--- loncom/interface/domainprefs.pm 2019/08/17 19:24:29 1.160.6.97 +++ loncom/interface/domainprefs.pm 2019/08/21 20:31:37 1.160.6.98 @@ -1,7 +1,7 @@ # The LearningOnline Network with CAPA # Handler to set domain-wide configuration settings # -# $Id: domainprefs.pm,v 1.160.6.97 2019/08/17 19:24:29 raeburn Exp $ +# $Id: domainprefs.pm,v 1.160.6.98 2019/08/21 20:31:37 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -216,8 +216,8 @@ sub handler { 'contacts','defaults','scantron','coursecategories', 'serverstatuses','requestcourses','helpsettings', 'coursedefaults','usersessions','loadbalancing', - 'requestauthor','selfenrollment','inststatus'],$dom); - my @prefs_order = ('rolecolors','login','defaults','quotas','autoenroll', + 'requestauthor','selfenrollment','inststatus','passwords'],$dom); + my @prefs_order = ('rolecolors','login','defaults','passwords','quotas','autoenroll', 'autoupdate','autocreate','directorysrch','contacts', 'usercreation','selfcreation','usermodification','scantron', 'requestcourses','requestauthor','coursecategories', @@ -262,13 +262,25 @@ sub handler { help => 'Domain_Configuration_LangTZAuth', header => [{col1 => 'Setting', col2 => 'Value'}, - {col1 => 'Internal Authentication', - col2 => 'Value'}, {col1 => 'Institutional user types', col2 => 'Name displayed'}], print => \&print_defaults, modify => \&modify_defaults, }, + 'passwords' => + { text => 'Passwords (Internal authentication)', + help => 'Domain_Configuration_Passwords', + header => [{col1 => 'Resetting Forgotten Password', + col2 => 'Settings'}, + {col1 => 'Encryption of Stored Passwords (Internal Auth)', + col2 => 'Settings'}, + {col1 => 'Rules for LON-CAPA Passwords', + col2 => 'Settings'}, + {col1 => 'Course Owner Changing Student Passwords', + col2 => 'Settings'}], + print => \&print_passwords, + modify => \&modify_passwords, + }, 'quotas' => { text => 'Blogs, personal web pages, webDAV/quotas, portfolios', help => 'Domain_Configuration_Quotas', @@ -658,6 +670,8 @@ sub process_changes { $output = &modify_usersessions($dom,$lastactref,%domconfig); } elsif ($action eq 'loadbalancing') { $output = &modify_loadbalancing($dom,%domconfig); + } elsif ($action eq 'passwords') { + $output = &modify_passwords($r,$dom,$confname,$lastactref,%domconfig); } return $output; } @@ -670,6 +684,8 @@ sub print_config_box { $output = &coursecategories_javascript($settings); } elsif ($action eq 'defaults') { $output = &defaults_javascript($settings); + } elsif ($action eq 'passwords') { + $output = &passwords_javascript(); } elsif ($action eq 'helpsettings') { my (%privs,%levelscurrent); my %full=(); @@ -724,6 +740,8 @@ sub print_config_box { ($action eq 'selfenrollment') || ($action eq 'usersessions') || ($action eq 'directorysrch') || ($action eq 'helpsettings') || ($action eq 'contacts')) { $output .= $item->{'print'}->('top',$dom,$settings,\$rowtotal); + } elsif ($action eq 'passwords') { + $output .= $item->{'print'}->('top',$dom,$confname,$settings,\$rowtotal); } elsif ($action eq 'coursecategories') { $output .= $item->{'print'}->('top',$dom,$item,$settings,\$rowtotal); } elsif ($action eq 'scantron') { @@ -755,10 +773,12 @@ sub print_config_box { if (($action eq 'autoupdate') || ($action eq 'usercreation') || ($action eq 'selfcreation') || ($action eq 'selfenrollment') || ($action eq 'usersessions') || ($action eq 'coursecategories') || - ($action eq 'contacts') || ($action eq 'defaults')) { + ($action eq 'contacts') || ($action eq 'passwords')) { if ($action eq 'coursecategories') { $output .= &print_coursecategories('middle',$dom,$item,$settings,\$rowtotal); $colspan = ' colspan="2"'; + } elsif ($action eq 'passwords') { + $output .= $item->{'print'}->('middle',$dom,$confname,$settings,\$rowtotal); } else { $output .= $item->{'print'}->('middle',$dom,$settings,\$rowtotal); } @@ -775,6 +795,23 @@ sub print_config_box { '."\n"; if ($action eq 'coursecategories') { $output .= &print_coursecategories('bottom',$dom,$item,$settings,\$rowtotal); + } elsif ($action eq 'passwords') { + $output .= $item->{'print'}->('lower',$dom,$confname,$settings,\$rowtotal).' + + + + + + + + + + '."\n". + $item->{'print'}->('bottom',$dom,$confname,$settings,\$rowtotal).' +
'.&mt($item->{'header'}->[3]->{'col1'}).''.&mt($item->{'header'}->[3]->{'col2'}).'
