--- loncom/interface/domainprefs.pm 2017/01/28 21:35:49 1.291 +++ loncom/interface/domainprefs.pm 2017/07/26 19:45:45 1.303 @@ -1,7 +1,7 @@ # The LearningOnline Network with CAPA # Handler to set domain-wide configuration settings # -# $Id: domainprefs.pm,v 1.291 2017/01/28 21:35:49 raeburn Exp $ +# $Id: domainprefs.pm,v 1.303 2017/07/26 19:45:45 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -27,7 +27,7 @@ # # ############################################################### -############################################################## +############################################################### =pod @@ -220,6 +220,19 @@ sub handler { 'coursedefaults','usersessions','loadbalancing', 'requestauthor','selfenrollment','inststatus', 'ltitools','ssl','trust'],$dom); + if (ref($domconfig{'ltitools'}) eq 'HASH') { + my %encconfig = + &Apache::lonnet::get_dom('encconfig',['ltitools'],$dom); + if (ref($encconfig{'ltitools'}) eq 'HASH') { + foreach my $id (keys(%{$domconfig{'ltitools'}})) { + if (ref($domconfig{'ltitools'}{$id}) eq 'HASH') { + foreach my $item ('key','secret') { + $domconfig{'ltitools'}{$id}{$item} = $encconfig{'ltitools'}{$id}{$item}; + } + } + } + } + } my @prefs_order = ('rolecolors','login','defaults','quotas','autoenroll', 'autoupdate','autocreate','directorysrch','contacts', 'usercreation','selfcreation','usermodification','scantron', @@ -265,8 +278,10 @@ sub handler { help => 'Domain_Configuration_LangTZAuth', header => [{col1 => 'Setting', col2 => 'Value'}, + {col1 => 'Internal Authentication', + col2 => 'Value'}, {col1 => 'Institutional user types', - col2 => 'Assignable to e-mail usernames'}], + col2 => 'Assignable to non-institutional users'}], print => \&print_defaults, modify => \&modify_defaults, }, @@ -348,7 +363,7 @@ sub handler { col2 => 'Enabled?'}, {col1 => 'Institutional user type (login/SSO self-creation)', col2 => 'Information user can enter'}, - {col1 => 'Self-creation with e-mail as username', + {col1 => 'Self-creation with e-mail verification', col2 => 'Settings'}], print => \&print_selfcreation, modify => \&modify_selfcreation, @@ -486,7 +501,7 @@ sub handler { }, 'ltitools' => {text => 'External Tools (LTI)', - help => 'Domain_configuration_LTI_Tools', + help => 'Domain_Configuration_LTI_Tools', header => [{col1 => 'Setting', col2 => 'Value',}], print => \&print_ltitools, @@ -499,6 +514,8 @@ sub handler { col2 => 'Certificate Status'}, {col1 => 'Connections to other servers', col2 => 'Rules'}, + {col1 => 'Connections from other servers', + col2 => 'Rules'}, {col1 => "Replicating domain's published content", col2 => 'Rules'}], print => \&print_ssl, @@ -673,7 +690,7 @@ sub process_changes { } elsif ($action eq 'autocreate') { $output = &modify_autocreate($dom,%domconfig); } elsif ($action eq 'directorysrch') { - $output = &modify_directorysrch($dom,%domconfig); + $output = &modify_directorysrch($dom,$lastactref,%domconfig); } elsif ($action eq 'usercreation') { $output = &modify_usercreation($dom,%domconfig); } elsif ($action eq 'selfcreation') { @@ -806,7 +823,7 @@ sub print_config_box { if (($action eq 'autoupdate') || ($action eq 'usercreation') || ($action eq 'selfcreation') || ($action eq 'selfenrollment') || ($action eq 'usersessions') || ($action eq 'coursecategories') || - ($action eq 'ssl') || ($action eq 'trust') || ($action eq 'contacts')) { + ($action eq 'trust') || ($action eq 'contacts') || ($action eq 'defaults')) { if ($action eq 'coursecategories') { $output .= &print_coursecategories('middle',$dom,$item,$settings,\$rowtotal); $colspan = ' colspan="2"'; @@ -866,6 +883,28 @@ sub print_config_box { ($action eq 'defaults') || ($action eq 'directorysrch') || ($action eq 'helpsettings')) { $output .= $item->{'print'}->('bottom',$dom,$settings,\$rowtotal); + } elsif ($action eq 'ssl') { + $output .= $item->{'print'}->('connto',$dom,$settings,\$rowtotal).' + + + + + + + + + '. + $item->{'print'}->('connfrom',$dom,$settings,\$rowtotal).' +
'.&mt($item->{'header'}->[2]->{'col1'}).''.&mt($item->{'header'}->[2]->{'col2'}).'
+ + + + + + + + '. + $item->{'print'}->('bottom',$dom,$settings,\$rowtotal); } elsif ($action eq 'login') { if ($numheaders == 4) { $output .= &print_login('page',$dom,$confname,$phase,$settings,\$rowtotal).' @@ -3222,8 +3261,10 @@ sub print_helpsettings { my $css_class; my %existing=&Apache::lonnet::dump('roles',$dom,$confname,'rolesdef_'); my (%customroles,%ordered,%current); - if (ref($settings->{'adhoc'}) eq 'HASH') { - %current = %{$settings->{'adhoc'}}; + if (ref($settings) eq 'HASH') { + if (ref($settings->{'adhoc'}) eq 'HASH') { + %current = %{$settings->{'adhoc'}}; + } } my $count = 0; foreach my $key (sort(keys(%existing))) { @@ -3250,7 +3291,7 @@ sub print_helpsettings { my $context = 'domprefs'; my $crstype = 'Course'; my ($othertitle,$usertypes,$types) = &Apache::loncommon::sorted_inst_types($dom); - my @accesstypes = ('all','anydh','anyda','none'); + my @accesstypes = ('all','dh','da','none'); my ($numstatustypes,@jsarray); if (ref($types) eq 'ARRAY') { if (@{$types} > 0) { @@ -3468,7 +3509,7 @@ function helpdeskAccess(num) { shown = Array('notinc'); hidden = Array('notexc','bystatus'); } - if ((curraccess == 'all') || (curraccess == 'anydh') || (curraccess == 'anyda')) { + if ((curraccess == 'all') || (curraccess == 'dh') || (curraccess == 'da')) { hidden = Array('notinc','notexc','bystatus'); } } @@ -3525,9 +3566,9 @@ sub helpdeskroles_access { my %lt = &Apache::lonlocal::texthash( 'rou' => 'Role usage', 'whi' => 'Which helpdesk personnel may use this role?', - 'all' => "All with domain helpdesk or helpdesk assistant role', - 'anydh' => "All with domain helpdesk role', - 'anyda' => "All with domain helpdesk assistant role', + 'all' => 'All with domain helpdesk or helpdesk assistant role', + 'dh' => 'All with domain helpdesk role', + 'da' => 'All with domain helpdesk assistant role', 'none' => 'None', 'status' => 'Determined based on institutional status', 'inc' => 'Include all, but exclude specific personnel', @@ -3719,6 +3760,8 @@ sub print_ltitools { if (ref($settings->{$item}->{'display'}) eq 'HASH') { if ($settings->{$item}->{'display'}->{'target'} eq 'window') { $currdisp{'window'} = ' checked="checked"'; + } elsif ($settings->{$item}->{'display'}->{'target'} eq 'tab') { + $currdisp{'tab'} = ' checked="checked"'; } else { $currdisp{'iframe'} = ' checked="checked"'; } @@ -3728,10 +3771,12 @@ sub print_ltitools { if ($settings->{$item}->{'display'}->{'height'} =~ /^(\d+)$/) { $currdisp{'height'} = $1; } + $currdisp{'linktext'} = $settings->{$item}->{'display'}->{'linktext'}; + $currdisp{'explanation'} = $settings->{$item}->{'display'}->{'explanation'}; } else { $currdisp{'iframe'} = ' checked="checked"'; } - foreach my $disp ('iframe','window') { + foreach my $disp ('iframe','tab','window') { $datatable .= ''.(' 'x2); } @@ -3741,6 +3786,12 @@ sub print_ltitools { ''. (' 'x2); } + $datatable .= '
'. + '
'.$lt{'linktext'}.'
