'.
''.&mt('Mapping of Shibboleth environment variable names to user data fields (SSO auth)').' | '.
''."\n".
- ''."\n";
+ ''."\n";
for (my $i=0; $i<@fields; $i++) {
$rem = $i%($numperrow);
if ($rem == 0) {
@@ -5400,7 +5406,10 @@ sub print_usermodification {
sub print_defaults {
my ($position,$dom,$settings,$rowtotal) = @_;
my $rownum = 0;
- my ($datatable,$css_class);
+ my ($datatable,$css_class,$titles);
+ unless ($position eq 'bottom') {
+ $titles = &defaults_titles($dom);
+ }
if ($position eq 'top') {
my @items = ('auth_def','auth_arg_def','lang_def','timezone_def',
'datelocale_def','portal_def');
@@ -5413,7 +5422,6 @@ sub print_defaults {
$defaults{$item} = $domdefaults{$item};
}
}
- my $titles = &defaults_titles($dom);
foreach my $item (@items) {
if ($rownum%2) {
$css_class = '';
@@ -5461,8 +5469,87 @@ sub print_defaults {
$datatable .= '';
$rownum ++;
}
+ } elsif ($position eq 'middle') {
+ my @items = ('intauth_cost','intauth_check','intauth_switch');
+ my %defaults;
+ if (ref($settings) eq 'HASH') {
+ %defaults = %{$settings};
+ if ($defaults{'intauth_cost'} !~ /^\d+$/) {
+ $defaults{'intauth_cost'} = 10;
+ }
+ if ($defaults{'intauth_check'} !~ /^(0|1|2)$/) {
+ $defaults{'intauth_check'} = 0;
+ }
+ if ($defaults{'intauth_switch'} !~ /^(0|1|2)$/) {
+ $defaults{'intauth_switch'} = 0;
+ }
+ } else {
+ %defaults = (
+ 'intauth_cost' => 10,
+ 'intauth_check' => 0,
+ 'intauth_switch' => 0,
+ );
+ }
+ foreach my $item (@items) {
+ if ($rownum%2) {
+ $css_class = '';
+ } else {
+ $css_class = ' class="LC_odd_row" ';
+ }
+ $datatable .= ''.
+ ''.$titles->{$item}.
+ ' | ';
+ if ($item eq 'intauth_switch') {
+ my @options = (0,1,2);
+ my %optiondesc = &Apache::lonlocal::texthash (
+ 0 => 'No',
+ 1 => 'Yes',
+ 2 => 'Yes, and copy existing passwd file to passwd.bak file',
+ );
+ $datatable .= '';
+ } elsif ($item eq 'intauth_check') {
+ my @options = (0,1,2);
+ my %optiondesc = &Apache::lonlocal::texthash (
+ 0 => 'No',
+ 1 => 'Yes, allow login then update passwd file using default cost (if higher)',
+ 2 => 'Yes, disallow login if stored cost is less than domain default',
+ );
+ $datatable .= '';
+ } else {
+ $datatable .= '';
+ }
+ $datatable .= ' | ';
+ $rownum ++;
+ }
} else {
- my (%defaults);
+ my %defaults;
if (ref($settings) eq 'HASH') {
if ((ref($settings->{'inststatusorder'}) eq 'ARRAY') && (ref($settings->{'inststatustypes'}) eq 'HASH') &&
(ref($settings->{'inststatusguest'}) eq 'ARRAY')) {
@@ -5557,6 +5644,9 @@ sub defaults_titles {
'timezone_def' => 'Default timezone',
'datelocale_def' => 'Default locale for dates',
'portal_def' => 'Portal/Default URL',
+ 'intauth_cost' => 'Encryption cost for bcrypt (positive integer)',
+ 'intauth_check' => 'Check bcrypt cost if authenticated',
+ 'intauth_switch' => 'Existing crypt-based switched to bcrypt on authentication',
);
if ($dom) {
my $uprimary_id = &Apache::lonnet::domain($dom,'primary');
@@ -5786,7 +5876,7 @@ sub print_coursecategories {
''.$lt{$type}.' ';
}
- $datatable .= '';
+ $datatable .= '';
$itemcount ++;
}
$$rowtotal += $itemcount;
@@ -5997,7 +6087,7 @@ sub print_coursecategories {
$datatable .= &initialize_categories($itemcount);
}
} else {
- $datatable .= ''.$hdritem->{'header'}->[1]->{'col2'}.' | '
+ $datatable .= ''.$hdritem->{'header'}->[1]->{'col2'}.' | '
.&initialize_categories($itemcount);
}
$$rowtotal += $itemcount;
@@ -6045,7 +6135,7 @@ sub print_serverstatuses {
''.
''.