+ + + '; } else { $output .= $item->{'print'}->('bottom',$dom,$settings,\$rowtotal); } @@ -4017,6 +4054,427 @@ sub print_validation_rows { return $datatable; } +sub print_passwords { + my ($position,$dom,$confname,$settings,$rowtotal) = @_; + my ($datatable,$css_class); + my $itemcount = 0; + my %titles = &Apache::lonlocal::texthash ( + captcha => '"Forgot Password" CAPTCHA validation', + link => 'Reset link expiration (hours)', + case => 'Case-sensitive usernames/e-mail', + prelink => 'Information required (form 1)', + postlink => 'Information required (form 2)', + emailsrc => 'LON-CAPA e-mail address type(s)', + customtext => 'Domain specific text (HTML)', + intauth_cost => 'Encryption cost for bcrypt (positive integer)', + intauth_check => 'Check bcrypt cost if authenticated', + intauth_switch => 'Existing crypt-based switched to bcrypt on authentication', + permanent => 'Permanent e-mail address', + critical => 'Critical notification address', + notify => 'Notification address', + min => 'Minimum password length', + max => 'Maximum password length', + chars => 'Required characters', + numsaved => 'Number of previous passwords to save and disallow reuse', + ); + if ($position eq 'top') { + my ($othertitle,$usertypes,$types) = &Apache::loncommon::sorted_inst_types($dom); + my $shownlinklife = 2; + my $prelink = 'both'; + my (%casesens,%postlink,%emailsrc,$nostdtext,$customurl); + if (ref($settings) eq 'HASH') { + if ($settings->{resetlink} =~ /^\d+(|\.\d*)$/) { + $shownlinklife = $settings->{resetlink}; + } + if (ref($settings->{resetcase}) eq 'ARRAY') { + map { $casesens{$_} = 1; } (@{$settings->{resetcase}}); + } + if ($settings->{resetprelink} =~ /^(both|either)$/) { + $prelink = $settings->{resetprelink}; + } + if (ref($settings->{resetpostlink}) eq 'HASH') { + %postlink = %{$settings->{resetpostlink}}; + } + if (ref($settings->{resetemail}) eq 'ARRAY') { + map { $emailsrc{$_} = 1; } (@{$settings->{resetemail}}); + } + if ($settings->{resetremove}) { + $nostdtext = 1; + } + if ($settings->{resetcustom}) { + $customurl = $settings->{resetcustom}; + } + } else { + if (ref($types) eq 'ARRAY') { + foreach my $item (@{$types}) { + $casesens{$item} = 1; + $postlink{$item} = ['username','email']; + } + } + } + $casesens{'default'} = 1; + $postlink{'default'} = ['username','email']; + $prelink = 'both'; + %emailsrc = ( + permanent => 1, + critical => 1, + notify => 1, + ); + } + $datatable = &captcha_choice('passwords',$settings,$$rowtotal); + $itemcount ++; + $css_class = $itemcount%2?' class="LC_odd_row"':''; + $datatable .= ''.$titles{'link'}.''. + ''. + ''; + $itemcount ++; + $css_class = $itemcount%2?' class="LC_odd_row"':''; + $datatable .= ''.$titles{'case'}.''. + ''; + if ((ref($types) eq 'ARRAY') && (ref($usertypes) eq 'HASH')) { + foreach my $item (@{$types}) { + my $checkedcase; + if ($casesens{$item}) { + $checkedcase = ' checked="checked"'; + } + $datatable .= ''. + '   '; + } + } + my $checkedcase; + if ($casesens{'default'}) { + $checkedcase = ' checked="checked"'; + } + $datatable .= ''; + $itemcount ++; + $css_class = $itemcount%2?' class="LC_odd_row"':''; + my %checkedpre = ( + both => ' checked="checked"', + either => '', + ); + if ($prelink eq 'either') { + $checkedpre{either} = ' checked="checked"'; + $checkedpre{both} = ''; + } + $datatable .= ''.$titles{'prelink'}.''. + ''. + '   '. + ''; + $itemcount ++; + $css_class = $itemcount%2?' class="LC_odd_row"':''; + $datatable .= ''.$titles{'postlink'}.''. + ''; + my %postlinked; + if ((ref($types) eq 'ARRAY') && (ref($usertypes) eq 'HASH')) { + foreach my $item (@{$types}) { + undef(%postlinked); + $datatable .= '
'. + ''.$usertypes->{$item}.''; + if (ref($postlink{$item}) eq 'ARRAY') { + map { $postlinked{$_} = 1; } (@{$postlink{$item}}); + } + foreach my $field ('email','username') { + my $checked; + if ($postlinked{$field}) { + $checked = ' checked="checked"'; + } + $datatable .= ''. + '   '; + } + $datatable .= '
'; + } + } + if (ref($postlink{'default'}) eq 'ARRAY') { + map { $postlinked{$_} = 1; } (@{$postlink{'default'}}); + } + $datatable .= '
'. + ''.$othertitle.''; + foreach my $field ('email','username') { + my $checked; + if ($postlinked{$field}) { + $checked = ' checked="checked"'; + } + $datatable .= ''. + '   '; + } + $datatable .= '
'; + $itemcount ++; + $css_class = $itemcount%2?' class="LC_odd_row"':''; + $datatable .= ''.$titles{'emailsrc'}.''. + ''; + foreach my $type ('permanent','critical','notify') { + my $checkedemail; + if ($emailsrc{$type}) { + $checkedemail = ' checked="checked"'; + } + $datatable .= ''. + '   '; + } + $datatable .= ''; + $itemcount ++; + $css_class = $itemcount%2?' class="LC_odd_row"':''; + my $switchserver = &check_switchserver($dom,$confname); + my ($showstd,$noshowstd); + if ($nostdtext) { + $noshowstd = ' checked="checked"'; + } else { + $showstd = ' checked="checked"'; + } + $datatable .= ''.$titles{'customtext'}.''. + ''. + &mt('Retain standard text:'). + ''.' '. + '
'. + ''. + &mt('(If you use the same account ... reset a password from this page.)').'

