--- loncom/interface/domainprefs.pm 2017/01/24 00:19:15 1.160.6.78 +++ loncom/interface/domainprefs.pm 2017/03/13 21:20:18 1.160.6.80 @@ -1,7 +1,7 @@ # The LearningOnline Network with CAPA # Handler to set domain-wide configuration settings # -# $Id: domainprefs.pm,v 1.160.6.78 2017/01/24 00:19:15 raeburn Exp $ +# $Id: domainprefs.pm,v 1.160.6.80 2017/03/13 21:20:18 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -262,6 +262,8 @@ sub handler { help => 'Domain_Configuration_LangTZAuth', header => [{col1 => 'Setting', col2 => 'Value'}, + {col1 => 'Internal Authentication', + col2 => 'Value'}, {col1 => 'Institutional user types', col2 => 'Assignable to e-mail usernames'}], print => \&print_defaults, @@ -744,7 +746,7 @@ sub print_config_box { if (($action eq 'autoupdate') || ($action eq 'usercreation') || ($action eq 'selfcreation') || ($action eq 'selfenrollment') || ($action eq 'usersessions') || ($action eq 'coursecategories') || - ($action eq 'contacts')) { + ($action eq 'contacts') || ($action eq 'defaults')) { if ($action eq 'coursecategories') { $output .= &print_coursecategories('middle',$dom,$item,$settings,\$rowtotal); $colspan = ' colspan="2"'; @@ -3088,7 +3090,7 @@ sub print_helpsettings { my $context = 'domprefs'; my $crstype = 'Course'; my ($othertitle,$usertypes,$types) = &Apache::loncommon::sorted_inst_types($dom); - my @accesstypes = ('all','none'); + my @accesstypes = ('all','dh','da','none'); my ($numstatustypes,@jsarray); if (ref($types) eq 'ARRAY') { if (@{$types} > 0) { @@ -3097,7 +3099,7 @@ sub print_helpsettings { @jsarray = ('bystatus'); } } - my %domhelpdesk = &Apache::lonnet::get_active_domroles($dom,['dh']); + my %domhelpdesk = &Apache::lonnet::get_active_domroles($dom,['dh'.'da']); if (keys(%domhelpdesk)) { push(@accesstypes,('inc','exc')); push(@jsarray,('notinc','notexc')); @@ -3306,7 +3308,7 @@ function helpdeskAccess(num) { shown = Array('notinc'); hidden = Array('notexc','bystatus'); } - if (curraccess == 'all') { + if ((curraccess == 'all') || (curraccess == 'dh') || (curraccess == 'da')) { hidden = Array('notinc','notexc','bystatus'); } } @@ -3363,7 +3365,9 @@ sub helpdeskroles_access { my %lt = &Apache::lonlocal::texthash( 'rou' => 'Role usage', 'whi' => 'Which helpdesk personnel may use this role?', - 'all' => 'All', + 'all' => 'All with domain helpdesk or helpdesk assistant role', + 'dh' => 'All with domain helpdesk role', + 'da' => 'All with domain helpdesk assistant role', 'none' => 'None', 'status' => 'Determined based on institutional status', 'inc' => 'Include all, but exclude specific personnel', @@ -5400,7 +5404,10 @@ sub print_usermodification { sub print_defaults { my ($position,$dom,$settings,$rowtotal) = @_; my $rownum = 0; - my ($datatable,$css_class); + my ($datatable,$css_class,$titles); + unless ($position eq 'bottom') { + $titles = &defaults_titles($dom); + } if ($position eq 'top') { my @items = ('auth_def','auth_arg_def','lang_def','timezone_def', 'datelocale_def','portal_def'); @@ -5413,7 +5420,6 @@ sub print_defaults { $defaults{$item} = $domdefaults{$item}; } } - my $titles = &defaults_titles($dom); foreach my $item (@items) { if ($rownum%2) { $css_class = ''; @@ -5461,8 +5467,87 @@ sub print_defaults { $datatable .= ''; $rownum ++; } + } elsif ($position eq 'middle') { + my @items = ('intauth_cost','intauth_check','intauth_switch'); + my %defaults; + if (ref($settings) eq 'HASH') { + %defaults = %{$settings}; + if ($defaults{'intauth_cost'} !