'. + '
'. + '
'.$lt{'explanation'}.'
'. + '

'; $datatable .= '
'; foreach my $extra ('passback','roster') { my $checkedon = ''; @@ -3822,7 +3873,7 @@ sub print_ltitools { } } $datatable .= '
'.&mt('Configurable in course').''; - foreach my $item ('label','title','target') { + foreach my $item ('label','title','target','linktext','explanation') { my $checked; if ($courseconfig{$item}) { $checked = ' checked="checked"'; @@ -3890,7 +3941,7 @@ sub print_ltitools { ''.&mt('Display target:'); my %defaultdisp; $defaultdisp{'iframe'} = ' checked="checked"'; - foreach my $disp ('iframe','window') { + foreach my $disp ('iframe','tab','window') { $datatable .= ''.(' 'x2); } @@ -3900,7 +3951,12 @@ sub print_ltitools { ''. (' 'x2); } - $datatable .= '
'; + $datatable .= '
'. + '
'.$lt{'linktext'}.'
'. + '
'. + '
'.$lt{'explanation'}.'
'. + ''. + '

'; foreach my $extra ('passback','roster') { $datatable .= $lt{$extra}.' '. '
'.&mt($item->{'header'}->[3]->{'col1'}).''.&mt($item->{'header'}->[3]->{'col2'}).'
'. '
'.&mt('Configurable in course').''; - foreach my $item ('label','title','target') { - $datatable .= ''.(' ' x2)."\n"; + foreach my $item ('label','title','target','linktext','explanation') { + $datatable .= ''.(' ' x2)."\n"; } $datatable .= '
'. '
'.&mt('Custom items sent on launch').''. @@ -3959,28 +4015,33 @@ sub print_ltitools { sub ltitools_names { my %lt = &Apache::lonlocal::texthash( - 'title' => 'Title', - 'version' => 'Version', - 'msgtype' => 'Message Type', - 'url' => 'URL', - 'key' => 'Key', - 'secret' => 'Secret', - 'icon' => 'Icon', - 'user' => 'Username:domain', - 'fullname' => 'Full Name', - 'firstname' => 'First Name', - 'lastname' => 'Last Name', - 'email' => 'E-mail', - 'roles' => 'Role', - 'window' => 'Window/Tab', - 'iframe' => 'iFrame', - 'height' => 'Height', - 'width' => 'Width', - 'passback' => 'Tool can return grades:', - 'roster' => 'Tool can retrieve roster:', - 'crstarget' => 'Display target', - 'crslabel' => 'Course label', - 'crstitle' => 'Course title', + 'title' => 'Title', + 'version' => 'Version', + 'msgtype' => 'Message Type', + 'url' => 'URL', + 'key' => 'Key', + 'secret' => 'Secret', + 'icon' => 'Icon', + 'user' => 'Username:domain', + 'fullname' => 'Full Name', + 'firstname' => 'First Name', + 'lastname' => 'Last Name', + 'email' => 'E-mail', + 'roles' => 'Role', + 'window' => 'Window', + 'tab' => 'Tab', + 'iframe' => 'iFrame', + 'height' => 'Height', + 'width' => 'Width', + 'linktext' => 'Default Link Text', + 'explanation' => 'Default Explanation', + 'passback' => 'Tool can return grades:', + 'roster' => 'Tool can retrieve roster:', + 'crstarget' => 'Display target', + 'crslabel' => 'Course label', + 'crstitle' => 'Course title', + 'crslinktext' => 'Link Text', + 'crsexplanation' => 'Explanation', ); return %lt; } @@ -4235,7 +4296,7 @@ sub print_coursedefaults { foreach my $type (@types) { $datatable .= ''.&mt($type).'
'. ''; + ' value="'.$currmysql{$type}.'" size="8" />'; } $datatable .= ''."\n"; $itemcount ++; @@ -4657,7 +4718,32 @@ sub print_ssl { my @domservers = &Apache::lonnet::get_servers($dom); my %servers = &Apache::lonnet::internet_dom_servers($dom); my %altids = &id_for_thisdom(%servers); - if ($position eq 'middle') { + if (($position eq 'connto') || ($position eq 'connfrom')) { + my $legacy; + unless (ref($settings) eq 'HASH') { + my $name; + if ($position eq 'connto') { + $name = 'loncAllowInsecure'; + } else { + $name = 'londAllowInsecure'; + } + my $primarylibserv = &Apache::lonnet::domain($dom,'primary'); + my @ids=&Apache::lonnet::current_machine_ids(); + if (($primarylibserv ne '') && (!grep(/^\Q$primarylibserv\E$/,@ids))) { + my %what = ( + $name => 1, + ); + my ($result,$returnhash) = + &Apache::lonnet::get_remote_globals($primarylibserv,\%what); + if ($result eq 'ok') { + if (ref($returnhash) eq 'HASH') { + $legacy = $returnhash->{$name}; + } + } + } else { + $legacy = $Apache::lonnet::perlvar{$name}; + } + } foreach my $type ('dom','intdom','other') { my %checked; $css_class = $itemcount%2?' class="LC_odd_row"':''; @@ -4684,16 +4770,21 @@ sub print_ssl { unless ($skip) { $checked{'yes'} = ' checked="checked"'; if (ref($settings) eq 'HASH') { - if (ref($settings->{'connect'}) eq 'HASH') { - if ($settings->{'connect'}->{$type} =~ /^(no|req)$/) { + if (ref($settings->{$position}) eq 'HASH') { + if ($settings->{$position}->{$type} =~ /^(no|req)$/) { $checked{$1} = $checked{'yes'}; delete($checked{'yes'}); } } + } else { + if ($legacy == 0) { + $checked{'req'} = $checked{'yes'}; + delete($checked{'yes'}); + } } foreach my $option ('no','yes','req') { $datatable .= ''.(' 'x2); } @@ -4724,7 +4815,8 @@ sub ssl_titles { dom => 'LON-CAPA servers/VMs from same domain', intdom => 'LON-CAPA servers/VMs from same "internet" domain', other => 'External LON-CAPA servers/VMs', - connect => 'Connections to other servers', + connto => 'Connections to other servers', + connfrom => 'Connections from other servers', replication => 'Replicating content to other institutions', certreq => 'Client certificate required, but specific domains exempt', nocertreq => 'No client certificate required, except for specific domains', @@ -5298,9 +5390,14 @@ sub loadbalancing_titles { '_LC_ipchange' => &mt('Non-SSO users with IP mismatch'), ); my @alltypes = ('_LC_adv','_LC_author','_LC_internetdom','_LC_external','_LC_ipchangesso','_LC_ipchange'); + my @available; if (ref($types) eq 'ARRAY') { - unshift(@alltypes,@{$types},'default'); + @available = @{$types}; + } + unless (grep(/^default$/,@available)) { + push(@available,'default'); } + unshift(@alltypes,@available); my %titles; foreach my $type (@alltypes) { if ($type =~ /^_LC_/) { @@ -5655,7 +5752,7 @@ sub print_usercreation { sub print_selfcreation { my ($position,$dom,$settings,$rowtotal) = @_; - my (@selfcreate,$createsettings,$processing,$datatable); + my (@selfcreate,$createsettings,$processing,$emailverified,$emaildomain,$datatable); if (ref($settings) eq 'HASH') { if (ref($settings->{'cancreate'}) eq 'HASH') { $createsettings = $settings->{'cancreate'}; @@ -5672,12 +5769,19 @@ sub print_selfcreation { if (ref($createsettings->{'selfcreateprocessing'}) eq 'HASH') { $processing = $createsettings->{'selfcreateprocessing'}; } + if (ref($createsettings->{'emailverified'}) eq 'HASH') { + $emailverified = $createsettings->{'emailverified'}; + } + if (ref($createsettings->{'emaildomain'}) eq 'HASH') { + $emaildomain = $createsettings->{'emaildomain'}; + } } } } my %radiohash; my $numinrow = 4; map { $radiohash{'cancreate_'.