'. + &mt('Include custom text:'); + if ($customurl) { + my $link = &Apache::loncommon::modal_link($customurl,&mt('Custom text file'),600,500, + undef,undef,undef,undef,'background-color:#ffffff'); + $datatable .= ' '.$link. + ''. + '  '.&mt('Replace:').''; + } + if ($switchserver) { + $datatable .= ' '.&mt('Upload to library server: [_1]',$switchserver).''; + } else { + $datatable .=' '. + ''; + } + $datatable .= ''; + } elsif ($position eq 'middle') { + my %domconf = &Apache::lonnet::get_dom('configuration',['defaults'],$dom); + my @items = ('intauth_cost','intauth_check','intauth_switch'); + my %defaults; + if (ref($domconf{'defaults'}) eq 'HASH') { + %defaults = %{$domconf{'defaults'}}; + if ($defaults{'intauth_cost'} !~ /^\d+$/) { + $defaults{'intauth_cost'} = 10; + } + if ($defaults{'intauth_check'} !~ /^(0|1|2)$/) { + $defaults{'intauth_check'} = 0; + } + if ($defaults{'intauth_switch'} !~ /^(0|1|2)$/) { + $defaults{'intauth_switch'} = 0; + } + } else { + %defaults = ( + 'intauth_cost' => 10, + 'intauth_check' => 0, + 'intauth_switch' => 0, + ); + } + foreach my $item (@items) { + if ($itemcount%2) { + $css_class = ''; + } else { + $css_class = ' class="LC_odd_row" '; + } + $datatable .= ''. + ''.$titles{$item}. + ''; + if ($item eq 'intauth_switch') { + my @options = (0,1,2); + my %optiondesc = &Apache::lonlocal::texthash ( + 0 => 'No', + 1 => 'Yes', + 2 => 'Yes, and copy existing passwd file to passwd.bak file', + ); + $datatable .= ''; + foreach my $option (@options) { + my $checked = ' '; + if ($defaults{$item} eq $option) { + $checked = ' checked="checked"'; + } + $datatable .= ''; + } + $datatable .= '
'. + '
'; + } elsif ($item eq 'intauth_check') { + my @options = (0,1,2); + my %optiondesc = &Apache::lonlocal::texthash ( + 0 => 'No', + 1 => 'Yes, allow login then update passwd file using default cost (if higher)', + 2 => 'Yes, disallow login if stored cost is less than domain default', + ); + $datatable .= ''; + foreach my $option (@options) { + my $checked = ' '; + my $onclick; + if ($defaults{$item} eq $option) { + $checked = ' checked="checked"'; + } + if ($option == 2) { + $onclick = ' onclick="javascript:warnIntAuth(this);"'; + } + $datatable .= ''; + } + $datatable .= '
'. + '
'; + } else { + $datatable .= ''; + } + $datatable .= ''; + $itemcount ++; + } + } elsif ($position eq 'lower') { + my ($min,$max,%chars,$numsaved); + if (ref($settings) eq 'HASH') { + if ($settings->{min}) { + $min = $settings->{min}; + } + if ($settings->{max}) { + $max = $settings->{max}; + } + if (ref($settings->{chars}) eq 'ARRAY') { + map { $chars{$_} = 1; } (@{$settings->{chars}}); + } + if ($settings->{numsaved}) { + $numsaved = $settings->{numsaved}; + } + } else { + $min = '7'; + } + my %rulenames = &Apache::lonlocal::texthash( + uc => 'At least one upper case letter', + lc => 'At least one lower case letter', + num => 'At least one number', + spec => 'At least one non-alphanumeric', + ); + $css_class = $itemcount%2?' class="LC_odd_row"':''; + $datatable .= ''.$titles{'min'}.''. + ''. + ''. + ' '.&mt('(Leave blank for no minimum)').''. + ''; + $itemcount ++; + $css_class = $itemcount%2?' class="LC_odd_row"':''; + $datatable .= ''.$titles{'max'}.''. + ''. + ''. + ' '.&mt('(Leave blank for no maximum)').''. + ''; + $itemcount ++; + $css_class = $itemcount%2?' class="LC_odd_row"':''; + $datatable .= ''.$titles{'chars'}.'
'. + ''.&mt('(Leave unchecked if not required)'). + ''; + my $numinrow = 2; + my @possrules = ('uc','lc','num','spec'); + $datatable .= ''; + for (my $i=0; $i<@possrules; $i++) { + my ($rem,$checked); + if ($chars{$possrules[$i]}) { + $checked = ' checked="checked"'; + } + $rem = $i%($numinrow); + if ($rem == 0) { + if ($i > 0) { + $datatable .= ''; + } + $datatable .= ''; + } + $datatable .= ''; + } + my $rem = @possrules%($numinrow); + my $colsleft = $numinrow - $rem; + if ($colsleft > 1 ) { + $datatable .= ''; + } elsif ($colsleft == 1) { + $datatable .= ''; + } + $datatable .='
'. + '  
'; + $itemcount ++; + $css_class = $itemcount%2?' class="LC_odd_row"':''; + $datatable .= ''.$titles{'numsaved'}.''. + ''. + ''. + ' '.&mt('(Leave blank to not save previous passwords)').''. + ''; + } else { + my ($othertitle,$usertypes,$types) = &Apache::loncommon::sorted_inst_types($dom); + my %ownerchg = ( + by => {}, + for => {}, + ); + my %ownertitles = &Apache::lonlocal::texthash ( + by => 'Course owner status(es) allowed', + for => 'Student status(es) allowed', + ); + if (ref($settings) eq 'HASH') { + if (ref($settings->{crsownerchg}) eq 'HASH') { + if (ref($settings->{crsownerchg}{'by'}) eq 'ARRAY') { + map { $ownerchg{by}{$_} = 1; } (@{$settings->{crsownerchg}{'by'}}); + } + if (ref($settings->{crsownerchg}{'for'}) eq 'ARRAY') { + map { $ownerchg{for}{$_} = 1; } (@{$settings->{crsownerchg}{'for'}}); + } + } + } + $css_class = $itemcount%2?' class="LC_odd_row"':''; + $datatable .= ''. + ''. + &mt('Requirements').'
    '. + '
  • '.&mt("Course 'type' is not a Community").'
    • '. + '
  • '.&mt('User is Course Coordinator and also course owner').'
    • '. + '
  • '.&mt("Student's only active roles are student role(s) in course(s) owned by this user").'
    • '. + '
  • '.&mt('User, course, and student share same domain').'
