\n".''."\n"; + $output .= "\n".'// ]]>'."\n".''."\n"; return $output; } sub print_username_form { - my ($domain,$domdesc,$cancreate,$now,$lonhost,$courseid) = @_; - my %lt = &Apache::lonlocal::texthash( + my ($r,$domain,$domdesc,$cancreate,$now,$lonhost,$include,$courseid,$emailusername, + $usertype) = @_; + my %lt = &Apache::lonlocal::texthash ( unam => 'username', udom => 'domain', - uemail => 'Email address in LON-CAPA', - proc => 'Proceed'); + uemail => 'E-mail address in LON-CAPA', + proc => 'Proceed', + crac => 'Create account with a username provided by this institution', + clca => 'Create LON-CAPA account', + type => 'Type in your log-in ID and password to find out.', + plse => 'Please provide a password for your new account.', + info => 'Please provide user information and a password for your new account.', + yopw => 'Your password will be encrypted when sent (and stored).', + ); my $output; if (ref($cancreate) eq 'ARRAY') { if (grep(/^login$/,@{$cancreate})) { my %domdefaults = &Apache::lonnet::get_domain_defaults($domain); if ((($domdefaults{'auth_def'} =~/^krb/) && ($domdefaults{'auth_arg_def'} ne '')) || ($domdefaults{'auth_def'} eq 'localauth')) { - $output = '

'.&mt('Create account with a username provided by this institution').'

'; - my $submit_text = &mt('Create LON-CAPA account'); - $output .= &mt('If you already have a log-in ID at this institution,[_1] you may be able to use it for LON-CAPA.','
').'

'.&mt('Type in your log-in ID and password to find out.').'

'; - $output .= &login_box($now,$lonhost,$courseid,$submit_text, + $output = '

'.$lt{'crac'}.'

'; + $output .= &mt('If you already have a log-in ID at this institution [_1]you may be able to use it for LON-CAPA.','
'). + '

'. + $lt{'type'}. + '

'; + $output .= &login_box($now,$lonhost,$courseid,$lt{'clca'}, $domain,'createaccount').'
'; } } if (grep(/^email$/,@{$cancreate})) { $output .= '

'.&mt('Create account with an e-mail address as your username').'

'; - if (grep(/^login$/,@{$cancreate})) { - $output .= &mt('Provide your e-mail address to request a LON-CAPA account,[_1] if you do not have a log-in ID at your institution.','
').'

'; + my ($captchaform,$error,$captcha,$recaptchaversion) = + &Apache::loncommon::captcha_display('usercreation',$lonhost); + if ($error) { + my $helpdesk = '/adm/helpdesk?origurl=%2fadm%2fcreateaccount'; + if ($courseid ne '') { + $helpdesk .= '&courseid='.$courseid; + } + $output .= ''. + &mt('An error occurred generating the validation code[_1] required for an e-mail address to be used as username.','
'). + '


'. + &mt('[_1]Contact the helpdesk[_2] or [_3]reload[_2] the page and try again.', + '','',''); } else { - $output .= '
'; - } - my $emailform = ''; - my $captchaform = &create_captcha(); - my $submit_text = &mt('Request LON-CAPA account'); - $output .= '
'. - &Apache::lonhtmlcommon::start_pick_box()."\n". - &Apache::lonhtmlcommon::row_title(&mt('E-mail address'), - 'LC_pick_box_title')."\n". - $emailform."\n". - &Apache::lonhtmlcommon::row_closure(1). - &Apache::lonhtmlcommon::row_title(&mt('Validation'), - 'LC_pick_box_title')."\n". - $captchaform."\n".'

'; - if ($courseid ne '') { - $output .= ''."\n"; - } - $output .= ''. - &Apache::lonhtmlcommon::row_closure(1). - &Apache::lonhtmlcommon::end_pick_box().'

'; - if ($courseid ne '') { - $output .= &Apache::lonhtmlcommon::echo_form_input(['courseid']); + if (grep(/^login$/,@{$cancreate})) { + $output .= &mt('If you do not have a log-in ID at your institution, [_1]provide your e-mail address to request a LON-CAPA account.','
').'

'. + $lt{'plse'}.'
'. + $lt{'yopw'}.'
'; + } else { + my $prompt = $lt{'plse'}; + if (ref($emailusername) eq 'HASH') { + if (ref($emailusername->{$usertype}) eq 'HASH') { + if (keys(%{$emailusername->{$usertype}}) > 0) { + $prompt = $lt{'info'}; + } + } + } + $output .= $prompt.'
'. + $lt{'yopw'}.'
'; + } + $output .= &print_dataentry_form($r,$domain,$lonhost,$include,$now,$captchaform, + $courseid,$emailusername,$captcha,$usertype, + $recaptchaversion); } - $output .= '
'; + $output .= '
'; } } if ($output eq '') { @@ -442,45 +600,53 @@ sub login_box { createaccount => 'Log-in ID', selfenroll => 'Username', ); - my ($lkey,$ukey) = &Apache::lonpreferences::des_keys(); + my ($lkey,$ukey) = &Apache::loncommon::des_keys(); my ($lextkey,$uextkey) = &getkeys($lkey,$ukey); - my $logtoken=Apache::lonnet::reply('tmpput:'.$ukey.$lkey.'&createaccount', + my $logtoken=Apache::lonnet::reply('tmpput:'.$ukey.$lkey.'&createaccount:createaccount', $lonhost); $output = &serverform($logtoken,$lonhost,undef,$courseid,$context); - my $unameform = ''; - my $upassform = ''; - $output .= '
'."\n". - &Apache::lonhtmlcommon::start_pick_box()."\n"; - if ($context eq 'selfenroll') { - my $udomform = ''; - $output .= &Apache::lonhtmlcommon::row_title(&mt('Domain'), - 'LC_pick_box_title')."\n". - $udomform."\n". - &Apache::lonhtmlcommon::row_closure(1)."\n"; - } - - $output .= &Apache::lonhtmlcommon::row_title($titles{$context}, + my $unameform = ''; + my $upassform = ''; + $output .= ''."\n". + &Apache::lonhtmlcommon::start_pick_box()."\n". + &Apache::lonhtmlcommon::row_title($titles{$context}, 'LC_pick_box_title')."\n". $unameform."\n". &Apache::lonhtmlcommon::row_closure(1)."\n". &Apache::lonhtmlcommon::row_title(&mt('Password'), 'LC_pick_box_title')."\n". - $upassform."\n".'

'."\n". - ''."\n". - &Apache::lonhtmlcommon::row_closure(1)."\n". - &Apache::lonhtmlcommon::end_pick_box().'

