--- loncom/interface/domainprefs.pm 2021/02/16 14:00:35 1.160.6.102.2.10 +++ loncom/interface/domainprefs.pm 2021/12/30 02:40:28 1.160.6.118 @@ -1,7 +1,7 @@ # The LearningOnline Network with CAPA # Handler to set domain-wide configuration settings # -# $Id: domainprefs.pm,v 1.160.6.102.2.10 2021/02/16 14:00:35 raeburn Exp $ +# $Id: domainprefs.pm,v 1.160.6.118 2021/12/30 02:40:28 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -174,6 +174,7 @@ use File::Copy; use Locale::Language; use DateTime::TimeZone; use DateTime::Locale; +use Net::CIDR; my $registered_cleanup; my $modified_urls; @@ -217,26 +218,13 @@ sub handler { 'serverstatuses','requestcourses','helpsettings', 'coursedefaults','usersessions','loadbalancing', 'requestauthor','selfenrollment','inststatus', - 'passwords','ltitools'],$dom); - if (ref($domconfig{'ltitools'}) eq 'HASH') { - my %encconfig = - &Apache::lonnet::get_dom('encconfig',['ltitools'],$dom); - if (ref($encconfig{'ltitools'}) eq 'HASH') { - foreach my $id (keys(%{$domconfig{'ltitools'}})) { - if (ref($domconfig{'ltitools'}{$id}) eq 'HASH') { - foreach my $item ('key','secret') { - $domconfig{'ltitools'}{$id}{$item} = $encconfig{'ltitools'}{$id}{$item}; - } - } - } - } - } - my @prefs_order = ('rolecolors','login','defaults','passwords','quotas','autoenroll', - 'autoupdate','autocreate','directorysrch','contacts', - 'usercreation','selfcreation','usermodification','scantron', - 'requestcourses','requestauthor','coursecategories', + 'passwords','wafproxy','ipaccess'],$dom); + my @prefs_order = ('rolecolors','login','ipaccess','defaults','wafproxy','passwords', + 'quotas','autoenroll','autoupdate','autocreate','directorysrch', + 'contacts','usercreation','selfcreation','usermodification', + 'scantron','requestcourses','requestauthor','coursecategories', 'serverstatuses','helpsettings','coursedefaults', - 'ltitools','selfenrollment','usersessions'); + 'selfenrollment','usersessions'); my %existing; if (ref($domconfig{'loadbalancing'}) eq 'HASH') { %existing = %{$domconfig{'loadbalancing'}}; @@ -267,7 +255,10 @@ sub handler { {col1 => 'Log-in Help', col2 => 'Value'}, {col1 => 'Custom HTML in document head', - col2 => 'Value'}], + col2 => 'Value'}, + {col1 => 'SSO', + col2 => 'Dual login: SSO and non-SSO options'}, + ], print => \&print_login, modify => \&modify_login, }, @@ -281,6 +272,17 @@ sub handler { print => \&print_defaults, modify => \&modify_defaults, }, + 'wafproxy' => + { text => 'Web Application Firewall/Reverse Proxy', + help => 'Domain_Configuration_WAF_Proxy', + header => [{col1 => 'Domain(s)', + col2 => 'Servers and WAF/Reverse Proxy alias(es)', + }, + {col1 => 'Domain(s)', + col2 => 'WAF Configuration',}], + print => \&print_wafproxy, + modify => \&modify_wafproxy, + }, 'passwords' => { text => 'Passwords (Internal authentication)', help => 'Domain_Configuration_Passwords', @@ -504,14 +506,14 @@ sub handler { print => \&print_loadbalancing, modify => \&modify_loadbalancing, }, - 'ltitools' => - {text => 'External Tools (LTI)', - help => 'Domain_Configuration_LTI_Tools', - header => [{col1 => 'Setting', - col2 => 'Value',}], - print => \&print_ltitools, - modify => \&modify_ltitools, - }, + 'ipaccess' => + {text => 'IP-based access control', + help => 'Domain_Configuration_IP_Access', + header => [{col1 => 'Setting', + col2 => 'Value'},], + print => \&print_ipaccess, + modify => \&modify_ipaccess, + }, ); if (keys(%servers) > 1) { $prefs{'login'} = { text => 'Log-in page options', @@ -523,7 +525,10 @@ sub handler { {col1 => 'Log-in Help', col2 => 'Value'}, {col1 => 'Custom HTML in document head', - col2 => 'Value'}], + col2 => 'Value'}, + {col1 => 'SSO', + col2 => 'Dual login: SSO and non-SSO options'}, + ], print => \&print_login, modify => \&modify_login, }; @@ -564,6 +569,8 @@ $javascript_validations $coursebrowserjs END + } elsif (grep(/^ipaccess$/,@actions)) { + $js .= &Apache::loncommon::coursebrowser_javascript($env{'request.role.domain'}); } if (grep(/^selfcreation$/,@actions)) { $js .= &selfcreate_javascript(); @@ -696,8 +703,10 @@ sub process_changes { $output = &modify_loadbalancing($dom,%domconfig); } elsif ($action eq 'passwords') { $output = &modify_passwords($r,$dom,$confname,$lastactref,%domconfig); - } elsif ($action eq 'ltitools') { - $output = &modify_ltitools($r,$dom,$action,$lastactref,%domconfig); + } elsif ($action eq 'wafproxy') { + $output = &modify_wafproxy($dom,$action,$lastactref,%domconfig); + } elsif ($action eq 'ipaccess') { + $output = &modify_ipaccess($dom,$lastactref,%domconfig); } return $output; } @@ -728,13 +737,21 @@ sub print_config_box { $output = &Apache::lonuserutils::custom_roledefs_js($context,$crstype,$formname,\%full, \@templateroles); - } elsif ($action eq 'ltitools') { - $output .= <itools_javascript($settings); + } elsif ($action eq 'wafproxy') { + $output .= &wafproxy_javascript($dom); + } elsif ($action eq 'autoupdate') { + $output .= &autoupdate_javascript(); + } elsif ($action eq 'autoenroll') { + $output .= &autoenroll_javascript(); + } elsif ($action eq 'login') { + $output .= &saml_javascript(); + } elsif ($action eq 'ipaccess') { + $output .= &ipaccess_javascript($settings); } $output .= ' - '."\n". ''; @@ -746,10 +763,10 @@ sub print_config_box { if ($numheaders > 1) { my $colspan = ''; my $rightcolspan = ''; - my $leftnobr = ''; + my $leftnobr = ''; if (($action eq 'rolecolors') || ($action eq 'defaults') || ($action eq 'directorysrch') || - (($action eq 'login') && ($numheaders < 4))) { + (($action eq 'login') && ($numheaders < 5))) { $colspan = ' colspan="2"'; } if ($action eq 'usersessions') { @@ -770,7 +787,7 @@ sub print_config_box { if (($action eq 'autoupdate') || ($action eq 'usercreation') || ($action eq 'selfcreation') || ($action eq 'usermodification') || ($action eq 'defaults') || ($action eq 'coursedefaults') || ($action eq 'selfenrollment') || ($action eq 'usersessions') || ($action eq 'directorysrch') || - ($action eq 'helpsettings') || ($action eq 'contacts')) { + ($action eq 'helpsettings') || ($action eq 'contacts') || ($action eq 'wafproxy')) { $output .= $item->{'print'}->('top',$dom,$settings,\$rowtotal); } elsif ($action eq 'passwords') { $output .= $item->{'print'}->('top',$dom,$confname,$settings,\$rowtotal); @@ -779,7 +796,7 @@ sub print_config_box { } elsif ($action eq 'scantron') { $output .= $item->{'print'}->($r,'top',$dom,$confname,$settings,\$rowtotal); } elsif ($action eq 'login') { - if ($numheaders == 4) { + if ($numheaders == 5) { $colspan = ' colspan="2"'; $output .= &print_login('service',$dom,$confname,$phase,$settings,\$rowtotal); } else { @@ -822,7 +839,7 @@ sub print_config_box { '; + } elsif ($caller eq 'saml') { + my %domservers = &Apache::lonnet::get_servers($dom); + $datatable .= ''; } return $datatable; } @@ -1406,10 +1513,204 @@ sub login_choices { headtag => "Custom markup", action => "Action", current => "Current", + samllanding => "Dual login?", + samloptions => "Options", ); return %choices; } +sub login_file_options { + return &Apache::lonlocal::texthash( + del => 'Delete?', + rep => 'Replace:', + upl => 'Upload:', + curr => 'View contents', + default => 'Default', + custom => 'Custom', + none => 'None', + ); +} + +sub print_ipaccess { + my ($dom,$settings,$rowtotal) = @_; + my $css_class; + my $itemcount = 0; + my $datatable; + my %ordered; + if (ref($settings) eq 'HASH') { + foreach my $item (keys(%{$settings})) { + if (ref($settings->{$item}) eq 'HASH') { + my $num = $settings->{$item}{'order'}; + if ($num eq '') { + $num = scalar(keys(%{$settings})); + } + $ordered{$num} = $item; + } + } + } + my $maxnum = scalar(keys(%ordered)); + if (keys(%ordered)) { + my @items = sort { $a <=> $b } keys(%ordered); + for (my $i=0; $i<@items; $i++) { + $css_class = $itemcount%2?' class="LC_odd_row"':''; + my $item = $ordered{$items[$i]}; + my ($name,$ipranges,%commblocks,%courses); + if (ref($settings->{$item}) eq 'HASH') { + $name = $settings->{$item}->{'name'}; + $ipranges = $settings->{$item}->{'ip'}; + if (ref($settings->{$item}->{'commblocks'}) eq 'HASH') { + %commblocks = %{$settings->{$item}->{'commblocks'}}; + } + if (ref($settings->{$item}->{'courses'}) eq 'HASH') { + %courses = %{$settings->{$item}->{'courses'}}; + } + } + my $chgstr = ' onchange="javascript:reorderIPaccess(this.form,'."'ipaccess_pos_".$item."'".');"'; + $datatable .= ''. + ''; + $itemcount ++; + } + } + $css_class = $itemcount%2?' class="LC_odd_row"':''; + my $chgstr = ' onchange="javascript:reorderIPaccess(this.form,'."'ipaccess_pos_add'".');"'; + $datatable .= ''."\n". + ''."\n". + ''."\n"; + $$rowtotal ++; + return $datatable; +} + +sub ipaccess_options { + my ($num,$itemcount,$dom,$name,$ipranges,$blocksref,$coursesref) = @_; + my (%currblocks,%currcourses,$output); + if (ref($blocksref) eq 'HASH') { + %currblocks = %{$blocksref}; + } + if (ref($coursesref) eq 'HASH') { + %currcourses = %{$coursesref}; + } + $output = '
'.&mt('Location(s)').''. + ''.&mt('Name').': '. + ''. + '
'. + '
'.&mt('IP Range(s)').''. + &mt('Format for each IP range').': '.&mt('A.B.C.D/N or A.B.C.D-E.F.G.H').'
'. + &mt('Range(s) will be stored as IP netblock(s) in CIDR notation (comma separated)').'
'. + '
'. + '
'.&mt('Functionality Blocked?').''. + &blocker_checkboxes($num,$blocksref).'
'. + '
'.&mt('Courses/Communities allowed').''. + '
'. + '. &mt($item->{text}).' '. &Apache::loncommon::help_open_topic($item->{'help'}).'
- + '."\n"; if ($action eq 'coursecategories') { @@ -842,7 +859,7 @@ sub print_config_box { @@ -889,7 +906,7 @@ sub print_config_box { + + + '; } elsif ($caller eq 'help') { - my ($defaulturl,$defaulttype,%url,%type,%lt,%langchoices); - my $switchserver = &check_switchserver($dom,$confname); + my ($defaulturl,$defaulttype,%url,%type,%langchoices); my $itemcount = 1; $defaulturl = '/adm/loginproblems.html'; $defaulttype = 'default'; - %lt = &Apache::lonlocal::texthash ( - del => 'Delete?', - rep => 'Replace:', - upl => 'Upload:', - default => 'Default', - custom => 'Custom', - ); %langchoices = &Apache::lonlocal::texthash(&get_languages_hash()); my @currlangs; if (ref($settings) eq 'HASH') { @@ -1339,14 +1372,6 @@ sub print_login { } } } - my %lt = &Apache::lonlocal::texthash( - del => 'Delete?', - rep => 'Replace:', - upl => 'Upload:', - curr => 'View contents', - none => 'None', - ); - my $switchserver = &check_switchserver($dom,$confname); foreach my $lonhost (sort(keys(%domservers))) { my $exempt = &check_exempt_addresses($currexempt{$lonhost}); $datatable .= ''; @@ -1370,6 +1395,88 @@ sub print_login { $datatable .= ''; } $datatable .= '
'.&mt($item->{'header'}->[2]->{'col1'}).''.&mt($item->{'header'}->[2]->{'col1'}).' '.&mt($item->{'header'}->[2]->{'col2'}).'
- + '."\n"; if ($action eq 'passwords') { $output .= $item->{'print'}->('bottom',$dom,$confname,$settings,\$rowtotal); @@ -860,12 +877,12 @@ sub print_config_box { $rowtotal ++; } elsif (($action eq 'usermodification') || ($action eq 'coursedefaults') || ($action eq 'defaults') || ($action eq 'directorysrch') || - ($action eq 'helpsettings')) { + ($action eq 'helpsettings') || ($action eq 'wafproxy')) { $output .= $item->{'print'}->('bottom',$dom,$settings,\$rowtotal); } elsif ($action eq 'scantron') { $output .= $item->{'print'}->($r,'bottom',$dom,$confname,$settings,\$rowtotal); } elsif ($action eq 'login') { - if ($numheaders == 4) { + if ($numheaders == 5) { $output .= &print_login('page',$dom,$confname,$phase,$settings,\$rowtotal).'
'.&mt($item->{'header'}->[3]->{'col1'}).''.&mt($item->{'header'}->[3]->{'col1'}).' '.&mt($item->{'header'}->[3]->{'col2'}).'
'; - if ($numheaders == 4) { + if ($numheaders == 5) { $output .= ' @@ -901,7 +918,27 @@ sub print_config_box { '; } $rowtotal ++; - $output .= &print_login('headtag',$dom,$confname,$phase,$settings,\$rowtotal); + $output .= &print_login('headtag',$dom,$confname,$phase,$settings,\$rowtotal).' +
'.&mt($item->{'header'}->[3]->{'col1'}).' '.&mt($item->{'header'}->[3]->{'col2'}).'