    • '. + '
'. + ''. + ''; + foreach my $item ('by','for') { + $datatable .= '
'. + ''.$ownertitles{$item}.''; + if ((ref($types) eq 'ARRAY') && (ref($usertypes) eq 'HASH')) { + foreach my $type (@{$types}) { + my $checked; + if ($ownerchg{$item}{$type}) { + $checked = ' checked="checked"'; + } + $datatable .= ''. + '   '; + } + } + my $checked; + if ($ownerchg{$item}{'default'}) { + $checked = ' checked="checked"'; + } + $datatable .= '
'; + } + $datatable .= ''; + } + return $datatable; +} + sub print_usersessions { my ($position,$dom,$settings,$rowtotal) = @_; my ($css_class,$datatable,%checked,%choices); @@ -5575,10 +6033,14 @@ sub captcha_choice { $vertext,$currver); my %lt = &captcha_phrases(); $keyentry = 'hidden'; + my $colspan=2; if ($context eq 'cancreate') { $rowname = &mt('CAPTCHA validation'); } elsif ($context eq 'login') { $rowname = &mt('"Contact helpdesk" CAPTCHA validation'); + } elsif ($context eq 'passwords') { + $rowname = &mt('"Forgot Password" CAPTCHA validation'); + $colspan=1; } if (ref($settings) eq 'HASH') { if ($settings->{'captcha'}) { @@ -5618,7 +6080,7 @@ sub captcha_choice { $css_class .= ' style="'.$rowstyle.'"'; } my $output = ''. - ''.$rowname.''."\n". + ''.$rowname.''."\n". ''; - $rownum ++; - } } else { my %defaults; if (ref($settings) eq 'HASH') { @@ -6690,35 +7073,7 @@ sub serverstatus_pages { sub defaults_javascript { my ($settings) = @_; - my $intauthcheck = &mt('Warning: disallowing login for an authenticated user if the stored cost is less than the default will require a password reset by/for the user.'); - my $intauthcost = &mt('Warning: bcrypt encryption cost for internal authentication must be an integer.'); - &js_escape(\$intauthcheck); - &js_escape(\$intauthcost); - my $intauthjs = <<"ENDSCRIPT"; - -function warnIntAuth(field) { - if (field.name == 'intauth_check') { - if (field.value == '2') { - alert('$intauthcheck'); - } - } - if (field.name == 'intauth_cost') { - field.value.replace(/\s/g,''); - if (field.value != '') { - var regexdigit=/^\\d+\$/; - if (!regexdigit.test(field.value)) { - alert('$intauthcost'); - } - } - } - return; -} - -ENDSCRIPT - - if (ref($settings) ne 'HASH') { - return &Apache::lonhtmlcommon::scripttag($intauthjs); - } + return unless (ref($settings) eq 'HASH'); if ((ref($settings->{'inststatusorder'}) eq 'ARRAY') && (ref($settings->{'inststatustypes'}) eq 'HASH')) { my $maxnum = scalar(@{$settings->{'inststatusorder'}}); if ($maxnum eq '') { @@ -6772,17 +7127,42 @@ $jstext return; } -$intauthjs - // ]]> ENDSCRIPT - } else { - return &Apache::lonhtmlcommon::scripttag($intauthjs); } } +sub passwords_javascript { + my $intauthcheck = &mt('Warning: disallowing login for an authenticated user if the stored cost is less than the default will require a password reset by/for the user.'); + my $intauthcost = &mt('Warning: bcrypt encryption cost for internal authentication must be an integer.'); + &js_escape(\$intauthcheck); + &js_escape(\$intauthcost); + my $intauthjs = <<"ENDSCRIPT"; + +function warnIntAuth(field) { + if (field.name == 'intauth_check') { + if (field.value == '2') { + alert('$intauthcheck'); + } + } + if (field.name == 'intauth_cost') { + field.value.replace(/\s/g,''); + if (field.value != '') { + var regexdigit=/^\\d+\$/; + if (!regexdigit.test(field.value)) { + alert('$intauthcost'); + } + } + } + return; +} + +ENDSCRIPT + return &Apache::lonhtmlcommon::scripttag($intauthjs); +} + sub coursecategories_javascript { my ($settings) = @_; my ($output,$jstext,$cathash); @@ -7121,7 +7501,7 @@ sub modifiable_userdata_row { my $check = ' '; unless ($role eq 'emailusername') { if (exists($checks{$fields[$i]})) { - $check = $checks{$fields[$i]} + $check = $checks{$fields[$i]}; } else { if ($role eq 'st') { if (ref($settings) ne 'HASH') { @@ -8219,7 +8599,7 @@ sub check_configuser { my ($configuserok,%currroles); if ($uhome eq 'no_host') { srand( time() ^ ($$ + ($$ << 15)) ); # Seed rand. - my $configpass = &LONCAPA::Enrollment::create_password(); + my $configpass = &LONCAPA::Enrollment::create_password($dom); $configuserok = &Apache::lonnet::modifyuser($dom,$confname,'','internal', $configpass,'','','','','',undef,$servadm); @@ -10140,6 +10520,514 @@ sub modify_contacts { return $resulttext; } +sub modify_passwords { + my ($r,$dom,$confname,$lastactref,%domconfig) = @_; + my ($resulttext,%current,%changes,%newvalues,@oktypes,$errors, + $updatedefaults,$updateconf); + my $customfn = 'resetpw.html'; + if (ref($domconfig{'passwords'}) eq 'HASH') { + %current = %{$domconfig{'passwords'}}; + } + my %domdefaults = &Apache::lonnet::get_domain_defaults($dom,1); + my ($othertitle,$usertypes,$types) = &Apache::loncommon::sorted_inst_types($dom); + if (ref($types) eq 'ARRAY') { + @oktypes = @{$types}; + } + push(@oktypes,'default'); + + my %titles = &Apache::lonlocal::texthash ( + intauth_cost => 'Encryption cost for bcrypt (positive integer)', + intauth_check => 'Check bcrypt cost if authenticated', + intauth_switch => 'Existing crypt-based switched to bcrypt on authentication', + permanent => 'Permanent e-mail address', + critical => 'Critical notification address', + notify => 'Notification address', + min => 'Minimum password length', + max => 'Maximum password length', + chars => 'Required characters', + numsaved => 'Number of previous passwords to save', + reset => 'Resetting Forgotten Password', + intauth => 'Encryption of Stored Passwords (Internal Auth)', + rules => 'Rules for LON-CAPA Passwords', + crsownerchg => 'Course