'."\n". - ''."\n". - ''."\n". + $upassform; + if ($context eq 'selfenroll') { + my $udomform = ''; + $output .= &Apache::lonhtmlcommon::row_closure(1)."\n". + &Apache::lonhtmlcommon::row_title(&mt('Domain'), + 'LC_pick_box_title')."\n". + $udomform."\n"; + } else { + $output .= ''; + } + $output .= &Apache::lonhtmlcommon::row_closure(1). + &Apache::lonhtmlcommon::row_title(). + '
'."\n"; + if ($context eq 'selfenroll') { + $output .= '

'. + ''. + ''.&mt('Forgot password?').''. + '
'."\n"; + } + $output .= &Apache::lonhtmlcommon::row_closure(1)."\n". + &Apache::lonhtmlcommon::end_pick_box().'
'."\n"; + $output .= ''."\n". + ''."\n". '
'; return $output; } sub process_email_request { my ($useremail,$domain,$domdesc,$contact_name,$contact_email,$cancreate, - $server,$settings,$courseid) = @_; - $useremail = $env{'form.useremail'}; + $server,$settings,$emailusername,$courseid,$usertype) = @_; my $output; if (ref($cancreate) eq 'ARRAY') { if (!grep(/^email$/,@{$cancreate})) { @@ -492,58 +658,49 @@ sub process_email_request { $contact_name,$contact_email); return $output; } else { + $useremail =~ s/^\s+|\s+$//g; + my $uname=&LONCAPA::clean_username($useremail); + if ($useremail ne $uname) { + $output = &invalid_state('badusername',$domdesc, + $contact_name,$contact_email); + return $output; + } my $uhome = &Apache::lonnet::homeserver($useremail,$domain); if ($uhome ne 'no_host') { $output = &invalid_state('existinguser',$domdesc, $contact_name,$contact_email); return $output; } else { - my $code = $env{'form.code'}; - my $md5sum = $env{'form.crypt'}; - my %captcha_params = &captcha_settings(); - my $captcha = Authen::Captcha->new( - output_folder => $captcha_params{'output_dir'}, - data_folder => $captcha_params{'db_dir'}, - ); - my $captcha_chk = $captcha->check_code($code,$md5sum); - my %captcha_hash = ( - 0 => 'Code not checked (file error)', - -1 => 'Failed: code expired', - -2 => 'Failed: invalid code (not in database)', - -3 => 'Failed: invalid code (code does not match crypt)', - ); + my ($captcha_chk,$captcha_error) = &Apache::loncommon::captcha_response('usercreation',$server); if ($captcha_chk != 1) { $output = &invalid_state('captcha',$domdesc,$contact_name, - $contact_email,$captcha_hash{$captcha_chk}); + $contact_email,$captcha_error); return $output; } - my $uhome=&Apache::lonnet::homeserver($useremail,$domain); - if ($uhome eq 'no_host') { - my (%rulematch,%inst_results,%curr_rules,%got_rules,%alerts); - &call_rulecheck($useremail,$domain,\%alerts,\%rulematch, - \%inst_results,\%curr_rules,%got_rules,'username'); - if (ref($alerts{'username'}) eq 'HASH') { - if (ref($alerts{'username'}{$domain}) eq 'HASH') { - if ($alerts{'username'}{$domain}{$useremail}) { - $output = &invalid_state('userrules',$domdesc, - $contact_name,$contact_email); - return $output; - } + my (%rulematch,%inst_results,%curr_rules,%got_rules,%alerts); + &call_rulecheck($useremail,$domain,\%alerts,\%rulematch, + \%inst_results,\%curr_rules,\%got_rules,'username'); + if (ref($alerts{'username'}) eq 'HASH') { + if (ref($alerts{'username'}{$domain}) eq 'HASH') { + if ($alerts{'username'}{$domain}{$useremail}) { + $output = &invalid_state('userrules',$domdesc, + $contact_name,$contact_email); + return $output; } } - my $format_msg = - &guest_format_check($useremail,$domain,$cancreate, - $settings); - if ($format_msg) { - $output = &invalid_state('userformat',$domdesc,$contact_name, - $contact_email,$format_msg); - return $output; - } + } + my $format_msg = + &guest_format_check($useremail,$domain,$cancreate, + $settings); + if ($format_msg) { + $output = &invalid_state('userformat',$domdesc,$contact_name, + $contact_email,$format_msg); + return $output; } } } $output = &send_token($domain,$useremail,$server,$domdesc,$contact_name, - $contact_email,$courseid); + $contact_email,$courseid,$emailusername,$usertype); } return $output; } @@ -563,87 +720,140 @@ sub call_rulecheck { } sub send_token { - my ($domain,$email,$server,$domdesc,$contact_name,$contact_email,$courseid) = @_; + my ($domain,$email,$server,$domdesc,$contact_name,$contact_email,$courseid,$emailusername, + $usertype) = @_; my $msg = '

'.&mt('Account creation status').'

'. &mt('Thank you for your request to create a new LON-CAPA account.'). '