$_} = 1; } @selfcreate; + my ($othertitle,$usertypes,$types) = &Apache::loncommon::sorted_inst_types($dom); if ($position eq 'top') { my %choices = &Apache::lonlocal::texthash ( cancreate_login => 'Institutional Login', @@ -5693,8 +5797,6 @@ sub print_selfcreation { \%choices,$itemcount,$onclick); $$rowtotal += $itemcount; - my ($othertitle,$usertypes,$types) = &Apache::loncommon::sorted_inst_types($dom); - if (ref($usertypes) eq 'HASH') { if (keys(%{$usertypes}) > 0) { $datatable .= &insttypes_row($createsettings,$types,$usertypes, @@ -5744,20 +5846,26 @@ sub print_selfcreation { $$rowtotal ++; } elsif ($position eq 'middle') { my %domconf = &Apache::lonnet::get_dom('configuration',['usermodification'],$dom); - my ($othertitle,$usertypes,$types) = &Apache::loncommon::sorted_inst_types($dom); - $usertypes->{'default'} = $othertitle; + my @posstypes; if (ref($types) eq 'ARRAY') { - push(@{$types},'default'); - $usertypes->{'default'} = $othertitle; - foreach my $status (@{$types}) { - $datatable .= &modifiable_userdata_row('selfcreate',$status,$domconf{'usermodification'}, - $numinrow,$$rowtotal,$usertypes); - $$rowtotal ++; - } + @posstypes = @{$types}; + } + unless (grep(/^default$/,@posstypes)) { + push(@posstypes,'default'); + } + my %usertypeshash; + if (ref($usertypes) eq 'HASH') { + %usertypeshash = %{$usertypes}; + } + $usertypeshash{'default'} = $othertitle; + foreach my $status (@posstypes) { + $datatable .= &modifiable_userdata_row('selfcreate',$status,$domconf{'usermodification'}, + $numinrow,$$rowtotal,\%usertypeshash); + $$rowtotal ++; } } else { my %choices = &Apache::lonlocal::texthash ( - cancreate_email => 'E-mail address as username', + cancreate_email => 'Non-institutional username (e-mail verification)', ); my @toggles = sort(keys(%choices)); my %defaultchecked = ( @@ -5771,29 +5879,45 @@ sub print_selfcreation { my $onclick = "toggleDisplay(this.form,'emailoptions');"; my $additional = '
'; my %domdefaults = &Apache::lonnet::get_domain_defaults($dom); - my $usertypes = {}; - my $order = []; - if ((ref($domdefaults{'inststatustypes'}) eq 'HASH') && (ref($domdefaults{'inststatusguest'}) eq 'ARRAY')) { - $usertypes = $domdefaults{'inststatustypes'}; + my $order; + if (ref($domdefaults{'inststatusguest'}) eq 'ARRAY') { $order = $domdefaults{'inststatusguest'}; } + my (@ordered,%usertypeshash); if (ref($order) eq 'ARRAY') { - push(@{$order},'default'); - if (@{$order} > 1) { - $usertypes->{'default'} = &mt('Other users'); - $additional .= ''; - foreach my $status (@{$order}) { - $additional .= ''; - } - $additional .= ''; - foreach my $status (@{$order}) { - $additional .= ''; - } - $additional .= '
'.$usertypes->{$status}.'
'.&email_as_username($rowtotal,$processing,$status).'
'; - } else { - $usertypes->{'default'} = &mt('All users'); - $additional .= &email_as_username($rowtotal,$processing); + @ordered = @{$order}; + } + if (@ordered) { + unless (grep(/^default$/,@ordered)) { + push(@ordered,'default'); } + if (ref($usertypes) eq 'HASH') { + %usertypeshash = %{$usertypes}; + } + $usertypeshash{'default'} = $othertitle; + $additional .= ''; + foreach my $status (@ordered) { + $additional .= ''; + } + $additional .= ''; + foreach my $status (@ordered) { + $additional .= ''; + } + $additional .= '
'.$usertypeshash{$status}.'
'.&validate_by_email($rowtotal,$processing,$status).'

'. + ''; + foreach my $status (@ordered) { + $additional .= ''; + } + $additional .= ''; + foreach my $status (@ordered) { + $additional .= ''; + } + $additional .= '
'.$usertypeshash{$status}.'
'.&email_as_username($rowtotal,$emailverified,$emaildomain,$status).'
'; + + } else { + $usertypeshash{'default'} = $othertitle; + $additional .= &mt('Approval:').' '.&validate_by_email($rowtotal,$processing).'
'. + &mt('Username:').' '.&email_as_username($rowtotal,$emailverified,$emaildomain); } $additional .= '
'."\n"; @@ -5804,12 +5928,10 @@ sub print_selfcreation { $$rowtotal ++; my ($infofields,$infotitles) = &Apache::loncommon::emailusername_info(); $numinrow = 1; - if (ref($order) eq 'ARRAY') { - foreach my $status (@{$order}) { - $datatable .= &modifiable_userdata_row('cancreate','emailusername_'.$status,$settings, - $numinrow,$$rowtotal,$usertypes,$infofields,$infotitles); - $$rowtotal ++; - } + foreach my $status (@ordered) { + $datatable .= &modifiable_userdata_row('cancreate','emailusername_'.$status,$settings, + $numinrow,$$rowtotal,\%usertypeshash,$infofields,$infotitles); + $$rowtotal ++; } my ($emailrules,$emailruleorder) = &Apache::lonnet::inst_userrules($dom,'email'); @@ -5825,15 +5947,20 @@ sub print_selfcreation { return $datatable; } -sub email_as_username { +sub validate_by_email { my ($rowtotal,$processing,$type) = @_; my %choices = &Apache::lonlocal::texthash ( automatic => 'Automatic approval', approval => 'Queued for approval', + notinuse => 'Unavailable', ); my $output; - foreach my $option ('automatic','approval') { + my @options = ('automatic','approval'); + unless ($type eq '') { + push(@options,'notinuse'); + } + foreach my $option (@options) { my $checked; if (ref($processing) eq 'HASH') { if ($type eq '') { @@ -5878,6 +6005,83 @@ sub email_as_username { return $output; } +sub email_as_username { + my ($rowtotal,$emailverified,$emaildomain,$type) = @_; + my %choices = + &Apache::lonlocal::texthash ( + email => 'Username is e-mail', + other => 'Username is chosen', + ); + my $name = 'cancreate_emailverified'; + my $condition = 'cancreate_emaildomain'; + if (($type ne '') && ($type ne 'default')) { + $name .= '_'.$type; + $condition .= '_'.$type; + } + my $display = 'none'; + my $onclick = "toggleDisplay(this.form,'$name');"; + + my $output; + foreach my $option ('email','other') { + my ($checked,$domain); + if (ref($emailverified) eq 'HASH') { + if ($type eq '') { + if (!exists($emailverified->{'default'})) { + if ($option eq 'email') { + $checked = ' checked="checked"'; + } + } else { + if ($emailverified->{'default'} eq $option) { + $checked = ' checked="checked"'; + } + } + } else { + if (!exists($emailverified->{$type})) { + if ($option eq 'email') { + $checked = ' checked="checked"'; + } + } else { + if ($emailverified->{$type} eq $option) { + $checked = ' checked="checked"'; + if ($option eq 'other') { + $display = 'inline'; + } + } + } + } + } elsif ($option eq 'email') { + $checked = ' checked="checked"'; + } + $output .= ''; + if ($type eq '') { + $output .= ' '; + } else { + $output .= '
'; + } + } + my $domain; + if (ref($emaildomain) eq 'HASH') { + if ($type eq '') { + if (exists($emaildomain->{'default'})) { + $domain = $emaildomain->{'default'}; + } + } else { + if (exists($emaildomain->{$type})) { + $domain = $emaildomain->{$type}; + } + } + } + $output .= '
'. + ''.&mt('E-mail domain').' '. + ''. + '