Owner Changing Student Passwords', + username => 'Username', + email => 'E-mail address', + ); + +# +# Retrieve current domain configuration for internal authentication from $domconfig{'defaults'}. +# + my (%curr_defaults,%save_defaults); + if (ref($domconfig{'defaults'}) eq 'HASH') { + foreach my $key (keys(%{$domconfig{'defaults'}})) { + if ($key =~ /^intauth_(cost|check|switch)$/) { + $curr_defaults{$key} = $domconfig{'defaults'}{$key}; + } else { + $save_defaults{$key} = $domconfig{'defaults'}{$key}; + } + } + } + my %staticdefaults = ( + 'resetlink' => 2, + 'resetcase' => \@oktypes, + 'resetprelink' => 'both', + 'resetemail' => ['critical','notify','permanent'], + 'intauth_cost' => 10, + 'intauth_check' => 0, + 'intauth_switch' => 0, + 'min' => 7, + ); + foreach my $type (@oktypes) { + $staticdefaults{'resetpostlink'}{$type} = ['email','username']; + } + my $linklife = $env{'form.passwords_link'}; + $linklife =~ s/^\s+|\s+$//g; + if (($linklife =~ /^\d+(|\.\d*)$/) && ($linklife > 0)) { + $newvalues{'resetlink'} = $linklife; + if ($current{'resetlink'}) { + if ($current{'resetlink'} ne $linklife) { + $changes{'reset'} = 1; + } + } elsif (!exists($domconfig{passwords})) { + if ($staticdefaults{'resetlink'} ne $linklife) { + $changes{'reset'} = 1; + } + } + } elsif ($current{'resetlink'}) { + $changes{'reset'} = 1; + } + my @casesens; + my @posscase = &Apache::loncommon::get_env_multiple('form.passwords_case_sensitive'); + foreach my $case (sort(@posscase)) { + if (grep(/^\Q$case\E$/,@oktypes)) { + push(@casesens,$case); + } + } + $newvalues{'resetcase'} = \@casesens; + if (ref($current{'resetcase'}) eq 'ARRAY') { + my @diffs = &Apache::loncommon::compare_arrays($current{'resetcase'},\@casesens); + if (@diffs > 0) { + $changes{'reset'} = 1; + } + } elsif (!exists($domconfig{passwords})) { + my @diffs = &Apache::loncommon::compare_arrays($staticdefaults{'resetcase'},\@casesens); + if (@diffs > 0) { + $changes{'reset'} = 1; + } + } + if ($env{'form.passwords_prelink'} =~ /^(both|either)$/) { + $newvalues{'resetprelink'} = $env{'form.passwords_prelink'}; + if (exists($current{'resetprelink'})) { + if ($current{'resetprelink'} ne $newvalues{'resetprelink'}) { + $changes{'reset'} = 1; + } + } elsif (!exists($domconfig{passwords})) { + if ($staticdefaults{'resetprelink'} ne $newvalues{'resetprelink'}) { + $changes{'reset'} = 1; + } + } + } elsif ($current{'resetprelink'}) { + $changes{'reset'} = 1; + } + foreach my $type (@oktypes) { + my @possplink = &Apache::loncommon::get_env_multiple('form.passwords_postlink_'.$type); + my @postlink; + foreach my $item (sort(@possplink)) { + if ($item =~ /^(email|username)$/) { + push(@postlink,$item); + } + } + $newvalues{'resetpostlink'}{$type} = \@postlink; + unless ($changes{'reset'}) { + if (ref($current{'resetpostlink'}) eq 'HASH') { + if (ref($current{'resetpostlink'}{$type}) eq 'ARRAY') { + my @diffs = &Apache::loncommon::compare_arrays($current{'resetpostlink'}{$type},\@postlink); + if (@diffs > 0) { + $changes{'reset'} = 1; + } + } else { + $changes{'reset'} = 1; + } + } elsif (!exists($domconfig{passwords})) { + my @diffs = &Apache::loncommon::compare_arrays($staticdefaults{'resetpostlink'}{$type},\@postlink); + if (@diffs > 0) { + $changes{'reset'} = 1; + } + } + } + } + my @possemailsrc = &Apache::loncommon::get_env_multiple('form.passwords_emailsrc'); + my @resetemail; + foreach my $item (sort(@possemailsrc)) { + if ($item =~ /^(permanent|critical|notify)$/) { + push(@resetemail,$item); + } + } + $newvalues{'resetemail'} = \@resetemail; + unless ($changes{'reset'}) { + if (ref($current{'resetemail'}) eq 'ARRAY') { + my @diffs = &Apache::loncommon::compare_arrays($current{'resetemail'},\@resetemail); + if (@diffs > 0) { + $changes{'reset'} = 1; + } + } elsif (!exists($domconfig{passwords})) { + my @diffs = &Apache::loncommon::compare_arrays($staticdefaults{'resetemail'},\@resetemail); + if (@diffs > 0) { + $changes{'reset'} = 1; + } + } + } + if ($env{'form.passwords_stdtext'} == 0) { + $newvalues{'resetremove'} = 1; + unless ($current{'resetremove'}) { + $changes{'reset'} = 1; + } + } elsif ($current{'resetremove'}) { + $changes{'reset'} = 1; + } + if ($env{'form.passwords_customfile.filename'} ne '') { + my $servadm = $r->dir_config('lonAdmEMail'); + my $servadm = $r->dir_config('lonAdmEMail'); + my ($configuserok,$author_ok,$switchserver) = + &config_check($dom,$confname,$servadm); + my $error; + if ($configuserok eq 'ok') { + if ($switchserver) { + $error = &mt("Upload of file containing domain-specific text is not permitted to this server: [_1]",$switchserver); + } else { + if ($author_ok eq 'ok') { + my ($result,$customurl) = + &publishlogo($r,'upload','passwords_customfile',$dom, + $confname,'customtext/resetpw','','',$customfn); + if ($result eq 'ok') { + $newvalues{'resetcustom'} = $customurl; + $changes{'reset'} = 1; + } else { + $error = &mt("Upload of [_1] failed because an error occurred publishing the file in RES space. Error was: [_2].",$customfn,$result); + } + } else { + $error = &mt("Upload of [_1] failed because an author role could not be assigned to a Domain Configuration user ([_2]) in domain: [_3]. Error was: [_4].",$customfn,$confname,$dom,$author_ok); + } + } + } else { + $error = &mt("Upload of [_1] failed because a Domain Configuration user ([_2]) could not be created in domain: [_3]. Error was: [_4].",$customfn,$confname,$dom,$configuserok); + } + if ($error) { + &Apache::lonnet::logthis($error); + $errors .= '
  • '.$error.'