'; my $now = time; - my %info = ('ip' => $ENV{'REMOTE_ADDR'}, - 'time' => $now, - 'domain' => $domain, - 'username' => $email, - 'courseid' => $courseid); - my $token = &Apache::lonnet::tmpput(\%info,$server); - if ($token !~ /^error/ && $token ne 'no_such_host') { - my $esc_token = &escape($token); - my $mailmsg = &mt('A request was submitted on [_1] for creation of a LON-CAPA account at the following institution: [_2].',localtime(time),$domdesc).' '. - &mt('To complete this process please open a web browser and enter the following' - .' URL in the address/location box: [_1]' - ,&Apache::lonnet::absolute_url().'/adm/createaccount?token='.$esc_token); - my $result = &Apache::resetpw::send_mail($domdesc,$email,$mailmsg,$contact_name, - $contact_email); - if ($result eq 'ok') { - $msg .= &mt('A message has been sent to the e-mail address you provided.').'
'.&mt('The message includes the web address for the link you will use to complete the account creation process.').'
'.&mt("The link included in the message will be valid for the next [_1]two[_2] hours.",'',''); + $env{'form.logtoken'} =~ s/(`)//g; + if ($env{'form.logtoken'}) { + my $logtoken = $env{'form.logtoken'}; + my $tmpinfo=Apache::lonnet::reply('tmpget:'.$logtoken,$server); + if (($tmpinfo=~/^error/) || ($tmpinfo eq 'con_lost')) { + $msg = &mt('Information needed to process your request is missing, inaccessible or expired.') + .'
'.&mt('Return to the previous page to try again.'); + } else { + my $reply = &Apache::lonnet::reply('tmpdel:'.$logtoken,$server); + unless ($reply eq 'ok') { + $msg .= &mt('Request could not be processed.'); + } + } + my %info = ('ip' => $ENV{'REMOTE_ADDR'}, + 'time' => $now, + 'domain' => $domain, + 'username' => $email, + 'courseid' => $courseid, + 'upass' => $env{'form.upass'}, + 'serverid' => $env{'form.serverid'}, + 'tmpinfo' => $tmpinfo); + + if (ref($emailusername) eq 'HASH') { + if (ref($emailusername->{$usertype}) eq 'HASH') { + foreach my $item (keys(%{$emailusername->{$usertype}})) { + $info{$item} = $env{'form.'.$item}; + $info{$item} =~ s/(`)//g; + } + unless ($usertype eq 'default') { + $info{'inststatus'} = $usertype; + } + } + } + my $token = &Apache::lonnet::tmpput(\%info,$server,'createaccount'); + if ($token !~ /^error/ && $token ne 'no_such_host') { + my $esc_token = &escape($token); + my $showtime = localtime(time); + my $mailmsg = &mt('A request was submitted on [_1] for creation of a LON-CAPA account at the following institution: [_2].',$showtime,$domdesc).' '. + &mt('To complete this process please open a web browser and enter the following URL in the address/location box: [_1]', + &Apache::lonnet::absolute_url().'/adm/createaccount?token='.$esc_token); + my $result = &Apache::resetpw::send_mail($domdesc,$email,$mailmsg,$contact_name, + $contact_email); + if ($result eq 'ok') { + $msg .= &mt('A message has been sent to the e-mail address you provided.').'
'. + &mt('The message includes the web address for the link you will use to complete the account creation process.').'
'. + &mt("The link included in the message will be valid for the next [_1]two[_2] hours.",'',''); + } else { + $msg .= ''. + &mt('An error occurred when sending a message to the e-mail address you provided.').'
'. + ' '.&mt('Please contact the [_1] ([_2]) for assistance.',$contact_name,$contact_email); + } } else { $msg .= ''. - &mt('An error occurred when sending a message to the e-mail address you provided.').'
'. + &mt('An error occurred creating a token required for the account creation process.').'
'. ' '.&mt('Please contact the [_1] ([_2]) for assistance.',$contact_name,$contact_email); } } else { - $msg .= ''. - &mt('An error occurred creating a token required for the account creation process.').'
'. - ' '.&mt('Please contact the [_1] ([_2]) for assistance.',$contact_name,$contact_email); + $msg .= $msg = &mt('Information needed to process your request is missing, inaccessible or expired.') + .'
'.&mt('Return to the previous page to try again.'); + } return $msg; } sub process_mailtoken { my ($r,$token,$contact_name,$contact_email,$domain,$domdesc,$lonhost, - $include,$start_page) = @_; - my ($msg,$nostart,$noend); + $include,$start_page,$cancreate,$settings,$usertype) = @_; + my ($msg,$nostart,$noend,$redirect); my %data = &Apache::lonnet::tmpget($token); my $now = time; if (keys(%data) == 0) { $msg = &mt('Sorry, the URL you provided to complete creation of a new LON-CAPA account was invalid.') .' '.&mt('Either the token included in the URL has been deleted or the URL you provided was invalid.') - .' '.&mt('Please submit a [_1]new request[_2] for account creation and follow the new link page included in the e-mail that will be sent to you.','
',''); + .' '.&mt('Please submit a [_1]new request[_2] for account creation and follow the new link page included in the e-mail that will be sent to you.', + '',''); return $msg; } if (($data{'time'} =~ /^\d+$/) && ($data{'domain'} ne '') && ($data{'username'} =~ /^[^\@]+\@[^\@]+\.[^\@\.]+$/)) { if ($now - $data{'time'} < 7200) { - if ($env{'form.phase'} eq 'createaccount') { - my ($result,$output) = &create_account($r,$domain,$lonhost, - $data{'username'},$domdesc); - if ($result eq 'ok') { - $msg = $output; - my $shownow = &Apache::lonlocal::locallocaltime($now); - my $mailmsg = &mt('A LON-CAPA account for the institution: [_1] has been created [_2] from IP address: [_3]. If you did not perform this action or authorize it, please contact the [_4] ([_5]).',$domdesc,$shownow,$ENV{'REMOTE_ADDR'},$contact_name,$contact_email)."\n"; - my $mailresult = &Apache::resetpw::send_mail($domdesc,$data{'email'}, - $mailmsg,$contact_name, - $contact_email); - if ($mailresult eq 'ok') { - $msg .= &mt('An e-mail confirming creation of your new LON-CAPA account has been sent to [_1].',$data{'username'}); +# Check if request should be queued. + if (ref($cancreate) eq 'ARRAY') { + my $disposition; + if (grep(/^email$/,@{$cancreate})) { + if (ref($settings) eq 'HASH') { + if (ref($settings->{'cancreate'}) eq 'HASH') { + if (ref($settings->{'cancreate'}{'selfcreateprocessing'}) eq 'HASH') { + $disposition = $settings->{'cancreate'}{'selfcreateprocessing'}{$usertype}; + } + } + } + if ($disposition eq 'approval') { + $msg = &store_request($domain,$data{'username'},'approval',\%data,$settings); + my $delete = &Apache::lonnet::tmpdel($token); } else { - $msg .= &mt('An error occurred when sending e-mail to [_1] confirming creation of your LON-CAPA account.',$data{'username'}); + my ($result,$output,$uhome) = + &create_account($r,$domain,$domdesc,\%data); + if ($result eq 'ok') { + $msg = $output; + my $shownow = &Apache::lonlocal::locallocaltime($now); + my $mailmsg = &mt('A LON-CAPA account for the institution: [_1] has been created [_2] from IP address: [_3]. If you did not perform this action or authorize it, please contact the [_4] ([_5]).',$domdesc,$shownow,$ENV{'REMOTE_ADDR'},$contact_name,$contact_email)."\n"; + my $mailresult = &Apache::resetpw::send_mail($domdesc,$data{'email'}, + $mailmsg,$contact_name, + $contact_email); + if ($mailresult eq 'ok') { + $msg .= &mt('An e-mail confirming creation of your new LON-CAPA account has been sent to [_1].',$data{'username'}); + } else { + $msg .= &mt('An error occurred when sending e-mail to [_1] confirming creation of your LON-CAPA account.',$data{'username'}); + } + $redirect = &start_session($r,$data{'username'},$domain,$uhome, + $data{'courseid'},$token); + $nostart = 1; + $noend = 1; + } else { + $msg .= &mt('A problem occurred when attempting to create your new LON-CAPA account.') + .'
'.$output; + if (($contact_name ne '') && ($contact_email ne '')) { + $msg .= &mt('Please contact the [_1] ([_2]) for assistance.',$contact_name,$contact_email); + } + } + my $delete = &Apache::lonnet::tmpdel($token); } - my %form = &start_session($r,$data{'username'},$domain, - $lonhost,$data{'courseid'}, - $token); - $nostart = 1; - $noend = 1; } else { - $msg .= &mt('A problem occurred when attempting to create your new LON-CAPA account.') - .'
'.$output -# .&mt('Please contact the [_1] ([_2]) for assistance.',$contact_name,''.$contact_email.''); - .&mt('Please contact the [_1] ([_2]) for assistance.',$contact_name,$contact_email); + $msg = &invalid_state('noemails',$domdesc,$contact_name,$contact_email); } - my $delete = &Apache::lonnet::tmpdel($token); } else { - $msg .= &mt('Please provide user information and a password for your new account.').'
'.&mt('Your password, which must contain at least seven characters, will be sent to the LON-CAPA server in an encrypted form.').'
'; - $msg .= &print_dataentry_form($r,$domain,$lonhost,$include,$token,$now,$data{'username'},$start_page); - $nostart = 1; + $msg = &invalid_state('noemails',$domdesc,$contact_name,$contact_email); } } else { $msg = &mt('Sorry, the token generated when you requested creation of an account has expired.') @@ -653,185 +863,302 @@ sub process_mailtoken { $msg .= &mt('Sorry, the URL generated when you requested creation of an account contained incomplete information.') .' '.&mt('Please submit a [_1]new request[_2] for account creation and follow the new link included in the e-mail that will be sent to you.','',''); } - return ($msg,$nostart,$noend); + return ($msg,$nostart,$noend,$redirect); } sub start_session { - my ($r,$username,$domain,$lonhost,$courseid,$token) = @_; - my %form = ( - uname => $username, - udom => $domain, - ); - my $firsturl = '/adm/roles'; - if (defined($courseid)) { - $courseid = &validate_course($courseid); - if ($courseid ne '') { - $form{'courseid'} = $courseid; - $firsturl = '/adm/selfenroll?courseid='.$courseid; - } - } - if ($r->dir_config('lonBalancer') eq 'yes') { - &Apache::lonauth::success($r,$form{'uname'},$form{'udom'}, - $lonhost,'noredirect',undef,\%form); - if ($token ne '') { - my $delete = &Apache::lonnet::tmpdel($token); - } - $r->internal_redirect('/adm/switchserver'); + my ($r,$username,$domain,$uhome,$courseid,$token) = @_; + my ($is_balancer) = &Apache::lonnet::check_loadbalancing($username,$domain); + if ($is_balancer) { + Apache::lonauth::success($r, $username, $domain, $uhome, + 'noredirect', undef, {}); + + Apache::lonnet::tmpdel($token) if $token; + + return 'redirect'; } else { - &Apache::lonauth::success($r,$form{'uname'},$form{'udom'}, - $lonhost,$firsturl,undef,\%form); + $courseid = Apache::lonnet::is_course($courseid); + + Apache::lonauth::success($r, $username, $domain, $uhome, + ($courseid ? "/adm/selfenroll?courseid=$courseid" : '/adm/roles'), + undef, {}); } - return %form; + return; } - +# +# The screen that the user gets to create his or her account +# Desired username, desired password, etc +# Stores token to store DES-key and stage during creation session +# sub print_dataentry_form { - my ($r,$domain,$lonhost,$include,$mailtoken,$now,$username,$start_page) = @_; + my ($r,$domain,$lonhost,$include,$now,$captchaform,$courseid,$emailusername,$captcha, + $usertype,$recaptchaversion) = @_; my ($error,$output); - &print_header($r,$start_page); - if (open(my $jsh,"<$include/londes.js")) { + if (open(my $jsh,"<","$include/londes.js")) { while(my $line = <$jsh>) { $r->print($line); } close($jsh); - $output .= &javascript_setforms($now)."\n".&javascript_checkpass($now); - my ($lkey,$ukey) = &Apache::lonpreferences::des_keys(); + $output = &javascript_setforms($now,$emailusername,$captcha,$usertype,$recaptchaversion). + "\n".&javascript_checkpass($now,'email'); + my ($lkey,$ukey) = &Apache::loncommon::des_keys(); my ($lextkey,$uextkey) = &getkeys($lkey,$ukey); - my $logtoken=Apache::lonnet::reply('tmpput:'.$ukey.$lkey.'&createaccount', + my $logtoken=Apache::lonnet::reply('tmpput:'.$ukey.$lkey.'&createaccount:createaccount', $lonhost); - my @userinfo = ('firstname','middlename','lastname','generation','id', - 'permanentemail'); - my %lt=&Apache::lonlocal::texthash( - 'pd' => "Personal Data", - 'firstname' => "First Name", - 'middlename' => "Middle Name", - 'lastname' => "Last Name", - 'generation' => "Generation", - 'permanentemail' => "Permanent e-mail address", - 'id' => "Student/Employee ID", - 'lg' => "Login Data" - ); - my %textboxsize = ( - firstname => '15', - middlename => '15', - lastname => '15', - generation => '5', - id => '15', - ); - my $genhelp=&Apache::loncommon::help_open_topic('Generation'); - $output .= '