- ''."\n";
+ ''."\n";
}
$$rowtotal += $rownum;
return $datatable;
@@ -6060,7 +6150,35 @@ sub serverstatus_pages {
sub defaults_javascript {
my ($settings) = @_;
- return unless (ref($settings) eq 'HASH');
+ my $intauthcheck = &mt('Warning: disallowing login for an authenticated user if the stored cost is less than the default will require a password reset by/for the user.');
+ my $intauthcost = &mt('Warning: bcrypt encryption cost for internal authentication must be an integer.');
+ &js_escape(\$intauthcheck);
+ &js_escape(\$intauthcost);
+ my $intauthjs = <<"ENDSCRIPT";
+
+function warnIntAuth(field) {
+ if (field.name == 'intauth_check') {
+ if (field.value == '2') {
+ alert('$intauthcheck');
+ }
+ }
+ if (field.name == 'intauth_cost') {
+ field.value.replace(/\s/g,'');
+ if (field.value != '') {
+ var regexdigit=/^\\d+\$/;
+ if (!regexdigit.test(field.value)) {
+ alert('$intauthcost');
+ }
+ }
+ }
+ return;
+}
+
+ENDSCRIPT
+
+ if (ref($settings) ne 'HASH') {
+ return &Apache::lonhtmlcommon::scripttag($intauthjs);
+ }
if ((ref($settings->{'inststatusorder'}) eq 'ARRAY') && (ref($settings->{'inststatustypes'}) eq 'HASH')) {
my $maxnum = scalar(@{$settings->{'inststatusorder'}});
if ($maxnum eq '') {
@@ -6114,10 +6232,14 @@ $jstext
return;
}
+$intauthjs
+
// ]]>
ENDSCRIPT
+ } else {
+ return &Apache::lonhtmlcommon::scripttag($intauthjs);
}
}
@@ -6238,7 +6360,7 @@ sub initialize_categories {
my $select1 = '';
foreach my $default ('instcode','communities') {
$css_class = $itemcount%2?' class="LC_odd_row"':'';
- $chgstr = ' onchange="javascript:reorderCats(this.form,'."'',$default"."_pos','0'".');"';
+ $chgstr = ' onchange="javascript:reorderCats(this.form,'."'','$default"."_pos','0'".');"';
if ($default eq 'communities') {
$select1 = $select0;
$select0 = '';
@@ -6263,8 +6385,9 @@ sub initialize_categories {
.''
.''
.' '
- .&mt('Add category').''.&mt('Name:')
- .' | ';
+ .&mt('Add category').'>'.&mt('Name:')
+ .' '
+ .'';
return $datatable;
}
@@ -6319,7 +6442,7 @@ sub build_category_rows {
pop(@{$path});
}
} else {
- $text .= &mt('Add subcategory:').' '.&mt('Add subcategory:').'';
+ $text .= ''.&mt('Add subcategory:').' | ';
}
}
}
@@ -6537,7 +6660,7 @@ sub insttypes_row {
$rem = @{$types}%($numinrow);
}
my $colsleft = $numinrow - $rem;
- if (($rem == 0) && (@{$types} > 0)) {
+ if ($rem == 0) {
$output .= '';
}
if ($colsleft > 1) {
@@ -8642,9 +8765,9 @@ sub modify_autoenroll {
}
if ($changes{'autofailsafe'}) {
if ($failsafe ne '') {
- $resulttext .= ''.&mt("$title{'failsafe'} set to [_1]",$failsafe).'';
+ $resulttext .= ''.&mt('Failsafe for no drops if institutional data missing for a section set to: [_1]',$failsafe).'';
} else {
- $resulttext .= ''.&mt("$title{'failsafe'} deleted");
+ $resulttext .= ''.&mt('Failsafe for no drops if institutional data missing for a section: deleted');
}
&Apache::lonnet::get_domain_defaults($dom,1);
if (ref($lastactref) eq 'HASH') {
@@ -8923,7 +9046,7 @@ sub modify_autocreate {
}
sub modify_directorysrch {
- my ($dom,%domconfig) = @_;
+ my ($dom,$lastactref,%domconfig) = @_;
my ($resulttext,%changes);
my %currdirsrch;
if (ref($domconfig{'directorysrch'}) eq 'HASH') {
@@ -9117,6 +9240,10 @@ sub modify_directorysrch {
$resulttext .= ''.&mt($title{'searchtypes'}.' set to: "[_1]"',$chgtext).'';
}
$resulttext .= '';
+ &Apache::lonnet::do_cache_new('directorysrch',$dom,$dirsrch_hash{'directorysrch'},3600);
+ if (ref($lastactref) eq 'HASH') {
+ $lastactref->{'directorysrch'} = 1;
+ }
} else {
$resulttext = &mt('No changes made to directory search settings');
}
@@ -10006,7 +10133,7 @@ sub modify_selfcreation {
$save_usercreate{'cancreate'}{'shibenv'} = $cancreate{'shibenv'};
}
$save_usercreate{'cancreate'}{'emailusername'} = $cancreate{'emailusername'};
- $save_usercreate{'emailrule'} = \@email_rule;
+ $save_usercreate{'email_rule'} = \@email_rule;
my %userconfig_hash = (
usercreation => \%save_usercreate,
@@ -10442,7 +10569,8 @@ sub modify_defaults {
my ($dom,$lastactref,%domconfig) = @_;
my ($resulttext,$mailmsgtxt,%newvalues,%changes,@errors);