+
+ + '; + if ($numheaders == 5) { + $output .= ' + + + '; + } else { + $output .= ' + + + '; + } + $rowtotal ++; + $output .= &print_login('saml',$dom,$confname,$phase,$settings,\$rowtotal); } elsif ($action eq 'requestcourses') { $output .= &print_requestmail($dom,$action,$settings,\$rowtotal); $rowtotal ++; @@ -1021,7 +1058,7 @@ sub print_config_box { $output .= &print_quotas($dom,$settings,\$rowtotal,$action); } elsif (($action eq 'autoenroll') || ($action eq 'autocreate') || ($action eq 'serverstatuses') || ($action eq 'loadbalancing') || - ($action eq 'ltitools')) { + ($action eq 'ipaccess')) { $output .= $item->{'print'}->($dom,$settings,\$rowtotal); } } @@ -1035,8 +1072,12 @@ sub print_config_box { sub print_login { my ($caller,$dom,$confname,$phase,$settings,$rowtotal) = @_; - my ($css_class,$datatable); + my ($css_class,$datatable,$switchserver,%lt); my %choices = &login_choices(); + if (($caller eq 'help') || ($caller eq 'headtag') || ($caller eq 'saml')) { + %lt = &login_file_options(); + $switchserver = &check_switchserver($dom,$confname); + } if ($caller eq 'service') { my %servers = &Apache::lonnet::internet_dom_servers($dom); @@ -1231,18 +1272,10 @@ sub print_login { $datatable .= &display_color_options($dom,$confname,$phase,'login',$itemcount,\%choices,\%is_custom,\%defaults,\%designs,\@images,\@bgs,\@links,\%alt_text,$rowtotal,\@logintext); $datatable .= '
'.&mt($item->{'header'}->[4]->{'col1'}).''.&mt($item->{'header'}->[4]->{'col2'}).'
'.&mt($item->{'header'}->[3]->{'col1'}).''.&mt($item->{'header'}->[3]->{'col2'}).'
'.$domservers{$lonhost}.'
'. + ''. + ''. + ''."\n"; + my (%saml,%samltext,%samlimg,%samlalt,%samlurl,%samltitle,%samlnotsso,%styleon,%styleoff); + foreach my $lonhost (keys(%domservers)) { + $samlurl{$lonhost} = '/adm/sso'; + $styleon{$lonhost} = 'display:none'; + $styleoff{$lonhost} = ''; + } + if (ref($settings->{'saml'}) eq 'HASH') { + foreach my $lonhost (keys(%{$settings->{'saml'}})) { + if (ref($settings->{'saml'}{$lonhost}) eq 'HASH') { + $saml{$lonhost} = 1; + $samltext{$lonhost} = $settings->{'saml'}{$lonhost}{'text'}; + $samlimg{$lonhost} = $settings->{'saml'}{$lonhost}{'img'}; + $samlalt{$lonhost} = $settings->{'saml'}{$lonhost}{'alt'}; + $samlurl{$lonhost} = $settings->{'saml'}{$lonhost}{'url'}; + $samltitle{$lonhost} = $settings->{'saml'}{$lonhost}{'title'}; + $samlnotsso{$lonhost} = $settings->{'saml'}{$lonhost}{'notsso'}; + $styleon{$lonhost} = ''; + $styleoff{$lonhost} = 'display:none'; + } else { + $styleon{$lonhost} = 'display:none'; + $styleoff{$lonhost} = ''; + } + } + } + my $itemcount = 1; + foreach my $lonhost (sort(keys(%domservers))) { + my $samlon = ' '; + my $samloff = ' checked="checked" '; + if ($saml{$lonhost}) { + $samlon = $samloff; + $samloff = ' '; + } + my $css_class = $itemcount%2?' class="LC_odd_row"':''; + $datatable .= ''. + ''. + ''. + ''; + $itemcount ++; + } + $datatable .= '
'.$choices{'hostid'}.''.$choices{'samllanding'}.''.$choices{'samloptions'}.'
'.$domservers{$lonhost}.''.(' 'x2). + ''. + ''. + ''. + ''. + ''. + ''. + ''. + ''. + ''. + ''. + '
'.&mt('SSO').''. + ''.&mt('Non-SSO').'
'.&mt('Text').''.&mt('Image').''.&mt('Alt Text').''.&mt('URL').''.&mt('Tool Tip').''.&mt('Text').'
'; + if ($samlimg{$lonhost}) { + $datatable .= '
'. + ' '.$lt{'rep'}.''; + } else { + $datatable .= $lt{'upl'}; + } + $datatable .='
'; + if ($switchserver) { + $datatable .= &mt('Upload to library server: [_1]',$switchserver); + } else { + $datatable .= ''; + } + $datatable .= '
 
' + .''.(' 'x2). + ''. + &ipaccess_options($i,$itemcount,$dom,$name,$ipranges,\%commblocks,\%courses). + '
'."\n". + ''."\n". + ' '."\n". + ''.&mt('Add').''. + &ipaccess_options('add',$itemcount,$dom). + '
'; + foreach my $cid (sort(keys(%currcourses))) { + my %courseinfo = &Apache::lonnet::coursedescription($cid,{'one_time' => 1}); + $output .= ''; + } + $output .= '
'. + ''. + ' ('.$cid.')
'.&mt('Add').': '. + ''. + &Apache::loncommon::selectcourse_link('display','ipaccess_cnum_'.$num,'ipaccess_cdom_'.$num,'ipaccess_cdesc_'.$num,$dom,undef,'Course/Community'). + ''. + ''. + '
'."\n". + ''; + return $output; +} + +sub blocker_checkboxes { + my ($num,$blocks) = @_; + my ($typeorder,$types) = &commblocktype_text(); + my $numinrow = 6; + my $output = ''; + for (my $i=0; $i<@{$typeorder}; $i++) { + my $block = $typeorder->[$i]; + my $blockstatus; + if (ref($blocks) eq 'HASH') { + if ($blocks->{$block} eq 'on') { + $blockstatus = 'checked="checked"'; + } + } + my $rem = $i%($numinrow); + if ($rem == 0) { + if ($i > 0) { + $output .= ''; + } + $output .= ''; + } + if ($i == scalar(@{$typeorder})-1) { + my $colsleft = $numinrow-$rem; + if ($colsleft > 1) { + $output .= ''; + } + $output .= '
'; + } else { + $output .= ''; + } + } else { + $output .= ''; + } + my $item = 'ipaccess_block_'.$num; + if ($blockstatus) { + $blockstatus = ' '.$blockstatus; + } + $output .= ''."\n". + '
'; + return $output; +} + +sub commblocktype_text { + my %types = &Apache::lonlocal::texthash( + 'com' => 'Messaging', + 'chat' => 'Chat Room', + 'boards' => 'Discussion', + 'port' => 'Portfolio', + 'groups' => 'Groups', + 'blogs' => 'Blogs', + 'about' => 'User Information', + 'printout' => 'Printouts', + 'passwd' => 'Change Password', + 'grades' => 'Gradebook', + 'search' => 'Course search', + 'wishlist' => 'Stored links', + 'annotate' => 'Annotations', + ); + my $typeorder = ['com','chat','boards','port','groups','blogs','about','wishlist','printout','grades','search','annotate','passwd']; + return ($typeorder,\%types); +} + sub print_rolecolors { my ($phase,$role,$dom,$confname,$settings,$rowtotal) = @_; my %choices = &color_font_choices(); @@ -2382,8 +2683,7 @@ sub print_textbookcourses { (' 'x2). ''.&mt('Thumbnail:'); if ($image) { - $datatable .= ''. - $imgsrc. + $datatable .= $imgsrc. ' '. ' '.&mt('Replace:').' '; @@ -2537,33 +2837,258 @@ $jstext{'templates'}; ENDSCRIPT } -sub ltitools_javascript { - my ($settings) = @_; - my $togglejs = <itools_toggle_js(); - unless (ref($settings) eq 'HASH') { - return $togglejs; +sub wafproxy_javascript { + my ($dom) = @_; + return <<"ENDSCRIPT"; + + +ENDSCRIPT +} + +sub autoupdate_javascript { + return <<"ENDSCRIPT"; + + +ENDSCRIPT +} + +sub autoenroll_javascript { + return <<"ENDSCRIPT"; + + +ENDSCRIPT +} + +sub saml_javascript { + return <<"ENDSCRIPT"; + + +ENDSCRIPT +} + +sub ipaccess_javascript { + my ($settings) = @_; my (%ordered,$total,%jstext); $total = 0; - foreach my $item (keys(%{$settings})) { - if (ref($settings->{$item}) eq 'HASH') { - my $num = $settings->{$item}{'order'}; - $ordered{$num} = $item; + if (ref($settings) eq 'HASH') { + foreach my $item (keys(%{$settings})) { + if (ref($settings->{$item}) eq 'HASH') { + my $num = $settings->{$item}{'order'}; + $ordered{$num} = $item; + } } + $total = scalar(keys(%{$settings})); } - $total = scalar(keys(%{$settings})); my @jsarray = (); foreach my $item (sort {$a <=> $b } (keys(%ordered))) { push(@jsarray,$ordered{$item}); } - my $jstext = ' var ltitools = Array('."'".join("','",@jsarray)."'".');'."\n"; + my $jstext = ' var ipaccess = Array('."'".join("','",@jsarray)."'".');'."\n"; return <<"ENDSCRIPT"; - -$togglejs - -ENDSCRIPT -} - -sub ltitools_toggle_js { - return <<"ENDSCRIPT"; - @@ -2642,7 +3135,12 @@ ENDSCRIPT sub print_autoenroll { my ($dom,$settings,$rowtotal) = @_; my $autorun = &Apache::lonnet::auto_run(undef,$dom), - my ($defdom,$runon,$runoff,$coownerson,$coownersoff,$failsafe); + my ($defdom,$runon,$runoff,$coownerson,$coownersoff, + $failsafe,$autofailsafe,$failsafesty,%failsafechecked); + $failsafesty = 'none'; + %failsafechecked = ( + off => ' checked="checked"', + ); if (ref($settings) eq 'HASH') { if (exists($settings->{'run'})) { if ($settings->{'run'} eq '0') { @@ -2676,8 +3174,24 @@ sub print_autoenroll { if (exists($settings->{'sender_domain'})) { $defdom = $settings->{'sender_domain'}; } - if (exists($settings->{'autofailsafe'})) { - $failsafe = $settings->{'autofailsafe'}; + if (exists($settings->{'failsafe'})) { + $failsafe = $settings->{'failsafe'}; + if ($failsafe eq 'zero') { + $failsafechecked{'zero'} = ' checked="checked"'; + $failsafechecked{'off'} = ''; + $failsafesty = 'inline-block'; + } elsif ($failsafe eq 'any') { + $failsafechecked{'any'} = ' checked="checked"'; + $failsafechecked{'off'} = ''; + } + $autofailsafe = $settings->{'autofailsafe'}; + } elsif (exists($settings->{'autofailsafe'})) { + $autofailsafe = $settings->{'autofailsafe'}; + if ($autofailsafe ne '') { + $failsafechecked{'zero'} = ' checked="checked"'; + $failsafe = 'zero'; + $failsafechecked{'off'} = ''; + } } } else { if ($autorun) { @@ -2716,51 +3230,84 @@ sub print_autoenroll { $coownersoff.' value="0" />'.&mt('No').''. ''. ''.&mt('Failsafe for no drops when institutional data missing').''. - ''. - ''; + ''. + '    '. + '
'. + ''. + '
'. + ''. + &mt('Threshold for number of students in section to drop: [_1]', + ''). + '
'; $$rowtotal += 4; return $datatable; } sub print_autoupdate { my ($position,$dom,$settings,$rowtotal) = @_; - my $datatable; + my ($enable,$datatable); if ($position eq 'top') { + my %choices = &Apache::lonlocal::texthash ( + run => 'Auto-update active?', + classlists => 'Update information in classlists?', + unexpired => 'Skip updates for users without active or future roles?', + lastactive => 'Skip updates for inactive users?', + ); + my $itemcount = 0; my $updateon = ' '; my $updateoff = ' checked="checked" '; - my $classlistson = ' '; - my $classlistsoff = ' checked="checked" '; if (ref($settings) eq 'HASH') { if ($settings->{'run'} eq '1') { $updateon = $updateoff; $updateoff = ' '; } - if ($settings->{'classlists'} eq '1') { - $classlistson = $classlistsoff; - $classlistsoff = ' '; - } } - my %title = ( - run => 'Auto-update active?', - classlists => 'Update information in classlists?', - ); - $datatable = ''. - ''.&mt($title{'run'}).''. - ' '. ''. - ''. - ''.&mt($title{'classlists'}).''. - ''. - ' '. - ''. + $updateon.'value="1" />'.&mt('Yes').'
'. ''; - $$rowtotal += 2; + my @toggles = ('classlists','unexpired'); + my %defaultchecked = ('classlists' => 'off', + 'unexpired' => 'off' + ); + $$rowtotal ++; + ($datatable,$itemcount) = &radiobutton_prefs($settings,\@toggles,\%defaultchecked, + \%choices,$itemcount,'','','left','no'); + $datatable = $enable.$datatable; + $$rowtotal += $itemcount; + my $lastactiveon = ' '; + my $lastactiveoff = ' checked="checked" '; + my $lastactivestyle = 'none'; + my $lastactivedays; + my $onclick = ' onclick="javascript:toggleLastActiveDays(this.form);"'; + if (ref($settings) eq 'HASH') { + if ($settings->{'lastactive'} =~ /^\d+$/) { + $lastactiveon = $lastactiveoff; + $lastactiveoff = ' '; + $lastactivestyle = 'inline-block'; + $lastactivedays = $settings->{'lastactive'}; + } + } + my $css_class = $itemcount%2?' class="LC_odd_row"':''; + $datatable .= ''. + ''.$choices{'lastactive'}.''. + ''. + ' '. + '
'. + ': '.&mt('inactive = no activity in last [_1] days', + ''). + ''. + ''; + $$rowtotal ++; } elsif ($position eq 'middle') { my ($othertitle,$usertypes,$types) = &Apache::loncommon::sorted_inst_types($dom); my $numinrow = 3; @@ -3889,7 +4436,7 @@ sub helpdeskroles_access { sub radiobutton_prefs { my ($settings,$toggles,$defaultchecked,$choices,$itemcount,$onclick, - $additional,$align) = @_; + $additional,$align,$firstval) = @_; return unless ((ref($toggles) eq 'ARRAY') && (ref($defaultchecked) eq 'HASH') && (ref($choices) eq 'HASH')); @@ -3929,426 +4476,26 @@ sub radiobutton_prefs { } else { $datatable .= ''; } - $datatable .= - ''. + $datatable .= ''; + if ($firstval eq 'no') { + $datatable .= + ' '; + } else { + $datatable .= ' '. - ''.$additional. - ''. - ''; + $checkedoff{$item}.' value="0"'.$onclick.' />'.&mt('No').''; + } + $datatable .= ''.$additional.''; $itemcount ++; } return ($datatable,$itemcount); } -sub print_ltitools { - my ($dom,$settings,$rowtotal) = @_; - my $rownum = 0; - my $css_class; - my $itemcount = 1; - my $maxnum = 0; - my %ordered; - if (ref($settings) eq 'HASH') { - foreach my $item (keys(%{$settings})) { - if (ref($settings->{$item}) eq 'HASH') { - my $num = $settings->{$item}{'order'}; - $ordered{$num} = $item; - } - } - } - my $confname = $dom.'-domainconfig'; - my $switchserver = &check_switchserver($dom,$confname); - my $maxnum = scalar(keys(%ordered)); - my $datatable; - my %lt = <itools_names(); - my @courseroles = ('cc','in','ta','ep','st'); - my @ltiroles = qw(Instructor ContentDeveloper TeachingAssistant Learner); - my @fields = ('fullname','firstname','lastname','email','roles','user'); - if (keys(%ordered)) { - my @items = sort { $a <=> $b } keys(%ordered); - for (my $i=0; $i<@items; $i++) { - $css_class = $itemcount%2?' class="LC_odd_row"':''; - my $item = $ordered{$items[$i]}; - my ($title,$key,$secret,$url,$lifetime,$imgsrc,%sigsel); - if (ref($settings->{$item}) eq 'HASH') { - $title = $settings->{$item}->{'title'}; - $url = $settings->{$item}->{'url'}; - $key = $settings->{$item}->{'key'}; - $secret = $settings->{$item}->{'secret'}; - $lifetime = $settings->{$item}->{'lifetime'}; - my $image = $settings->{$item}->{'image'}; - if ($image ne '') { - $imgsrc = ''.&mt('Tool Provider icon').''; - } - if ($settings->{$item}->{'sigmethod'} eq 'HMAC-256') { - $sigsel{'HMAC-256'} = ' selected="selected"'; - } else { - $sigsel{'HMAC-SHA1'} = ' selected="selected"'; - } - } - my $chgstr = ' onchange="javascript:reorderLTITools(this.form,'."'ltitools_".$item."'".');"'; - $datatable .= '' - .''.(' 'x2). - ''. - ''. - '
'.&mt('Required settings').''. - ''.$lt{'title'}.': '. - (' 'x2). - ''.$lt{'version'}.': '. - (' 'x2). - ''.$lt{'msgtype'}.': '. - (' 'x2). - ''.$lt{'sigmethod'}.':'. - '

'. - ''.$lt{'url'}.':'. - (' 'x2). - ''.$lt{'key'}.':'. - ' '. - (' 'x2). - ''.$lt{'lifetime'}.':'. - ' '. - (' 'x2). - ''.$lt{'secret'}.':'. - ''. - ''. - ''. - '
'. - '
'.&mt('Optional settings').''. - ''.&mt('Display target:'); - my %currdisp; - if (ref($settings->{$item}->{'display'}) eq 'HASH') { - if ($settings->{$item}->{'display'}->{'target'} eq 'window') { - $currdisp{'window'} = ' checked="checked"'; - } elsif ($settings->{$item}->{'display'}->{'target'} eq 'tab') { - $currdisp{'tab'} = ' checked="checked"'; - } else { - $currdisp{'iframe'} = ' checked="checked"'; - } - if ($settings->{$item}->{'display'}->{'width'} =~ /^(\d+)$/) { - $currdisp{'width'} = $1; - } - if ($settings->{$item}->{'display'}->{'height'} =~ /^(\d+)$/) { - $currdisp{'height'} = $1; - } - $currdisp{'linktext'} = $settings->{$item}->{'display'}->{'linktext'}; - $currdisp{'explanation'} = $settings->{$item}->{'display'}->{'explanation'}; - } else { - $currdisp{'iframe'} = ' checked="checked"'; - } - foreach my $disp ('iframe','tab','window') { - $datatable .= ''.(' 'x2); - } - $datatable .= (' 'x4); - foreach my $dimen ('width','height') { - $datatable .= ''. - (' 'x2); - } - $datatable .= '
'. - '
'.$lt{'linktext'}.'