'.$lt{'pd'}.'

'. - '
'. - &Apache::lonhtmlcommon::start_pick_box(); - foreach my $item (@userinfo) { - my $rowtitle = $lt{$item}; - if ($item eq 'generation') { - $rowtitle = $genhelp.$rowtitle; - } - $output .= &Apache::lonhtmlcommon::row_title($rowtitle,undef,'LC_oddrow_value')."\n"; - if ($item eq 'permanentemail') { - $output .= $username; + $output .= + ''; + if ($courseid ne '') { + $output .= ''."\n"; + } + if (ref($emailusername) eq 'HASH') { + if (ref($emailusername->{$usertype}) eq 'HASH') { + foreach my $field (sort(keys(%{$emailusername->{$usertype}}))) { + $output .= ''."\n"; + } + $output .= ''."\n"; + } + } + if ($captcha eq 'original') { + $output .= ' + + +'; + } elsif ($captcha eq 'recaptcha') { + if ($recaptchaversion eq '2') { + $output .= "$captchaform\n"; + undef($captchaform); } else { - $output .= ''; + $output .= ' + + +'; } - $output .= &Apache::lonhtmlcommon::row_closure(1); } - $output .= &Apache::lonhtmlcommon::end_pick_box(); $output .= <<"ENDSERVERFORM"; - + -
+ + ENDSERVERFORM - my $upassone = ''; - my $upasstwo = ''; - my $submit_text = &mt('Create LON-CAPA account'); - $output .= '

'.$lt{'lg'}.'

'."\n". - '
'."\n". - &Apache::lonhtmlcommon::start_pick_box()."\n". - &Apache::lonhtmlcommon::row_title(&mt('Username'), - 'LC_pick_box_title')."\n". - $username."\n". - &Apache::lonhtmlcommon::row_closure(1)."\n". - &Apache::lonhtmlcommon::row_title(&mt('Password'), - 'LC_pick_box_title')."\n". - $upassone."\n". - &Apache::lonhtmlcommon::row_closure(1)."\n". - &Apache::lonhtmlcommon::row_title(&mt('Confirm password'), - 'LC_pick_box_title')."\n". - $upasstwo."\n". - &Apache::lonhtmlcommon::row_closure(1)."\n". - &Apache::lonhtmlcommon::end_pick_box()."\n". - ''."\n". - ''."\n". - ''."\n". - '
'."\n". - ''; + my $beginclientform = '
'."\n"; + my $endclientform = ''."\n". + ''."\n". + ''."\n". + '
'."\n". + '

'.&mt('Fields marked [_1]*[_2] are required.','','').'