    • '; + } + } elsif ($current{'resetcustom'}) { + if ($env{'form.passwords_custom_del'}) { + $changes{'reset'} = 1; + } else { + $newvalues{'resetcustom'} = $current{'resetcustom'}; + } + } + $env{'form.intauth_cost'} =~ s/^\s+|\s+$//g; + if (($env{'form.intauth_cost'} ne '') && ($env{'form.intauth_cost'} =~ /^\d+$/)) { + $save_defaults{'intauth_cost'} = $env{'form.intauth_cost'}; + if ($save_defaults{'intauth_cost'} ne $curr_defaults{'intauth_cost'}) { + $changes{'intauth'} = 1; + } + } else { + $save_defaults{'intauth_cost'} = $curr_defaults{'intauth_cost'}; + } + if ($env{'form.intauth_check'} =~ /^(0|1|2)$/) { + $save_defaults{'intauth_check'} = $env{'form.intauth_check'}; + if ($save_defaults{'intauth_check'} ne $curr_defaults{'intauth_check'}) { + $changes{'intauth'} = 1; + } + } else { + $save_defaults{'intauth_check'} = $curr_defaults{'intauth_check'}; + } + if ($env{'form.intauth_switch'} =~ /^(0|1|2)$/) { + $save_defaults{'intauth_switch'} = $env{'form.intauth_switch'}; + if ($save_defaults{'intauth_switch'} ne $curr_defaults{'intauth_switch'}) { + $changes{'intauth'} = 1; + } + } else { + $save_defaults{'intauth_check'} = $curr_defaults{'intauth_check'}; + } + foreach my $item ('cost','check','switch') { + if ($save_defaults{'intauth_'.$item} ne $domdefaults{'intauth_'.$item}) { + $domdefaults{'intauth_'.$item} = $save_defaults{'intauth_'.$item}; + $updatedefaults = 1; + } + } + foreach my $rule ('min','max','numsaved') { + $env{'form.passwords_'.$rule} =~ s/^\s+|\s+$//g; + if ($env{'form.passwords_'.$rule} =~ /^\d+$/) { + $newvalues{$rule} = $env{'form.passwords_'.$rule}; + if (exists($current{$rule})) { + if ($newvalues{$rule} ne $current{$rule}) { + $changes{'rules'} = 1; + } + } elsif ($rule eq 'min') { + if ($staticdefaults{$rule} ne $newvalues{$rule}) { + $changes{'rules'} = 1; + } + } + } elsif (exists($current{$rule})) { + $changes{'rules'} = 1; + } + } + my @posschars = &Apache::loncommon::get_env_multiple('form.passwords_chars'); + my @chars; + foreach my $item (sort(@posschars)) { + if ($item =~ /^(uc|lc|num|spec)$/) { + push(@chars,$item); + } + } + $newvalues{'chars'} = \@chars; + unless ($changes{'rules'}) { + if (ref($current{'chars'}) eq 'ARRAY') { + my @diffs = &Apache::loncommon::compare_arrays($current{'chars'},\@chars); + if (@diffs > 0) { + $changes{'rules'} = 1; + } + } else { + if (@chars > 0) { + $changes{'rules'} = 1; + } + } + } + my %crsownerchg = ( + by => [], + for => [], + ); + foreach my $item ('by','for') { + my @posstypes = &Apache::loncommon::get_env_multiple('form.passwords_crsowner_'.$item); + foreach my $type (sort(@posstypes)) { + if (grep(/^\Q$type\E$/,@oktypes)) { + push(@{$crsownerchg{$item}},$type); + } + } + } + $newvalues{'crsownerchg'} = \%crsownerchg; + if (ref($current{'crsownerchg'}) eq 'HASH') { + foreach my $item ('by','for') { + if (ref($current{'crsownerchg'}{$item}) eq 'ARRAY') { + my @diffs = &Apache::loncommon::compare_arrays($current{'crsownerchg'}{$item},$crsownerchg{$item}); + if (@diffs > 0) { + $changes{'crsownerchg'} = 1; + last; + } + } + } + } elsif (!exists($domconfig{passwords})) { + foreach my $item ('by','for') { + if (@{$crsownerchg{$item}} > 0) { + $changes{'crsownerchg'} = 1; + last; + } + } + } + + my %confighash = ( + defaults => \%save_defaults, + passwords => \%newvalues, + ); + &process_captcha('passwords',\%changes,$confighash{'passwords'},$domconfig{'passwords'}); + + my $putresult = &Apache::lonnet::put_dom('configuration',\%confighash,$dom); + if ($putresult eq 'ok') { + if (keys(%changes) > 0) { + $resulttext = &mt('Changes made: ').'
      '; + foreach my $key ('reset','intauth','rules','crsownerchg') { + if ($changes{$key}) { + unless ($key eq 'intauth') { + $updateconf = 1; + } + $resulttext .= '
    • '.$titles{$key}.':
        '; + if ($key eq 'reset') { + if ($confighash{'passwords'}{'captcha'} eq 'original') { + $resulttext .= '
      • '.&mt('CAPTCHA validation set to use: original CAPTCHA').'
        • '; + } elsif ($confighash{'passwords'}{'captcha'} eq 'recaptcha') { + $resulttext .= '
      • '.&mt('CAPTCHA validation set to use: reCAPTCHA').' '. + &mt('version: [_1]',$confighash{'passwords'}{'recaptchaversion'}).'
        '. + &mt('Public key: [_1]',$confighash{'passwords'}{'recaptchapub'}).'
        '. + &mt('Private key: [_1]',$confighash{'passwords'}{'recaptchapriv'}).'
        • '; + } else { + $resulttext .= '
      • '.&mt('No CAPTCHA validation').'
        • '; + } + if ($confighash{'passwords'}{'resetlink'}) { + $resulttext .= '
      • '.&mt('Reset link expiration set to [quant,_1,hour]',$confighash{'passwords'}{'resetlink'}).'
        • '; + } else { + $resulttext .= '
      • '.&mt('No reset link expiration set.').' '. + &mt('Will default to 2 hours').'
        • '; + } + if (ref($confighash{'passwords'}{'resetcase'}) eq 'ARRAY') { + if (@{$confighash{'passwords'}{'resetcase'}} == 0) { + $resulttext .= '
      • '.&mt('User input for username and/or e-mail address not case sensitive for "Forgot Password" web form').'
        • '; + } else { + my $casesens; + foreach my $type (@{$confighash{'passwords'}{'resetcase'}}) { + if ($type eq 'default') { + $casesens .= $othertitle.', '; + } elsif ($usertypes->{$type} ne '') { + $casesens .= $usertypes->{$type}.', '; + } + } + $casesens =~ s/\Q, \E$//; + $resulttext .= '
      • '.&mt('"Forgot Password" web form input for username and/or e-mail address is case-sensitive for: [_1]',$casesens).'
        • '; + } + } else { + $resulttext .= '
      • '.&mt('Case-sensitivity not set for "Forgot Password" web form').' '.&mt('Will default to case-sensitive for username and/or e-mail address for all').'