'. - '
'. - '
'.$lt{'explanation'}.'
'. - '
'. - '
'; - $datatable .= ''.$lt{'icon'}.': '; - if ($imgsrc) { - $datatable .= $imgsrc. - ' '. - ' '.&mt('Replace:').' '; - } else { - $datatable .= '('.&mt('if larger than 21x21 pixels, image will be scaled').') '; - } - if ($switchserver) { - $datatable .= &mt('Upload to library server: [_1]',$switchserver); - } else { - $datatable .= ''; - } - $datatable .= '
'; - my (%checkedfields,%rolemaps,$userincdom); - if (ref($settings->{$item}) eq 'HASH') { - if (ref($settings->{$item}->{'fields'}) eq 'HASH') { - %checkedfields = %{$settings->{$item}->{'fields'}}; - } - $userincdom = $settings->{$item}->{'incdom'}; - if (ref($settings->{$item}->{'roles'}) eq 'HASH') { - %rolemaps = %{$settings->{$item}->{'roles'}}; - $checkedfields{'roles'} = 1; - } - } - $datatable .= '
'.&mt('User data sent on launch').''. - ''; - my $userfieldstyle = 'display:none;'; - my $seluserdom = ''; - my $unseluserdom = ' selected="selected"'; - foreach my $field (@fields) { - my ($checked,$onclick,$id,$spacer); - if ($checkedfields{$field}) { - $checked = ' checked="checked"'; - } - if ($field eq 'user') { - $id = ' id="ltitools_user_field_'.$i.'"'; - $onclick = ' onclick="toggleLTITools(this.form,'."'$field','$i'".')"'; - if ($checked) { - $userfieldstyle = 'display:inline-block'; - if ($userincdom) { - $seluserdom = $unseluserdom; - $unseluserdom = ''; - } - } - } else { - $spacer = (' ' x2); - } - $datatable .= ''.$spacer; - } - $datatable .= ''; - $datatable .= '
'. - ' : '. - '
'; - $datatable .= '
'. - '
'.&mt('Role mapping').''; - foreach my $role (@courseroles) { - my ($selected,$selectnone); - if (!$rolemaps{$role}) { - $selectnone = ' selected="selected"'; - } - $datatable .= ''; - } - $datatable .= '
'. - &Apache::lonnet::plaintext($role,'Course').'
'. - '
'; - my %courseconfig; - if (ref($settings->{$item}) eq 'HASH') { - if (ref($settings->{$item}->{'crsconf'}) eq 'HASH') { - %courseconfig = %{$settings->{$item}->{'crsconf'}}; - } - } - $datatable .= '
'.&mt('Configurable in course').''; - foreach my $item ('label','title','target','linktext','explanation','append') { - my $checked; - if ($courseconfig{$item}) { - $checked = ' checked="checked"'; - } - $datatable .= ''.(' ' x2)."\n"; - } - $datatable .= '
'. - '
'.&mt('Custom items sent on launch').''. - ''; - if (ref($settings->{$item}->{'custom'}) eq 'HASH') { - my %custom = %{$settings->{$item}->{'custom'}}; - if (keys(%custom) > 0) { - foreach my $key (sort(keys(%custom))) { - $datatable .= ''. - ''; - } - } - } - $datatable .= ''; - $datatable .= '
'.&mt('Action').''.&mt('Name').''.&mt('Value').'
'. - ''.$key.'
'. - ''. - '
'."\n"; - $itemcount ++; - } - } - $css_class = $itemcount%2?' class="LC_odd_row"':''; - my $chgstr = ' onchange="javascript:reorderLTITools(this.form,'."'ltitools_add_pos'".');"'; - $datatable .= ''."\n". - ''."\n". - ' '."\n". - ''.&mt('Add').''."\n". - ''. - '
'.&mt('Required settings').''. - ''.$lt{'title'}.': '."\n". - (' 'x2). - ''.$lt{'version'}.': '."\n". - (' 'x2). - ''.$lt{'msgtype'}.': '. - ''.$lt{'sigmethod'}.':'. - '
'. - ''.$lt{'url'}.': '."\n". - (' 'x2). - ''.$lt{'key'}.': '."\n". - (' 'x2). - ''.$lt{'lifetime'}.': '."\n". - (' 'x2). - ''.$lt{'secret'}.':'. - ' '."\n". - '
'. - '
'.&mt('Optional settings').''. - ''.&mt('Display target:'); - my %defaultdisp; - $defaultdisp{'iframe'} = ' checked="checked"'; - foreach my $disp ('iframe','tab','window') { - $datatable .= ''.(' 'x2); - } - $datatable .= (' 'x4); - foreach my $dimen ('width','height') { - $datatable .= ''. - (' 'x2); - } - $datatable .= '
'. - '
'.$lt{'linktext'}.'
'. - '
'. - '
'.$lt{'explanation'}.'
'. - ''. - '
'. - '
'; - $datatable .= ''.$lt{'icon'}.': '. - '('.&mt('if larger than 21x21 pixels, image will be scaled').') '; - if ($switchserver) { - $datatable .= &mt('Upload to library server: [_1]',$switchserver); - } else { - $datatable .= ''; - } - $datatable .= '
'. - '
'.&mt('User data sent on launch').''. - ''; - foreach my $field (@fields) { - my ($id,$onclick,$spacer); - if ($field eq 'user') { - $id = ' id="ltitools_user_field_add"'; - $onclick = ' onclick="toggleLTITools(this.form,'."'$field','add'".')"'; - } else { - $spacer = (' ' x2); - } - $datatable .= ''.$spacer; - } - $datatable .= ''. - '
'; - $datatable .= '
'.&mt('Role mapping').''; - foreach my $role (@courseroles) { - my ($checked,$checkednone); - $datatable .= ''; - } - $datatable .= '
'. - &Apache::lonnet::plaintext($role,'Course').'
'. - '
'. - '
'.&mt('Configurable in course').''; - foreach my $item ('label','title','target','linktext','explanation','append') { - $datatable .= ''.(' ' x2)."\n"; - } - $datatable .= '
'. - '
'.&mt('Custom items sent on launch').''. - ''. - ''. - '
'.&mt('Action').''.&mt('Name').''.&mt('Value').'
'. - ''. - '
'."\n". - ''."\n". - ''."\n"; - $itemcount ++; - return $datatable; -} - -sub ltitools_names { - my %lt = &Apache::lonlocal::texthash( - 'title' => 'Title', - 'version' => 'Version', - 'msgtype' => 'Message Type', - 'sigmethod' => 'Signature Method', - 'url' => 'URL', - 'key' => 'Key', - 'lifetime' => 'Nonce lifetime (s)', - 'secret' => 'Secret', - 'icon' => 'Icon', - 'user' => 'User', - 'fullname' => 'Full Name', - 'firstname' => 'First Name', - 'lastname' => 'Last Name', - 'email' => 'E-mail', - 'roles' => 'Role', - 'window' => 'Window', - 'tab' => 'Tab', - 'iframe' => 'iFrame', - 'height' => 'Height', - 'width' => 'Width', - 'linktext' => 'Default Link Text', - 'explanation' => 'Default Explanation', - 'crstarget' => 'Display target', - 'crslabel' => 'Course label', - 'crstitle' => 'Course title', - 'crslinktext' => 'Link Text', - 'crsexplanation' => 'Explanation', - 'crsappend' => 'Provider URL', - ); - - return %lt; -} - sub print_coursedefaults { my ($position,$dom,$settings,$rowtotal) = @_; my ($css_class,$datatable,%checkedon,%checkedoff,%defaultchecked,@toggles); @@ -4359,6 +4506,7 @@ sub print_coursedefaults { coursecredits => 'Credits can be specified for courses', uselcmath => 'Math preview uses LON-CAPA previewer (javascript) in place of DragMath (Java)', usejsme => 'Molecule editor uses JSME (HTML5) in place of JME (Java)', + inline_chem => 'Use inline previewer for chemical reaction response in place of pop-up', texengine => 'Default method to display mathematics', postsubmit => 'Disable submit button/keypress following student submission', canclone => "People who may clone a course (besides course's owner and coordinators)", @@ -4374,9 +4522,10 @@ sub print_coursedefaults { %defaultchecked = ( 'uselcmath' => 'on', 'usejsme' => 'on', + 'inline_chem' => 'on', 'canclone' => 'none', ); - @toggles = ('uselcmath','usejsme'); + @toggles = ('uselcmath','usejsme','inline_chem'); my $deftex = $Apache::lonnet::deftex; if (ref($settings) eq 'HASH') { if ($settings->{'texengine'}) { @@ -4415,7 +4564,7 @@ sub print_coursedefaults { my $currcanclone = 'none'; my $onclick; my @cloneoptions = ('none','domain'); - my %clonetitles = ( + my %clonetitles = &Apache::lonlocal::texthash ( none => 'No additional course requesters', domain => "Any course requester in course's domain", instcode => 'Course requests for official courses ...', @@ -5283,6 +5432,313 @@ sub print_passwords { return $datatable; } +sub print_wafproxy { + my ($position,$dom,$settings,$rowtotal) = @_; + my $css_class; + my $itemcount = 0; + my $datatable; + my %servers = &Apache::lonnet::internet_dom_servers($dom); + my (%othercontrol,%otherdoms,%aliases,%saml,%values,$setdom,$showdom); + my %lt = &wafproxy_titles(); + foreach my $server (sort(keys(%servers))) { + my $serverhome = &Apache::lonnet::get_server_homeID($servers{$server}); + next if ($serverhome eq ''); + my $serverdom; + if ($serverhome ne $server) { + $serverdom = &Apache::lonnet::host_domain($serverhome); + if (($serverdom ne '') && (&Apache::lonnet::domain($serverdom) ne '')) { + $othercontrol{$server} = $serverdom; + } + } else { + $serverdom = &Apache::lonnet::host_domain($server); + next if (($serverdom eq '') || (&Apache::lonnet::domain($serverdom) eq '')); + if ($serverdom ne $dom) { + $othercontrol{$server} = $serverdom; + } else { + $setdom = 1; + if (ref($settings) eq 'HASH') { + if (ref($settings->{'alias'}) eq 'HASH') { + $aliases{$dom} = $settings->{'alias'}; + if ($aliases{$dom} ne '') { + $showdom = 1; + } + } + if (ref($settings->{'saml'}) eq 'HASH') { + $saml{$dom} = $settings->{'saml'}; + } + } + } + } + } + if ($setdom) { + %{$values{$dom}} = (); + if (ref($settings) eq 'HASH') { + foreach my $item ('remoteip','ipheader','trusted','vpnint','vpnext') { + $values{$dom}{$item} = $settings->{$item}; + } + } + } + if (keys(%othercontrol)) { + %otherdoms = reverse(%othercontrol); + foreach my $domain (keys(%otherdoms)) { + %{$values{$domain}} = (); + my %config = &Apache::lonnet::get_dom('configuration',['wafproxy'],$domain); + if (ref($config{'wafproxy'}) eq 'HASH') { + $aliases{$domain} = $config{'wafproxy'}{'alias'}; + if (exists($config{'wafproxy'}{'saml'})) { + $saml{$domain} = $config{'wafproxy'}{'saml'}; + } + foreach my $item ('remoteip','ipheader','trusted','vpnint','vpnext') { + $values{$domain}{$item} = $config{'wafproxy'}{$item}; + } + } + } + } + if ($position eq 'top') { + my %servers = &Apache::lonnet::internet_dom_servers($dom); + my %aliasinfo; + foreach my $server (sort(keys(%servers))) { + $itemcount ++; + my $dom_in_effect; + my $aliasrows = ''. + ''. + &mt('Hostname').': '. + ''.&Apache::lonnet::hostname($server).' '; + if ($othercontrol{$server}) { + $dom_in_effect = $othercontrol{$server}; + my ($current,$forsaml); + if (ref($aliases{$dom_in_effect}) eq 'HASH') { + $current = $aliases{$dom_in_effect}{$server}; + } + if (ref($saml{$dom_in_effect}) eq 'HASH') { + if ($saml{$dom_in_effect}{$server}) { + $forsaml = 1; + } + } + $aliasrows .= ''. + &mt('Alias').': '; + if ($current) { + $aliasrows .= $current; + if ($forsaml) { + $aliasrows .= ' ('.&mt('also for SSO Auth').')'; + } + } else { + $aliasrows .= &mt('None'); + } + $aliasrows .= ' ('. + &mt('controlled by domain: [_1]', + ''.$dom_in_effect.'').')'; + } else { + $dom_in_effect = $dom; + my ($current,$samlon,$samloff); + $samloff = ' checked="checked"'; + if (ref($aliases{$dom}) eq 'HASH') { + if ($aliases{$dom}{$server}) { + $current = $aliases{$dom}{$server}; + } + } + if (ref($saml{$dom}) eq 'HASH') { + if ($saml{$dom}{$server}) { + $samlon = $samloff; + undef($samloff); + } + } + $aliasrows .= ''. + &mt('Alias').': '. + ''. + (' 'x2).''. + &mt('Alias used for SSO Auth').':  '. + ''; + } + $aliasrows .= ''; + $aliasinfo{$dom_in_effect} .= $aliasrows; + } + if ($aliasinfo{$dom}) { + my ($onclick,$wafon,$wafoff,$showtable); + $onclick = ' onclick="javascript:toggleWAF();"'; + $wafoff = ' checked="checked"'; + $showtable = ' style="display:none";'; + if ($showdom) { + $wafon = $wafoff; + $wafoff = ''; + $showtable = ' style="display:inline;"'; + } + $css_class = $itemcount%2 ? ' class="LC_odd_row"' : ''; + $datatable = ''. + ''.&mt('Domain: [_1]',''.$dom.'').'
