--- loncom/interface/createaccount.pm	2014/03/03 17:11:41	1.61
+++ loncom/interface/createaccount.pm	2016/02/19 20:28:46	1.72
@@ -4,7 +4,7 @@
 # kerberos, or SSO) or an e-mail address. Requests to use an e-mail address as
 # username may be processed automatically, or may be queued for approval.
 #
-# $Id: createaccount.pm,v 1.61 2014/03/03 17:11:41 raeburn Exp $
+# $Id: createaccount.pm,v 1.72 2016/02/19 20:28:46 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -170,10 +170,38 @@ sub handler {
         if (grep(/^sso$/,@{$cancreate})) {
             $msg = '<h3>'.&mt('Account creation').'</h3>'.
                    &mt("Although your username and password were authenticated by your institution's Single Sign On system, you do not currently have a LON-CAPA account at this institution.").'<br />';
-
+            my $shibenv;
+            if (($r->dir_config('lonOtherAuthen') eq 'yes') && 
+                ($r->dir_config('lonOtherAuthenType') eq 'Shibboleth')) {
+                if (ref($domconfig{'usercreation'}) eq 'HASH') {
+                    if (ref($domconfig{'usercreation'}{'cancreate'}) eq 'HASH') {
+                        if (ref($domconfig{'usercreation'}{'cancreate'}{'shibenv'}) eq 'HASH') {
+                            my @possfields = ('firstname','middlename','lastname','generation',
+                                              'permanentemail','id');
+                            my ($othertitle,$usertypes,$types) = &Apache::loncommon::sorted_inst_types($domain);
+                            $shibenv= {};
+                            foreach my $key (keys(%{$domconfig{'usercreation'}{'cancreate'}{'shibenv'}})) {
+                                if ($key eq 'inststatus') {
+                                    if (ref($usertypes) eq 'HASH') {
+                                        if ($domconfig{'usercreation'}{'cancreate'}{'shibenv'}{$key} ne '') {
+                                            if (exists($usertypes->{$domconfig{'usercreation'}{'cancreate'}{'shibenv'}{$key}})) {
+                                                $shibenv->{$key} = $domconfig{'usercreation'}{'cancreate'}{'shibenv'}{$key};
+                                             }
+                                        }
+                                    }
+                                } elsif (grep(/^\Q$key\E/,@possfields)) {
+                                    if ($domconfig{'usercreation'}{'cancreate'}{'shibenv'}{$key} ne '') {
+                                        $shibenv->{$key} = $domconfig{'usercreation'}{'cancreate'}{'shibenv'}{$key};
+                                    }
+                                }
+                            }
+                        }
+                    }
+                }
+            }
             $msg .= &username_check($sso_username,$domain,$domdesc,$courseid, 
                                     $lonhost,$contact_email,$contact_name,
-                                    $sso_logout,$statustocreate);
+                                    $sso_logout,$statustocreate,$shibenv);
         } else {
             $msg = '<h3>'.&mt('Account creation unavailable').'</h3>'.
                    '<span class="LC_warning">'.&mt("Although your username and password were authenticated by your institution's Single Sign On system, you do not currently have a LON-CAPA account at this institution, and you are not permitted to create one.").'</span><br /><br />'.&mt('Please contact the [_1] ([_2]) for assistance.',$contact_name,$contact_email).'<hr />'.
@@ -187,10 +215,11 @@ sub handler {
     my ($output,$nostart,$noend,$redirect);
     my $token = $env{'form.token'};
     if ($token) {
+        my $usertype = &get_usertype($domain);
         ($output,$nostart,$noend,$redirect) = 
             &process_mailtoken($r,$token,$contact_name,$contact_email,$domain,
                                $domdesc,$lonhost,$include,$start_page,$cancreate,
-                               $domconfig{'usercreation'});
+                               $domconfig{'usercreation'},$usertype);
         if ($redirect) {
             $r->internal_redirect('/adm/switchserver');
             return OK;
@@ -248,24 +277,21 @@ sub handler {
     } elsif (!$token) {
         &print_header($r,$start_page,$courseid);
         my $now=time;
-        my $gotlondes;
-        if (grep(/^login$/,@{$cancreate})) {
+        if ((grep(/^login$/,@{$cancreate})) && (!grep(/^email$/,@{$cancreate}))) {
             if (open(my $jsh,"<$include/londes.js")) {
                 while(my $line = <$jsh>) {
                     $r->print($line);
                 }
                 close($jsh);
                 $r->print(&javascript_setforms($now));
-                $gotlondes = 1;
             }
         }
-        if (grep(/^email(|approval)$/,@{$cancreate})) {
+        if (grep(/^email$/,@{$cancreate})) {
             $r->print(&javascript_validmail());
         }
         my $usertype = &get_usertype($domain);
         $output = &print_username_form($r,$domain,$domdesc,$cancreate,$now,$lonhost,
-                                       $include,$courseid,$gotlondes,$emailusername,
-                                       $usertype);
+                                       $include,$courseid,$emailusername,$usertype);
     }
     $r->print($output);
     &print_footer($r);
@@ -293,7 +319,7 @@ sub print_footer {
         $r->print('<form name="backupcrumbs" method="post" action="">'.
                   &Apache::lonhtmlcommon::echo_form_input(['backto','logtoken',
                       'token','serverid','uname','upass','phase','create_with_email',
-                      'code','crypt','cfirstname','clastname',
+                      'code','crypt','cfirstname','clastname','g-recaptcha-response',
                       'recaptcha_challenge_field','recaptcha_response_field',
                       'cmiddlename','cgeneration','cpermanentemail','cid']).
                   '</form>');
@@ -328,7 +354,7 @@ sub selfenroll_crumbs {
     }
     my $last_crumb;
     if ($desc ne '') {
-        $last_crumb = &mt('Self-enroll in [_1]',"<span class='LC_cusr_emph'>$desc</span>");
+        $last_crumb = &mt("Self-enroll in [_1]","'$desc'");
     } else {
         $last_crumb = &mt('Self-enroll');
     }
@@ -340,7 +366,7 @@ sub selfenroll_crumbs {
 }
 