        • '; + } + if ($confighash{'passwords'}{'resetprelink'} eq 'either') { + $resulttext .= '
      • '.&mt('Users can enter either a username or an e-mail address in "Forgot Password" web form').'
        • '; + } else { + $resulttext .= '
      • '.&mt('Users can enter both a username and an e-mail address in "Forgot Password" web form').'
        • '; + } + if (ref($confighash{'passwords'}{'resetpostlink'}) eq 'HASH') { + my $output; + if (ref($types) eq 'ARRAY') { + foreach my $type (@{$types}) { + if (ref($confighash{'passwords'}{'resetpostlink'}{$type}) eq 'ARRAY') { + if (@{$confighash{'passwords'}{'resetpostlink'}{$type}} == 0) { + $output .= $usertypes->{$type}.' -- '.&mt('none'); + } else { + $output .= $usertypes->{$type}.' -- '. + join(', ',map { $titles{$_}; } (@{$confighash{'passwords'}{'resetpostlink'}{$type}})).'; '; + } + } + } + } + if (ref($confighash{'passwords'}{'resetpostlink'}{'default'}) eq 'ARRAY') { + if (@{$confighash{'passwords'}{'resetpostlink'}{'default'}} == 0) { + $output .= $othertitle.' -- '.&mt('none'); + } else { + $output .= $othertitle.' -- '. + join(', ',map { $titles{$_}; } (@{$confighash{'passwords'}{'resetpostlink'}{'default'}})); + } + } + if ($output) { + $resulttext .= '
      • '.&mt('Information required for new password form (by user type) set to: [_1]',$output).'
        • '; + } else { + $resulttext .= '
      • '.&mt('Information required for new password form not set.').' '.&mt('Will default to requiring both the username and an e-mail address').'
        • '; + } + } else { + $resulttext .= '
      • '.&mt('Information required for new password form not set.').' '.&mt('Will default to requiring both the username and an e-mail address').'
        • '; + } + if (ref($confighash{'passwords'}{'resetemail'}) eq 'ARRAY') { + if (@{$confighash{'passwords'}{'resetemail'}} > 0) { + $resulttext .= '
      • '.&mt('E-mail address(es) in LON-CAPA used for verification will include: [_1]',join(', ',map { $titles{$_}; } @{$confighash{'passwords'}{'resetemail'}})).'
        • '; + } else { + $resulttext .= '
      • '.&mt('E-mail address(es) in LON-CAPA used for verification will include: [_1]',join(', ',map { $titles{$_}; } @{$staticdefaults{'resetemail'}})).'
        • '; + } + } else { + $resulttext .= '
      • '.&mt('E-mail address(es) in LON-CAPA usedfor verification will include: [_1]',join(', ',map { $titles{$_}; } @{$staticdefaults{'resetemail'}})).'
        • '; + } + if ($confighash{'passwords'}{'resetremove'}) { + $resulttext .= '
      • '.&mt('Preamble to "Forgot Password" web form not shown').'
        • '; + } else { + $resulttext .= '
      • '.&mt('Preamble to "Forgot Password" web form is shown').'
        • '; + } + if ($confighash{'passwords'}{'resetcustom'}) { + my $customlink = &Apache::loncommon::modal_link($confighash{'passwords'}{'resetcustom'}, + $titles{custom},600,500); + $resulttext .= '
      • '.&mt('Preamble to "Forgot Password" form includes [_1]',$customlink).'
        • '; + } else { + $resulttext .= '
      • '.&mt('No custom text included in preamble to "Forgot Password" form').'
        • '; + } + } elsif ($key eq 'intauth') { + foreach my $item ('cost','switch','check') { + my $value = $save_defaults{$key.'_'.$item}; + if ($item eq 'switch') { + my %optiondesc = &Apache::lonlocal::texthash ( + 0 => 'No', + 1 => 'Yes', + 2 => 'Yes, and copy existing passwd file to passwd.bak file', + ); + if ($value =~ /^(0|1|2)$/) { + $value = $optiondesc{$value}; + } else { + $value = &mt('none -- defaults to No'); + } + } elsif ($item eq 'check') { + my %optiondesc = &Apache::lonlocal::texthash ( + 0 => 'No', + 1 => 'Yes, allow login then update passwd file using default cost (if higher)', + 2 => 'Yes, disallow login if stored cost is less than domain default', + ); + if ($value =~ /^(0|1|2)$/) { + $value = $optiondesc{$value}; + } else { + $value = &mt('none -- defaults to No'); + } + } + $resulttext .= '
      • '.&mt('[_1] set to "[_2]"',$titles{$key.'_'.$item},$value).'
        • '; + } + } elsif ($key eq 'rules') { + foreach my $rule ('min','max','numsaved') { + if ($confighash{'passwords'}{$rule} eq '') { + if ($rule eq 'min') { + $resulttext .= '
      • '.&mt('[_1] not set.',$titles{$rule}); + ' '.&mt('Default of 7 will be used').'
        • '; + } else { + $resulttext .= '
      • '.&mt('[_1] set to none',$titles{$rule}).'
        • '; + } + } else { + $resulttext .= '
      • '.&mt('[_1] set to [_2]',$titles{$rule},$confighash{'passwords'}{$rule}).'
        • '; + } + } + } elsif ($key eq 'crsownerchg') { + if (ref($confighash{'passwords'}{'crsownerchg'}) eq 'HASH') { + if ((@{$confighash{'passwords'}{'crsownerchg'}{'by'}} == 0) || + (@{$confighash{'passwords'}{'crsownerchg'}{'for'}} == 0)) { + $resulttext .= '
      • '.&mt('Course owner may not change student passwords.').'
        • '; + } else { + my %crsownerstr; + foreach my $item ('by','for') { + if (ref($confighash{'passwords'}{'crsownerchg'}{$item}) eq 'ARRAY') { + foreach my $type (@{$confighash{'passwords'}{'crsownerchg'}{$item}}) { + if ($type eq 'default') { + $crsownerstr{$item} .= $othertitle.', '; + } elsif ($usertypes->{$type} ne '') { + $crsownerstr{$item} .= $usertypes->{$type}.', '; + } + } + $crsownerstr{$item} =~ s/\Q, \E$//; + } + } + $resulttext .= '
      • '.&mt('Course owner (with status: [_1]) may change passwords for students (with status: [_2]).', + $crsownerstr{'by'},$crsownerstr{'for'}).'