'. + ''.&mt('WAF in use?').' '.(' 'x2).''. + ''. + ''.$aliasinfo{$dom}. + '
'; + $itemcount++; + } + if (keys(%otherdoms)) { + foreach my $key (sort(keys(%otherdoms))) { + $css_class = $itemcount%2 ? ' class="LC_odd_row"' : ''; + $datatable .= ''. + ''.&mt('Domain: [_1]',''.$key.'').''. + ''.$aliasinfo{$key}. + '
'; + $itemcount++; + } + } + } else { + my %ip_methods = &remoteip_methods(); + if ($setdom) { + $itemcount ++; + $css_class = $itemcount%2 ? ' class="LC_odd_row"' : ''; + my ($nowafstyle,$wafstyle,$curr_remotip,$currwafdisplay,$vpndircheck,$vpnaliascheck, + $currwafvpn,$wafrangestyle,$alltossl,$ssltossl); + $wafstyle = ' style="display:none;"'; + $nowafstyle = ' style="display:table-row;"'; + $currwafdisplay = ' style="display: none"'; + $wafrangestyle = ' style="display: none"'; + $curr_remotip = 'n'; + $ssltossl = ' checked="checked"'; + if ($showdom) { + $wafstyle = ' style="display:table-row;"'; + $nowafstyle = ' style="display:none;"'; + if (keys(%{$values{$dom}})) { + if ($values{$dom}{remoteip} =~ /^[nmh]$/) { + $curr_remotip = $values{$dom}{remoteip}; + } + if ($curr_remotip eq 'h') { + $currwafdisplay = ' style="display:table-row"'; + $wafrangestyle = ' style="display:inline-block;"'; + } + if ($values{$dom}{'sslopt'}) { + $alltossl = ' checked="checked"'; + $ssltossl = ''; + } + } + if (($values{$dom}{'vpnint'} ne '') || ($values{$dom}{'vpnext'} ne '')) { + $vpndircheck = ' checked="checked"'; + $currwafvpn = ' style="display:table-row;"'; + $wafrangestyle = ' style="display:inline-block;"'; + } else { + $vpnaliascheck = ' checked="checked"'; + $currwafvpn = ' style="display:none;"'; + } + } + $datatable .= ''. + ''.&mt('Domain: [_1]',''.$dom.'').''. + ''.&mt('WAF not in use, nothing to set').''. + ''. + ''. + ''.&mt('Domain: [_1]',''.$dom.'').'

'. + '
'.&mt('Format for comma separated IP ranges').':
'. + &mt('A.B.C.D/N or A.B.C.D-E.F.G.H').'
'. + &mt('Range(s) stored in CIDR notation').'
'. + ''. + ''. + ''."\n". + ''."\n". + ''."\n". + ''."\n". + ''. + ''; + foreach my $item ('vpnint','vpnext') { + $datatable .= ''. + ''."\n"; + } + $datatable .= ''."\n". + ''. + ''."\n". + '
'.$lt{'remoteip'}.': '. + '
'. + $lt{'ipheader'}.': '. + ''. + '
'. + $lt{'trusted'}.':
'. + ''. + '

'.$lt{'vpnaccess'}.':
'. + ''.(' 'x2). + '
'.$lt{$item}.':
'. + ''. + '

'.$lt{'sslopt'}.':
'. + ''.(' 'x2). + '
'; + } + if (keys(%otherdoms)) { + foreach my $domain (sort(keys(%otherdoms))) { + $itemcount ++; + $css_class = $itemcount%2 ? ' class="LC_odd_row"' : ''; + $datatable .= ''. + ''.&mt('Domain: [_1]',''.$domain.'').''. + ''; + foreach my $item ('remoteip','ipheader','trusted','vpnint','vpnext','sslopt') { + my $showval = &mt('None'); + if ($item eq 'ssl') { + $showval = $lt{'ssltossl'}; + } + if ($values{$domain}{$item}) { + $showval = $values{$domain}{$item}; + if ($item eq 'ssl') { + $showval = $lt{'alltossl'}; + } elsif ($item eq 'remoteip') { + $showval = $ip_methods{$values{$domain}{$item}}; + } + } + $datatable .= ''. + ''; + } + $datatable .= '
'.$lt{$item}.': '.$showval.'
'; + } + } + } + $$rowtotal += $itemcount; + return $datatable; +} + +sub wafproxy_titles { + return &Apache::lonlocal::texthash( + remoteip => "Method for determining user's IP", + ipheader => 'Request header containing remote IP', + trusted => 'Trusted IP range(s)', + vpnaccess => 'Access from institutional VPN', + vpndirect => 'via regular hostname (no WAF)', + vpnaliased => 'via aliased hostname (WAF)', + vpnint => 'Internal IP Range(s) for VPN sessions', + vpnext => 'IP Range(s) for backend WAF connections', + sslopt => 'Forwarding http/https', + alltossl => 'WAF forwards both http and https requests to https', + ssltossl => 'WAF forwards http requests to http and https to https', + ); +} + +sub remoteip_methods { + return &Apache::lonlocal::texthash( + m => 'Use Apache mod_remoteip', + h => 'Use headers parsed by LON-CAPA', + n => 'Not in use', + ); +} + sub print_usersessions { my ($position,$dom,$settings,$rowtotal) = @_; my ($css_class,$datatable,%checked,%choices); @@ -7171,7 +7627,7 @@ sub print_defaults { $datatable .= ' '.&mt('Internal ID:').' '.$item.' '. ''. &mt('delete').''. - ''.&mt('Name displayed:'). + ''.&mt('Name displayed').':'. ''. ''; } @@ -7191,7 +7647,7 @@ sub print_defaults { ''. ' '.&mt('(new)'). ''. - &mt('Name displayed:'). + &mt('Name displayed').':'. ''. ''."\n"; $rownum ++; @@ -8161,7 +8617,7 @@ ENDSCRIPT sub initialize_categories { my ($itemcount) = @_; my ($datatable,$css_class,$chgstr); - my %default_names = ( + my %default_names = &Apache::lonlocal::texthash ( instcode => 'Official courses (with institutional codes)', communities => 'Communities', ); @@ -8619,12 +9075,14 @@ sub usertype_update_row { sub modify_login { my ($r,$dom,$confname,$lastactref,%domconfig) = @_; my ($resulttext,$errors,$colchgtext,%changes,%colchanges,%newfile,%newurl, - %curr_loginvia,%loginhash,@currlangs,@newlangs,$addedfile,%title,@offon); + %curr_loginvia,%loginhash,@currlangs,@newlangs,$addedfile,%title,@offon, + %currsaml,%saml,%samltext,%samlimg,%samlalt,%samlurl,%samltitle,%samlnotsso); %title = ( coursecatalog => 'Display course catalog', adminmail => 'Display administrator E-mail address', helpdesk => 'Display "Contact Helpdesk" link', newuser => 'Link for visitors to create a user account', - loginheader => 'Log-in box header'); + loginheader => 'Log-in box header', + saml => 'Dual SSO and non-SSO login'); @offon = ('off','on'); if (ref($domconfig{login}) eq 'HASH') { if (ref($domconfig{login}{loginvia}) eq 'HASH') { @@ -8632,6 +9090,20 @@ sub modify_login { $curr_loginvia{$lonhost} = $domconfig{login}{loginvia}{$lonhost}; } } + if (ref($domconfig{login}{'saml'}) eq 'HASH') { + foreach my $lonhost (keys(%{$domconfig{login}{'saml'}})) { + if (ref($domconfig{login}{'saml'}{$lonhost}) eq 'HASH') { + $currsaml{$lonhost} = $domconfig{login}{'saml'}{$lonhost}; + $saml{$lonhost} = 1; + $samltext{$lonhost} = $domconfig{login}{'saml'}{$lonhost}{'text'}; + $samlurl{$lonhost} = $domconfig{login}{'saml'}{$lonhost}{'url'}; + $samlalt{$lonhost} = $domconfig{login}{'saml'}{$lonhost}{'alt'}; + $samlimg{$lonhost} = $domconfig{login}{'saml'}{$lonhost}{'img'}; + $samltitle{$lonhost} = $domconfig{login}{'saml'}{$lonhost}{'title'}; + $samlnotsso{$lonhost} = $domconfig{login}{'saml'}{$lonhost}{'notsso'}; + } + } + } } ($errors,%colchanges) = &modify_colors($r,$dom,$confname,['login'], \%domconfig,\%loginhash); @@ -8878,6 +9350,89 @@ sub modify_login { $errors .= '
  • '.$error.'
  • '; } } + my @delsamlimg = &Apache::loncommon::get_env_multiple('form.saml_img_del'); + my @newsamlimgs; + foreach my $lonhost (keys(%domservers)) { + if ($env{'form.saml_'.$lonhost}) { + if ($env{'form.saml_img_'.$lonhost.'.filename'}) { + push(@newsamlimgs,$lonhost); + } + foreach my $item ('text','alt','url','title','notsso') { + $env{'form.saml_'.$item.'_'.$lonhost} =~ s/^\s+|\s+$//g; + } + if ($saml{$lonhost}) { + if (grep(/^\Q$lonhost\E$/,@delsamlimg)) { +#FIXME Need to obsolete published image + delete($currsaml{$lonhost}{'img'}); + $changes{'saml'}{$lonhost} = 1; + } + if ($env{'form.saml_alt_'.$lonhost} ne $samlalt{$lonhost}) { + $changes{'saml'}{$lonhost} = 1; + } + if ($env{'form.saml_text_'.$lonhost} ne $samltext{$lonhost}) { + $changes{'saml'}{$lonhost} = 1; + } + if ($env{'form.saml_url_'.$lonhost} ne $samlurl{$lonhost}) { + $changes{'saml'}{$lonhost} = 1; + } + if ($env{'form.saml_title_'.$lonhost} ne $samltitle{$lonhost}) { + $changes{'saml'}{$lonhost} = 1; + } + if ($env{'form.saml_notsso_'.$lonhost} ne $samlnotsso{$lonhost}) { + $changes{'saml'}{$lonhost} = 1; + } + } else { + $changes{'saml'}{$lonhost} = 1; + } + foreach my $item ('text','alt','url','title','notsso') { + $currsaml{$lonhost}{$item} = $env{'form.saml_'.$item.'_'.$lonhost}; + } + } else { + if ($saml{$lonhost}) { + $changes{'saml'}{$lonhost} = 1; + delete($currsaml{$lonhost}); + } + } + } + foreach my $posshost (keys(%currsaml)) { + unless (exists($domservers{$posshost})) { + delete($currsaml{$posshost}); + } + } + %{$loginhash{'login'}{'saml'}} = %currsaml; + if (@newsamlimgs) { + my $error; + my ($configuserok,$author_ok,$switchserver) = &config_check($dom,$confname,$servadm); + if ($configuserok eq 'ok') { + if ($switchserver) { + $error = &mt("Upload of SSO Button Image is not permitted to this server: [_1].",$switchserver); + } elsif ($author_ok eq 'ok') { + foreach my $lonhost (@newsamlimgs) { + my $formelem = 'saml_img_'.$lonhost; + my ($result,$imgurl) = &publishlogo($r,'upload',$formelem,$dom,$confname, + "login/saml/$lonhost",'','', + $env{'form.saml_img_'.$lonhost.'.filename'}); + if ($result eq 'ok') { + $currsaml{$lonhost}{'img'} = $imgurl; + $loginhash{'login'}{'saml'}{$lonhost}{'img'} = $imgurl; + $changes{'saml'}{$lonhost} = 1; + } else { + my $puberror = &mt("Upload of SSO button image failed for [_1] because an error occurred publishing the file in RES space. Error was: [_2].", + $lonhost,$result); + $errors .= '
  • '.$puberror.'
  • '; + } + } + } else { + $error = &mt("Upload of SSO button image file(s) failed because an author role could not be assigned to a Domain Configuration user ([_1]) in domain: [_2]. Error was: [_3].",$confname,$dom,$author_ok); + } + } else { + $error = &mt("Upload of SSO button image file(s) failed because a Domain Configuration user ([_1]) could not be created in domain: [_2]. Error was: [_3].",$confname,$dom,$configuserok); + } + if ($error) { + &Apache::lonnet::logthis($error); + $errors .= '
  • '.$error.'
  • '; + } + } &process_captcha('login',\%changes,$loginhash{'login'},$domconfig{'login'}); my $defaulthelpfile = '/adm/loginproblems.html'; @@ -8918,6 +9473,31 @@ sub modify_login { } if (keys(%changes) > 0 || $colchgtext) { &Apache::loncommon::devalidate_domconfig_cache($dom); + if (exists($changes{'saml'})) { + my $hostid_in_use; + my @hosts = &Apache::lonnet::current_machine_ids(); + if (@hosts > 1) { + foreach my $hostid (@hosts) { + if (&Apache::lonnet::host_domain($hostid) eq $dom) { + $hostid_in_use = $hostid; + last; + } + } + } else { + $hostid_in_use = $r->dir_config('lonHostID'); + } + if (($hostid_in_use) && + (&Apache::lonnet::host_domain($hostid_in_use) eq $dom)) { + &Apache::lonnet::devalidate_cache_new('samllanding',$hostid_in_use); + } + if (ref($lastactref) eq 'HASH') { + if (ref($changes{'saml'}) eq 'HASH') { + my %updates; + map { $updates{$_} = 1; } keys(%{$changes{'saml'}}); + $lastactref->{'samllanding'} = \%updates; + } + } + } if (ref($lastactref) eq 'HASH') { $lastactref->{'domainconfig'} = 1; } @@ -8997,6 +9577,38 @@ sub modify_login { } } } + } elsif ($item eq 'saml') { + if (ref($changes{$item}) eq 'HASH') { + my %notlt = ( + text => 'Text for log-in by SSO', + img => 'SSO button image', + alt => 'Alt text for button image', + url => 'SSO URL', + title => 'Tooltip for SSO link', + notsso => 'Text for non-SSO log-in', + ); + foreach my $lonhost (sort(keys(%{$changes{$item}}))) { + if (ref($currsaml{$lonhost}) eq 'HASH') { + $resulttext .= '
  • '.&mt("$title{$item} in use for [_1]","$lonhost"). + '
      '; + foreach my $key ('text','img','alt','url','title','notsso') { + if ($currsaml{$lonhost}{$key} eq '') { + $resulttext .= '
    • '.&mt("$notlt{$key} not in use").'