'; + $$rowtotal ++; + return $output; +} + sub captcha_choice { my ($context,$settings,$itemcount) = @_; my ($keyentry,$currpub,$currpriv,%checked,$rowname,$pubtext,$privtext, @@ -6076,7 +6280,10 @@ sub print_usermodification { sub print_defaults { my ($position,$dom,$settings,$rowtotal) = @_; my $rownum = 0; - my ($datatable,$css_class); + my ($datatable,$css_class,$titles); + unless ($position eq 'bottom') { + $titles = &defaults_titles($dom); + } if ($position eq 'top') { my @items = ('auth_def','auth_arg_def','lang_def','timezone_def', 'datelocale_def','portal_def'); @@ -6089,7 +6296,6 @@ sub print_defaults { $defaults{$item} = $domdefaults{$item}; } } - my $titles = &defaults_titles($dom); foreach my $item (@items) { if ($rownum%2) { $css_class = ''; @@ -6137,8 +6343,87 @@ sub print_defaults { $datatable .= ''; $rownum ++; } + } elsif ($position eq 'middle') { + my @items = ('intauth_cost','intauth_check','intauth_switch'); + my %defaults; + if (ref($settings) eq 'HASH') { + %defaults = %{$settings}; + if ($defaults{'intauth_cost'} !~ /^\d+$/) { + $defaults{'intauth_cost'} = 10; + } + if ($defaults{'intauth_check'} !~ /^(0|1|2)$/) { + $defaults{'intauth_check'} = 0; + } + if ($defaults{'intauth_switch'} !~ /^(0|1|2)$/) { + $defaults{'intauth_switch'} = 0; + } + } else { + %defaults = ( + 'intauth_cost' => 10, + 'intauth_check' => 0, + 'intauth_switch' => 0, + ); + } + foreach my $item (@items) { + if ($rownum%2) { + $css_class = ''; + } else { + $css_class = ' class="LC_odd_row" '; + } + $datatable .= ''. + ''.$titles->{$item}. + ''; + if ($item eq 'intauth_switch') { + my @options = (0,1,2); + my %optiondesc = &Apache::lonlocal::texthash ( + 0 => 'No', + 1 => 'Yes', + 2 => 'Yes, and copy existing passwd file to passwd.bak file', + ); + $datatable .= ''; + foreach my $option (@options) { + my $checked = ' '; + if ($defaults{$item} eq $option) { + $checked = ' checked="checked"'; + } + $datatable .= ''; + } + $datatable .= '
'. + '
'; + } elsif ($item eq 'intauth_check') { + my @options = (0,1,2); + my %optiondesc = &Apache::lonlocal::texthash ( + 0 => 'No', + 1 => 'Yes, allow login then update passwd file using default cost (if higher)', + 2 => 'Yes, disallow login if stored cost is less than domain default', + ); + $datatable .= ''; + foreach my $option (@options) { + my $checked = ' '; + my $onclick; + if ($defaults{$item} eq $option) { + $checked = ' checked="checked"'; + } + if ($option == 2) { + $onclick = ' onclick="javascript:warnIntAuth(this);"'; + } + $datatable .= ''; + } + $datatable .= '
'. + '
'; + } else { + $datatable .= ''; + } + $datatable .= ''; + $rownum ++; + } } else { - my (%defaults); + my %defaults; if (ref($settings) eq 'HASH') { if ((ref($settings->{'inststatusorder'}) eq 'ARRAY') && (ref($settings->{'inststatustypes'}) eq 'HASH') && (ref($settings->{'inststatusguest'}) eq 'ARRAY')) { @@ -6233,6 +6518,9 @@ sub defaults_titles { 'timezone_def' => 'Default timezone', 'datelocale_def' => 'Default locale for dates', 'portal_def' => 'Portal/Default URL', + 'intauth_cost' => 'Encryption cost for bcrypt (positive integer)', + 'intauth_check' => 'Check bcrypt cost if authenticated', + 'intauth_switch' => 'Existing crypt-based switched to bcrypt on authentication', ); if ($dom) { my $uprimary_id = &Apache::lonnet::domain($dom,'primary'); @@ -6768,7 +7056,35 @@ sub serverstatus_pages { sub defaults_javascript { my ($settings) = @_; - return unless (ref($settings) eq 'HASH'); + my $intauthcheck = &mt('Warning: disallowing login for an authenticated user if the stored cost is less than the default will require a password reset by/for the user.'); + my $intauthcost = &mt('Warning: bcrypt encryption cost for internal authentication must be an integer.'); + &js_escape(\$intauthcheck); + &js_escape(\$intauthcost); + my $intauthjs = <<"ENDSCRIPT"; + +function warnIntAuth(field) { + if (field.name == 'intauth_check') { + if (field.value == '2') { + alert('$intauthcheck'); + } + } + if (field.name == 'intauth_cost') { + field.value.replace(/\s/g,''); + if (field.value != '') { + var regexdigit=/^\\d+\$/; + if (!regexdigit.test(field.value)) { + alert('$intauthcost'); + } + } + } + return; +} + +ENDSCRIPT + + if (ref($settings) ne 'HASH') { + return &Apache::lonhtmlcommon::scripttag($intauthjs); + } if ((ref($settings->{'inststatusorder'}) eq 'ARRAY') && (ref($settings->{'inststatustypes'}) eq 'HASH')) { my $maxnum = scalar(@{$settings->{'inststatusorder'}}); if ($maxnum eq '') { @@ -6822,10 +7138,14 @@ $jstext return; } +$intauthjs + // ]]> ENDSCRIPT + } else { + return &Apache::lonhtmlcommon::scripttag($intauthjs); } } @@ -9276,7 +9596,7 @@ sub process_textbook_image { sub modify_ltitools { my ($r,$dom,$action,$lastactref,%domconfig) = @_; my %domdefaults = &Apache::lonnet::get_domain_defaults($dom,1); - my ($newid,@allpos,%changes,%confhash,$errors,$resulttext); + my ($newid,@allpos,%changes,%confhash,%encconfig,$errors,$resulttext); my $confname = $dom.'-domainconfig'; my $servadm = $r->dir_config('lonAdmEMail'); my ($configuserok,$author_ok,$switchserver) = &config_check($dom,$confname,$servadm); @@ -9301,7 +9621,11 @@ sub modify_ltitools { foreach my $item ('title','url','key','secret') { $env{'form.ltitools_add_'.$item} =~ s/(`)/'/g; if ($env{'form.ltitools_add_'.$item}) { - $confhash{$newid}{$item} = $env{'form.ltitools_add_'.$item}; + if (($item eq 'key') || ($item eq 'secret')) { + $encconfig{$newid}{$item} = $env{'form.ltitools_add_'.$item}; + } else { + $confhash{$newid}{$item} = $env{'form.ltitools_add_'.$item}; + } } } if ($env{'form.ltitools_add_version'} eq 'LTI-1p0') { @@ -9310,15 +9634,23 @@ sub modify_ltitools { if ($env{'form.ltitools_add_msgtype'} eq 'basic-lti-launch-request') { $confhash{$newid}{'msgtype'} = $env{'form.ltitools_add_msgtype'}; } - foreach my $item ('width','height') { + foreach my $item ('width','height','linktext','explanation') { $env{'form.ltitools_add_'.$item} =~ s/^\s+//; $env{'form.ltitools_add_'.$item} =~ s/\s+$//; - if ($env{'form.ltitools_add_'.$item} =~ /^\d+$/) { - $confhash{$newid}{'display'}{$item} = $env{'form.ltitools_add_'.$item}; + if (($item eq 'width') || ($item eq 'height')) { + if ($env{'form.ltitools_add_'.$item} =~ /^\d+$/) { + $confhash{$newid}{'display'}{$item} = $env{'form.ltitools_add_'.$item}; + } + } else { + if ($env{'form.ltitools_add_'.$item} ne '') { + $confhash{$newid}{'display'}{$item} = $env{'form.ltitools_add_'.$item}; + } } } if ($env{'form.ltitools_add_target'} eq 'window') { $confhash{$newid}{'display'}{'target'} = $env{'form.ltitools_add_target'}; + } elsif ($env{'form.ltitools_add_target'} eq 'tab') { + $confhash{$newid}{'display'}{'target'} = $env{'form.ltitools_add_target'}; } else { $confhash{$newid}{'display'}{'target'} = 'iframe'; } @@ -9402,12 +9734,18 @@ sub modify_ltitools { } else { my $newpos = $env{'form.ltitools_'.