 sub javascript_setforms {
-    my ($now,$emailusername,$captcha,$usertype) =  @_;
+    my ($now,$emailusername,$captcha,$usertype,$recaptchaversion) =  @_;
     my ($setuserinfo,@required,$requiredchk);
     if (ref($emailusername) eq 'HASH') {
         if (ref($emailusername->{$usertype}) eq 'HASH') {  
@@ -356,13 +382,16 @@ sub javascript_setforms {
             $setuserinfo .= '                    server.elements.code.value=client.elements.code.value;'."\n".
                             '                    server.elements.crypt.value=client.elements.crypt.value;'."\n";
         } elsif ($captcha eq 'recaptcha') {
-            $setuserinfo .= 
+            if ($recaptchaversion ne '2') {
+                $setuserinfo .=
                 '                    server.elements.recaptcha_challenge_field.value=client.elements.recaptcha_challenge_field.value;'."\n".
                 '                    server.elements.recaptcha_response_field.value=client.elements.recaptcha_response_field.value;'."\n";
+            }
         }
     }
     if (@required) {
         my $missprompt = &mt('One or more required fields are currently blank.');
+        &js_escape(\$missprompt);
         my $reqstr = join("','",@required);
         $requiredchk = <<"ENDCHK";
                 var requiredfields = new Array('$reqstr');
@@ -404,7 +433,7 @@ $requiredchk
                 initkeys();
 
                 server.elements.upass.value
-                    = crypted(client.elements.upass$now.value);
+                    = getCrypted(client.elements.upass$now.value);
 
                 client.elements.uname.value='';
                 client.elements.upass$now.value='';
@@ -417,17 +446,23 @@ $setuserinfo
         }
         return false;
     }
+
 // ]]>
 </script>
 ENDSCRIPT
+    if (($captcha eq 'recaptcha') && ($recaptchaversion eq '2')) {
+        $js .= "\n".'<script src="https://www.google.com/recaptcha/api.js"></script>'."\n";
+    }
     return $js;
 }
 
 sub javascript_checkpass {
     my ($now,$context) = @_;
     my $nopass = &mt('You must enter a password.');
-    my $mismatchpass = &mt('The passwords you entered did not match.').'\\n'.
+    my $mismatchpass = &mt('The passwords you entered did not match.')."\n".
                        &mt('Please try again.'); 
+    &js_escape(\$nopass);
+    &js_escape(\$mismatchpass);
     my $js = <<"ENDSCRIPT";
 <script type="text/javascript">
 // <![CDATA[
@@ -461,18 +496,19 @@ ENDSCRIPT
 }
 