    • '; + } else { + my $value = "'$currsaml{$lonhost}{$key}'"; + if ($key eq 'img') { + $value = ''; + } + $resulttext .= '
    • '.&mt("$notlt{$key} set to: [_1]", + $value).'
    • '; + } + } + $resulttext .= '
  • '; + } else { + $resulttext .= '
  • '.&mt("$title{$item} not in use for [_1]",$lonhost).'
  • '; + } + } + } } elsif ($item eq 'captcha') { if (ref($loginhash{'login'}) eq 'HASH') { my $chgtxt; @@ -9099,6 +9711,283 @@ sub color_font_choices { return %choices; } +sub modify_ipaccess { + my ($dom,$lastactref,%domconfig) = @_; + my (@allpos,%changes,%confhash,$errors,$resulttext); + my (@items,%deletions,%itemids,@warnings); + my ($typeorder,$types) = &commblocktype_text(); + if ($env{'form.ipaccess_add'}) { + my $name = $env{'form.ipaccess_name_add'}; + my ($newid,$error) = &get_ipaccess_id($dom,$name); + if ($newid) { + $itemids{'add'} = $newid; + push(@items,'add'); + $changes{$newid} = 1; + } else { + $error = &mt('Failed to acquire unique ID for new IP access control item'); + $errors .= '
  • '.$error.'
  • '; + } + } + if (ref($domconfig{'ipaccess'}) eq 'HASH') { + my @todelete = &Apache::loncommon::get_env_multiple('form.ipaccess_del'); + if (@todelete) { + map { $deletions{$_} = 1; } @todelete; + } + my $maxnum = $env{'form.ipaccess_maxnum'}; + for (my $i=0; $i<$maxnum; $i++) { + my $itemid = $env{'form.ipaccess_id_'.$i}; + $itemid =~ s/\D+//g; + if (ref($domconfig{'ipaccess'}{$itemid}) eq 'HASH') { + if ($deletions{$itemid}) { + $changes{$itemid} = $domconfig{'ipaccess'}{$itemid}{'name'}; + } else { + push(@items,$i); + $itemids{$i} = $itemid; + } + } + } + } + foreach my $idx (@items) { + my $itemid = $itemids{$idx}; + next unless ($itemid); + my %current; + unless ($idx eq 'add') { + if (ref($domconfig{'ipaccess'}{$itemid}) eq 'HASH') { + %current = %{$domconfig{'ipaccess'}{$itemid}}; + } + } + my $position = $env{'form.ipaccess_pos_'.$itemid}; + $position =~ s/\D+//g; + if ($position ne '') { + $allpos[$position] = $itemid; + } + my $name = $env{'form.ipaccess_name_'.$idx}; + $name =~ s/^\s+|\s+$//g; + $confhash{$itemid}{'name'} = $name; + my $possrange = $env{'form.ipaccess_range_'.$idx}; + $possrange =~ s/^\s+|\s+$//g; + unless ($possrange eq '') { + $possrange =~ s/[\r\n]+/\s/g; + $possrange =~ s/\s*-\s*/-/g; + $possrange =~ s/\s+/,/g; + $possrange =~ s/,+/,/g; + if ($possrange ne '') { + my (@ok,$count); + $count = 0; + foreach my $poss (split(/\,/,$possrange)) { + $count ++; + $poss = &validate_ip_pattern($poss); + if ($poss ne '') { + push(@ok,$poss); + } + } + my $diff = $count - scalar(@ok); + if ($diff) { + $errors .= '
  • '. + &mt('[quant,_1,IP] invalid and excluded from saved value for IP range(s) for [_2]', + $diff,$name). + '
  • '; + } + if (@ok) { + my @cidr_list; + foreach my $item (@ok) { + @cidr_list = &Net::CIDR::cidradd($item,@cidr_list); + } + $confhash{$itemid}{'ip'} = join(',',@cidr_list); + } + } + } + foreach my $field ('name','ip') { + unless (($idx eq 'add') || ($changes{$itemid})) { + if ($current{$field} ne $confhash{$itemid}{$field}) { + $changes{$itemid} = 1; + last; + } + } + } + $confhash{$itemid}{'commblocks'} = {}; + + my %commblocks; + map { $commblocks{$_} = 1; } &Apache::loncommon::get_env_multiple('form.ipaccess_block_'.$idx); + foreach my $type (@{$typeorder}) { + if ($commblocks{$type}) { + $confhash{$itemid}{'commblocks'}{$type} = 'on'; + } + unless (($idx eq 'add') || ($changes{$itemid})) { + if (ref($current{'commblocks'}) eq 'HASH') { + if ($confhash{$itemid}{'commblocks'}{$type} ne $current{'commblocks'}{$type}) { + $changes{$itemid} = 1; + } + } elsif ($confhash{$itemid}{'commblocks'}{$type}) { + $changes{$itemid} = 1; + } + } + } + $confhash{$itemid}{'courses'} = {}; + my %crsdeletions; + my @delcrs = &Apache::loncommon::get_env_multiple('form.ipaccess_course_delete_'.$idx); + if (@delcrs) { + map { $crsdeletions{$_} = 1; } @delcrs; + } + if (ref($current{'courses'}) eq 'HASH') { + foreach my $cid (sort(keys(%{$current{'courses'}}))) { + if ($crsdeletions{$cid}) { + $changes{$itemid} = 1; + } else { + $confhash{$itemid}{'courses'}{$cid} = 1; + } + } + } + $env{'form.ipaccess_cnum_'.$idx} =~ s/^\s+|\s+$//g; + $env{'form.ipaccess_cdom_'.$idx} =~ s/^\s+|\s+$//g; + if (($env{'form.ipaccess_cnum_'.$idx} =~ /^$match_courseid$/) && + ($env{'form.ipaccess_cdom_'.$idx} =~ /^$match_domain$/)) { + if (&Apache::lonnet::homeserver($env{'form.ipaccess_cnum_'.$idx}, + $env{'form.ipaccess_cdom_'.$idx}) eq 'no_host') { + $errors .= '
  • '. + &mt('Invalid courseID [_1] omitted from list of allowed courses', + $env{'form.ipaccess_cdom_'.$idx}.'_'.$env{'form.ipaccess_cnum_'.$idx}). + '
  • '; + } else { + $confhash{$itemid}{'courses'}{$env{'form.ipaccess_cdom_'.$idx}.'_'.$env{'form.ipaccess_cnum_'.$idx}} = 1; + $changes{$itemid} = 1; + } + } + } + if (@allpos > 0) { + my $idx = 0; + foreach my $itemid (@allpos) { + if ($itemid ne '') { + $confhash{$itemid}{'order'} = $idx; + unless ($changes{$itemid}) { + if (ref($domconfig{'ipaccess'}) eq 'HASH') { + if (ref($domconfig{'ipaccess'}{$itemid}) eq 'HASH') { + if ($domconfig{'ipaccess'}{$itemid}{'order'} ne $idx) { + $changes{$itemid} = 1; + } + } + } + } + $idx ++; + } + } + } + if (keys(%changes)) { + my %defaultshash = ( + ipaccess => \%confhash, + ); + my $putresult = &Apache::lonnet::put_dom('configuration',\%defaultshash, + $dom); + if ($putresult eq 'ok') { + my $cachetime = 1800; + &Apache::lonnet::do_cache_new('ipaccess',$dom,\%confhash,$cachetime); + if (ref($lastactref) eq 'HASH') { + $lastactref->{'ipaccess'} = 1; + } + $resulttext = &mt('Changes made:').'
      '; + my %bynum; + foreach my $itemid (sort(keys(%changes))) { + if (ref($confhash{$itemid}) eq 'HASH') { + my $position = $confhash{$itemid}{'order'}; + if ($position =~ /^\d+$/) { + $bynum{$position} = $itemid; + } + } + } + if (keys(%deletions)) { + foreach my $itemid (sort { $a <=> $b } keys(%deletions)) { + $resulttext .= '
    • '.&mt('Deleted: [_1]',$changes{$itemid}).'
    • '; + } + } + foreach my $pos (sort { $a <=> $b } keys(%bynum)) { + my $itemid = $bynum{$pos}; + if (ref($confhash{$itemid}) eq 'HASH') { + $resulttext .= '
    • '.$confhash{$itemid}{'name'}.'
        '; + my $position = $pos + 1; + $resulttext .= '
      • '.&mt('Order: [_1]',$position).'
      • '; + if ($confhash{$itemid}{'ip'} eq '') { + $resulttext .= '
      • '.&mt('No IP Range(s) set').'
      • '; + } else { + $resulttext .= '
      • '.&mt('IP Range(s): [_1]',$confhash{$itemid}{'ip'}).'
      • '; + } + if (keys(%{$confhash{$itemid}{'commblocks'}})) { + $resulttext .= '
      • '.&mt('Functionality Blocked: [_1]', + join(', ', map { $types->{$_}; } sort(keys(%{$confhash{$itemid}{'commblocks'}})))). + '
      • '; + } else { + $resulttext .= '
      • '.&mt('No functionality blocked').'
      • '; + } + if (keys(%{$confhash{$itemid}{'courses'}})) { + my @courses; + foreach my $cid (sort(keys(%{$confhash{$itemid}{'courses'}}))) { + my %courseinfo = &Apache::lonnet::coursedescription($cid,{'one_time' => 1}); + push(@courses,$courseinfo{'description'}.' ('.$cid.')'); + } + $resulttext .= '
      • '.&mt('Courses/Communities allowed').':
        • '. + join('
        • ',@courses).'
        '; + } else { + $resulttext .= '
      • '.&mt('No courses allowed').'
      • '; + } + $resulttext .= '
    • '; + } + } + $resulttext .= '
    '; + } else { + $errors .= '
  • '.&mt('Failed to save changes').'
  • '; + } + } else { + $resulttext = &mt('No changes made'); + } + if ($errors) { + $resulttext .= '

    '.&mt('The following errors occurred: ').'

      '. + $errors.'

    '; + } + return $resulttext; +} + +sub get_ipaccess_id { + my ($domain,$location) = @_; + # get lock on ipaccess db + my $lockhash = { + lock => $env{'user.name'}. + ':'.$env{'user.domain'}, + }; + my $tries = 0; + my $gotlock = &Apache::lonnet::newput_dom('ipaccess',$lockhash,$domain); + my ($id,$error); + + while (($gotlock ne 'ok') && ($tries<10)) { + $tries ++; + sleep (0.1); + $gotlock = &Apache::lonnet::newput_dom('ipaccess',$lockhash,$domain); + } + if ($gotlock eq 'ok') { + my %currids = &Apache::lonnet::dump_dom('ipaccess',$domain); + if ($currids{'lock'}) { + delete($currids{'lock'}); + if (keys(%currids)) { + my @curr = sort { $a <=> $b } keys(%currids); + if ($curr[-1] =~ /^\d+$/) { + $id = 1 + $curr[-1]; + } + } else { + $id = 1; + } + if ($id) { + unless (&Apache::lonnet::newput_dom('ipaccess',{ $id => $location },$domain) eq 'ok') { + $error = 'nostore'; + } + } else { + $error = 'nonumber'; + } + } + my $dellockoutcome = &Apache::lonnet::del_dom('ipaccess',['lock'],$domain); + } else { + $error = 'nolock'; + } + return ($id,$error); +} + sub modify_rolecolors { my ($r,$dom,$confname,$roles,$lastactref,%domconfig) = @_; my ($resulttext,%rolehash); @@ -10549,612 +11438,6 @@ sub process_textbook_image { return ($url,$error); } -sub modify_ltitools { - my ($r,$dom,$action,$lastactref,%domconfig) = @_; - my %domdefaults = &Apache::lonnet::get_domain_defaults($dom,1); - my ($newid,@allpos,%changes,%confhash,%encconfig,$errors,$resulttext); - my $confname = $dom.'-domainconfig'; - my $servadm = $r->dir_config('lonAdmEMail'); - my ($configuserok,$author_ok,$switchserver) = &config_check($dom,$confname,$servadm); - my (%posslti,%possfield); - my @courseroles = ('cc','in','ta','ep','st'); - my @ltiroles = qw(Instructor ContentDeveloper TeachingAssistant Learner); - map { $posslti{$_} = 1; } @ltiroles; - my @allfields = ('fullname','firstname','lastname','email','user','roles'); - map { $possfield{$_} = 1; } @allfields; - my %lt = <itools_names(); - if ($env{'form.ltitools_add'}) { - my $title = $env{'form.ltitools_add_title'}; - $title =~ s/(`)/'/g; - ($newid,my $error) = &get_ltitools_id($dom,$title); - if ($newid) { - my $position = $env{'form.ltitools_add_pos'}; - $position =~ s/\D+//g; - if ($position ne '') { - $allpos[$position] = $newid; - } - $changes{$newid} = 1; - foreach my $item ('title','url','key','secret','lifetime') { - $env{'form.ltitools_add_'.$item} =~ s/(`)/'/g; - if ($item eq 'lifetime') { - $env{'form.ltitools_add_'.$item} =~ s/[^\d.]//g; - } - if ($env{'form.ltitools_add_'.$item}) { - if (($item eq 'key') || ($item eq 'secret')) { - $encconfig{$newid}{$item} = $env{'form.ltitools_add_'.$item}; - } else { - $confhash{$newid}{$item} = $env{'form.ltitools_add_'.$item}; - } - } - } - if ($env{'form.ltitools_add_version'} eq 'LTI-1p0') { - $confhash{$newid}{'version'} = $env{'form.ltitools_add_version'}; - } - if ($env{'form.ltitools_add_msgtype'} eq 'basic-lti-launch-request') { - $confhash{$newid}{'msgtype'} = $env{'form.ltitools_add_msgtype'}; - } - if ($env{'form.ltitools_add_sigmethod'} eq 'HMAC-SHA256') { - $confhash{$newid}{'sigmethod'} = $env{'form.ltitools_add_sigmethod'}; - } else { - $confhash{$newid}{'sigmethod'} = 'HMAC-SHA1'; - } - foreach my $item ('width','height','linktext','explanation') { - $env{'form.ltitools_add_'.$item} =~ s/^\s+//; - $env{'form.ltitools_add_'.$item} =~ s/\s+$//; - if (($item eq 'width') || ($item eq 'height')) { - if ($env{'form.ltitools_add_'.$item} =~ /^\d+$/) { - $confhash{$newid}{'display'}{$item} = $env{'form.ltitools_add_'.$item}; - } - } else { - if ($env{'form.ltitools_add_'.$item} ne '') { - $confhash{$newid}{'display'}{$item} = $env{'form.ltitools_add_'.$item}; - } - } - } - if ($env{'form.ltitools_add_target'} eq 'window') { - $confhash{$newid}{'display'}{'target'} = $env{'form.ltitools_add_target'}; - } elsif ($env{'form.ltitools_add_target'} eq 'tab') { - $confhash{$newid}{'display'}{'target'} = $env{'form.ltitools_add_target'}; - } else { - $confhash{$newid}{'display'}{'target'} = 'iframe'; - } - if ($env{'form.ltitools_add_image.filename'} ne '') { - my ($imageurl,$error) = - &process_ltitools_image($r,$dom,$confname,'ltitools_add_image',$newid, - $configuserok,$switchserver,$author_ok); - if ($imageurl) { - $confhash{$newid}{'image'} = $imageurl; - } - if ($error) { - &Apache::lonnet::logthis($error); - $errors .= '
  • '.$error.'