my %domdefaults = &Apache::lonnet::get_domain_defaults($dom,1);
- my @items = ('auth_def','auth_arg_def','lang_def','timezone_def','datelocale_def','portal_def');
+ my @items = ('auth_def','auth_arg_def','lang_def','timezone_def','datelocale_def',
+ 'portal_def','intauth_cost','intauth_check','intauth_switch');
my @authtypes = ('internal','krb4','krb5','localauth');
foreach my $item (@items) {
$newvalues{$item} = $env{'form.'.$item};
@@ -10484,6 +10612,24 @@ sub modify_defaults {
push(@errors,$item);
}
}
+ } elsif ($item eq 'intauth_cost') {
+ if ($newvalues{$item} ne '') {
+ if ($newvalues{$item} =~ /\D/) {
+ push(@errors,$item);
+ }
+ }
+ } elsif ($item eq 'intauth_check') {
+ if ($newvalues{$item} ne '') {
+ unless ($newvalues{$item} =~ /^(0|1|2)$/) {
+ push(@errors,$item);
+ }
+ }
+ } elsif ($item eq 'intauth_switch') {
+ if ($newvalues{$item} ne '') {
+ unless ($newvalues{$item} =~ /^(0|1|2)$/) {
+ push(@errors,$item);
+ }
+ }
}
if (grep(/^\Q$item\E$/,@errors)) {
$newvalues{$item} = $domdefaults{$item};
@@ -10638,6 +10784,28 @@ sub modify_defaults {
localauth => 'loc',
);
$value = $authnames{$shortauth{$value}};
+ } elsif ($item eq 'intauth_switch') {
+ my %optiondesc = &Apache::lonlocal::texthash (
+ 0 => 'No',
+ 1 => 'Yes',
+ 2 => 'Yes, and copy existing passwd file to passwd.bak file',
+ );
+ if ($value =~ /^(0|1|2)$/) {
+ $value = $optiondesc{$value};
+ } else {
+ $value = &mt('none -- defaults to No');
+ }
+ } elsif ($item eq 'intauth_check') {
+ my %optiondesc = &Apache::lonlocal::texthash (
+ 0 => 'No',
+ 1 => 'Yes, allow login then update passwd file using default cost (if higher)',
+ 2 => 'Yes, disallow login if stored cost is less than domain default',
+ );
+ if ($value =~ /^(0|1|2)$/) {
+ $value = $optiondesc{$value};
+ } else {
+ $value = &mt('none -- defaults to No');
+ }
}
$resulttext .= ''.&mt('[_1] set to "[_2]"',$title->{$item},$value).'';
$mailmsgtext .= "$title->{$item} set to $value\n";
@@ -11192,14 +11360,16 @@ sub modify_helpsettings {
my %existing=&Apache::lonnet::dump('roles',$dom,$confname,'rolesdef_');
my (@allpos,%newsettings,%changedprivs,$newrole);
my ($othertitle,$usertypes,$types) = &Apache::loncommon::sorted_inst_types($dom);
- my @accesstypes = ('all','none','status','inc','exc');
- my %domhelpdesk = &Apache::lonnet::get_active_domroles($dom,['dh']);
+ my @accesstypes = ('all','dh','da','none','status','inc','exc');
+ my %domhelpdesk = &Apache::lonnet::get_active_domroles($dom,['dh','da']);
my %lt = &Apache::lonlocal::texthash(
s => 'system',
d => 'domain',
order => 'Display order',
access => 'Role usage',
- all => 'All',
+ all => 'All with domain helpdesk or helpdesk assistant role',
+ dh => 'All with domain helpdesk role',
+ da => 'All with domain helpdesk assistant role',
none => 'None',
status => 'Determined based on institutional status',
inc => 'Include all, but exclude specific personnel',
@@ -11396,7 +11566,7 @@ sub modify_helpsettings {
order => 'Order',
desc => 'Role description',
access => 'Role usage',
- status => 'Allowed instituional types',
+ status => 'Allowed institutional types',
exc => 'Allowed personnel',
inc => 'Disallowed personnel',
);
@@ -12312,8 +12482,10 @@ sub modify_usersessions {
}
my $cachetime = 24*60*60;
&Apache::lonnet::do_cache_new('domdefaults',$dom,\%domdefaults,$cachetime);
+ &Apache::lonnet::do_cache_new('usersessions',$dom,$defaultshash{'usersessions'},3600);
if (ref($lastactref) eq 'HASH') {
$lastactref->{'domdefaults'} = 1;
+ $lastactref->{'usersessions'} = 1;
}
if (keys(%changes) > 0) {
my %lt = &usersession_titles();
@@ -13397,7 +13569,7 @@ sub devalidate_remote_domconfs {
my %servers = &Apache::lonnet::internet_dom_servers($dom);
my %thismachine;
map { $thismachine{$_} = 1; } &Apache::lonnet::current_machine_ids();
- my @posscached = ('domainconfig','domdefaults');
+ my @posscached = ('domainconfig','domdefaults','usersessions','directorysrch');
if (keys(%servers)) {
foreach my $server (keys(%servers)) {
next if ($thismachine{$server});
|
|