 sub javascript_validmail {
-    my %lt = &Apache::lonlocal::texthash (
+    my %js_lt = &Apache::lonlocal::texthash (
                email => 'The e-mail address you entered',
                notv  => 'is not a valid e-mail address',
     );
     my $output =  "\n".'<script type="text/javascript">'."\n".
                   '// <![CDATA['."\n".
                   &Apache::lonhtmlcommon::javascript_valid_email()."\n";
+    &js_escape(\%js_lt);
     $output .= <<"ENDSCRIPT";
 function validate_email(client) {
     field = client.uname;
     if (validmail(field) == false) {
-        alert("$lt{'email'}: "+field.value+" $lt{'notv'}.");
+        alert("$js_lt{'email'}: "+field.value+" $js_lt{'notv'}.");
         return false;
     }
     return true;
@@ -483,7 +519,7 @@ ENDSCRIPT
 }
 
 sub print_username_form {
-    my ($r,$domain,$domdesc,$cancreate,$now,$lonhost,$include,$courseid,$gotlondes,$emailusername,
+    my ($r,$domain,$domdesc,$cancreate,$now,$lonhost,$include,$courseid,$emailusername,
         $usertype) = @_;
     my %lt = &Apache::lonlocal::texthash (
                                          unam => 'username',
@@ -511,9 +547,10 @@ sub print_username_form {
                                       $domain,'createaccount').'</div>';
             }
         }
-        if (grep(/^email(|approval)$/,@{$cancreate})) {
+        if (grep(/^email$/,@{$cancreate})) {
             $output .= '<div class="LC_left_float"><h3>'.&mt('Create account with an e-mail address as your username').'</h3>';
-            my ($captchaform,$error,$captcha) = &Apache::loncommon::captcha_display('usercreation',$lonhost);
+            my ($captchaform,$error,$captcha,$recaptchaversion) = 
+                &Apache::loncommon::captcha_display('usercreation',$lonhost);
             if ($error) {
                 my $helpdesk = '/adm/helpdesk?origurl=%2fadm%2fcreateaccount';
                 if ($courseid ne '') {
@@ -542,8 +579,8 @@ sub print_username_form {
                                $lt{'yopw'}.'<br />';
                 }
                 $output .= &print_dataentry_form($r,$domain,$lonhost,$include,$now,$captchaform,
-                                                 $courseid,$gotlondes,$emailusername,$captcha,
-                                                 $usertype);
+                                                 $courseid,$emailusername,$captcha,$usertype,
+                                                 $recaptchaversion);
             }
             $output .= '</div>';
         }
@@ -612,7 +649,7 @@ sub process_email_request {
         $server,$settings,$emailusername,$courseid,$usertype) = @_;
     my $output;
     if (ref($cancreate) eq 'ARRAY') {
-        if (!grep(/^email(|approval)$/,@{$cancreate})) {
+        if (!grep(/^email$/,@{$cancreate})) {
             $output = &invalid_state('noemails',$domdesc,
                                      $contact_name,$contact_email);
             return $output;
@@ -755,7 +792,7 @@ sub send_token {
 