$itemid}; $newpos =~ s/\D+//g; - foreach my $item ('title','url','key','secret') { + foreach my $item ('title','url') { $confhash{$itemid}{$item} = $env{'form.ltitools_'.$item.'_'.$i}; if ($domconfig{$action}{$itemid}{$item} ne $confhash{$itemid}{$item}) { $changes{$itemid} = 1; } } + foreach my $item ('key','secret') { + $encconfig{$itemid}{$item} = $env{'form.ltitools_'.$item.'_'.$i}; + if ($domconfig{$action}{$itemid}{$item} ne $encconfig{$itemid}{$item}) { + $changes{$itemid} = 1; + } + } if ($env{'form.ltitools_version_'.$i} eq 'LTI-1p0') { $confhash{$itemid}{'version'} = $env{'form.ltitools_version_'.$i}; } @@ -9426,10 +9764,34 @@ sub modify_ltitools { } else { $changes{$itemid} = 1; } + } elsif (ref($domconfig{$action}{$itemid}{'display'}) eq 'HASH') { + if ($domconfig{$action}{$itemid}{'display'}{$size} ne '') { + $changes{$itemid} = 1; + } + } + } + foreach my $item ('linktext','explanation') { + $env{'form.ltitools_'.$item.'_'.$i} =~ s/^\s+//; + $env{'form.ltitools_'.$item.'_'.$i} =~ s/\s+$//; + if ($env{'form.ltitools_'.$item.'_'.$i} ne '') { + $confhash{$itemid}{'display'}{$item} = $env{'form.ltitools_'.$item.'_'.$i}; + if (ref($domconfig{$action}{$itemid}{'display'}) eq 'HASH') { + if ($domconfig{$action}{$itemid}{'display'}{$item} ne $confhash{$itemid}{'display'}{$item}) { + $changes{$itemid} = 1; + } + } else { + $changes{$itemid} = 1; + } + } elsif (ref($domconfig{$action}{$itemid}{'display'}) eq 'HASH') { + if ($domconfig{$action}{$itemid}{'display'}{$item} ne '') { + $changes{$itemid} = 1; + } } } if ($env{'form.ltitools_target_'.$i} eq 'window') { $confhash{$itemid}{'display'}{'target'} = $env{'form.ltitools_target_'.$i}; + } elsif ($env{'form.ltitools_target_'.$i} eq 'tab') { + $confhash{$itemid}{'display'}{'target'} = $env{'form.ltitools_target_'.$i}; } else { $confhash{$itemid}{'display'}{'target'} = 'iframe'; } @@ -9449,7 +9811,7 @@ sub modify_ltitools { } } my @courseconfig = &Apache::loncommon::get_env_multiple('form.ltitools_courseconfig_'.$i); - foreach my $item ('label','title','target') { + foreach my $item ('label','title','target','linktext','explanation') { if (grep(/^\Q$item\E$/,@courseconfig)) { $confhash{$itemid}{'crsconf'}{$item} = 1; if (ref($domconfig{$action}{$itemid}{'crsconf'}) eq 'HASH') { @@ -9588,9 +9950,21 @@ sub modify_ltitools { my $putresult = &Apache::lonnet::put_dom('configuration',\%ltitoolshash, $dom); if ($putresult eq 'ok') { + my %ltienchash = ( + $action => { %encconfig } + ); + &Apache::lonnet::put_dom('encconfig',\%ltienchash,$dom); if (keys(%changes) > 0) { my $cachetime = 24*60*60; - &Apache::lonnet::do_cache_new('ltitools',$dom,\%confhash,$cachetime); + my %ltiall = %confhash; + foreach my $id (keys(%ltiall)) { + if (ref($encconfig{$id}) eq 'HASH') { + foreach my $item ('key','secret') { + $ltiall{$id}{$item} = $encconfig{$id}{$item}; + } + } + } + &Apache::lonnet::do_cache_new('ltitools',$dom,\%ltiall,$cachetime); if (ref($lastactref) eq 'HASH') { $lastactref->{'ltitools'} = 1; } @@ -9614,24 +9988,27 @@ sub modify_ltitools { $resulttext .= ''; + &Apache::lonnet::do_cache_new('directorysrch',$dom,$dirsrch_hash{'directorysrch'},3600); + if (ref($lastactref) eq 'HASH') { + $lastactref->{'directorysrch'} = 1; + } } else { $resulttext = &mt('No changes made to directory search settings'); } @@ -10672,12 +11058,10 @@ sub modify_usercreation { if ($key eq 'cancreate') { if (ref($domconfig{'usercreation'}{$key}) eq 'HASH') { foreach my $item (keys(%{$domconfig{'usercreation'}{$key}})) { - if (($item eq 'selfcreate') || ($item eq 'statustocreate') || - ($item eq 'captcha') || ($item eq 'recaptchakeys') || - ($item eq 'recaptchaversion')) { - $save_usercreate{$key}{$item} = $domconfig{'usercreation'}{$key}{$item}; - } else { + if (($item eq 'requestcrs') || ($item eq 'course') || ($item eq 'author')) { $curr_usercreation{$key}{$item} = $domconfig{'usercreation'}{$key}{$item}; + } else { + $save_usercreate{$key}{$item} = $domconfig{'usercreation'}{$key}{$item}; } } } @@ -10882,12 +11266,18 @@ sub modify_usercreation { sub modify_selfcreation { my ($dom,%domconfig) = @_; my ($resulttext,$warningmsg,%curr_usercreation,%curr_usermodify,%changes,%cancreate); - my (%save_usercreate,%save_usermodify); - my ($othertitle,$usertypes,$types) = &Apache::loncommon::sorted_inst_types($dom); - if (ref($types) eq 'ARRAY') { - $usertypes->{'default'} = $othertitle; - push(@{$types},'default'); + my (%save_usercreate,%save_usermodify,@types,%usertypes); + my ($othertitle,$usertypesref,$typesref) = &Apache::loncommon::sorted_inst_types($dom); + if (ref($typesref) eq 'ARRAY') { + @types = @{$typesref}; } + unless (grep(/^default$/,@types)) { + push(@types,'default'); + } + if (ref($usertypesref) eq 'HASH') { + %usertypes = %{$usertypesref}; + } + $usertypes{'default'} = $othertitle; # # Retrieve current domain configuration for self-creation of usernames from $domconfig{'usercreation'}. # @@ -10897,10 +11287,11 @@ sub modify_selfcreation { if (ref($domconfig{'usercreation'}{$key}) eq 'HASH') { foreach my $item (keys(%{$domconfig{'usercreation'}{$key}})) { if (($item eq 'selfcreate') || ($item eq 'statustocreate') || - ($item eq 'captcha') || ($item eq 'recaptchakeys') || - ($item eq 'recaptchaversion') || - ($item eq 'emailusername') || ($item eq 'notify') || - ($item eq 'selfcreateprocessing') || ($item eq 'shibenv')) { + ($item eq 'captcha') || ($item eq 'recaptchakeys') || + ($item eq 'recaptchaversion') || ($item eq 'notify') || + ($item eq 'emailusername') || ($item eq 'shibenv') || + ($item eq 'selfcreateprocessing') || ($item eq 'emailverified') || + ($item eq 'emaildomain')) { $curr_usercreation{$key}{$item} = $domconfig{'usercreation'}{$key}{$item}; } else { $save_usercreate{$key}{$item} = $domconfig{'usercreation'}{$key}{$item}; @@ -10933,10 +11324,12 @@ sub modify_selfcreation { @{$cancreate{'statustocreate'}} = (); %{$cancreate{'selfcreateprocessing'}} = (); %{$cancreate{'shibenv'}} = (); + %{$cancreate{'emailverified'}} = (); + %{$cancreate{'emaildomain'}} = (); my %selfcreatetypes = ( sso => 'users authenticated by institutional single sign on', login => 'users authenticated by institutional log-in', - email => 'users who provide a valid e-mail address for use as username', + email => 'users verified by e-mail', ); # # Populate $cancreate{'selfcreate'} array reference with types of user, for which self-creation of user accounts @@ -10955,12 +11348,22 @@ sub modify_selfcreation { if ($item eq 'email') { if ($env{'form.cancreate_email'}) { push(@{$cancreate{'selfcreate'}},'email'); - push(@contexts,'selfcreateprocessing'); + push(@contexts,('selfcreateprocessing','emailverified','emaildomain')); foreach my $type (@statuses) { if ($type eq 'default') { $cancreate{'selfcreateprocessing'}{$type} = $env{'form.cancreate_emailprocess'}; + unless ($cancreate{'selfcreateprocessing'}{$type} eq 'notinuse') { + $cancreate{'emailverified'}{$type} = $env{'form.cancreate_emailverified'}; + if ($cancreate{'emailverified'}{$type} eq 'other') { + $cancreate{'emaildomain'}{$type} =$env{'form.cancreate_emaildomain'}; + } + } } else { $cancreate{'selfcreateprocessing'}{$type} = $env{'form.cancreate_emailprocess_'.