';
+ $rownum ++;
+ }
} else {
- my (%defaults);
+ my %defaults;
if (ref($settings) eq 'HASH') {
if ((ref($settings->{'inststatusorder'}) eq 'ARRAY') && (ref($settings->{'inststatustypes'}) eq 'HASH') &&
(ref($settings->{'inststatusguest'}) eq 'ARRAY')) {
@@ -5557,6 +5642,9 @@ sub defaults_titles {
'timezone_def' => 'Default timezone',
'datelocale_def' => 'Default locale for dates',
'portal_def' => 'Portal/Default URL',
+ 'intauth_cost' => 'Encryption cost for bcrypt (positive integer)',
+ 'intauth_check' => 'Check bcrypt cost if authenticated',
+ 'intauth_switch' => 'Existing crypt-based switched to bcrypt on authentication',
);
if ($dom) {
my $uprimary_id = &Apache::lonnet::domain($dom,'primary');
@@ -6060,7 +6148,35 @@ sub serverstatus_pages {
sub defaults_javascript {
my ($settings) = @_;
- return unless (ref($settings) eq 'HASH');
+ my $intauthcheck = &mt('Warning: disallowing login for an authenticated user if the stored cost is less than the default will require a password reset by/for the user.');
+ my $intauthcost = &mt('Warning: bcrypt encryption cost for internal authentication must be an integer.');
+ &js_escape(\$intauthcheck);
+ &js_escape(\$intauthcost);
+ my $intauthjs = <<"ENDSCRIPT";
+
+function warnIntAuth(field) {
+ if (field.name == 'intauth_check') {
+ if (field.value == '2') {
+ alert('$intauthcheck');
+ }
+ }
+ if (field.name == 'intauth_cost') {
+ field.value.replace(/\s/g,'');
+ if (field.value != '') {
+ var regexdigit=/^\\d+\$/;
+ if (!regexdigit.test(field.value)) {
+ alert('$intauthcost');
+ }
+ }
+ }
+ return;
+}
+
+ENDSCRIPT
+
+ if (ref($settings) ne 'HASH') {
+ return &Apache::lonhtmlcommon::scripttag($intauthjs);
+ }
if ((ref($settings->{'inststatusorder'}) eq 'ARRAY') && (ref($settings->{'inststatustypes'}) eq 'HASH')) {
my $maxnum = scalar(@{$settings->{'inststatusorder'}});
if ($maxnum eq '') {
@@ -6114,10 +6230,14 @@ $jstext
return;
}
+$intauthjs
+
// ]]>
ENDSCRIPT
+ } else {
+ return &Apache::lonhtmlcommon::scripttag($intauthjs);
}
}
@@ -10442,7 +10562,8 @@ sub modify_defaults {
my ($dom,$lastactref,%domconfig) = @_;
my ($resulttext,$mailmsgtxt,%newvalues,%changes,@errors);
my %domdefaults = &Apache::lonnet::get_domain_defaults($dom,1);
- my @items = ('auth_def','auth_arg_def','lang_def','timezone_def','datelocale_def','portal_def');
+ my @items = ('auth_def','auth_arg_def','lang_def','timezone_def','datelocale_def',
+ 'portal_def','intauth_cost','intauth_check','intauth_switch');
my @authtypes = ('internal','krb4','krb5','localauth');
foreach my $item (@items) {
$newvalues{$item} = $env{'form.'.$item};
@@ -10484,6 +10605,24 @@ sub modify_defaults {
push(@errors,$item);
}
}
+ } elsif ($item eq 'intauth_cost') {
+ if ($newvalues{$item} ne '') {
+ if ($newvalues{$item} =~ /\D/) {
+ push(@errors,$item);
+ }
+ }
+ } elsif ($item eq 'intauth_check') {
+ if ($newvalues{$item} ne '') {
+ unless ($newvalues{$item} =~ /^(0|1|2)$/) {
+ push(@errors,$item);
+ }
+ }
+ } elsif ($item eq 'intauth_switch') {
+ if ($newvalues{$item} ne '') {
+ unless ($newvalues{$item} =~ /^(0|1|2)$/) {
+ push(@errors,$item);
+ }
+ }
}
if (grep(/^\Q$item\E$/,@errors)) {
$newvalues{$item} = $domdefaults{$item};
@@ -10638,6 +10777,28 @@ sub modify_defaults {
localauth => 'loc',
);
$value = $authnames{$shortauth{$value}};
+ } elsif ($item eq 'intauth_switch') {
+ my %optiondesc = &Apache::lonlocal::texthash (
+ 0 => 'No',
+ 1 => 'Yes',
+ 2 => 'Yes, and copy existing passwd file to passwd.bak file',
+ );
+ if ($value =~ /^(0|1|2)$/) {
+ $value = $optiondesc{$value};
+ } else {
+ $value = &mt('none -- defaults to No');
+ }
+ } elsif ($item eq 'intauth_check') {
+ my %optiondesc = &Apache::lonlocal::texthash (
+ 0 => 'No',
+ 1 => 'Yes, allow login then update passwd file using default cost (if higher)',
+ 2 => 'Yes, disallow login if stored cost is less than domain default',
+ );
+ if ($value =~ /^(0|1|2)$/) {
+ $value = $optiondesc{$value};
+ } else {
+ $value = &mt('none -- defaults to No');
+ }
}
$resulttext .= '
'.&mt('[_1] set to "[_2]"',$title->{$item},$value).'
';
$mailmsgtext .= "$title->{$item} set to $value\n";
@@ -11192,14 +11353,16 @@ sub modify_helpsettings {
my %existing=&Apache::lonnet::dump('roles',$dom,$confname,'rolesdef_');
my (@allpos,%newsettings,%changedprivs,$newrole);
my ($othertitle,$usertypes,$types) = &Apache::loncommon::sorted_inst_types($dom);
- my @accesstypes = ('all','none','status','inc','exc');
- my %domhelpdesk = &Apache::lonnet::get_active_domroles($dom,['dh']);
+ my @accesstypes = ('all','dh','da','none','status','inc','exc');
+ my %domhelpdesk = &Apache::lonnet::get_active_domroles($dom,['dh','da']);
my %lt = &Apache::lonlocal::texthash(
s => 'system',
d => 'domain',
order => 'Display order',
access => 'Role usage',
- all => 'All',
+ all => 'All with domain helpdesk or helpdesk assistant role',
+ dh => 'All with domain helpdesk role',
+ da => 'All with domain helpdesk assistant role',
none => 'None',
status => 'Determined based on institutional status',
inc => 'Include all, but exclude specific personnel',