 sub process_mailtoken {
     my ($r,$token,$contact_name,$contact_email,$domain,$domdesc,$lonhost,
-        $include,$start_page,$cancreate,$settings) = @_;
+        $include,$start_page,$cancreate,$settings,$usertype) = @_;
     my ($msg,$nostart,$noend,$redirect);
     my %data = &Apache::lonnet::tmpget($token);
     my $now = time;
@@ -772,36 +809,46 @@ sub process_mailtoken {
         if ($now - $data{'time'} < 7200) {
 # Check if request should be queued.
             if (ref($cancreate) eq 'ARRAY') {
+                my $disposition;
                 if (grep(/^email$/,@{$cancreate})) {
-                    my ($result,$output,$uhome) = 
-                        &create_account($r,$domain,$domdesc,\%data);
-                    if ($result eq 'ok') {
-                        $msg = $output;
-                        my $shownow = &Apache::lonlocal::locallocaltime($now);
-                        my $mailmsg = &mt('A LON-CAPA account for the institution: [_1] has been created [_2] from IP address: [_3]. If you did not perform this action or authorize it, please contact the [_4] ([_5]).',$domdesc,$shownow,$ENV{'REMOTE_ADDR'},$contact_name,$contact_email)."\n";
-                        my $mailresult = &Apache::resetpw::send_mail($domdesc,$data{'email'},
-                                                                     $mailmsg,$contact_name,
-                                                                     $contact_email);
-                        if ($mailresult eq 'ok') {
-                            $msg .= &mt('An e-mail confirming creation of your new LON-CAPA account has been sent to [_1].',$data{'username'});
-                        } else {
-                            $msg .= &mt('An error occurred when sending e-mail to [_1] confirming creation of your LON-CAPA account.',$data{'username'});
+                    if (ref($settings) eq 'HASH') {
+                        if (ref($settings->{'cancreate'}) eq 'HASH') {
+                            if (ref($settings->{'cancreate'}{'selfcreateprocessing'}) eq 'HASH') {
+                                $disposition = $settings->{'cancreate'}{'selfcreateprocessing'}{$usertype}; 
+                            }
                         }
-                        $redirect = &start_session($r,$data{'username'},$domain,$uhome,
-                                                   $data{'courseid'},$token);
-                        $nostart = 1;
-                        $noend = 1;
+                    }
+                    if ($disposition eq 'approval') {
+                        $msg = &store_request($domain,$data{'username'},'approval',\%data,$settings);
+                        my $delete = &Apache::lonnet::tmpdel($token);
                     } else {
-                        $msg .= &mt('A problem occurred when attempting to create your new LON-CAPA account.')
-                               .'<br />'.$output;
-                        if (($contact_name ne '') && ($contact_email ne '')) {
-                            $msg .= &mt('Please contact the [_1] ([_2]) for assistance.',$contact_name,$contact_email);
+                        my ($result,$output,$uhome) = 
+                            &create_account($r,$domain,$domdesc,\%data);
+                        if ($result eq 'ok') {
+                            $msg = $output;
+                            my $shownow = &Apache::lonlocal::locallocaltime($now);
+                            my $mailmsg = &mt('A LON-CAPA account for the institution: [_1] has been created [_2] from IP address: [_3]. If you did not perform this action or authorize it, please contact the [_4] ([_5]).',$domdesc,$shownow,$ENV{'REMOTE_ADDR'},$contact_name,$contact_email)."\n";
+                            my $mailresult = &Apache::resetpw::send_mail($domdesc,$data{'email'},
+                                                                        $mailmsg,$contact_name,
+                                                                        $contact_email);
+                            if ($mailresult eq 'ok') {
+                                $msg .= &mt('An e-mail confirming creation of your new LON-CAPA account has been sent to [_1].',$data{'username'});
+                            } else {
+                                $msg .= &mt('An error occurred when sending e-mail to [_1] confirming creation of your LON-CAPA account.',$data{'username'});
+                            }
+                            $redirect = &start_session($r,$data{'username'},$domain,$uhome,
+                                                       $data{'courseid'},$token);
+                            $nostart = 1;
+                            $noend = 1;
+                        } else {
+                            $msg .= &mt('A problem occurred when attempting to create your new LON-CAPA account.')
+                                   .'<br />'.$output;
+                            if (($contact_name ne '') && ($contact_email ne '')) {
+                                $msg .= &mt('Please contact the [_1] ([_2]) for assistance.',$contact_name,$contact_email);
+                            }
                         }
+                        my $delete = &Apache::lonnet::tmpdel($token);
                     }
-                    my $delete = &Apache::lonnet::tmpdel($token);
-                } elsif (grep(/^emailapproval$/,@{$cancreate})) {
-                    $msg = &store_request($domain,$data{'username'},'approval',\%data,$settings);
-                    my $delete = &Apache::lonnet::tmpdel($token);
                 } else {
                     $msg = &invalid_state('noemails',$domdesc,$contact_name,$contact_email);
                 }
@@ -821,8 +868,8 @@ sub process_mailtoken {
 
 sub start_session {
     my ($r,$username,$domain,$uhome,$courseid,$token) = @_;
-
-    if ($r->dir_config('lonBalancer') eq 'yes') {
+    my ($is_balancer) = &Apache::lonnet::check_loadbalancing($username,$domain);
+    if ($is_balancer) {
         Apache::lonauth::success($r, $username, $domain, $uhome,
             'noredirect', undef, {});
 
@@ -836,7 +883,6 @@ sub start_session {
             ($courseid ? "/adm/selfenroll?courseid=$courseid" : '/adm/roles'),
             undef, {}); 
     }
-
     return;
 }
 