'; + my ($datatable,$rowcount) = + &Apache::loncreateuser::personal_data_display('',$domain,'email','selfcreate', + '','',$now,$captchaform, + $emailusername,$usertype); + if ($rowcount) { + $output .= '
'.$beginclientform.$datatable.$endclientform; + } else { + $output .= $beginclientform.$endclientform; + } + if ($rowcount) { + $output .= '
'."\n". + ''."\n"; + } } else { $output = &mt('Could not load javascript file [_1]','londes.js'); } return $output; } +# +# Retrieve rules for generating accounts from domain configuration +# Can the user make a new account or just self-enroll? + +sub get_creation_controls { + my ($domain,$usercreation) = @_; + my (@cancreate,@statustocreate,$emailusername); + if (ref($usercreation) eq 'HASH') { + if (ref($usercreation->{'cancreate'}) eq 'HASH') { + if (ref($usercreation->{'cancreate'}{'statustocreate'}) eq 'ARRAY') { + @statustocreate = @{$usercreation->{'cancreate'}{'statustocreate'}}; + if (@statustocreate == 0) { + my ($othertitle,$usertypes,$types) = + &Apache::loncommon::sorted_inst_types($domain); + if (ref($types) eq 'ARRAY') { + if (@{$types} == 0) { + @statustocreate = ('default'); + } + } else { + @statustocreate = ('default'); + } + } + } else { + @statustocreate = ('default'); + my ($othertitle,$usertypes,$types) = + &Apache::loncommon::sorted_inst_types($domain); + if (ref($types) eq 'ARRAY') { + push(@statustocreate,@{$types}); + } + } + if (ref($usercreation->{'cancreate'}{'selfcreate'}) eq 'ARRAY') { + @cancreate = @{$usercreation->{'cancreate'}{'selfcreate'}}; + } elsif (($usercreation->{'cancreate'}{'selfcreate'} ne 'none') && + ($usercreation->{'cancreate'}{'selfcreate'} ne '')) { + @cancreate = ($usercreation->{'cancreate'}{'selfcreate'}); + } + if (ref($usercreation->{'cancreate'}{'emailusername'}) eq 'HASH') { + $emailusername = $usercreation->{'cancreate'}{'emailusername'}; + } else { + $emailusername = { + default => { + 'lastname' => '1', + 'firstname' => 1, + }, + }; + } + } + } + return (\@cancreate,\@statustocreate,$emailusername); +} + sub create_account { - my ($r,$domain,$lonhost,$username,$domdesc) = @_; - my ($retrieved,$output,$upass) = &process_credentials($env{'form.logtoken'}, - $env{'form.serverid'}); - # Error messages - my $error = ''.&mt('Error:').' '; - my $end = '

'; - my $rtnlink = ''. + my ($r,$domain,$domdesc,$dataref) = @_; + my $error = ''.&mt('Error:').' '; + my $end = '

'; + my $rtnlink = '
'. &mt('Return to previous page').''. &Apache::loncommon::end_page(); - if ($retrieved eq 'ok') { - if ($env{'form.courseid'} ne '') { - my ($result,$userchkmsg) = &check_id($username,$domain,$domdesc); - if ($result eq 'fail') { - $output = $error.&mt('Invalid ID format').$end. - $userchkmsg.$rtnlink; - return ('fail',$output); + my $output; + if (ref($dataref) eq 'HASH') { + my ($username,$encpass,$serverid,$courseid,$id,$firstname,$middlename,$lastname, + $generation,$inststatus); + $username = $dataref->{'username'}; + $encpass = $dataref->{'upass'}; + $serverid = $dataref->{'serverid'}; + $courseid = $dataref->{'courseid'}; + $id = $dataref->{'id'}; + $firstname = $dataref->{'firstname'}; + $middlename = $dataref->{'middlename'}; + $lastname = $dataref->{'lastname'}; + $generation = $dataref->{'generation'}; + $inststatus = $dataref->{'inststatus'}; + + my $currhome = &Apache::lonnet::homeserver($username,$domain); + unless ($currhome eq 'no_host') { + $output = &mt('User account requested for username: [_1] in domain: [_2] already exists.',$username,$domain); + return ('fail',$error.$output.$end.$rtnlink); + } + +# Split the logtoken to retrieve the DES key and decrypt the encypted password + + my ($key,$caller)=split(/&/,$dataref->{'tmpinfo'}); + if ($caller eq 'createaccount') { + my $upass = &Apache::loncommon::des_decrypt($key,$encpass); + +# See if we are allowed to use the proposed student/employee ID, +# as per domain rules; if not, student/employee will be left blank. + + if ($id ne '') { + my ($result,$userchkmsg) = &check_id($username,$domain,$id,$domdesc,'email'); + if ($result eq 'fail') { + $output = $error.&mt('Invalid ID format').$end. + $userchkmsg; + undef($id); + } } + +# Create an internally authenticated account with password $upass +# if the user account does not already exist. +# Assign student/employee id, first name, last name, etc. + + my $result = + &Apache::lonnet::modifyuser($domain,$username,$id, + 'internal',$upass,$firstname,$middlename, + $lastname,$generation,undef,undef,$username); + $output = &mt('Generating user: [_1]',$result); + +# Now that the user account exists, retrieve the homeserver, and include it in the output. + + my $uhome = &Apache::lonnet::homeserver($username,$domain); + unless (($inststatus eq 'default') || ($inststatus eq '')) { + &Apache::lonnet::put('environment',{inststatus => $inststatus},$domain,$username); + } + $output .= '
'.&mt('Home server: [_1]',$uhome).' '. + &Apache::lonnet::hostname($uhome).'

'; + return ('ok',$output,$uhome); + } else { + $output = &mt('Unable to retrieve your account creation information - unexpected context'); + undef($encpass); + return ('fail',$error.$output.$end.$rtnlink); } } else { + $output = &mt('Unable to retrieve information for your account request.'); return ('fail',$error.$output.$end.$rtnlink); } - # Call modifyuser - my $result = - &Apache::lonnet::modifyuser($domain,$username,$env{'form.cid'}, - 'internal',$upass,$env{'form.cfirstname'}, - $env{'form.cmiddlename'},$env{'form.clastname'}, - $env{'form.cgeneration'},undef,undef,$username); - $output = &mt('Generating user: [_1]',$result); - my $uhome = &Apache::lonnet::homeserver($username,$domain); - $output .= '
'.&mt('Home server: [_1]',$uhome).' '. - &Apache::lonnet::hostname($uhome).'