$type}; + $cancreate{'emailverified'}{$type} = $env{'form.cancreate_emailverified_'.$type}; + if ($cancreate{'emailverified'}{$type} eq 'other') { + $cancreate{'emaildomain'}{$type} =$env{'form.cancreate_emaildomain_'.$type}; + } } } } @@ -10979,8 +11382,8 @@ sub modify_selfcreation { if ($env{'form.cancreate_email'}) { push(@contexts,'emailusername'); - if (ref($types) eq 'ARRAY') { - foreach my $type (@{$types}) { + if (@types) { + foreach my $type (@types) { if (ref($infofields) eq 'ARRAY') { foreach my $field (@{$infofields}) { if ($env{'form.canmodify_emailusername_'.$type.'_'.$field} =~ /^(required|optional)$/) { @@ -10992,7 +11395,7 @@ sub modify_selfcreation { } # # Populate $cancreate{'notify'} hash ref with names of Domain Coordinators who are to be notified of -# queued requests for self-creation of account using e-mail address as username +# queued requests for self-creation of account verified by e-mail. # my @approvalnotify = &Apache::loncommon::get_env_multiple('form.selfcreationnotifyapproval'); @@ -11013,7 +11416,7 @@ sub modify_selfcreation { } # -# Retrieve rules (if any) governing types of e-mail address which may be used as a username +# Retrieve rules (if any) governing types of e-mail address which may be used to verify a username. # @email_rule = &Apache::loncommon::get_env_multiple('form.email_rule'); &process_captcha('cancreate',\%changes,\%savecaptcha,$curr_usercreation{'cancreate'}); @@ -11060,14 +11463,14 @@ sub modify_selfcreation { # which the user may supply, if institutional data is unavailable. # if (($env{'form.cancreate_login'}) || ($env{'form.cancreate_sso'})) { - if (ref($types) eq 'ARRAY') { - if (@{$types} > 1) { + if (@types) { + if (@types > 1) { @{$cancreate{'statustocreate'}} = &Apache::loncommon::get_env_multiple('form.statustocreate'); push(@contexts,'statustocreate'); } else { undef($cancreate{'statustocreate'}); } - foreach my $type (@{$types}) { + foreach my $type (@types) { my @modifiable = &Apache::loncommon::get_env_multiple('form.canmodify_'.$type); foreach my $field (@fields) { if (grep(/^\Q$field\E$/,@modifiable)) { @@ -11078,7 +11481,7 @@ sub modify_selfcreation { } } if (ref($curr_usermodify{'selfcreate'}) eq 'HASH') { - foreach my $type (@{$types}) { + foreach my $type (@types) { if (ref($curr_usermodify{'selfcreate'}{$type}) eq 'HASH') { foreach my $field (@fields) { if ($save_usermodify{'selfcreate'}{$type}{$field} ne @@ -11090,7 +11493,7 @@ sub modify_selfcreation { } } } else { - foreach my $type (@{$types}) { + foreach my $type (@types) { push(@{$changes{'selfcreate'}},$type); } } @@ -11148,7 +11551,7 @@ sub modify_selfcreation { } } } - } elsif ($item eq 'selfcreateprocessing') { + } elsif (($item eq 'selfcreateprocessing') || ($item eq 'emailverified') || ($item eq 'emaildomain')) { if ($cancreate{$item}{$curr} ne $curr_usercreation{'cancreate'}{$item}{$curr}) { if (!grep(/^$item$/,@{$changes{'cancreate'}})) { push(@{$changes{'cancreate'}},$item); @@ -11236,6 +11639,12 @@ sub modify_selfcreation { if (ref($cancreate{'selfcreateprocessing'}) eq 'HASH') { $save_usercreate{'cancreate'}{'selfcreateprocessing'} = $cancreate{'selfcreateprocessing'}; } + if (ref($cancreate{'emailverified'}) eq 'HASH') { + $save_usercreate{'cancreate'}{'emailverified'} = $cancreate{'emailverified'}; + } + if (ref($cancreate{'emaildomain'}) eq 'HASH') { + $save_usercreate{'cancreate'}{'emaildomain'} = $cancreate{'emaildomain'}; + } if (ref($cancreate{'statustocreate'}) eq 'ARRAY') { $save_usercreate{'cancreate'}{'statustocreate'} = $cancreate{'statustocreate'}; } @@ -11260,7 +11669,7 @@ sub modify_selfcreation { if (ref($changes{'cancreate'}) eq 'ARRAY') { my %lt = &selfcreation_types(); foreach my $type (@{$changes{'cancreate'}}) { - my $chgtext; + my $chgtext = ''; if ($type eq 'selfcreate') { if (@{$cancreate{$type}} == 0) { $chgtext .= &mt('Self creation of a new user account is not permitted.'); @@ -11275,10 +11684,25 @@ sub modify_selfcreation { if (grep(/^(login|sso)$/,@{$cancreate{$type}})) { if (ref($cancreate{'statustocreate'}) eq 'ARRAY') { if (@{$cancreate{'statustocreate'}} == 0) { - $chgtext .= '
'. - ''. - &mt("However, no institutional affiliations (including 'other') are currently permitted to create accounts."). - ''; + $chgtext .= ''. + &mt("However, no institutional affiliations (including 'other') are currently permitted to create accounts via log-in or single sign-on."). + '
'; + } + } + } + if (grep(/^email$/,@{$cancreate{$type}})) { + if (@statuses > 1) { + my $numtypes = 0; + foreach my $type (@statuses) { + unless ($cancreate{'selfcreateprocessing'}{$type} eq 'notinuse') { + $numtypes ++; + } + } + if (!$numtypes) { + $chgtext .= ''. + &mt("However, e-mail verification is currently set to 'unavailable' for all user types (including 'other'), so self-creation of accounts is not possible for non-institutional log-in."). + '
'; + } } } @@ -11286,7 +11710,7 @@ sub modify_selfcreation { } } elsif ($type eq 'shibenv') { if (keys(%{$cancreate{$type}}) == 0) { - $chgtext .= &mt('Shibboleth-autheticated user does not use environment variables to set user information'); + $chgtext .= &mt('Shibboleth-autheticated user does not use environment variables to set user information').'
'; } else { $chgtext .= &mt('Shibboleth-autheticated user information set from environment variables, as follows:'). ''; - } + } } elsif ($type eq 'statustocreate') { if ((ref($cancreate{'selfcreate'}) eq 'ARRAY') && (ref($cancreate{'statustocreate'}) eq 'ARRAY')) { @@ -11312,7 +11736,7 @@ sub modify_selfcreation { &mt("However, no institutional affiliations (including 'other') are currently permitted to create accounts."). ''; } - } elsif (ref($usertypes) eq 'HASH') { + } elsif (keys(%usertypes) > 0) { if (grep(/^(login|sso)$/,@{$cancreate{'selfcreate'}})) { $chgtext .= &mt('Creation of a new account for an institutional user is restricted to the following institutional affiliation(s):'); } else { @@ -11323,12 +11747,12 @@ sub modify_selfcreation { if ($case eq 'default') { $chgtext .= '
  • '.$othertitle.'
    • '; } else { - $chgtext .= '
  • '.$usertypes->{$case}.'
    • '; + $chgtext .= '
  • '.$usertypes{$case}.'