@@ -846,21 +892,16 @@ sub start_session {
 # Stores token to store DES-key and stage during creation session
 #
 sub print_dataentry_form {
-    my ($r,$domain,$lonhost,$include,$now,$captchaform,$courseid,$gotlondes,$emailusername,$captcha,
-        $usertype) = @_;
+    my ($r,$domain,$lonhost,$include,$now,$captchaform,$courseid,$emailusername,$captcha,
+        $usertype,$recaptchaversion) = @_;
     my ($error,$output);
-    unless ($gotlondes) {
-        if (open(my $jsh,"<$include/londes.js")) {
-            while(my $line = <$jsh>) {
-                $r->print($line);
-            }
-            close($jsh);
-            $output = &javascript_setforms($now,$emailusername,$captcha,$usertype)."\n";
-            $gotlondes = 1;
-        }
-    }
-    if ($gotlondes) {
-        $output .= &javascript_checkpass($now,'email');
+    if (open(my $jsh,"<$include/londes.js")) {
+        while(my $line = <$jsh>) {
+            $r->print($line);
+        }
+        close($jsh);
+        $output = &javascript_setforms($now,$emailusername,$captcha,$usertype,$recaptchaversion).
+                  "\n".&javascript_checkpass($now,'email');
         my ($lkey,$ukey) = &Apache::loncommon::des_keys();
         my ($lextkey,$uextkey) = &getkeys($lkey,$ukey);
         my $logtoken=Apache::lonnet::reply('tmpput:'.$ukey.$lkey.'&createaccount:createaccount',
@@ -884,10 +925,15 @@ sub print_dataentry_form {
    <input type="hidden" name="code" value="" />
 ';
         } elsif ($captcha eq 'recaptcha') {
-            $output .= '
+            if ($recaptchaversion eq '2') {
+                $output .= "$captchaform\n";
+                undef($captchaform);
+            } else {
+                $output .= '
    <input type="hidden" name="recaptcha_challenge_field" value="" />
    <input type="hidden" name="recaptcha_response_field" value="" />
 ';
+            }
         }
         $output .= <<"ENDSERVERFORM";
    <input type="hidden" name="logtoken" value="$logtoken" />
@@ -964,7 +1010,12 @@ sub get_creation_controls {
             if (ref($usercreation->{'cancreate'}{'emailusername'}) eq 'HASH') {
                 $emailusername = $usercreation->{'cancreate'}{'emailusername'};
             } else {
-                $emailusername =  {'lastname' => '1', 'firstname' => 1, };
+                $emailusername = {
+                                    default =>  {
+                                                   'lastname' => '1',
+                                                   'firstname' => 1,
+                                                },
+                                 };
             }
         }
     }
@@ -991,8 +1042,8 @@ sub create_account {
         $middlename = $dataref->{'middlename'};
         $lastname   = $dataref->{'lastname'};
         $generation = $dataref->{'generation'};
-        $inststatus = $dataref->{'usertype'};
-       
+        $inststatus = $dataref->{'inststatus'};
+
         my $currhome = &Apache::lonnet::homeserver($username,$domain);
         unless ($currhome eq 'no_host') {
             $output = &mt('User account requested for username: [_1] in domain: [_2] already exists.',$username,$domain);
@@ -1153,7 +1204,7 @@ sub login_failure_msg {
 
 sub username_check {
     my ($username,$domain,$domdesc,$courseid,$lonhost,$contact_email,
-        $contact_name,$sso_logout,$statustocreate) = @_;
+        $contact_name,$sso_logout,$statustocreate,$shibenv) = @_;
     my (%rulematch,%inst_results,$checkfail,$rowcount,$editable,$output,$msg,
         %alerts,%curr_rules,%got_rules);
     &call_rulecheck($username,$domain,\%alerts,\%rulematch,
@@ -1189,6 +1240,13 @@ sub username_check {
     }
     if (!$checkfail) {
         $output = '<form method="post" action="/adm/createaccount">';
+        if (ref($shibenv) eq 'HASH') {
+            foreach my $key (keys(%{$shibenv})) {
+                if ($ENV{$shibenv->{$key}} ne '') {
+                    $inst_results{$username.':'.$domain}{$key} = $ENV{$shibenv->{$key}};
+                }
+            }
+        }
         (my $datatable,$rowcount,$editable) = 
             &Apache::loncreateuser::personal_data_display($username,$domain,1,'selfcreate',
                                                          $inst_results{$username.':'.$domain});
@@ -1597,7 +1655,7 @@ sub sso_logout_frag {
 sub catreturn_js {
     return  <<"ENDSCRIPT";
 <script type="text/javascript">
-
+// <![CDATA[
 function ToSelfenroll(formname) {
     var formidx = getFormByName(formname);
     if (formidx > -1) {
@@ -1645,7 +1703,7 @@ function getFormByName(item) {
     }
     return -1;
 }
-
+// ]]>
 </script>
 ENDSCRIPT