'; - return ('ok',$output); } sub username_validation { my ($r,$username,$domain,$domdesc,$contact_name,$contact_email,$courseid, - $lonhost) = @_; - my ($retrieved,$output,$upass); - + $lonhost,$statustocreate) = @_; +# $r: request object +# $username,$domain: for the user who needs to be validated +# $domdesc: full name of the domain (for error messages) +# $contact_name, $contact_email: name and email for user assistance (for error messages in &username_check) +# $courseid: ID of the course if user came to username_validation via self-enroll link, +# passed to start_session() +# $lonhost: LON-CAPA lonHostID +# $statustocreate: -> inststatus in username_check ('faculty', 'staff', 'student', ...) + +# +# Sanitize incoming username and domain +# $username= &LONCAPA::clean_username($username); $domain = &LONCAPA::clean_domain($domain); + +# +# Check if LON-CAPA account already exists for $username:$domain +# my $uhome = &Apache::lonnet::homeserver($username,$domain); - ($retrieved,$output,$upass) = &process_credentials($env{'form.logtoken'}, - $env{'form.serverid'}); - if ($retrieved ne 'ok') { + my $output; + +# Retrieve DES key from server using logtoken + + my $tmpinfo=Apache::lonnet::reply('tmpget:'.$env{'form.logtoken'},$env{'form.serverid'}); + if (($tmpinfo=~/^error/) || ($tmpinfo eq 'con_lost')) { + $output = &mt('Information needed to verify your login information is missing, inaccessible or expired.') + .'
'.&mt('You may need to reload the previous page to obtain a new token.'); + return ('fail',$output); + } else { + my $reply = &Apache::lonnet::reply('tmpdel:'.$env{'form.logtoken'},$env{'form.serverid'}); + unless ($reply eq 'ok') { + $output = &mt('Session could not be opened.'); + return ('fail',$output); + } + } + +# Split the logtoken to retrieve the DES key and decrypt the encypted password + + my ($key,$caller)=split(/&/,$tmpinfo); + my $upass; + if ($caller eq 'createaccount') { + $upass = &Apache::loncommon::des_decrypt($key,$env{'form.upass'}); + } else { + $output = &mt('Unable to retrieve your log-in information - unexpected context'); return ('fail',$output); } if ($uhome ne 'no_host') { my $result = &Apache::lonnet::authenticate($username,$upass,$domain); if ($result ne 'no_host') { - my %form = &start_session($r,$username,$domain,$lonhost,$courseid); - $output = '

'.&mt('A LON-CAPA account already exists for username [_1] at this institution ([_2]).',''.$username.'',$domdesc).'
'.&mt('The password entered was also correct so you have been logged in.'); + my $redirect = &start_session($r,$username,$domain,$uhome,$courseid); + if ($redirect) { + return ($redirect); + } + $output = '

'. + &mt('A LON-CAPA account already exists for username [_1] at this institution ([_2]).', + ''.$username.'',$domdesc).'
'. + &mt('The password entered was also correct so you have been logged in.'); return ('existingaccount',$output); } else { $output = &login_failure_msg($courseid); @@ -840,7 +1167,8 @@ sub username_validation { my $primlibserv = &Apache::lonnet::domain($domain,'primary'); my $authok; my %domdefaults = &Apache::lonnet::get_domain_defaults($domain); - if ((($domdefaults{'auth_def'} =~/^krb(4|5)$/) && ($domdefaults{'auth_arg_def'} ne '')) || ($domdefaults{'auth_def'} eq 'localauth')) { + if ((($domdefaults{'auth_def'} =~/^krb(4|5)$/) && ($domdefaults{'auth_arg_def'} ne '')) || + ($domdefaults{'auth_def'} eq 'localauth')) { my $checkdefauth = 1; $authok = &Apache::lonnet::reply("encrypt:auth:$domain:$username:$upass:$checkdefauth",$primlibserv); @@ -849,7 +1177,8 @@ sub username_validation { } if ($authok eq 'authorized') { $output = &username_check($username,$domain,$domdesc,$courseid,$lonhost, - $contact_email,$contact_name); + $contact_email,$contact_name,undef, + $statustocreate); } else { $output = &login_failure_msg($courseid); } @@ -874,12 +1203,12 @@ sub login_failure_msg { } sub username_check { - my ($username,$domain,$domdesc,$courseid,$lonhost,$contact_email,$contact_name, - $sso_logout) = @_; + my ($username,$domain,$domdesc,$courseid,$lonhost,$contact_email, + $contact_name,$sso_logout,$statustocreate,$shibenv) = @_; my (%rulematch,%inst_results,$checkfail,$rowcount,$editable,$output,$msg, %alerts,%curr_rules,%got_rules); &call_rulecheck($username,$domain,\%alerts,\%rulematch, - \%inst_results,\%curr_rules,%got_rules,'username'); + \%inst_results,\%curr_rules,\%got_rules,'username'); if (ref($alerts{'username'}) eq 'HASH') { if (ref($alerts{'username'}{$domain}) eq 'HASH') { if ($alerts{'username'}{$domain}{$username}) { @@ -895,7 +1224,29 @@ sub username_check { } } if (!$checkfail) { + if (ref($statustocreate) eq 'ARRAY') { + $checkfail = 'inststatus'; + if (ref($inst_results{$username.':'.$domain}{inststatus}) eq 'ARRAY') { + foreach my $inststatus (@{$inst_results{$username.':'.$domain}{inststatus}}) { + if (grep(/^\Q$inststatus\E$/,@{$statustocreate})) { + undef($checkfail); + last; + } + } + } elsif (grep(/^default$/,@{$statustocreate})) { + undef($checkfail); + } + } + } + if (!$checkfail) { $output = '
'; + if (ref($shibenv) eq 'HASH') { + foreach my $key (keys(%{$shibenv})) { + if ($ENV{$shibenv->{$key}} ne '') { + $inst_results{$username.':'.$domain}{$key} = $ENV{$shibenv->{$key}}; + } + } + } (my $datatable,$rowcount,$editable) = &Apache::loncreateuser::personal_data_display($username,$domain,1,'selfcreate', $inst_results{$username.':'.$domain}); @@ -910,7 +1261,7 @@ sub username_check { 'time' => $now, 'domain' => $domain, 'username' => $username); - my $authtoken = &Apache::lonnet::tmpput(\%info,$lonhost); + my $authtoken = &Apache::lonnet::tmpput(\%info,$lonhost,'createaccount'); if ($authtoken !~ /^error/ && $authtoken ne 'no_such_host') { $output .= ''; } else { @@ -921,7 +1272,7 @@ sub username_check { } } if ($checkfail) { - $msg = '

'.&mt('Account creation unavailable').'

'; + $msg = '

'.&mt('Account creation unavailable').'

'; if ($checkfail eq 'username') { $msg .= ''. &mt('A LON-CAPA account may not be created with the username you use.'). @@ -929,6 +1280,10 @@ sub username_check { } elsif ($checkfail eq 'authtoken') { $msg .= ''.&mt('Error creating token.').''. '
'.$output; + } elsif ($checkfail eq 'inststatus') { + $msg .= ''. + &mt('You are not permitted to create a LON-CAPA account.'). + '

'.$output; } $msg .= &mt('Please contact the [_1] ([_2]) for assistance.', $contact_name,$contact_email).'

'. @@ -943,7 +1298,7 @@ sub username_check { if ($rowcount) { if ($editable) { if ($courseid ne '') { - $msg = '

'.&mt('User information').'

'; + $msg = '

'.&mt('User information').'