~ /^\d+$/) { + $defaults{'intauth_cost'} = 10; + } + if ($defaults{'intauth_check'} !~ /^(0|1|2)$/) { + $defaults{'intauth_check'} = 0; + } + if ($defaults{'intauth_switch'} !~ /^(0|1|2)$/) { + $defaults{'intauth_switch'} = 0; + } + } else { + %defaults = ( + 'intauth_cost' => 10, + 'intauth_check' => 0, + 'intauth_switch' => 0, + ); + } + foreach my $item (@items) { + if ($rownum%2) { + $css_class = ''; + } else { + $css_class = ' class="LC_odd_row" '; + } + $datatable .= ''. + ''.$titles->{$item}. + ''; + if ($item eq 'intauth_switch') { + my @options = (0,1,2); + my %optiondesc = &Apache::lonlocal::texthash ( + 0 => 'No', + 1 => 'Yes', + 2 => 'Yes, and copy existing passwd file to passwd.bak file', + ); + $datatable .= ''; + foreach my $option (@options) { + my $checked = ' '; + if ($defaults{$item} eq $option) { + $checked = ' checked="checked"'; + } + $datatable .= ''; + } + $datatable .= '
'. + '
'; + } elsif ($item eq 'intauth_check') { + my @options = (0,1,2); + my %optiondesc = &Apache::lonlocal::texthash ( + 0 => 'No', + 1 => 'Yes, allow login then update passwd file using default cost (if higher)', + 2 => 'Yes, disallow login if stored cost is less than domain default', + ); + $datatable .= ''; + foreach my $option (@options) { + my $checked = ' '; + my $onclick; + if ($defaults{$item} eq $option) { + $checked = ' checked="checked"'; + } + if ($option == 2) { + $onclick = ' onclick="javascript:warnIntAuth(this);"'; + } + $datatable .= ''; + } + $datatable .= '
'. + '
'; + } else { + $datatable .= ''; + } + $datatable .= ''; + $rownum ++; + } } else { - my (%defaults); + my %defaults; if (ref($settings) eq 'HASH') { if ((ref($settings->{'inststatusorder'}) eq 'ARRAY') && (ref($settings->{'inststatustypes'}) eq 'HASH') && (ref($settings->{'inststatusguest'}) eq 'ARRAY')) { @@ -5557,6 +5642,9 @@ sub defaults_titles { 'timezone_def' => 'Default timezone', 'datelocale_def' => 'Default locale for dates', 'portal_def' => 'Portal/Default URL', + 'intauth_cost' => 'Encryption cost for bcrypt (positive integer)', + 'intauth_check' => 'Check bcrypt cost if authenticated', + 'intauth_switch' => 'Existing crypt-based switched to bcrypt on authentication', ); if ($dom) { my $uprimary_id = &Apache::lonnet::domain($dom,'primary'); @@ -6060,7 +6148,35 @@ sub serverstatus_pages { sub defaults_javascript { my ($settings) = @_; - return unless (ref($settings) eq 'HASH'); + my $intauthcheck = &mt('Warning: disallowing login for an authenticated user if the stored cost is less than the default will require a password reset by/for the user.'); + my $intauthcost = &mt('Warning: bcrypt encryption cost for internal authentication must be an integer.'); + &js_escape(\$intauthcheck); + &js_escape(\$intauthcost); + my $intauthjs = <<"ENDSCRIPT"; + +function warnIntAuth(field) { + if (field.name == 'intauth_check') { + if (field.value == '2') { + alert('$intauthcheck'); + } + } + if (field.name == 'intauth_cost') { + field.value.replace(/\s/g,''); + if (field.value != '') { + var regexdigit=/^\\d+\$/; + if (!regexdigit.test(field.value)) { + alert('$intauthcost'); + } + } + } + return; +} + +ENDSCRIPT + + if (ref($settings) ne 'HASH') { + return &Apache::lonhtmlcommon::scripttag($intauthjs); + } if ((ref($settings->{'inststatusorder'}) eq 'ARRAY') && (ref($settings->{'inststatustypes'}) eq 'HASH')) { my $maxnum = scalar(@{$settings->{'inststatusorder'}}); if ($maxnum eq '') { @@ -6114,10 +6230,14 @@ $jstext return; } +$intauthjs + // ]]> ENDSCRIPT + } else { + return &Apache::lonhtmlcommon::scripttag($intauthjs); } } @@ -10442,7 +10562,8 @@ sub modify_defaults { my ($dom,$lastactref,%domconfig) = @_; my ($resulttext,$mailmsgtxt,%newvalues,%changes,@errors); my %domdefaults = &Apache::lonnet::get_domain_defaults($dom,1); - my @items = ('auth_def','auth_arg_def','lang_def','timezone_def','datelocale_def','portal_def'); + my @items = ('auth_def','auth_arg_def','lang_def','timezone_def','datelocale_def', + 'portal_def','intauth_cost','intauth_check','intauth_switch'); my @authtypes = ('internal','krb4','krb5','localauth'); foreach my $item (@items) { $newvalues{$item} = $env{'form.'.$item}; @@ -10484,6 +10605,24 @@ sub modify_defaults { push(@errors,$item); } } + } elsif ($item eq 'intauth_cost') { + if ($newvalues{$item} ne '') { + if ($newvalues{$item} =~ /\D/) { + push(@errors,$item); + } + } + } elsif ($item eq 'intauth_check') { + if ($newvalues{$item} ne '') { + unless ($newvalues{$item} =~ /^(0|1|2)$/) { + push(@errors,$item); + } + } + } elsif ($item eq 'intauth_switch') { + if ($newvalues{$item} ne '') { + unless ($newvalues{$item} =~ /^(0|1|2)$/) { + push(@errors,$item); + } + } } if (grep(/^\Q$item\E$/,@errors)) { $newvalues{$item} = $domdefaults{$item}; @@ -10638,6 +10777,28 @@ sub modify_defaults { localauth => 'loc', ); $value = $authnames{$shortauth{$value}}; + } elsif ($item eq 'intauth_switch') { + my %optiondesc = &Apache::lonlocal::texthash ( + 0 => 'No', + 1 => 'Yes', + 2 => 'Yes, and copy existing passwd file to passwd.bak file', + ); + if ($value =~ /^(0|1|2)$/) { + $value = $optiondesc{$value}; + } else { + $value = &mt('none -- defaults to No'); + } + } elsif ($item eq 'intauth_check') { + my %optiondesc = &Apache::lonlocal::texthash ( + 0 => 'No', + 1 => 'Yes, allow login then update passwd file using default cost (if higher)', + 2 => 'Yes, disallow login if stored cost is less than domain default', + ); + if ($value =~ /^(0|1|2)$/) { + $value = $optiondesc{$value}; + } else { + $value = &mt('none -- defaults to No'); + } } $resulttext .= '
  • '.&mt('[_1] set to "[_2]"',$title->{$item},$value).'
    • '; $mailmsgtext .= "$title->{$item} set to $value\n"; @@ -11192,14 +11353,16 @@ sub modify_helpsettings { my %existing=&Apache::lonnet::dump('roles',$dom,$confname,'rolesdef_'); my (@allpos,%newsettings,%changedprivs,$newrole); my ($othertitle,$usertypes,$types) = &Apache::loncommon::sorted_inst_types($dom); - my @accesstypes = ('all','none','status','inc','exc'); - my %domhelpdesk = &Apache::lonnet::get_active_domroles($dom,['dh']); + my @accesstypes = ('all','dh','da','none','status','inc','exc'); + my %domhelpdesk = &Apache::lonnet::get_active_domroles($dom,['dh','da']); my %lt = &Apache::lonlocal::texthash( s => 'system', d => 'domain', order => 'Display order', access => 'Role usage', - all => 'All', + all => 'All with domain helpdesk or helpdesk assistant role', + dh => 'All with domain helpdesk role', + da => 'All with domain helpdesk assistant role', none => 'None', status => 'Determined based on institutional status', inc => 'Include all, but exclude specific personnel',