  • '; - } - } - my @fields = &Apache::loncommon::get_env_multiple('form.ltitools_add_fields'); - foreach my $field (@fields) { - if ($possfield{$field}) { - if ($field eq 'roles') { - foreach my $role (@courseroles) { - my $choice = $env{'form.ltitools_add_roles_'.$role}; - if (($choice ne '') && ($posslti{$choice})) { - $confhash{$newid}{'roles'}{$role} = $choice; - if ($role eq 'cc') { - $confhash{$newid}{'roles'}{'co'} = $choice; - } - } - } - } else { - $confhash{$newid}{'fields'}{$field} = 1; - } - } - } - if (ref($confhash{$newid}{'fields'}) eq 'HASH') { - if ($confhash{$newid}{'fields'}{'user'}) { - if ($env{'form.ltitools_userincdom_add'}) { - $confhash{$newid}{'incdom'} = 1; - } - } - } - my @courseconfig = &Apache::loncommon::get_env_multiple('form.ltitools_courseconfig'); - foreach my $item (@courseconfig) { - $confhash{$newid}{'crsconf'}{$item} = 1; - } - if ($env{'form.ltitools_add_custom'}) { - my $name = $env{'form.ltitools_add_custom_name'}; - my $value = $env{'form.ltitools_add_custom_value'}; - $value =~ s/(`)/'/g; - $name =~ s/(`)/'/g; - $confhash{$newid}{'custom'}{$name} = $value; - } - } else { - my $error = &mt('Failed to acquire unique ID for new external tool'); - $errors .= '
  • '.$error.'
  • '; - } - } - if (ref($domconfig{$action}) eq 'HASH') { - my %deletions; - my @todelete = &Apache::loncommon::get_env_multiple('form.ltitools_del'); - if (@todelete) { - map { $deletions{$_} = 1; } @todelete; - } - my %customadds; - my @newcustom = &Apache::loncommon::get_env_multiple('form.ltitools_customadd'); - if (@newcustom) { - map { $customadds{$_} = 1; } @newcustom; - } - my %imgdeletions; - my @todeleteimages = &Apache::loncommon::get_env_multiple('form.ltitools_image_del'); - if (@todeleteimages) { - map { $imgdeletions{$_} = 1; } @todeleteimages; - } - my $maxnum = $env{'form.ltitools_maxnum'}; - for (my $i=0; $i<=$maxnum; $i++) { - my $itemid = $env{'form.ltitools_id_'.$i}; - $itemid =~ s/\D+//g; - if (ref($domconfig{$action}{$itemid}) eq 'HASH') { - if ($deletions{$itemid}) { - if ($domconfig{$action}{$itemid}{'image'}) { - #FIXME need to obsolete item in RES space - } - $changes{$itemid} = $domconfig{$action}{$itemid}{'title'}; - next; - } else { - my $newpos = $env{'form.ltitools_'.$itemid}; - $newpos =~ s/\D+//g; - foreach my $item ('title','url','lifetime') { - $confhash{$itemid}{$item} = $env{'form.ltitools_'.$item.'_'.$i}; - if ($domconfig{$action}{$itemid}{$item} ne $confhash{$itemid}{$item}) { - $changes{$itemid} = 1; - } - } - foreach my $item ('key','secret') { - $encconfig{$itemid}{$item} = $env{'form.ltitools_'.$item.'_'.$i}; - if ($domconfig{$action}{$itemid}{$item} ne $encconfig{$itemid}{$item}) { - $changes{$itemid} = 1; - } - } - if ($env{'form.ltitools_version_'.$i} eq 'LTI-1p0') { - $confhash{$itemid}{'version'} = $env{'form.ltitools_version_'.$i}; - } - if ($env{'form.ltitools_msgtype_'.$i} eq 'basic-lti-launch-request') { - $confhash{$itemid}{'msgtype'} = $env{'form.ltitools_msgtype_'.$i}; - } - if ($env{'form.ltitools_sigmethod_'.$i} eq 'HMAC-SHA256') { - $confhash{$itemid}{'sigmethod'} = $env{'form.ltitools_sigmethod_'.$i}; - } else { - $confhash{$itemid}{'sigmethod'} = 'HMAC-SHA1'; - } - if ($domconfig{$action}{$itemid}{'sigmethod'} eq '') { - if ($confhash{$itemid}{'sigmethod'} ne 'HMAC-SHA1') { - $changes{$itemid} = 1; - } - } elsif ($domconfig{$action}{$itemid}{'sigmethod'} ne $confhash{$itemid}{'sigmethod'}) { - $changes{$itemid} = 1; - } - foreach my $size ('width','height') { - $env{'form.ltitools_'.$size.'_'.$i} =~ s/^\s+//; - $env{'form.ltitools_'.$size.'_'.$i} =~ s/\s+$//; - if ($env{'form.ltitools_'.$size.'_'.$i} =~ /^\d+$/) { - $confhash{$itemid}{'display'}{$size} = $env{'form.ltitools_'.$size.'_'.$i}; - if (ref($domconfig{$action}{$itemid}{'display'}) eq 'HASH') { - if ($domconfig{$action}{$itemid}{'display'}{$size} ne $confhash{$itemid}{'display'}{$size}) { - $changes{$itemid} = 1; - } - } else { - $changes{$itemid} = 1; - } - } elsif (ref($domconfig{$action}{$itemid}{'display'}) eq 'HASH') { - if ($domconfig{$action}{$itemid}{'display'}{$size} ne '') { - $changes{$itemid} = 1; - } - } - } - foreach my $item ('linktext','explanation') { - $env{'form.ltitools_'.$item.'_'.$i} =~ s/^\s+//; - $env{'form.ltitools_'.$item.'_'.$i} =~ s/\s+$//; - if ($env{'form.ltitools_'.$item.'_'.$i} ne '') { - $confhash{$itemid}{'display'}{$item} = $env{'form.ltitools_'.$item.'_'.$i}; - if (ref($domconfig{$action}{$itemid}{'display'}) eq 'HASH') { - if ($domconfig{$action}{$itemid}{'display'}{$item} ne $confhash{$itemid}{'display'}{$item}) { - $changes{$itemid} = 1; - } - } else { - $changes{$itemid} = 1; - } - } elsif (ref($domconfig{$action}{$itemid}{'display'}) eq 'HASH') { - if ($domconfig{$action}{$itemid}{'display'}{$item} ne '') { - $changes{$itemid} = 1; - } - } - } - if ($env{'form.ltitools_target_'.$i} eq 'window') { - $confhash{$itemid}{'display'}{'target'} = $env{'form.ltitools_target_'.$i}; - } elsif ($env{'form.ltitools_target_'.$i} eq 'tab') { - $confhash{$itemid}{'display'}{'target'} = $env{'form.ltitools_target_'.$i}; - } else { - $confhash{$itemid}{'display'}{'target'} = 'iframe'; - } - if (ref($domconfig{$action}{$itemid}{'display'}) eq 'HASH') { - if ($domconfig{$action}{$itemid}{'display'}{'target'} ne $confhash{$itemid}{'display'}{'target'}) { - $changes{$itemid} = 1; - } - } else { - $changes{$itemid} = 1; - } - my @courseconfig = &Apache::loncommon::get_env_multiple('form.ltitools_courseconfig_'.$i); - foreach my $item ('label','title','target','linktext','explanation','append') { - if (grep(/^\Q$item\E$/,@courseconfig)) { - $confhash{$itemid}{'crsconf'}{$item} = 1; - if (ref($domconfig{$action}{$itemid}{'crsconf'}) eq 'HASH') { - if ($domconfig{$action}{$itemid}{'crsconf'}{$item} ne $confhash{$itemid}{'crsconf'}{$item}) { - $changes{$itemid} = 1; - } - } else { - $changes{$itemid} = 1; - } - } - } - my @fields = &Apache::loncommon::get_env_multiple('form.ltitools_fields_'.$i); - foreach my $field (@fields) { - if ($possfield{$field}) { - if ($field eq 'roles') { - foreach my $role (@courseroles) { - my $choice = $env{'form.ltitools_roles_'.$role.'_'.$i}; - if (($choice ne '') && ($posslti{$choice})) { - $confhash{$itemid}{'roles'}{$role} = $choice; - if ($role eq 'cc') { - $confhash{$itemid}{'roles'}{'co'} = $choice; - } - } - if (ref($domconfig{$action}{$itemid}{'roles'}) eq 'HASH') { - if ($domconfig{$action}{$itemid}{'roles'}{$role} ne $confhash{$itemid}{'roles'}{$role}) { - $changes{$itemid} = 1; - } - } elsif ($confhash{$itemid}{'roles'}{$role}) { - $changes{$itemid} = 1; - } - } - } else { - $confhash{$itemid}{'fields'}{$field} = 1; - if (ref($domconfig{$action}{$itemid}{'fields'}) eq 'HASH') { - if ($domconfig{$action}{$itemid}{'fields'}{$field} ne $confhash{$itemid}{'fields'}{$field}) { - $changes{$itemid} = 1; - } - } else { - $changes{$itemid} = 1; - } - } - } - } - if (ref($confhash{$itemid}{'fields'}) eq 'HASH') { - if ($confhash{$itemid}{'fields'}{'user'}) { - if ($env{'form.ltitools_userincdom_'.$i}) { - $confhash{$itemid}{'incdom'} = 1; - } - if ($domconfig{$action}{$itemid}{'incdom'} ne $confhash{$itemid}{'incdom'}) { - $changes{$itemid} = 1; - } - } - } - $allpos[$newpos] = $itemid; - } - if ($imgdeletions{$itemid}) { - $changes{$itemid} = 1; - #FIXME need to obsolete item in RES space - } elsif ($env{'form.ltitools_image_'.$i.'.filename'}) { - my ($imgurl,$error) = &process_ltitools_image($r,$dom,$confname,'ltitools_image_'.$i, - $itemid,$configuserok,$switchserver, - $author_ok); - if ($imgurl) { - $confhash{$itemid}{'image'} = $imgurl; - $changes{$itemid} = 1; - } - if ($error) { - &Apache::lonnet::logthis($error); - $errors .= '
  • '.$error.'
  • '; - } - } elsif ($domconfig{$action}{$itemid}{'image'}) { - $confhash{$itemid}{'image'} = - $domconfig{$action}{$itemid}{'image'}; - } - if ($customadds{$i}) { - my $name = $env{'form.ltitools_custom_name_'.$i}; - $name =~ s/(`)/'/g; - $name =~ s/^\s+//; - $name =~ s/\s+$//; - my $value = $env{'form.ltitools_custom_value_'.$i}; - $value =~ s/(`)/'/g; - $value =~ s/^\s+//; - $value =~ s/\s+$//; - if ($name ne '') { - $confhash{$itemid}{'custom'}{$name} = $value; - $changes{$itemid} = 1; - } - } - my %customdels; - my @customdeletions = &Apache::loncommon::get_env_multiple('form.ltitools_customdel_'.$i); - if (@customdeletions) { - $changes{$itemid} = 1; - } - map { $customdels{$_} = 1; } @customdeletions; - if (ref($domconfig{$action}{$itemid}{'custom'}) eq 'HASH') { - foreach my $key (keys(%{$domconfig{$action}{$itemid}{'custom'}})) { - unless ($customdels{$key}) { - if ($env{'form.ltitools_customval_'.$key.'_'.$i} ne '') { - $confhash{$itemid}{'custom'}{$key} = $env{'form.ltitools_customval_'.$key.'_'.$i}; - } - if ($domconfig{$action}{$itemid}{'custom'}{$key} ne $env{'form.ltitools_customval_'.$key.'_'.$i}) { - $changes{$itemid} = 1; - } - } - } - } - unless ($changes{$itemid}) { - foreach my $key (keys(%{$domconfig{$action}{$itemid}})) { - if (ref($domconfig{$action}{$itemid}{$key}) eq 'HASH') { - if (ref($confhash{$itemid}{$key}) eq 'HASH') { - foreach my $innerkey (keys(%{$domconfig{$action}{$itemid}{$key}})) { - unless (exists($confhash{$itemid}{$key}{$innerkey})) { - $changes{$itemid} = 1; - last; - } - } - } elsif (keys(%{$domconfig{$action}{$itemid}{$key}}) > 0) { - $changes{$itemid} = 1; - } - } - last if ($changes{$itemid}); - } - } - } - } - } - if (@allpos > 0) { - my $idx = 0; - foreach my $itemid (@allpos) { - if ($itemid ne '') { - $confhash{$itemid}{'order'} = $idx; - if (ref($domconfig{$action}) eq 'HASH') { - if (ref($domconfig{$action}{$itemid}) eq 'HASH') { - if ($domconfig{$action}{$itemid}{'order'} ne $idx) { - $changes{$itemid} = 1; - } - } - } - $idx ++; - } - } - } - my %ltitoolshash = ( - $action => { %confhash } - ); - my $putresult = &Apache::lonnet::put_dom('configuration',\%ltitoolshash, - $dom); - if ($putresult eq 'ok') { - my %ltienchash = ( - $action => { %encconfig } - ); - &Apache::lonnet::put_dom('encconfig',\%ltienchash,$dom); - if (keys(%changes) > 0) { - my $cachetime = 24*60*60; - my %ltiall = %confhash; - foreach my $id (keys(%ltiall)) { - if (ref($encconfig{$id}) eq 'HASH') { - foreach my $item ('key','secret') { - $ltiall{$id}{$item} = $encconfig{$id}{$item}; - } - } - } - &Apache::lonnet::do_cache_new('ltitools',$dom,\%ltiall,$cachetime); - if (ref($lastactref) eq 'HASH') { - $lastactref->{'ltitools'} = 1; - } - $resulttext = &mt('Changes made:').'
      '; - my %bynum; - foreach my $itemid (sort(keys(%changes))) { - my $position = $confhash{$itemid}{'order'}; - $bynum{$position} = $itemid; - } - foreach my $pos (sort { $a <=> $b } keys(%bynum)) { - my $itemid = $bynum{$pos}; - if (ref($confhash{$itemid}) ne 'HASH') { - $resulttext .= '
    • '.&mt('Deleted: [_1]',$changes{$itemid}).'
    • '; - } else { - $resulttext .= '
    • '.$confhash{$itemid}{'title'}.''; - if ($confhash{$itemid}{'image'}) { - $resulttext .= ' '. - ''.&mt('Tool Provider icon').''; - } - $resulttext .= '
      • '; - my $position = $pos + 1; - $resulttext .= '
      • '.&mt('Order: [_1]',$position).'
      • '; - foreach my $item ('version','msgtype','sigmethod','url','lifetime') { - if ($confhash{$itemid}{$item} ne '') { - $resulttext .= '
      • '.$lt{$item}.': '.$confhash{$itemid}{$item}.'
      • '; - } - } - if ($encconfig{$itemid}{'key'} ne '') { - $resulttext .= '
      • '.$lt{'key'}.': '.$encconfig{$itemid}{'key'}.'