'; } $msg .= &mt('To create one, use the table below to provide information about yourself, then click the [_1]Create LON-CAPA account[_2] button.','','').'
'; } else { @@ -964,11 +1319,11 @@ sub username_check { } sub username_activation { - my ($r,$username,$domain,$domdesc,$lonhost,$courseid) = @_; + my ($r,$username,$domain,$domdesc,$courseid) = @_; my $output; my $error = ''.&mt('Error:').' '; my $end = '

'; - my $rtnlink = ''. + my $rtnlink = ''. &mt('Return to previous page').''. &Apache::loncommon::end_page(); my %domdefaults = &Apache::lonnet::get_domain_defaults($domain); @@ -990,14 +1345,20 @@ sub username_activation { $output = &mt('Sorry, your authentication has expired.'); } if ($earlyout ne '') { - $output .= '
'.&mt('Please [_1]start again[_2].','',''); + my $link = '/adm/createaccount'; + if (&Apache::lonnet::domain($domain) ne '') { + $link .= "?domain=$domain"; + } + $output .= '
'.&mt('Please [_1]start again[_2].', + '',''); return($earlyout,$output); } if ((($domdefaults{'auth_def'} =~/^krb(4|5)$/) && ($domdefaults{'auth_arg_def'} ne '')) || ($domdefaults{'auth_def'} eq 'localauth')) { if ($env{'form.courseid'} ne '') { - my ($result,$userchkmsg) = &check_id($username,$domain,$domdesc); + my $id = $env{'form.cid'}; + my ($result,$userchkmsg) = &check_id($username,$domain,$id,$domdesc,'institutional'); if ($result eq 'fail') { $output = $error.&mt('Invalid ID format').$end. $userchkmsg.$rtnlink; @@ -1007,7 +1368,7 @@ sub username_activation { # Call modifyuser my (%rulematch,%inst_results,%curr_rules,%got_rules,%alerts,%info); &call_rulecheck($username,$domain,\%alerts,\%rulematch, - \%inst_results,\%curr_rules,%got_rules); + \%inst_results,\%curr_rules,\%got_rules); my @userinfo = ('firstname','middlename','lastname','generation', 'permanentemail','id'); my %canmodify = @@ -1034,9 +1395,14 @@ sub username_activation { if ($result eq 'ok') { my $delete = &Apache::lonnet::tmpdel($env{'form.authtoken'}); $output = &mt('A LON-CAPA account has been created for username: [_1] in domain: [_2].',$username,$domain); - my %form = &start_session($r,$username,$domain,$lonhost,$courseid); + my $uhome=&Apache::lonnet::homeserver($username,$domain,'true'); my $nostart = 1; - return ('ok',$output,$nostart); + my $response = 'ok'; + my $redirect = &start_session($r,$username,$domain,$uhome,$courseid); + if ($redirect) { + $response = $redirect; + } + return ($response,$output,$nostart); } else { $output = &mt('Account creation failed for username: [_1] in domain: [_2].',$username,$domain).'
'.&mt('Error: [_1]',$result).''; return ('fail',$output); @@ -1048,13 +1414,15 @@ sub username_activation { } sub check_id { - my ($username,$domain,$domdesc) = @_; - # Check ID format + my ($username,$domain,$id,$domdesc,$usernametype) = @_; + # Check student/employee ID format + # Is proposed student/employee ID acceptable according to domain's rules. + # $domdesc is just used for user error messages my (%alerts,%rulematch,%inst_results,%curr_rules,%checkhash); my %checks = ('id' => 1); %{$checkhash{$username.':'.$domain}} = ( 'newuser' => 1, - 'id' => $env{'form.cid'}, + 'id' => $id, ); &Apache::loncommon::user_rule_check(\%checkhash,\%checks,\%alerts, \%rulematch,\%inst_results,\%curr_rules); @@ -1063,11 +1431,15 @@ sub check_id { if ($alerts{'id'}{$domain}{$env{'form.cid'}}) { my $userchkmsg; if (ref($curr_rules{$domain}) eq 'HASH') { - $userchkmsg = - &Apache::loncommon::instrule_disallow_msg('id', - $domdesc,1). - &Apache::loncommon::user_rule_formats($domain, - $domdesc,$curr_rules{$domain}{'id'},'id'); + if ($usernametype eq 'email') { + $userchkmsg = &mt('A student/employee ID has not been set because the value suggested matched the format used for institutional users in the domain, and you are using an e-mail address as username, not an institutional username.'); + } else { + $userchkmsg = + &Apache::loncommon::instrule_disallow_msg('id', + $domdesc,1). + &Apache::loncommon::user_rule_formats($domain, + $domdesc,$curr_rules{$domain}{'id'},'id'); + } } return ('fail',$userchkmsg); } @@ -1080,63 +1452,46 @@ sub invalid_state { my ($error,$domdesc,$contact_name,$contact_email,$msgtext) = @_; my $msg = '

'.&mt('Account creation unavailable').'