    • '; } } $chgtext .= ''; if (!grep(/^(login|sso)$/,@{$cancreate{'selfcreate'}})) { - $chgtext .= '
    '. + $chgtext .= ''. &mt('However, users authenticated by institutional login/single sign on are not currently permitted to create accounts.'). ''; } @@ -11340,26 +11764,109 @@ sub modify_selfcreation { $chgtext .= &mt('Although institutional affiliations permitted to create accounts were changed, self creation of accounts is not currently permitted for any authentication types.'); } } + $chgtext .= '
    '; } } elsif ($type eq 'selfcreateprocessing') { my %choices = &Apache::lonlocal::texthash ( automatic => 'Automatic approval', approval => 'Queued for approval', + notinuse => 'Unavailable', ); if (@statuses > 1) { - $chgtext .= &mt('Processing of requests to create account with e-mail address as username set as follows:'). - '
      '; - foreach my $type (@statuses) { - if ($type eq 'default') { - $chgtext .= '
    • '.$othertitle.' -- '.$choices{$cancreate{'selfcreateprocessing'}{$type}}.'
      • '; - } else { - $chgtext .= '
    • '.$usertypes->{$type}.' -- '.$choices{$cancreate{'selfcreateprocessing'}{$type}}.'
      • '; - } - } - $chgtext .= '
    '; + my $numtypes = 0; + foreach my $type (@statuses) { + unless ($cancreate{'selfcreateprocessing'}{$type} eq 'notinuse') { + $numtypes ++; + } + } + if ($numtypes) { + $chgtext .= &mt('Processing of requests to create account with e-mail verification set as follows:'). + '
      '; + foreach my $type (@statuses) { + if ($type eq 'default') { + $chgtext .= '
    • '.$othertitle.' -- '.$choices{$cancreate{'selfcreateprocessing'}{$type}}.'
      • '; + } else { + $chgtext .= '
    • '.$usertypes{$type}.' -- '.$choices{$cancreate{'selfcreateprocessing'}{$type}}.'
      • '; + } + } + $chgtext .= '
    '; + } } else { - $chgtext .= &mt('Processing of requests to create account with e-mail address as username set to: "[_1]"', - $choices{$cancreate{'selfcreateprocessing'}{'default'}}); + $chgtext .= &mt('Processing of requests to create account with e-mail verification set to: "[_1]"', + $choices{$cancreate{'selfcreateprocessing'}{'default'}}); + } + } elsif ($type eq 'emailverified') { + my %options = &Apache::lonlocal::texthash ( + email => 'Username is e-mail', + other => 'Username is chosen', + ); + if (@statuses > 1) { + my $numtypes = 0; + foreach my $type (@statuses) { + unless ($cancreate{'selfcreateprocessing'}{$type} eq 'notinuse') { + $numtypes ++; + } + } + if ($numtypes) { + $chgtext .= &mt('For self-created accounts verified by e-mail address, username is set as follows:'). + '
      '; + foreach my $type (@statuses) { + next if ($cancreate{'selfcreateprocessing'}{$type} eq 'notinuse'); + if ($type eq 'default') { + $chgtext .= '
    • '.$othertitle.' -- '.$options{$cancreate{'emailverified'}{$type}}.'
      • '; + } else { + $chgtext .= '
    • '.$usertypes{$type}.' -- '.$options{$cancreate{'emailverified'}{$type}}.'
      • '; + } + } + $chgtext .= '
    '; + } + } else { + $chgtext .= &mt('For self-created accounts verified by e-mail address: "[_1]"', + $choices{$cancreate{'emailverified'}{'default'}}); + } + } elsif ($type eq 'emaildomain') { + if (@statuses > 1) { + my $numtypes = 0; + foreach my $type (@statuses) { + unless ($cancreate{'selfcreateprocessing'}{$type} eq 'notinuse') { + if ($cancreate{'emailverified'}{$type} eq 'other') { + $numtypes ++; + } + } + } + if ($numtypes) { + $chgtext .= &mt('For self-created accounts verified by e-mail address, with username chosen by user ...'). + '
      '; + foreach my $type (@statuses) { + next if (($cancreate{'selfcreateprocessing'}{$type} eq 'notinuse') || + ($cancreate{'emailverified'}{$type} eq 'email')); + if ($type eq 'default') { + if ($cancreate{'emaildomain'}{$type} eq '') { + $chgtext .= '
    • '.$othertitle.' -- '.&mt('No restriction on e-mail domain').'
      • '; + } else { + $chgtext .= '
    • '.$othertitle.' -- '.&mt("User's e-mail domain needs to be: [_1]", + $cancreate{'emaildomain'}{$type}).'
      • '; + } + } else { + if ($cancreate{'emaildomain'}{$type} eq '') { + $chgtext .= '
    • '.$usertypes{$type}.' -- '.&mt('No restriction on e-mail domain').'
      • '; + } else { + $chgtext .= '
    • '.$usertypes{$type}.' -- '.&mt("User's e-mail domain needs to be: [_1]", + $cancreate{'emaildomain'}{$type}).'
      • '; + } + } + } + $chgtext .= '
    '; + } + } else { + if ($cancreate{'emailverified'}{'default'} eq 'other') { + if ($cancreate{'emaildomain'}{'default'} eq '') { + $chgtext .= &mt('No restriction on e-mail domain for self-created accounts verified by e-mail address, where username is chosen by user.'); + } else { + $chgtext .= &mt('For self-created accounts verified by e-mail address, where username is chosen by user, e-mail domain needs to be: [_1], + $cancreate{'selfcreateprocessing'}{'default'}); + } + } } } elsif ($type eq 'captcha') { if ($savecaptcha{$type} eq 'notused') { @@ -11396,11 +11903,11 @@ sub modify_selfcreation { } } elsif ($type eq 'emailusername') { if (ref($cancreate{'emailusername'}) eq 'HASH') { - if (ref($types) eq 'ARRAY') { - foreach my $type (@{$types}) { + if (@types) { + foreach my $type (@types) { if (ref($cancreate{'emailusername'}{$type}) eq 'HASH') { if (keys(%{$cancreate{'emailusername'}{$type}}) > 0) { - $chgtext .= &mt('When self-creating account with e-mail as username, the following information will be provided by [_1]:',"'$usertypes->{$type}'"). + $chgtext .= &mt('When self-creating account with e-mail verification, the following information will be provided by [_1]:',"'$usertypes{$type}'"). '
      '; foreach my $field (@{$infofields}) { if ($cancreate{'emailusername'}{$type}{$field}) { @@ -11409,23 +11916,27 @@ sub modify_selfcreation { } $chgtext .= '
    '; } else { - $chgtext .= &mt('When self creating account with e-mail as username, no information besides e-mail address will be provided by [_1].',"'$usertypes->{$type}'").'
    '; + $chgtext .= &mt('When self creating account with e-mail verification, no information besides e-mail address will be provided by [_1].',"'$usertypes{$type}'").'
    '; } } else { - $chgtext .= &mt('When self creating account with e-mail as username, no information besides e-mail address will be provided by [_1].',"'$usertypes->{$type}'").'
    '; + $chgtext .= &mt('When self creating account with e-mail verification, no information besides e-mail address will be provided by [_1].',"'$usertypes{$type}'").'
    '; } } } } } elsif ($type eq 'notify') { - $chgtext = &mt('No Domain Coordinators will receive notification of username requests requiring approval.'); + my $numapprove = 0; if (ref($changes{'cancreate'}) eq 'ARRAY') { if ((grep(/^notify$/,@{$changes{'cancreate'}})) && (ref($cancreate{'notify'}) eq 'HASH')) { if ($cancreate{'notify'}{'approval'}) { - $chgtext = &mt('Notification of username requests requiring approval will be sent to: ').$cancreate{'notify'}{'approval'}; + $chgtext .= &mt('Notification of username requests requiring approval will be sent to: ').$cancreate{'notify'}{'approval'}; + $numapprove ++; } } } + unless ($numapprove) { + $chgtext .= &mt('No Domain Coordinators will receive notification of username requests requiring approval.'); + } } if ($chgtext) { $resulttext .= '
  • '.$chgtext.'