      • '; - } - if ($encconfig{$itemid}{'secret'} ne '') { - $resulttext .= '
      • '.$lt{'secret'}.': '; - my $num = length($encconfig{$itemid}{'secret'}); - $resulttext .= ('*'x$num).'
      • '; - } - $resulttext .= '
      • '.&mt('Configurable in course:'); - my @possconfig = ('label','title','target','linktext','explanation','append'); - my $numconfig = 0; - if (ref($confhash{$itemid}{'crsconf'}) eq 'HASH') { - foreach my $item (@possconfig) { - if ($confhash{$itemid}{'crsconf'}{$item}) { - $numconfig ++; - $resulttext .= ' "'.$lt{'crs'.$item}.'"'; - } - } - } - if (!$numconfig) { - $resulttext .= &mt('None'); - } - $resulttext .= '
      • '; - if (ref($confhash{$itemid}{'display'}) eq 'HASH') { - my $displaylist; - if ($confhash{$itemid}{'display'}{'target'}) { - $displaylist = &mt('Display target').': '. - $confhash{$itemid}{'display'}{'target'}.','; - } - foreach my $size ('width','height') { - if ($confhash{$itemid}{'display'}{$size}) { - $displaylist .= (' 'x2).$lt{$size}.': '. - $confhash{$itemid}{'display'}{$size}.','; - } - } - if ($displaylist) { - $displaylist =~ s/,$//; - $resulttext .= '
      • '.$displaylist.'
      • '; - } - foreach my $item ('linktext','explanation') { - if ($confhash{$itemid}{'display'}{$item}) { - $resulttext .= '
      • '.$lt{$item}.': '.$confhash{$itemid}{'display'}{$item}.'
      • '; - } - } - } - if (ref($confhash{$itemid}{'fields'}) eq 'HASH') { - my $fieldlist; - foreach my $field (@allfields) { - if ($confhash{$itemid}{'fields'}{$field}) { - $fieldlist .= (' 'x2).$lt{$field}.','; - } - } - if ($fieldlist) { - $fieldlist =~ s/,$//; - if ($confhash{$itemid}{'fields'}{'user'}) { - if ($confhash{$itemid}{'incdom'}) { - $fieldlist .= ' ('.&mt('username:domain').')'; - } else { - $fieldlist .= ' ('.&mt('username').')'; - } - } - $resulttext .= '
      • '.&mt('Data sent').':'.$fieldlist.'
      • '; - } - } - if (ref($confhash{$itemid}{'roles'}) eq 'HASH') { - my $rolemaps; - foreach my $role (@courseroles) { - if ($confhash{$itemid}{'roles'}{$role}) { - $rolemaps .= (' 'x2).&Apache::lonnet::plaintext($role,'Course').'='. - $confhash{$itemid}{'roles'}{$role}.','; - } - } - if ($rolemaps) { - $rolemaps =~ s/,$//; - $resulttext .= '
      • '.&mt('Role mapping:').$rolemaps.'
      • '; - } - } - if (ref($confhash{$itemid}{'custom'}) eq 'HASH') { - my $customlist; - if (keys(%{$confhash{$itemid}{'custom'}})) { - foreach my $key (sort(keys(%{$confhash{$itemid}{'custom'}}))) { - $customlist .= $key.':'.$confhash{$itemid}{'custom'}{$key}.(' 'x2); - } - } - if ($customlist) { - $resulttext .= '
      • '.&mt('Custom items').': '.$customlist.'
      • '; - } - } - $resulttext .= '
      '; - } - } - $resulttext .= '
    '; - } else { - $resulttext = &mt('No changes made.'); - } - } else { - $errors .= '
  • '.&mt('Failed to save changes').'
  • '; - } - if ($errors) { - $resulttext .= &mt('The following errors occurred: ').'
      '. - $errors.'
    '; - } - return $resulttext; -} - -sub process_ltitools_image { - my ($r,$dom,$confname,$caller,$itemid,$configuserok,$switchserver,$author_ok) = @_; - my $filename = $env{'form.'.$caller.'.filename'}; - my ($error,$url); - my ($width,$height) = (21,21); - if ($configuserok eq 'ok') { - if ($switchserver) { - $error = &mt('Upload of Tool Provider (LTI) icon is not permitted to this server: [_1]', - $switchserver); - } elsif ($author_ok eq 'ok') { - my ($result,$imageurl,$madethumb) = - &publishlogo($r,'upload',$caller,$dom,$confname, - "ltitools/$itemid/icon",$width,$height); - if ($result eq 'ok') { - if ($madethumb) { - my ($path,$imagefile) = ($imageurl =~ m{^(.+)/([^/]+)$}); - my $imagethumb = "$path/tn-".$imagefile; - $url = $imagethumb; - } else { - $url = $imageurl; - } - } else { - $error = &mt("Upload of [_1] failed because an error occurred publishing the file in RES space. Error was: [_2].",$filename,$result); - } - } else { - $error = &mt("Upload of [_1] failed because an author role could not be assigned to a Domain Configuration user ([_2]) in domain: [_3]. Error was: [_4].",$filename,$confname,$dom,$author_ok); - } - } else { - $error = &mt("Upload of [_1] failed because a Domain Configuration user ([_2]) could not be created in domain: [_3]. Error was: [_4].",$filename,$confname,$dom,$configuserok); - } - return ($url,$error); -} - -sub get_ltitools_id { - my ($cdom,$title) = @_; - # get lock on ltitools db - my $lockhash = { - lock => $env{'user.name'}. - ':'.$env{'user.domain'}, - }; - my $tries = 0; - my $gotlock = &Apache::lonnet::newput_dom('ltitools',$lockhash,$cdom); - my ($id,$error); - - while (($gotlock ne 'ok') && ($tries<10)) { - $tries ++; - sleep (0.1); - $gotlock = &Apache::lonnet::newput_dom('ltitools',$lockhash,$cdom); - } - if ($gotlock eq 'ok') { - my %currids = &Apache::lonnet::dump_dom('ltitools',$cdom); - if ($currids{'lock'}) { - delete($currids{'lock'}); - if (keys(%currids)) { - my @curr = sort { $a <=> $b } keys(%currids); - if ($curr[-1] =~ /^\d+$/) { - $id = 1 + $curr[-1]; - } - } else { - $id = 1; - } - if ($id) { - unless (&Apache::lonnet::newput_dom('ltitools',{ $id => $title },$cdom) eq 'ok') { - $error = 'nostore'; - } - } else { - $error = 'nonumber'; - } - } - my $dellockoutcome = &Apache::lonnet::del_dom('ltitools',['lock'],$cdom); - } else { - $error = 'nolock'; - } - return ($id,$error); -} - sub modify_autoenroll { my ($dom,$lastactref,%domconfig) = @_; my ($resulttext,%changes); @@ -11168,7 +11451,7 @@ sub modify_autoenroll { my %title = ( run => 'Auto-enrollment active', sender => 'Sender for notification messages', coowners => 'Automatic assignment of co-ownership to instructors of record (institutional data)', - failsafe => 'Failsafe for no drops if institutional data missing for a section'); + autofailsafe => 'Failsafe for no drops if institutional data missing for a section'); my @offon = ('off','on'); my $sender_uname = $env{'form.sender_uname'}; my $sender_domain = $env{'form.sender_domain'}; @@ -11178,17 +11461,23 @@ sub modify_autoenroll { $sender_domain = ''; } my $coowners = $env{'form.autoassign_coowners'}; + my $autofailsafe = $env{'form.autoenroll_autofailsafe'}; + $autofailsafe =~ s{^\s+|\s+$}{}g; + if ($autofailsafe =~ /\D/) { + undef($autofailsafe); + } my $failsafe = $env{'form.autoenroll_failsafe'}; - $failsafe =~ s{^\s+|\s+$}{}g; - if ($failsafe =~ /\D/) { - undef($failsafe); + unless (($failsafe eq 'zero') || ($failsafe eq 'any')) { + $failsafe = 'off'; + undef($autofailsafe); } my %autoenrollhash = ( autoenroll => { 'run' => $env{'form.autoenroll_run'}, 'sender_uname' => $sender_uname, 'sender_domain' => $sender_domain, 'co-owners' => $coowners, - 'autofailsafe' => $failsafe, + 'autofailsafe' => $autofailsafe, + 'failsafe' => $failsafe, } ); my $putresult = &Apache::lonnet::put_dom('configuration',\%autoenrollhash, @@ -11216,9 +11505,12 @@ sub modify_autoenroll { } elsif ($coowners) { $changes{'coowners'} = 1; } - if ($currautoenroll{'autofailsafe'} ne $failsafe) { + if ($currautoenroll{'autofailsafe'} ne $autofailsafe) { $changes{'autofailsafe'} = 1; } + if ($currautoenroll{'failsafe'} ne $failsafe) { + $changes{'failsafe'} = 1; + } if (keys(%changes) > 0) { $resulttext = &mt('Changes made:').'
      '; if ($changes{'run'}) { @@ -11239,11 +11531,24 @@ sub modify_autoenroll { } } if ($changes{'autofailsafe'}) { - if ($failsafe ne '') { - $resulttext .= '
    • '.&mt('Failsafe for no drops if institutional data missing for a section set to: [_1]',$failsafe).'
    • '; + if ($autofailsafe ne '') { + $resulttext .= '
    • '.&mt('Failsafe for no drops if institutional data missing for a section set to: [_1]',$autofailsafe).'
    • '; + } else { + $resulttext .= '
    • '.&mt('Failsafe for no drops if institutional data missing for a section not in use').'
    • '; + } + } + if ($changes{'failsafe'}) { + if ($failsafe eq 'off') { + unless ($changes{'autofailsafe'}) { + $resulttext .= '
    • '.&mt('Failsafe for no drops if institutional data missing for a section not in use').'
    • '; + } + } elsif ($failsafe eq 'zero') { + $resulttext .= '
    • '.&mt('Failsafe applies if retrieved section enrollment is zero').'
    • '; } else { - $resulttext .= '
    • '.&mt('Failsafe for no drops if institutional data missing for a section: deleted'); + $resulttext .= '
    • '.&mt('Failsafe applies if retrieved section enrollment is zero or greater').'
    • '; } + } + if (($changes{'autofailsafe'}) || ($changes{'failsafe'})) { &Apache::lonnet::get_domain_defaults($dom,1); if (ref($lastactref) eq 'HASH') { $lastactref->{'domdefaults'} = 1; @@ -11270,8 +11575,10 @@ sub modify_autoupdate { } my @offon = ('off','on'); my %title = &Apache::lonlocal::texthash ( - run => 'Auto-update:', - classlists => 'Updates to user information in classlists?' + run => 'Auto-update:', + classlists => 'Updates to user information in classlists?', + unexpired => 'Skip updates for users without active or future roles?', + lastactive => 'Skip updates for inactive users?', ); my ($othertitle,$usertypes,$types) = &Apache::loncommon::sorted_inst_types($dom); my %fieldtitles = &Apache::lonlocal::texthash ( @@ -11315,12 +11622,23 @@ sub modify_autoupdate { my %updatehash = ( autoupdate => { run => $env{'form.autoupdate_run'}, classlists => $env{'form.classlists'}, + unexpired => $env{'form.unexpired'}, fields => {%fields}, lockablenames => \@lockablenames, } ); + my $lastactivedays; + if ($env{'form.lastactive'}) { + $lastactivedays = $env{'form.lastactivedays'}; + $lastactivedays =~ s/^\s+|\s+$//g; + unless ($lastactivedays =~ /^\d+$/) { + undef($lastactivedays); + $env{'form.lastactive'} = 0; + } + } + $updatehash{'autoupdate'}{'lastactive'} = $lastactivedays; foreach my $key (keys(%currautoupdate)) { - if (($key eq 'run') || ($key eq 'classlists')) { + if (($key eq 'run') || ($key eq 'classlists') || ($key eq 'unexpired') || ($key eq 'lastactive')) { if (exists($updatehash{autoupdate}{$key})) { if ($currautoupdate{$key} ne $updatehash{autoupdate}{$key}) { $changes{$key} = 1; @@ -11366,6 +11684,16 @@ sub modify_autoupdate { $changes{'lockablenames'} = 1; } } + unless (grep(/^unexpired$/,keys(%currautoupdate))) { + if ($updatehash{'autoupdate'}{'unexpired'}) { + $changes{'unexpired'} = 1; + } + } + unless (grep(/^lastactive$/,keys(%currautoupdate))) { + if ($updatehash{'autoupdate'}{'lastactive'} ne '') { + $changes{'lastactive'} = 1; + } + } foreach my $item (@{$types},'default') { if (defined($fields{$item})) { if (ref($currautoupdate{'fields'}) eq 'HASH') { @@ -11428,6 +11756,11 @@ sub modify_autoupdate { my $newvalue; if ($key eq 'run') { $newvalue = $offon[$env{'form.autoupdate_run'}]; + } elsif ($key eq 'lastactive') { + $newvalue = $offon[$env{'form.lastactive'}]; + unless ($lastactivedays eq '') { + $newvalue .= '; '.&mt('inactive = no activity in last [quant,_1,day]',$lastactivedays); + } } else { $newvalue = $offon[$env{'form.'.$key}]; } @@ -15273,9 +15606,10 @@ sub modify_coursedefaults { my ($resulttext,$errors,%changes,%defaultshash); my %defaultchecked = ( 'uselcmath' => 'on', - 'usejsme' => 'on' + 'usejsme' => 'on', + 'inline_chem' => 'on', ); - my @toggles = ('uselcmath','usejsme'); + my @toggles = ('uselcmath','usejsme','inline_chem'); my @numbers = ('anonsurvey_threshold','uploadquota_official','uploadquota_unofficial', 'uploadquota_community','uploadquota_textbook','mysqltables_official', 'mysqltables_unofficial','mysqltables_community','mysqltables_textbook'); @@ -15484,8 +15818,9 @@ sub modify_coursedefaults { my %domdefaults = &Apache::lonnet::get_domain_defaults($dom,1); if (($changes{'uploadquota'}) || ($changes{'postsubmit'}) || ($changes{'coursecredits'}) || ($changes{'uselcmath'}) || ($changes{'usejsme'}) || - ($changes{'canclone'}) || ($changes{'mysqltables'}) || ($changes{'texengine'})) { - foreach my $item ('uselcmath','usejsme','texengine') { + ($changes{'canclone'}) || ($changes{'mysqltables'}) || ($changes{'texengine'}) || + ($changes{'inline_chem'})) { + foreach my $item ('uselcmath','usejsme','inline_chem','texengine') { if ($changes{$item}) { $domdefaults{$item}=$defaultshash{'coursedefaults'}{$item}; } @@ -15548,6 +15883,12 @@ sub modify_coursedefaults { } else { $resulttext .= '
    • '.&mt('Molecule editor uses JME (Java), if supported by client OS.').'
    • '; } + } elsif ($item eq 'inline_chem') { + if ($env{'form.'.$item} eq '1') { + $resulttext .= '
    • '.&mt('Chemical Reaction Response uses inline previewer').'
    • '; + } else { + $resulttext .= '
    • '.&mt('Chemical Reaction Response uses pop-up previewer').'