        • '; + } + } else { + $resulttext .= '
      • '.&mt('Course owner may not change student passwords.').'
        • '; + } + } + $resulttext .= '
      • '; + } + } + $resulttext .= '
    '; + } else { + $resulttext = &mt('No changes made to password settings'); + } + my $cachetime = 24*60*60; + if ($updatedefaults) { + &Apache::lonnet::do_cache_new('domdefaults',$dom,\%domdefaults,$cachetime); + if (ref($lastactref) eq 'HASH') { + $lastactref->{'domdefaults'} = 1; + } + } + if ($updateconf) { + &Apache::lonnet::do_cache_new('passwdconf',$dom,$confighash{'passwords'},$cachetime); + if (ref($lastactref) eq 'HASH') { + $lastactref->{'passwdconf'} = 1; + } + } + } else { + $resulttext = ''. + &mt('An error occurred: [_1]',$putresult).''; + } + if ($errors) { + $resulttext .= '

    '.&mt('The following errors occurred: ').'

      '. + $errors.'

    '; + } + return $resulttext; +} + sub modify_usercreation { my ($dom,%domconfig) = @_; my ($resulttext,%curr_usercreation,%changes,%authallowed,%cancreate,%save_usercreate); @@ -11406,7 +12294,7 @@ sub modify_defaults { my ($resulttext,$mailmsgtxt,%newvalues,%changes,@errors); my %domdefaults = &Apache::lonnet::get_domain_defaults($dom,1); my @items = ('auth_def','auth_arg_def','lang_def','timezone_def','datelocale_def', - 'portal_def','intauth_cost','intauth_check','intauth_switch'); + 'portal_def'); my @authtypes = ('internal','krb4','krb5','localauth'); foreach my $item (@items) { $newvalues{$item} = $env{'form.'.$item}; @@ -11448,24 +12336,6 @@ sub modify_defaults { push(@errors,$item); } } - } elsif ($item eq 'intauth_cost') { - if ($newvalues{$item} ne '') { - if ($newvalues{$item} =~ /\D/) { - push(@errors,$item); - } - } - } elsif ($item eq 'intauth_check') { - if ($newvalues{$item} ne '') { - unless ($newvalues{$item} =~ /^(0|1|2)$/) { - push(@errors,$item); - } - } - } elsif ($item eq 'intauth_switch') { - if ($newvalues{$item} ne '') { - unless ($newvalues{$item} =~ /^(0|1|2)$/) { - push(@errors,$item); - } - } } if (grep(/^\Q$item\E$/,@errors)) { $newvalues{$item} = $domdefaults{$item}; @@ -11474,6 +12344,18 @@ sub modify_defaults { } $domdefaults{$item} = $newvalues{$item}; } + my %staticdefaults = ( + 'intauth_cost' => 10, + 'intauth_check' => 0, + 'intauth_switch' => 0, + ); + foreach my $item ('intauth_cost','intauth_check','intauth_switch') { + if (exists($domdefaults{$item})) { + $newvalues{$item} = $domdefaults{$item}; + } else { + $newvalues{$item} = $staticdefaults{$item}; + } + } my %defaults_hash = ( defaults => \%newvalues, ); @@ -11603,28 +12485,6 @@ sub modify_defaults { localauth => 'loc', ); $value = $authnames{$shortauth{$value}}; - } elsif ($item eq 'intauth_switch') { - my %optiondesc = &Apache::lonlocal::texthash ( - 0 => 'No', - 1 => 'Yes', - 2 => 'Yes, and copy existing passwd file to passwd.bak file', - ); - if ($value =~ /^(0|1|2)$/) { - $value = $optiondesc{$value}; - } else { - $value = &mt('none -- defaults to No'); - } - } elsif ($item eq 'intauth_check') { - my %optiondesc = &Apache::lonlocal::texthash ( - 0 => 'No', - 1 => 'Yes, allow login then update passwd file using default cost (if higher)', - 2 => 'Yes, disallow login if stored cost is less than domain default', - ); - if ($value =~ /^(0|1|2)$/) { - $value = $optiondesc{$value}; - } else { - $value = &mt('none -- defaults to No'); - } } $resulttext .= '
  • '.&mt('[_1] set to "[_2]"',$title->{$item},$value).'
    • '; $mailmsgtext .= "$title->{$item} set to $value\n"; @@ -14533,7 +15393,8 @@ sub devalidate_remote_domconfs { my %servers = &Apache::lonnet::internet_dom_servers($dom); my %thismachine; map { $thismachine{$_} = 1; } &Apache::lonnet::current_machine_ids(); - my @posscached = ('domainconfig','domdefaults','usersessions','directorysrch','cats'); + my @posscached = ('domainconfig','domdefaults','usersessions', + 'directorysrch','passwdconf','cats'); if (keys(%servers)) { foreach my $server (keys(%servers)) { next if ($thismachine{$server});
    '."\n"; foreach my $option ('original','recaptcha','notused') { $output .= ''.$titles->{$item}. - ''; - if ($item eq 'intauth_switch') { - my @options = (0,1,2); - my %optiondesc = &Apache::lonlocal::texthash ( - 0 => 'No', - 1 => 'Yes', - 2 => 'Yes, and copy existing passwd file to passwd.bak file', - ); - $datatable .= ''; - foreach my $option (@options) { - my $checked = ' '; - if ($defaults{$item} eq $option) { - $checked = ' checked="checked"'; - } - $datatable .= ''; - } - $datatable .= '
    '. - '
    '; - } elsif ($item eq 'intauth_check') { - my @options = (0,1,2); - my %optiondesc = &Apache::lonlocal::texthash ( - 0 => 'No', - 1 => 'Yes, allow login then update passwd file using default cost (if higher)', - 2 => 'Yes, disallow login if stored cost is less than domain default', - ); - $datatable .= ''; - foreach my $option (@options) { - my $checked = ' '; - my $onclick; - if ($defaults{$item} eq $option) { - $checked = ' checked="checked"'; - } - if ($option == 2) { - $onclick = ' onclick="javascript:warnIntAuth(this);"'; - } - $datatable .= ''; - } - $datatable .= '
    '. - '
    '; - } else { - $datatable .= ''; - } - $datatable .= '