    • '; @@ -11444,12 +11955,12 @@ sub modify_selfcreation { $chgtext .= ''; if (@email_rule > 0) { $resulttext .= '
  • '. - &mt('Accounts may not be created by users self-enrolling with e-mail addresses of the following types: '). + &mt('Accounts may not be created by users verified by e-mail, for e-mail addresses of the following types: '). $chgtext. '
    • '; } else { $resulttext .= '
  • '. - &mt('There are now no restrictions on e-mail addresses which may be used as a username when self-enrolling.'). + &mt('There are now no restrictions on e-mail addresses which may be used for verification when self-enrolling.'). '
    • '; } } @@ -11458,9 +11969,9 @@ sub modify_selfcreation { my %fieldtitles = &Apache::loncommon::personal_data_fieldtitles(); foreach my $type (@{$changes{'selfcreate'}}) { my $typename = $type; - if (ref($usertypes) eq 'HASH') { - if ($usertypes->{$type} ne '') { - $typename = $usertypes->{$type}; + if (keys(%usertypes) > 0) { + if ($usertypes{$type} ne '') { + $typename = $usertypes{$type}; } } my @modifiable; @@ -11679,7 +12190,8 @@ sub modify_defaults { my ($dom,$lastactref,%domconfig) = @_; my ($resulttext,$mailmsgtxt,%newvalues,%changes,@errors); my %domdefaults = &Apache::lonnet::get_domain_defaults($dom,1); - my @items = ('auth_def','auth_arg_def','lang_def','timezone_def','datelocale_def','portal_def'); + my @items = ('auth_def','auth_arg_def','lang_def','timezone_def','datelocale_def', + 'portal_def','intauth_cost','intauth_check','intauth_switch'); my @authtypes = ('internal','krb4','krb5','localauth'); foreach my $item (@items) { $newvalues{$item} = $env{'form.'.$item}; @@ -11721,6 +12233,24 @@ sub modify_defaults { push(@errors,$item); } } + } elsif ($item eq 'intauth_cost') { + if ($newvalues{$item} ne '') { + if ($newvalues{$item} =~ /\D/) { + push(@errors,$item); + } + } + } elsif ($item eq 'intauth_check') { + if ($newvalues{$item} ne '') { + unless ($newvalues{$item} =~ /^(0|1|2)$/) { + push(@errors,$item); + } + } + } elsif ($item eq 'intauth_switch') { + if ($newvalues{$item} ne '') { + unless ($newvalues{$item} =~ /^(0|1|2)$/) { + push(@errors,$item); + } + } } if (grep(/^\Q$item\E$/,@errors)) { $newvalues{$item} = $domdefaults{$item}; @@ -11875,6 +12405,28 @@ sub modify_defaults { localauth => 'loc', ); $value = $authnames{$shortauth{$value}}; + } elsif ($item eq 'intauth_switch') { + my %optiondesc = &Apache::lonlocal::texthash ( + 0 => 'No', + 1 => 'Yes', + 2 => 'Yes, and copy existing passwd file to passwd.bak file', + ); + if ($value =~ /^(0|1|2)$/) { + $value = $optiondesc{$value}; + } else { + $value = &mt('none -- defaults to No'); + } + } elsif ($item eq 'intauth_check') { + my %optiondesc = &Apache::lonlocal::texthash ( + 0 => 'No', + 1 => 'Yes, allow login then update passwd file using default cost (if higher)', + 2 => 'Yes, disallow login if stored cost is less than domain default', + ); + if ($value =~ /^(0|1|2)$/) { + $value = $optiondesc{$value}; + } else { + $value = &mt('none -- defaults to No'); + } } $resulttext .= '
  • '.&mt('[_1] set to "[_2]"',$title->{$item},$value).'
    • '; $mailmsgtext .= "$title->{$item} set to $value\n"; @@ -12459,7 +13011,7 @@ sub modify_helpsettings { my %existing=&Apache::lonnet::dump('roles',$dom,$confname,'rolesdef_'); my (@allpos,%newsettings,%changedprivs,$newrole); my ($othertitle,$usertypes,$types) = &Apache::loncommon::sorted_inst_types($dom); - my @accesstypes = ('all','anydh','anyda','none','status','inc','exc'); + my @accesstypes = ('all','dh','da','none','status','inc','exc'); my %domhelpdesk = &Apache::lonnet::get_active_domroles($dom,['dh','da']); my %lt = &Apache::lonlocal::texthash( s => 'system', @@ -12467,8 +13019,8 @@ sub modify_helpsettings { order => 'Display order', access => 'Role usage', all => 'All with domain helpdesk or helpdesk assistant role', - anydh => 'All with domain helpdesk role', - anyda => 'All with domain helpdesk assistant role', + dh => 'All with domain helpdesk role', + da => 'All with domain helpdesk assistant role', none => 'None', status => 'Determined based on institutional status', inc => 'Include all, but exclude specific personnel', @@ -12665,7 +13217,7 @@ sub modify_helpsettings { order => 'Order', desc => 'Role description', access => 'Role usage', - status => 'Allowed instituional types', + status => 'Allowed institutional types', exc => 'Allowed personnel', inc => 'Disallowed personnel', ); @@ -13592,8 +14144,10 @@ sub modify_usersessions { } my $cachetime = 24*60*60; &Apache::lonnet::do_cache_new('domdefaults',$dom,\%domdefaults,$cachetime); + &Apache::lonnet::do_cache_new('usersessions',$dom,$defaultshash{'usersessions'},3600); if (ref($lastactref) eq 'HASH') { $lastactref->{'domdefaults'} = 1; + $lastactref->{'usersessions'} = 1; } if (keys(%changes) > 0) { my %lt = &usersession_titles(); @@ -13694,7 +14248,7 @@ sub modify_ssl { my %servers = &Apache::lonnet::internet_dom_servers($dom); my (%defaultshash,%changes); my $action = 'ssl'; - my @prefixes = ('connect','replication'); + my @prefixes = ('connto','connfrom','replication'); foreach my $prefix (@prefixes) { $defaultshash{$action}{$prefix} = {}; } @@ -13704,12 +14258,13 @@ sub modify_ssl { my @reptypes = ('certreq','nocertreq'); my @connecttypes = ('dom','intdom','other'); my %types = ( - connect => \@connecttypes, - replication => \@reptypes, + connto => \@connecttypes, + connfrom => \@connecttypes, + replication => \@reptypes, ); foreach my $prefix (sort(keys(%types))) { foreach my $type (@{$types{$prefix}}) { - if ($prefix eq 'connect') { + if (($prefix eq 'connto') || ($prefix eq 'connfrom')) { my $value = 'yes'; if ($env{'form.'.$prefix.'_'.$type} =~ /^(no|req)$/) { $value = $env{'form.'.$prefix.'_'.$type}; @@ -13798,8 +14353,11 @@ sub modify_ssl { if (ref($defaultshash{$action}{'replication'}) eq 'HASH') { $domdefaults{'replication'} = $defaultshash{$action}{'replication'}; } - if (ref($defaultshash{$action}{'connect'}) eq 'HASH') { - $domdefaults{'connect'} = $domconfig{$action}{'connect'}; + if (ref($defaultshash{$action}{'connto'}) eq 'HASH') { + $domdefaults{'connto'} = $domconfig{$action}{'connto'}; + } + if (ref($defaultshash{$action}{'connfrom'}) eq 'HASH') { + $domdefaults{'connfrom'} = $domconfig{$action}{'connfrom'}; } } my $cachetime = 24*60*60; @@ -13818,7 +14376,7 @@ sub modify_ssl { my $newvalue; if (ref($defaultshash{$action}) eq 'HASH') { if (ref($defaultshash{$action}{$prefix})) { - if ($prefix eq 'connect') { + if (($prefix eq 'connto') || ($prefix eq 'connfrom')) { $newvalue = $titles{$defaultshash{$action}{$prefix}{$type}}; } elsif (ref($defaultshash{$action}{$prefix}{$type}) eq 'ARRAY') { if (@{$defaultshash{$action}{$prefix}{$type}} > 0) { @@ -14914,6 +15472,7 @@ function toggleDisplay(domForm,caller) { var optionsElement = domForm.coursecredits; var checkval = 1; var dispval = 'block'; + var selfcreateRegExp = /^cancreate_emailverified/; if (caller == 'emailoptions') { optionsElement = domForm.cancreate_email; } @@ -14924,6 +15483,11 @@ function toggleDisplay(domForm,caller) { optionsElement = domForm.canclone; checkval = 'instcode'; } + if (selfcreateRegExp.test(caller)) { + optionsElement = domForm.elements[caller]; + checkval = 'other'; + dispval = 'inline' + } if (optionsElement.length) { var currval; for (var i=0; i