    • '; + } } elsif ($item eq 'texengine') { if ($defaultshash{'coursedefaults'}{'texengine'} ne '') { $resulttext .= '
    • '.&mt('Default method to display mathematics set to: "[_1]"', @@ -15896,6 +16237,344 @@ sub modify_selfenrollment { return $resulttext; } +sub modify_wafproxy { + my ($dom,$action,$lastactref,%domconfig) = @_; + my %servers = &Apache::lonnet::internet_dom_servers($dom); + my (%othercontrol,%canset,%values,%curralias,%currsaml,%currvalue,@warnings, + %wafproxy,%changes,%expirecache,%expiresaml); + foreach my $server (sort(keys(%servers))) { + my $serverhome = &Apache::lonnet::get_server_homeID($servers{$server}); + if ($serverhome eq $server) { + my $serverdom = &Apache::lonnet::host_domain($server); + if ($serverdom eq $dom) { + $canset{$server} = 1; + } + } + } + if (ref($domconfig{'wafproxy'}) eq 'HASH') { + %{$values{$dom}} = (); + if (ref($domconfig{'wafproxy'}{'alias'}) eq 'HASH') { + %curralias = %{$domconfig{'wafproxy'}{'alias'}}; + } + if (ref($domconfig{'wafproxy'}{'saml'}) eq 'HASH') { + %currsaml = %{$domconfig{'wafproxy'}{'saml'}}; + } + foreach my $item ('remoteip','ipheader','trusted','vpnint','vpnext','sslopt') { + $currvalue{$item} = $domconfig{'wafproxy'}{$item}; + } + } + my $output; + if (keys(%canset)) { + %{$wafproxy{'alias'}} = (); + %{$wafproxy{'saml'}} = (); + foreach my $key (sort(keys(%canset))) { + if ($env{'form.wafproxy_'.$dom}) { + $wafproxy{'alias'}{$key} = $env{'form.wafproxy_alias_'.$key}; + $wafproxy{'alias'}{$key} =~ s/^\s+|\s+$//g; + if ($wafproxy{'alias'}{$key} ne $curralias{$key}) { + $changes{'alias'} = 1; + } + if ($env{'form.wafproxy_alias_saml_'.$key}) { + $wafproxy{'saml'}{$key} = 1; + } + if ($wafproxy{'saml'}{$key} ne $currsaml{$key}) { + $changes{'saml'} = 1; + } + } else { + $wafproxy{'alias'}{$key} = ''; + $wafproxy{'saml'}{$key} = ''; + if ($curralias{$key}) { + $changes{'alias'} = 1; + } + if ($currsaml{$key}) { + $changes{'saml'} = 1; + } + } + if ($wafproxy{'alias'}{$key} eq '') { + if ($curralias{$key}) { + $expirecache{$key} = 1; + } + delete($wafproxy{'alias'}{$key}); + } + if ($wafproxy{'saml'}{$key} eq '') { + if ($currsaml{$key}) { + $expiresaml{$key} = 1; + } + delete($wafproxy{'saml'}{$key}); + } + } + unless (keys(%{$wafproxy{'alias'}})) { + delete($wafproxy{'alias'}); + } + unless (keys(%{$wafproxy{'saml'}})) { + delete($wafproxy{'saml'}); + } + # Localization for values in %warn occurs in &mt() calls separately. + my %warn = ( + trusted => 'trusted IP range(s)', + vpnint => 'internal IP range(s) for VPN sessions(s)', + vpnext => 'IP range(s) for backend WAF connections', + ); + foreach my $item ('remoteip','ipheader','trusted','vpnint','vpnext','sslopt') { + my $possible = $env{'form.wafproxy_'.$item}; + $possible =~ s/^\s+|\s+$//g; + if ($possible ne '') { + if ($item eq 'remoteip') { + if ($possible =~ /^[mhn]$/) { + $wafproxy{$item} = $possible; + } + } elsif ($item eq 'ipheader') { + if ($wafproxy{'remoteip'} eq 'h') { + $wafproxy{$item} = $possible; + } + } elsif ($item eq 'sslopt') { + if ($possible =~ /^0|1$/) { + $wafproxy{$item} = $possible; + } + } else { + my (@ok,$count); + if (($item eq 'vpnint') || ($item eq 'vpnext')) { + unless ($env{'form.wafproxy_vpnaccess'}) { + $possible = ''; + } + } elsif ($item eq 'trusted') { + unless ($wafproxy{'remoteip'} eq 'h') { + $possible = ''; + } + } + unless ($possible eq '') { + $possible =~ s/[\r\n]+/\s/g; + $possible =~ s/\s*-\s*/-/g; + $possible =~ s/\s+/,/g; + $possible =~ s/,+/,/g; + } + $count = 0; + if ($possible ne '') { + foreach my $poss (split(/\,/,$possible)) { + $count ++; + $poss = &validate_ip_pattern($poss); + if ($poss ne '') { + push(@ok,$poss); + } + } + my $diff = $count - scalar(@ok); + if ($diff) { + push(@warnings,'
    • '. + &mt('[quant,_1,IP] invalid and excluded from saved value for [_2]', + $diff,$warn{$item}). + '
    • '); + } + if (@ok) { + my @cidr_list; + foreach my $item (@ok) { + @cidr_list = &Net::CIDR::cidradd($item,@cidr_list); + } + $wafproxy{$item} = join(',',@cidr_list); + } + } + } + if ($wafproxy{$item} ne $currvalue{$item}) { + $changes{$item} = 1; + } + } elsif ($currvalue{$item}) { + $changes{$item} = 1; + } + } + } else { + if (keys(%curralias)) { + $changes{'alias'} = 1; + } + if (keys(%currsaml)) { + $changes{'saml'} = 1; + } + if (keys(%currvalue)) { + foreach my $key (keys(%currvalue)) { + $changes{$key} = 1; + } + } + } + if (keys(%changes)) { + my %defaultshash = ( + wafproxy => \%wafproxy, + ); + my $putresult = &Apache::lonnet::put_dom('configuration',\%defaultshash, + $dom); + if ($putresult eq 'ok') { + my $cachetime = 24*60*60; + my (%domdefaults,$updatedomdefs); + foreach my $item ('ipheader','trusted','vpnint','vpnext','sslopt') { + if ($changes{$item}) { + unless ($updatedomdefs) { + %domdefaults = &Apache::lonnet::get_domain_defaults($dom); + $updatedomdefs = 1; + } + if ($wafproxy{$item}) { + $domdefaults{'waf_'.$item} = $wafproxy{$item}; + } elsif (exists($domdefaults{'waf_'.$item})) { + delete($domdefaults{'waf_'.$item}); + } + } + } + if ($updatedomdefs) { + &Apache::lonnet::do_cache_new('domdefaults',$dom,\%domdefaults,$cachetime); + if (ref($lastactref) eq 'HASH') { + $lastactref->{'domdefaults'} = 1; + } + } + if ((exists($wafproxy{'alias'})) || (keys(%expirecache))) { + my %updates = %expirecache; + foreach my $key (keys(%expirecache)) { + &Apache::lonnet::devalidate_cache_new('proxyalias',$key); + } + if (ref($wafproxy{'alias'}) eq 'HASH') { + my $cachetime = 24*60*60; + foreach my $key (keys(%{$wafproxy{'alias'}})) { + $updates{$key} = 1; + &Apache::lonnet::do_cache_new('proxyalias',$key,$wafproxy{'alias'}{$key}, + $cachetime); + } + } + if (ref($lastactref) eq 'HASH') { + $lastactref->{'proxyalias'} = \%updates; + } + } + if ((exists($wafproxy{'saml'})) || (keys(%expiresaml))) { + my %samlupdates = %expiresaml; + foreach my $key (keys(%expiresaml)) { + &Apache::lonnet::devalidate_cache_new('proxysaml',$key); + } + if (ref($wafproxy{'saml'}) eq 'HASH') { + my $cachetime = 24*60*60; + foreach my $key (keys(%{$wafproxy{'saml'}})) { + $samlupdates{$key} = 1; + &Apache::lonnet::do_cache_new('proxysaml',$key,$wafproxy{'saml'}{$key}, + $cachetime); + } + } + if (ref($lastactref) eq 'HASH') { + $lastactref->{'proxysaml'} = \%samlupdates; + } + } + $output = &mt('Changes were made to Web Application Firewall/Reverse Proxy').'
        '; + foreach my $item ('alias','saml','remoteip','ipheader','trusted','vpnint','vpnext','sslopt') { + if ($changes{$item}) { + if ($item eq 'alias') { + my $numaliased = 0; + if (ref($wafproxy{'alias'}) eq 'HASH') { + my $shown; + if (keys(%{$wafproxy{'alias'}})) { + foreach my $server (sort(keys(%{$wafproxy{'alias'}}))) { + $shown .= '
      • '.&mt('[_1] aliased by [_2]', + &Apache::lonnet::hostname($server), + $wafproxy{'alias'}{$server}).'
      • '; + $numaliased ++; + } + if ($numaliased) { + $output .= '
      • '.&mt('Aliases for hostnames set to: [_1]', + '
          '.$shown.'
        ').'
      • '; + } + } + } + unless ($numaliased) { + $output .= '
      • '.&mt('Aliases deleted for hostnames').'
      • '; + } + } elsif ($item eq 'saml') { + my $shown; + if (ref($wafproxy{'saml'}) eq 'HASH') { + if (keys(%{$wafproxy{'saml'}})) { + $shown = join(', ',sort(keys(%{$wafproxy{'saml'}}))); + } + } + if ($shown) { + $output .= '
      • '.&mt('Alias used by SSO Auth for: [_1]', + $shown).'
      • '; + } else { + $output .= '
      • '.&mt('No alias used for SSO Auth').'
      • '; + } + } else { + if ($item eq 'remoteip') { + my %ip_methods = &remoteip_methods(); + if ($wafproxy{$item} =~ /^[mh]$/) { + $output .= '
      • '.&mt("Method for determining user's IP set to: [_1]", + $ip_methods{$wafproxy{$item}}).'
      • '; + } else { + if (($env{'form.wafproxy_'.$dom}) && (ref($wafproxy{'alias'}) eq 'HASH')) { + $output .= '
      • '.&mt("No method in use to get user's real IP (will report IP used by WAF)."). + '
      • '; + } else { + $output .= '
      • '.&mt('WAF/Reverse Proxy not in use').'
      • '; + } + } + } elsif ($item eq 'ipheader') { + if ($wafproxy{$item}) { + $output .= '
      • '.&mt('Request header with remote IP set to: [_1]', + $wafproxy{$item}).'
      • '; + } else { + $output .= '
      • '.&mt('Request header with remote IP deleted').'
      • '; + } + } elsif ($item eq 'trusted') { + if ($wafproxy{$item}) { + $output .= '
      • '.&mt('Trusted IP range(s) set to: [_1]', + $wafproxy{$item}).'
      • '; + } else { + $output .= '
      • '.&mt('Trusted IP range(s) deleted').'
      • '; + } + } elsif ($item eq 'vpnint') { + if ($wafproxy{$item}) { + $output .= '
      • '.&mt('Internal IP Range(s) for VPN sessions set to: [_1]', + $wafproxy{$item}).'
      • '; + } else { + $output .= '
      • '.&mt('Internal IP Range(s) for VPN sessions deleted').'
      • '; + } + } elsif ($item eq 'vpnext') { + if ($wafproxy{$item}) { + $output .= '
      • '.&mt('IP Range(s) for backend WAF connections set to: [_1]', + $wafproxy{$item}).'
      • '; + } else { + $output .= '
      • '.&mt('IP Range(s) for backend WAF connections deleted').'
      • '; + } + } elsif ($item eq 'sslopt') { + if ($wafproxy{$item}) { + $output .= '
      • '.&mt('WAF/Reverse Proxy expected to forward requests to https on LON-CAPA node, regardless of original protocol in web browser (http or https).').'
      • '; + } else { + $output .= '
      • '.&mt('WAF/Reverse Proxy expected to preserve original protocol in web browser (either http or https) when forwarding to LON-CAPA node.').'
      • '; + } + } + } + } + } + } else { + $output = ''. + &mt('An error occurred: [_1]',$putresult).''; + } + } elsif (keys(%canset)) { + $output = &mt('No changes made to Web Application Firewall/Reverse Proxy settings'); + } + if (@warnings) { + $output .= '
        '.&mt('Warnings:').'
          '. + join("\n",@warnings).'
        '; + } + return $output; +} + +sub validate_ip_pattern { + my ($pattern) = @_; + if ($pattern =~ /^([^-]+)\-([^-]+)$/) { + my ($start,$end) = ($1,$2); + if ((&Net::CIDR::cidrvalidate($start)) && (&Net::CIDR::cidrvalidate($end))) { + if (($start !~ m{/}) && ($end !~ m{/})) { + return $start.'-'.$end; + } + } + } elsif ($pattern ne '') { + $pattern = &Net::CIDR::cidrvalidate($pattern); + if ($pattern ne '') { + return $pattern; + } + } + return; +} + sub modify_usersessions { my ($dom,$lastactref,%domconfig) = @_; my @hostingtypes = ('version','excludedomain','includedomain'); @@ -16505,8 +17184,13 @@ sub modify_loadbalancing { } } if ($changes{'curr'}{$balancer}{'cookie'}) { - $resulttext .= '
      • '.&mt('Load Balancer: [_1] -- cookie use enabled', - $balancer).'
      • '; + if ($currcookies{$balancer}) { + $resulttext .= '
      • '.&mt('Load Balancer: [_1] -- cookie use disabled', + $balancer).'
      • '; + } else { + $resulttext .= '
      • '.&mt('Load Balancer: [_1] -- cookie use enabled', + $balancer).'
      • '; + } } } } @@ -17285,16 +17969,48 @@ sub devalidate_remote_domconfs { my %thismachine; map { $thismachine{$_} = 1; } &Apache::lonnet::current_machine_ids(); my @posscached = ('domainconfig','domdefaults','usersessions', - 'ltitools','directorysrch','passwdconf','cats'); + 'directorysrch','passwdconf','cats','proxyalias','proxysaml', + 'ipaccess'); + my %cache_by_lonhost; + if (exists($cachekeys->{'samllanding'})) { + if (ref($cachekeys->{'samllanding'}) eq 'HASH') { + my %landing = %{$cachekeys->{'samllanding'}}; + my %domservers = &Apache::lonnet::get_servers($dom); + if (keys(%domservers)) { + foreach my $server (keys(%domservers)) { + my @cached; + next if ($thismachine{$server}); + if ($landing{$server}) { + push(@cached,&escape('samllanding').':'.&escape($server)); + } + if (@cached) { + $cache_by_lonhost{$server} = \@cached; + } + } + } + } + } if (keys(%servers)) { foreach my $server (keys(%servers)) { next if ($thismachine{$server}); my @cached; foreach my $name (@posscached) { if ($cachekeys->{$name}) { - push(@cached,&escape($name).':'.&escape($dom)); + if (($name eq 'proxyalias') || ($name eq 'proxysaml')) { + if (ref($cachekeys->{$name}) eq 'HASH') { + foreach my $key (keys(%{$cachekeys->{$name}})) { + push(@cached,&escape($name).':'.&escape($key)); + } + } + } else { + push(@cached,&escape($name).':'.&escape($dom)); + } } } + if ((exists($cache_by_lonhost{$server})) && + (ref($cache_by_lonhost{$server}) eq 'ARRAY')) { + push(@cached,@{$cache_by_lonhost{$server}}); + } if (@cached) { &Apache::lonnet::remote_devalidate_cache($server,\@cached); }