'; if ($error eq 'baduseremail') { - $msg = &mt('The e-mail address you provided does not appear to be a valid address.'); + $msg .= &mt('The e-mail address you provided does not appear to be a valid address.'); + } elsif ($error eq 'badusername') { + $msg .= &mt('The e-mail address you provided contains characters which prevent its use as a username in LON-CAPA.'); } elsif ($error eq 'existinguser') { - $msg = &mt('The e-mail address you provided is already in use as a username in LON-CAPA at this institution.'); + $msg .= &mt('The e-mail address you provided is already in use as a username in LON-CAPA at this institution.'); } elsif ($error eq 'userrules') { - $msg = &mt('Username rules for this LON-CAPA at this institution do not allow the e-mail address you provided to be used as a username.'); + $msg .= &mt('Username rules at this institution do not allow the e-mail address you provided to be used as a username.'); } elsif ($error eq 'userformat') { - $msg = &mt('The e-mail address you provided may not be used as a username at this LON-CAPA institution.'); + $msg .= &mt('The e-mail address you provided may not be used as a username at this LON-CAPA institution.'); } elsif ($error eq 'captcha') { - $msg = &mt('Validation of the code your entered failed.'); + $msg .= &mt('Validation of the code you entered failed.'); } elsif ($error eq 'noemails') { - $msg = &mt('Creation of a new user account using an e-mail address as username is not permitted at this LON-CAPA institution.'); + $msg .= &mt('Creation of a new user account using an e-mail address as username is not permitted at this LON-CAPA institution.'); } $msg .= ''; if ($msgtext) { $msg .= '
'.$msgtext; } - $msg .= &linkto_email_help($contact_email,$domdesc); + $msg .= &linkto_email_help($contact_email,$domdesc,$error); return $msg; } sub linkto_email_help { - my ($contact_email,$domdesc) = @_; + my ($contact_email,$domdesc,$error) = @_; my $msg; + my $href = '/adm/helpdesk'; if ($contact_email ne '') { my $escuri = &HTML::Entities::encode('/adm/createaccount','&<>"'); - $msg .= '
'.&mt('You may wish to contact the [_1]LON-CAPA helpdesk[_2] for [_3].','','',$domdesc).'
'; + $href .= '?origurl='.$escuri; + if ($error eq 'existinguser') { + my $escemail = &HTML::Entities::encode($env{'form.useremail'}); + $href .= '&useremail='.$escemail.'&useraccount='.$escemail; + } + $msg .= '
'.&mt('You may wish to contact the [_1]LON-CAPA helpdesk[_2] for [_3].','','',$domdesc).'
'; } else { - $msg .= '
'.&mt('You may wish to send an e-mail to the server administrator: [_1] for [_2].',$Apache::lonnet::perlvar{'AdminEmail'},$domdesc).'
'; + $msg .= '
'.&mt('You may wish to send an e-mail to the server administrator: [_1] for [_2].',$Apache::lonnet::perlvar{'AdmEMail'},$domdesc).'
'; } return $msg; } -sub create_captcha { - my ($output_dir,$db_dir) = @_; - my %captcha_params = &captcha_settings(); - my $captcha = Authen::Captcha->new( - output_folder => $captcha_params{'output_dir'}, - data_folder => $captcha_params{'db_dir'}, - ); - my $md5sum = $captcha->generate_code($captcha_params{'numchars'}); - my $output = ''."\n". - &mt('Type in the letters/numbers shown below').' '. - '
'. - ''; - return $output; -} - -sub captcha_settings { - my %captcha_params = ( - output_dir => $Apache::lonnet::perlvar{'lonCaptchaDir'}, - www_output_dir => "/captchaspool", - db_dir => $Apache::lonnet::perlvar{'lonCaptchaDb'}, - numchars => '5', - ); - return %captcha_params; -} - sub getkeys { my ($lkey,$ukey) = @_; my $lextkey=hex($lkey); @@ -1164,6 +1519,7 @@ sub serverform { + $catalog_elements @@ -1172,29 +1528,72 @@ ENDSERVERFORM return $output; } -sub process_credentials { - my ($logtoken,$lonhost) = @_; - my $tmpinfo=Apache::lonnet::reply('tmpget:'.$logtoken,$lonhost); - my ($retrieved,$output,$upass); - if (($tmpinfo=~/^error/) || ($tmpinfo eq 'con_lost')) { - $output = &mt('Information needed to verify your login information is missing, inaccessible or expired.') - .'
'.&mt('You may need to reload the previous page to obtain a new token.'); - return ($retrieved,$output,$upass); - } else { - my $reply = &Apache::lonnet::reply('tmpdel:'.$logtoken,$lonhost); - if ($reply eq 'ok') { - $retrieved = 'ok'; - } else { - $output = &mt('Session could not be opened.'); +sub store_request { + my ($dom,$username,$val,$dataref,$settings) = @_; + my $output; + my $domconfiguser = &Apache::lonnet::get_domainconfiguser($dom); + my $key = &escape($username); + my $now = time(); + if (&Apache::lonnet::put('usernamequeue', { $key.'_'.$val => $now }, + $dom,$domconfiguser) eq 'ok') { + if (ref($dataref) eq 'HASH') { + my $logtoken = $dataref->{'tmpinfo'}; + my $serverid = $dataref->{'serverid'}; + if ($logtoken && $serverid) { + my $tmpinfo=Apache::lonnet::reply('tmpget:'.$logtoken,$serverid); + unless (($tmpinfo=~/^error/) || ($tmpinfo eq 'con_lost')) { + my $reply = &Apache::lonnet::reply('tmpdel:'.$logtoken,$serverid); + if ($reply eq 'ok') { + my ($key,$caller)=split(/&/,$tmpinfo); + $dataref->{'key'} = $key; + undef($dataref->{'tmpinfo'}); + undef($dataref->{'serverid'}); + } + } + } } - } - my ($key,$caller)=split(/&/,$tmpinfo); - if ($caller eq 'createaccount') { - $upass = &Apache::lonpreferences::des_decrypt($key,$env{'form.upass'}); + my %userrequest = ( $username => $dataref ); + $userrequest{$username}{timestamp} = $now; + $userrequest{$username}{status} = $val; + my $notifylist; + if (ref($settings) eq 'HASH') { + if (ref($settings->{'cancreate'}) eq 'HASH') { + if (ref($settings->{'cancreate'}{'notify'}) eq 'HASH') { + my $notifylist = $settings->{'cancreate'}{'notify'}{'approval'}; + if ($notifylist) { + my $sender = $domconfiguser.':'.$dom; + my $domdesc = &Apache::lonnet::domain($dom,'description'); + my $fullname; + if (ref($dataref) eq 'HASH') { + if ($dataref->{'firstname'}) { + $fullname = $dataref->{'firstname'}; + } + if ($dataref->{'lastname'}) { + $fullname .= ' '.$dataref->{'lastname'}; + } + $fullname =~ s/^\s+|\s+$//g; + } + &Apache::loncoursequeueadmin::send_selfserve_notification($notifylist, + "$fullname ($username)", + undef,$domdesc,$now,'usernamereq',$sender); + } + } + } + } + my $userresult = + &Apache::lonnet::put('nohist_requestedusernames',\%userrequest,$dom,$domconfiguser); + $output = '

'. + &mt('Your request for a LON-CAPA account has been submitted for approval.'). + '

'. + '

'. + &mt('An e-mail will be sent to [_1] when your request has been reviewed by an administrator and action has been taken.',$username). + '

'; } else { - $output = &mt('Unable to retrieve your log-in information - unexpected context'); + $output = ''. + &mt('An error occurred when attempting to save your request for a LON-CAPA account.'); + ''; } - return ($retrieved,$output,$upass); + return $output; } sub guest_format_check { @@ -1220,7 +1619,9 @@ sub guest_format_check { } if ($format_match) { ($login) = ($useremail =~ /^([^\@]+)\@/); - $format_msg = '
'.&mt("Your e-mail address uses the same internet domain as your institution's LON-CAPA service.").'
'.&mt('Creation of a LON-CAPA account with this type of e-mail address as username is not permitted.').'
'; + $format_msg = '
'. + &mt("Your e-mail address uses the same internet domain as your institution's LON-CAPA service.").'
'. + &mt('Creation of a LON-CAPA account with this type of e-mail address as username is not permitted.').'
'; if (ref($cancreate) eq 'ARRAY') { if (grep(/^login$/,@{$cancreate})) { $format_msg .= &mt('You should request creation of a LON-CAPA account for a log-in ID of "[_1]" at your institution instead.',$login).'
'; @@ -1236,14 +1637,14 @@ sub sso_logout_frag { if (defined($r->dir_config('lonSSOUserLogoutMessageFile_'.$domain))) { my $msgfile = $r->dir_config('lonSSOUserLogoutMessageFile_'.$domain); if (-e $msgfile) { - open(my $fh,"<$msgfile"); + open(my $fh,"<",$msgfile); $endsessionmsg = join('',<$fh>); close($fh); } } elsif (defined($r->dir_config('lonSSOUserLogoutMessageFile'))) { my $msgfile = $r->dir_config('lonSSOUserLogoutMessageFile'); if (-e $msgfile) { - open(my $fh,"<$msgfile"); + open(my $fh,"<",$msgfile); $endsessionmsg = join('',<$fh>); close($fh); } @@ -1254,7 +1655,7 @@ sub sso_logout_frag { sub catreturn_js { return <<"ENDSCRIPT"; ENDSCRIPT